INDEPENDENCE OF INTERNAL AUDITOR

[Mr. M. GOVINDARAJAN]

Audit

The term audit is derived from the Latin word ‘audire’ which means to hear.  Audit is the examination or inspection of various books of accounts by an auditor followed by physical checking of inventory to make sure that all departments are following documented system of recording transactions. It is done to ascertain the accuracy of financial statements provided by the organization.   An audit is important as it provides credibility to set of financial statements and gives the shareholders confidence that the accounts are true and fair.  It can also help to improve the company’s internal controls and systems.

With the Companies Act, 2013 audits of company accounts were made compulsorily in India. The qualification of the auditors was also prescribed first time in that Act.  Later on, the International Accounting Standards Committee and the Accounting Standard Board of the Institute of Chartered Accountants of India have developed standards on accounting and auditing practices to provide the guidance on the day to day work being undertaken by auditors and accountants.  In India, Chartered Accountants from the Institute of Chartered Accountants of India can do independent audits of any organization.

There are different types of audits that can be availed depending on the need of the organization. Financial audits determine whether an organization’s financial statements accurately represent the results of the business’s financial operations. It makes sure that the organization’s financial position is in accordance with the generally accepted accounting Principles. Compliance audits check if the company has functioned in accordance with the laws and regulations that may materially impact the financial statements.

For the business entities there are mainly two types of audit – one is statutory audit and the other is internal audit.  The statutory audit is mandatorily to be done only by Chartered Accountants.  The statutory auditor is appointed by the shareholders in the general meeting.  The internal audit may be done by Chartered Accountant and Cost Accountant.  The appointment of internal audit for certain companies are made mandatory under Companies Act, 2013.

Internal Audit

The expression ‘internal audit’ is not defined under Companies Act, 2013.  Institute of Internal Auditors defines the expression ‘Internal Audit’ as an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.   The following are the objectives of the Internal Audit-

• to assess the effectiveness and efficiency of a entity’s operations;
• to assess compliance with the applicable laws and regulations;
• to assess reliability and integrity of financial and operational information; and
• to assess compliance with internal policies and procedures.

Appointment of internal auditor

Section 138(1) of the Companies Act, 2013 provides that such class or classes of companies as may be prescribed shall be required to appoint an internal auditor, who shall either be a chartered accountant or a cost accountant, or such other professional as may be decided by the Board to conduct internal audit of the functions and activities of the company. Therefore the Board may appoint professionals other than Chartered Accountant or Cost Accountant as internal auditor of the company. 

Rule 13 of Companies (Accounts) Rules, 2014 provides that the following classes of companies are required to appoint internal auditor-

Details	Listed company	Unlisted public company	Private company
Turnover	Always applicable	200 crores	200 crores
Loan	Always applicable	100 crores	100 crores
Capital	Always applicable	50 crores	NA
Deposit	Always applicable	25 crores	NA

The internal auditor may or may not be the employee of the company.  The consent letter of the eligible person to act as internal auditor of the company is obtained.  Seven days notice is to be issued for the conduct of the Board meeting to all the Directors of the Board.  The Board meeting is to be held accordingly and the internal auditor is to be appointed by the Board by passing a resolution.  The appointment of internal auditor is to be informed to the professional who gave consent to act as Internal Auditor of the Company.  MGT – 14 for appointment of internal auditor is to be filed with the Registrar of Companies within 30 days of passing of the resolution.

Scope of internal audit

The scope of ‘Internal Audit’ is as detailed below-

• to review the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information;
• to review the adequacy of internal controls;
• to review the systems established to ensure compliance with policies, plans, procedures, laws, and regulations which could have a significant impact on operations and reports and whether the company is in compliance;
• to review the means of safeguarding assets;
• to review and appraising the economy and efficiency with which resources are employed;
• to review operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned;
• to review specific operations at the request of the Audit Committee or management, as appropriate;
• to monitor and evaluate the effectiveness of the entity’s risk management and governance processes; and
• to review the adequacy of internal audit controls.

Dual relationship

Internal audit is accomplished by what is called a ‘dual reporting relationship’.   Many times, the Internal Auditor has a dual reporting responsibility, wherein the administrative reporting is to an executive officer (e.g., MD or CEO), but functional reporting to the Chairman of the Audit Committee. Administratively, Internal Auditor reports to the President facilitating the day-to-day operations of the department, including budgeting and departmental management, human resource administration and evaluations, administration of departmental policies and procedures, and internal communications and information flows. Therefore, the internal auditor’s function shall be positioned outside the functions which are subject to internal audit (e.g., Finance and Accounts) and the Internal Auditor shall report directly to the highest governing body of the Company.

Activities of internal auditor

The internal auditors may be engaged in a range of following activities-

• Assessing the management of the risk;
• Assisting management in the improvement of internal control;
• Evaluating controls and advising managers at all levels;
• Evaluating risks;
• Analyzing operations and confirm information;
• Working with other assurance providers.

 Independence of internal auditor

Internal audits play a significant role in the company’s growth by ensuring that the company is moving in the right direction.  Therefore the internal auditor should be given independence in his work so that the objectives of the organization can be achieved.  In many of the scams the internal auditors are charged for not finding frauds and taking preventive steps in collusion with the top ranking officers.

Independence implies that judgment of a person is not subordinate to the wishes or directions of another person who might have engaged by him, or to his own self interest.  The internal auditors shall safeguard him to mitigate the risk arising from such circumstances and relationships relating to the threat of independence.  Independence is embedded in the definition of internal auditing as it is referred to as an ‘independent and objective assurance activity’.  One of the core principles states that Internal Audit is ‘objective and free from undue influence’ i.e. is ‘independent’. Attribute standard 1100 states that the ‘internal audit activity must be independent and internal auditors must be objective in performing their work.’

Types of independence

There are three main ways in which the auditor's independence can manifest itself-

• Programming independence - This independence essentially protects the internal auditor's ability to select the most appropriate strategy when conducting an audit. Auditors must be free to approach a piece of work in whatever manner they consider best. As a client company grows and conducts new activities, the internal auditor's approach will likely have to adapt to account for these. In addition, the internal auditing profession is a dynamic one, with new techniques constantly being developed and upgraded which the internal auditor may decide to use. The strategy/proposed methods which the auditors intend to implement cannot be inhibited in any way.

• Investigative independence - While programming independence protects auditors’ ability to select appropriate strategies, investigative independence protects the auditor's ability to implement the strategies in whatever manner they consider necessary. Basically, auditors must have unlimited access to all company information. Any queries regarding a company’s business and accounting treatment must be answered by the company. The collection of audit evidence is an essential process, and cannot be restricted in any way by the client company.
• Reporting independence - Reporting independence protects the auditors’ ability to choose to reveal to the public any information they believe should be disclosed. If company directors have been misleading shareholders by falsifying accounting information, they will strive to prevent the auditors from reporting this. It is in situations like this when auditor independence is most likely to be compromised.

Maintaining independence

• Internal auditors must have unrestricted access to all data, information, records, property, personnel, systems and processes, and there should be no interference to scope of work.
• The internal audit head must engage directly with the audit committee or the board. If the Chief Financial Officer or another person outside the Internal Audit department delivers the internal audit presentation, it will impair the independence of the internal auditor.
• In some organizations, they would like internal audit to have an additional responsibility such as those relating to ethics or risk management. In order to preserve the independence of internal audit, there must be adequate safeguards built into such roles, and prior approval must be obtained from the audit committee or the board.
• In an in-house internal audit function, independence can be reinforced through the position of the Chief Audit Executive , organization structure and reporting.

Internal auditor should always be and perceived independent and demonstrate highest level of integrity. Any potential impairment to independence should be reported to Audit Committee and to take action immediately. The company shareholders and other key stakeholders (employees, vendors, customers, Government, society, etc.) rely on Audit Committee, and Internal Auditor and their trust should never be shaken or shattered.

Independence and objectivity

 Internal Auditors whose work purports to comply with the Institute of Internal Auditors’ (IIA, Institute) ‘International Standards for the Professional Practice of Internal Auditing (Standards)’ are also required to comply with the Institute’s Code of Ethics (Code). These documents, the Standards and the Code, require that internal auditors be independent and objective in performing their work. Independence and objectivity is required for the internal audit activity as a whole and of each individual auditor.

Challenges to internal auditor

If internal auditor is to maintain its independence, it must take the time to invest in building relationships with the audit committee or the board, key business executives, providing impactful outcomes, sustaining a constructive dialogue with each party in order to gain the right place in the organization.  Being independent is a challenge.

It surely does not need significant mental or physical effort to overcome. It needs courage to stand up to what is right. If there is a potential impairment to independence, the internal auditor should fearlessly highlight to senior management or the audit committee and have it resolved.

The following are the typical challenges for an independency of the internal auditor-

• Pressure with business teams to accommodate and take a lenient view of certain key exceptions, particularly on ethical issues or fraud related aspects.
• Fear of spoiling relationship with key officials in the organization or loss of job.
• Lack of strength to take up issues directly pertaining to key responsibility of chief executives and/or senior management.
• Take up advisory roles (e.g. risk management, compliance, system automation, process re-engineering, etc.).

Overcoming challenges

• Take firm view graciously on exceptions on merit and as per defined criteria. Any undue pressure from business team should be reported to the Audit Committee.
• The credibility of internal auditor provides enormous strength which helps overcome undue fear of spoiling relationship or loss of job. The internal auditor should frequently meet with Audit Committee to draw further strength to handle delicate issues and challenging circumstances.
• The internal auditor should not assume ownership or accountability of the process or take operational decisions for the advisory roles performed.

Impairments

Independence and/or objectivity can be impaired in a number of ways and on either organizational or individual levels. At the organization level, senior management may attempt to limit the scope of a review, limit auditor access to records or not cooperate with the auditor in attempting to understand transactions or processes. An individual auditor’s independence and/or objectivity may be impaired by an undisclosed conflict of interest with the client, by reviewing an activity for which they were previously responsible or by being unduly influenced by a personal friendship.

The following factors impairing the independence of internal auditors:

• business relationship;
• employment with client audit;
• prior work with audit client;
• gift and hospitality;
• family and personal relationship;
• non audit services to audit clients.

Whenever auditor independence or objectivity is impaired, in fact or in appearance, it must be disclosed to appropriate parties. If the impairment is not severe, with client agreement, the audit project may be able to continue to completion. If, however, the impairment is deemed to be significant, to the extent that successful completion of the project may be compromised, once disclosed to the appropriate parties, it may be necessary for internal audit to withdraw from the project.

Obligations of internal auditor

In the course of internal audit, the internal auditor is expected to perform the following-

• In order to maintain independence and objectivity, internal auditors are required to have a dual reporting system by international standards.
• An internal auditor is to maintain its objectivity, independence and offer constructive criticism to the operational performance of the organization.
• The work of internal auditor is also relied upon by the Statutory Auditors having a link with external stakeholders.
• Internal Auditor is to have the capability and the vision to recommend the Management on structure of governance and act as a first hand advisor in maintaining the culture owing to its independence.

Obligations of management

Any independence issues reported by internal auditor should draw immediate attention and action by the Audit Committee. The organizations which protect auditor independence and provide strength to the people helping in achieving good governance get better shareholder value and appreciation from other key stakeholders.

Key measures to ensure independence

• The Chief Internal Auditor should meet privately with the Board/Audit Committee without the presence of the management.
• The Audit Committee should have final authority to review and approve the annual audit plan and all major changes to the Audit plan.
• The Audit Committee should review the performance of the Chief Internal Auditor and overall Internal Auditor function at least once a year, as well approve the compensation levels for the Chief Internal Auditor.
• The Internal Audit charter should clearly articulate both functional and administrative reporting lines for the function as well as its principal activities.
• The reporting line should facilitate open and direct communications with CEO, senior executive group and line management.
• The Internal Auditor should have unrestricted access to information flows so that it receives adequate and timely information concerning the activities, plans and business initiatives of the organization
• Budgetary controls and considerations imposed by the administrative reporting line should not impede internal audit in accomplishing its objective.

Conclusion

There shall be independence in the internal audit work and also the internal auditor should be given much independence except the monitoring on its functions and reporting formalities, so as to achieve the best result to the company and its stakeholders.  There shall be no impairments in the independence and objectivity of the internal auditor.  This could able to prevent frauds in the present or in future.  It is important for the internal audit activity to be free from interference in all stages of the internal audit process - scope of audit, performing work and communicating results.  Being independent is a challenge.  It surely does not need significant mental or physical effort to overcome. It needs courage to stand up to what is right. If there is a potential impairment to independence, the internal auditor should fearlessly highlight to senior management or the audit committee and have it resolved.  Therefore independence of internal auditor is considered important for having a successful functioning of the business entity.

References:

1. https://www.iia.org.uk/about-us/what-is-internal-audit/
2. Exposure Draft on Guidance Note on Internal Audit of Education Sector – Internal Auditing & Assurance Standards Board – The Institute of Cost Accountants of India.
3. Guidance Note on Independent Auditors – The Institute of Chartered Accountants of India – 2005 (Reprint – 2012)
4. Monthly magazine of the Institute of Internal Auditors – Vol. 3, October 2020 edition.
5. Back ground material – Post Member Qualification Course – Internal Audit – The Institute of Company Secretaries of India – March 2021.
6. www.iiaindia.org.
7. www.accaglobal.com/gb/en/member/sectors/internal-audit/learn/standard-1100-independence-and-objectivity.html.
8. www.cleartax.in.
9. https://economictimes.indiatimes.com/
10. www.taxguru.in
11. www.lctcs.edu/