INTERNAL AUDIT

“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

The value of internal audit lies in its provision of objective and independent assurance on governance, risk management and control processes. The virtues of independence and objectives, which are enshrined in the definition of internal auditing, enable credit unions and its stakeholders to rely on the assurance provided by their internal audit functions. Internal audit’s value also lies in the breath of coverage it provides with respect to assurance.

The internal audit function plays a crucial role in the ongoing maintenance and assessment of a Credit Union’s internal control, risk management and governance. Furthermore, the internal auditor may use risk based approaches to determine their respective work plans and actions.

The internal audit function should cover the following:

• Evaluating whether the risk management system required to be maintained by a credit union under section 76B of the 1997 Act identifies and assesses significant risks in the credit union including the identification of operational risks, as required under section 76E of the credit union1997 Act.
• Ensuring appropriate risk controls are selected that manage and mitigate risks within the credit union’s risk tolerance.
• Ensuring that relevant risk information is captured and communicated in a timely manner across the credit union, enabling officers of the credit union to carry out their responsibilities.
• Evaluating the effectiveness of the credit union’s information systems required under section 76G of the credit union 1997 Act.
• Evaluating the accuracy, consistency, comprehensiveness, accessibility, timeliness, and security of management information required to be produced under section 76H of the 1997 Act.
• Reviewing methods employed by the credit union to safeguard assets(including inspection and verification of cash, passbooks or statements bank reconciliations, securities, cash accounts and all records relating to loans and investments).
• Assessing the effectiveness of the compliance programme required under section 76B of the credit union1997 Act in ensuring compliance with legal and regulatory requirements and guidance.
• Evaluating the effectiveness of the credit union’s governance arrangements required under section 66A of the credit union1997 Act.
• Review management’s process for stress testing its liquidity requirements and the reliability of the processes used.
• Make recommendations to the board of directors on improving the effectiveness of the risk management, internal controls and governance processes.
• The internal audit function should follow up on recommendations made, ensuring effective remedial action, agreed by the board of directors or audit committee where one exists.
• Ranking recommendations including proposed timelines for implementation.
• Provision of an overall opinion of the internal audit function on the effectiveness of the credit union’s risk management, internal controls and governance processes should be provided to the board of directors or the audit committee where one exists.

The Internal Audit function and Internal Audit Charter
The Internal Auditor shall prepare, implement and maintain a document called the “Internal Audit Charter” which defines

• The activities and objectives of the internal audit function within the credit union, and
• The scope of those activities including roles and responsibilities
• Statement of Policy
• Mission of Internal Audit
• Activities and Scope of Activities
• Processes to be used to assess areas of significant risk
• Authority and Access
• Independence and safeguards in place
• Procedures for the coordination between Internal Audit function and Internal auditor
• Reporting and Recommendations
• Review and Approval and timelines
• The Internal charter shall be reviewed and modified at least annually.

The Internal Auditor shall have access to all records, personnel and physical properties of the credit union.
The internal audit function shall be separate from other functions and activities of the credit union, and be capable of operating independently of management and without undue influence over its activities

The Internal Audit function and Internal Audit Plan
In advance of preparing the internal audit plan the internal audit function should undertake a risk assessment to identify key risks within the credit union. Activities that are determined to be higher risk should be audited in more depth and more frequently than activities that are determined to be lower risk. However, the internal audit plan should provide for all areas of the credit union’s business to be covered over a set period. The internal audit plan should also take account of the audit plans of the auditor.

• The internal audit plan should be based on the risk assessment carried out by the internal audit function and should cover the following at a minimum:
• Objectives and scope of the internal audit plan;
• Organisational arrangements setting out the roles and responsibilities of key personnel involved in implementing the internal audit plan;
• A detailed work programme including priority areas to be audited and timelines for completion of the work;

The internal audit plan should be dynamic and flexible to allow for changes throughout the year. The internal audit function should communicate any significant deviations from the internal audit plan, the reasons for these deviations and proposed action to address the deviations to the board of directors (or the audit committee where one exists).

The Internal Auditor or Internal Audit function shall prepare a written plan known as an “Internal Audit Plan” detailing

• Scope and objectives of audits
• Setting Priorities as regards areas to be audited and determine the necessary resources required to implement the plan
• Setting out all risks identified and Key risks identified and the timelines to complete the audits
• The Internal Audit plan should be reviewed and modified at least annually

The Internal Audit function and Internal Audit Reporting

The internal audit function shall report the results of its evaluations and recommendations to the audit committee, where one exists, or otherwise to the board of directors, on a regular basis, and at least quarterly

The board of directors of the credit union should encourage the internal audit function to adhere to internal audit professional standards and benchmarks relating to internal audit. An example of such standards is the international standards for professional practice of internal auditing established by the Institute of Internal Auditors

The board shall regularly review, but at least annually, the performance and effectiveness of the internal audit function, including reviewing and approving the internal audit charter and the internal audit plan and reviewing and approving any modifications to them, ensuring they are updated and that any issues identified in the review are managed and rectified in a timely manner