Need Tally
for Clients?

Contact Us! Here

  Tally Auditor

License (Renewal)
  Tally Gold

License Renewal

  Tally Silver

License Renewal
  Tally Silver

New Licence
  Tally Gold

New Licence
 
Open DEMAT Account with in 24 Hrs and start investing now!
« Auditing »
Open DEMAT Account in 24 hrs
 Standard on Internal Audit (SIA) 16, Using the Work of an Expert
 Standard on Internal Audit (SIA) 14, Internal Audit in an Information Technology Environment
 Standard on Internal Audit (SIA) 13, Enterprise Risk Management
 Standard on Internal Audit (SIA) 12, Internal Control Evaluation
 Standard on Internal Audit (SIA) 11, Consideration of Fraud in an Internal Audit
  Standard on Internal Audit (SIA) 9, Communication with Management
  Standard on Internal Audit (SIA) 8, Terms of Internal Audit Engagement
 Standard on Internal Audit (SIA) 7, Quality Assurance in Internal Audit
 Standard on Internal Audit (SIA) 6, Analytical Procedures
 Standard on Internal Audit (SIA) 5, Sampling
 Standard on Internal Audit (SIA) 4, Reporting
 
 
 
 

Standard on Internal Audit (SIA) 4, Reporting
November, 28th 2018
           STANDARD ON INTERNAL AUDIT (SIA) 4
                     REPORTING*


Contents
                                                                            Paragraph(s)




Introduction ............................................................................... 1-4

Basic Elements of the Internal Audit Report ........................... 5-24

Communication to Management .................................................25

Limitation on Scope ....................................................................26

Restriction on Usage and Report Circulation Otherwise
than to the List of Intended Recipients .......................................27



 The following
Effective         is the text of the Standard on Internal Audit
          Date .............................................................................28
 (SIA) 4, Reporting, issued by the Council of the Institute of
 Chartered Accountants of India. These Standards should be
 read in conjunction with the Preface to the Standards on
 Internal Audit, issued by the Institute.
 In terms of the decision of the Council of the Institute of
 Chartered Accountants of India taken at its 260 th meeting
 held in June 2006, the following Standard on Internal Audit
 shall be recommendatory in nature in the initial period. The
 Standards shall become mandatory from such date as
 notified by the Council.


* Published in the October 2008 issue of The Chartered Accountant.
Standard on Internal Audit (SIA) 4

Introduction
1.   The purpose of this Standard on Internal Audit (SIA) is to establish
     standards on the form and content of the internal auditor's report issued
     as a result of an internal audit performed by an internal auditor of the
     systems, processes, controls including items of financial statements of an
     entity.
2.   The internal auditor should review and assess the analysis drawn
     from the internal audit evidence obtained as the basis for his
     conclusion on the efficiency and effectiveness of systems,
     processes and controls including items of financial statements.
3.   This review and assessment involves considering whether the systems,
     procedures and controls are in existence and are operating effectively.
4.   The internal auditor's report should contain a clear written
     expression     of   significant   observations,     suggestions/
     recommendations based on the policies, processes, risks, controls
     and transaction processing taken as a whole and managements'
     responses.

Basic Elements of the Internal Audit Report
5.   The internal auditor's report includes the following basic elements,
     ordinarily, in the following layout:
     (a)    Title;
     (b)    Addressee;
     (c)    Report Distribution List;
     (d)    Period of coverage of the Report;
     (e)    Opening or introductory paragraph;
            (i)      identification of the processes/functions and items of
                     financial statements audited; and
            (ii)     a statement of the responsibility of the entity's management
                     and the responsibility of the internal auditor;








                                        2
                                                                    Reporting

     (f)     Objectives paragraph - statement of the objectives and scope of
             the internal audit engagement;
     (g)     Scope paragraph (describing the nature of an internal audit):
             (i)     a reference to the generally accepted audit procedures in
                     India, as applicable;
              (ii)   a description of the engagement background and the
                     methodology of the internal audit together with procedures
                     performed by the internal auditor; and
             (iii)   a description of the population and the sampling technique
                     used.
     (h)     Executive Summary, highlighting the key material issues,
             observations, control weaknesses and exceptions;
     (i)     Observations, findings and recommendations made by the internal
             auditor;
     (j)     Comments from the local management;
     (k)     Action Taken Report ­ Action taken/ not taken pursuant to the
             observations made in the previous internal audit reports;
     (l)     Date of the report;
     (m)     Place of signature; and
     (n)     Internal auditor's signature with Membership Number.
     A measure of uniformity in the form and content of the internal auditor's
     report is desirable because it helps to promote the reader's understanding
     of the internal auditor's report and to identify unusual circumstances when
     they occur.
6.   The internal auditor should exercise due professional care to ensure
     that the internal audit report, inter alia, is:
     (i)     clear
     (ii)    factual ­ presents all significant matters with disclosure of
             material facts
     (iii)   specific

                                       3
Standard on Internal Audit (SIA) 4

        (iv)    concise
        (v)     unambiguous
        (vi)    timely
        (vii)   complies with generally accepted audit procedures in India,
                as applicable.

Title
7.      The internal auditor's report should have an appropriate title
        expressing the nature of the Report.

Addressee
8.      The internal auditor's report should be appropriately addressed as
        required by the circumstances of the engagement. Ordinarily, the
        internal auditor's report is addressed to the appointing authority or such
        other person as directed.

Report Distribution List, Coverage and Opening or Introductory
Paragraph
9.      There should be a mention of the recipients of the report in the
        section on Report Distribution List.
10.     The internal auditor's report should identify the systems, processes,
        functional lines or other items of the entity that have been audited,
        including the date of and period covered.
11.     The report should include a statement that the operation of systems,
        procedures and controls are the responsibility of the entity's
        management and a statement that the responsibility of the internal
        auditor is to express an opinion on the weaknesses in internal
        controls, risk management and governance (entity level controls)
        framework, highlighting any exceptions and cases of non-
        compliance and suggest or recommend improvements in the design
        and operations of controls based on the internal audit.




                                        4
                                                                   Reporting

Scope Paragraph
12.   The internal auditor's report should describe the scope of the
      internal audit by stating that the internal audit was conducted in
      accordance with generally accepted audit procedures as applicable.
      The management needs this as an assurance that the audit has been
      carried out in accordance with established Standards.
13.   "Scope" refers to the internal auditor's ability to perform internal audit
      procedures deemed necessary in the circumstances.
14.   The report should include a statement that the internal audit was
      planned and performed to obtain reasonable assurance whether
      the systems, processes and controls operate efficiently and
      effectively and financial information is free of material
      misstatement.
15.   The internal auditor's report, in line with the terms of the
      engagement, should describe the internal audit as including:
      (a)    examining, on a test basis, evidence to support the amounts
             and disclosures in financial statements;
      (b)    assessing the strength, design and operating effectiveness of
             internal controls at process level and identifying areas of
             control weakness, business risks and vulnerability in the
             system and procedures adopted by the entity
      (c)    assessing the accounting principles and estimates used in
             the preparation of the financial statements; and
      (d)    evaluating the overall entity-wide risk management and
             governance framework.
16.   The Report should include a description of the engagement
      background, internal audit methodology used and procedures
      performed by the internal auditor mentioning further that the internal
      audit provides a reasonable basis for his comments.

Executive Summary Paragraph
17.   The Executive Summary paragraph of the internal auditor's report
      should clearly indicate the highlights of the internal audit findings,

                                      5
Standard on Internal Audit (SIA) 4

      key issues and observations of concern, significant controls lapses,
      failures or weaknesses in the systems or processes.

Observations (Main Report) Paragraph
18.   The Observations paragraph should clearly mention the process
      name, significant observations, findings, analysis and comments of
      the internal auditor.

Comments from Local Management
19.   The Comments from Local Management Paragraph should contain
      the observations and comments from the local management of the
      entity provided after giving due cognizance to the internal auditor's
      comments. This should also include local management's action plan
      for resolution of the issues and compliance to the internal auditor's
      recommendations and suggestions on the areas of process and
      control weakness/ deficiency. The management action plan, should
      contain, inter alia:
      (a)   the timeframe for taking appropriate corrective action;
      (b)   the person responsible; and
      (c)   resource requirements, if any, for ensuring such compliance.
20.   Further comments from the internal auditor, in response to the auditee
      feedback, are to be clearly mentioned. This paragraph should also
      contain the internal auditor's suggestions and recommendations to
      mitigate risks, strengthen controls and streamline processes with
      respect to each of the observations and comments made.

Action Taken Report Paragraph
21.   The Action Taken Report paragraph should be appended after the
      observations and findings and should include:
      (a)   Status of compliance / corrective action already taken / being
            taken by the auditee with respect to previous internal audit
            observations;









                                    6
                                                                    Reporting

       (b)    Status of compliance / corrective action not taken by the
              auditee with respect to previous internal audit observations
              and the reasons for non-compliance thereof; and
       (c)    Revised timelines for compliance of all open items in (b)
              above and fixation of the responsibility of the concerned
              process owner.

Date
22.    The date of an internal auditor's report is the date on which the internal
       auditor signs the report expressing his comments and observations.

Place of Signature
23.    The report should name the specific location, which is ordinarily the
       city where the internal audit report is signed.
Internal Auditor's Signature
24.    The report should be signed by the internal auditor in his personal
       name. The internal auditor should also mention the membership
       number assigned by the Institute of Chartered Accountants of India
       in the report so issued by him.

Communication to Management
25.    The internal audit report contains the observations and comments of the
       internal auditor, presents the audit findings, and discusses
       recommendations for improvements. To facilitate communication and
       ensure that the recommendations presented in the final report are
       practical from the point of view of implementation, the internal
       auditor should discuss the draft with the entity's management prior
       to issuing the final report. The different stages of communication
       and discussion should be as under:
       (a)    Discussion Draft - At the conclusion of fieldwork, the internal
              auditor should draft the report after thoroughly reviewing the
              his working papers and the discussion draft before it is
              presented to the entity's management for auditee's
              comments. This discussion draft should be submitted to the
              entity management for their review before the exit meeting.

                                       7
Standard on Internal Audit (SIA) 4

      (b)   Exit Meeting - The internal auditor should discuss with the
            management of the entity regarding the findings,
            observations, recommendations, and text of the discussion
            draft. At this meeting, the entity's management should
            comment on the draft and the internal audit team should work
            to achieve consensus and reach an agreement on the internal
            audit findings.
      (c)   Formal Draft - The internal auditor should then prepare a
            formal draft, taking into account any revision or modification
            resulting from the exit meeting and other discussions. When
            the changes have been reviewed by the internal auditor and
            the entity management, the final report should be issued.
      (d)   Final Report - The internal auditor should submit the final
            report to the appointing authority or such members of
            management, as directed. The periodicity of the Report
            should be as agreed in the scope of the internal audit
            engagement. The internal auditor should mention in the
            Report, the dates of discussion draft, exit meeting, Formal
            Draft and Final Report.

Limitation on Scope
26.   When there is a limitation on the scope of the internal auditor's
      work, the internal auditor's report should describe the limitation.

Restriction on Usage and Report Circulation Otherwise
Than to the List of Intended Recipients
27.   The internal auditor should state in the Report that the same is to be
      used for the intended purpose only as agreed upon and the
      circulation of the Report should be limited to the recipients
      mentioned in the Report Distribution List.

Effective Date
28.   This Standard on Internal Audit is applicable to all internal audits
      commencing on or after ______. Earlier application of the SIA is
      encouraged.

                                    8

Home | About Us | Terms and Conditions | Contact Us
Copyright 2024 CAinINDIA All Right Reserved.
Designed and Developed by Ritz Consulting