IV. Focus For Internal Audit
Internal Audit encompasses both audits and consulting services as defined in the Commission’s Internal Audit Policy. The Division plans to conduct various types of audits which are categorized as follows: Audits
Management Audits
Management audits are designed to provide senior management with assurances that (1) the organization’s policies and procedures are being followed (compliance); (2) its assets are properly managed and safeguarded; (3) due diligence is maintained to achieve effectiveness, efficiency and economy in the utilization of all its resources; and (4) senior management has the appropriate information for decision-making.
Financial Audits
Financial audits consist of (a) audits of the financial control framework and (b) attest audits to ensure that financial information presented by the Commission is both appropriate and accurate, in accordance with the Financial Administration Act (FAA).
Information Technology (IT) Audits IT audits are conducted for systems under development (also referred to as pre-implementation audits); major enhancements to existing IT systems; and post implementation audits to ensure that the system continues to operate as intended, and also to provide assurance to senior management on data integrity and system efficiency and effectiveness. The purpose of the pre-implementation audit is to ensure that the information system will meet the needs of the users; internal controls and security elements will be incorporated and that the project is properly managed. The purpose of a post-implementation audit is to ensure that the internal controls and security elements are operating as designed and that users of the system have received the necessary training and are adequately supported on a daily basis (i.e. help desk).
Consulting Services
Consulting services are defined in the Commission’s Internal Audit Policy as advisory and related client services activities, the nature and scope of which are agreed upon with the client. These activities are designed to help guide senior management on improvements to the Commission’s governance, risk management, and control processes while not assuming management responsibility. The Division may conduct various types of consulting services which are categorized as follows: Accountability Assessments
An accountability framework defines roles and responsibilities, resources, expected outcomes, performance measurement, feedback and penalty/rewards. This framework is a standard practice of a well-managed organization.
Provision of Counsel and Advice The Division may provide counsel or advise to senior management on a new policy or initiative. Such advisory services are provided because of the general management and control expertise that the Division possesses. When this occurs, it is understood that the decision-making process remains a management responsibility.
Facilitation and Process Design
The Division may provide process design advisory services to senior management. When this occurs, however, in these cases it is understood that the decision-making process remains a management responsibility.
Training and Education
The Division may provide training and education (i.e awareness sessions or workshops) on areas such as risk management, governance and internal control.
|