Drive You To Top!

Internal Audit is perceived in progressive enterprises, as a source of advice and guidance that assists executives in their responsibilities for the management of business risk. Our Internal Auditors help management to ensure that the whole system of controls, financial and otherwise, is adequate and effective in reducing risk to acceptable levels which further assists the enterprise in conducting its business in an orderly and efficient manner..

Risks and systems of control vary according to business needs and it is not practicable to generalize on the scope of the work that should be covered by internal audit.

Some elements of internal audit may include but not restricted to the assessment of the effectiveness of the system of internal controls, its implementation and functioning to assure:

• Reliability and integrity of financial and operating information and of the means used to identify, measure, classify and report such information
• Effective implementation of enterprise’s strategic management including its risk management process, a process whereby an enterprise methodically addresses the risks associated with operational, financial and business activities, with the objective of sustaining benefit within each activity and across the portfolio of all activities.
• Compliance to internally implemented procedures and controls including those for risk management, control and governance, conforming to enterprise’s objectives and strategies and compliance to externally imposed rules and regulations.
• Safeguards for the enterprise’s assets and interests from losses of all kinds and physical existence of assets.
• Economical and efficient use of the resources employed.
• Accomplishment of the established objectives and goals for operations and programs and consistency of results with established objectives and goals.

Indeed it is the Board of an enterprise that will ultimately determine the scope of work of its internal audit function. A recent survey conducted by the Audit Faculty of the Institute of Chartered Accountants in England and Wales, revealed a wide range of work being undertaken by internal audit departments in both the private and public sectors. The highest proportion of internal audit effort is devoted to audits of operations and business processes, followed by financial audits, IT systems reviews, fraud and special investigations and regulatory compliance work.

Internal Audit’s value and effectiveness are linked not only to their attunement to management’s philosophy and direction, but their understanding of risk and its management, and their direct knowledge of operating systems. As an independent appraisal function working within an organization, internal audit provides a pro-active value-added assurance service which helps directly in the achievement of the entity’s goals and business objectives, as well as assisting senior management in meeting their responsibilities.

The Internal Audit Function has gained significance in recent years, accentuated by the Code of Corporate Governance in Pakistan and by specific requirements of regulatory bodies in the developed countries requiring separate independent reviews.

• Implementation of strategic plans more effectively.
• With clear definition and identification of risk exposures and related causes, the enterprise management can more effectively integrate decisions about risk-taking into their strategic and tactical decision making.
• Achievement of strategic objectives within the time frame and budget. Minimization of nature of potential losses to the enterprise.
• Effective and efficient allocation of the resources and capital.
• Effective competition with competitors and meeting customers’ requirements.
• Compliance with its own policy and procedures, code of conduct, standards of best / good practice and laws and regulations.
• Mitigation of strategic, financial, market, operational, information, compliance and hazard risks.

Whether there is a mandatory requirement for risk management and reporting thereon or not, it is still essential and important management process.
Risk management has become an integral part of national and international business strategy, management use quantitative tools to measure and analyze risk. There is a continuous necessity to identify and address all types of risks, establish support and control mechanisms for dealing with it and set the course for the risk management team in terms of its policies and objectives.
The demand of additional reporting requirements as part of the Code of Corporate Governance, relating to risks has increased. Perpetuated by corporate failures in the recent past, has seen the emergence of the Combined Code in UK, S404 of the Sarbanes Oxley Act in USA and other similar codes, acts and standards in developed economies.
These codes, acts and standards now require inclusion of statements in annual reports and listings about risk management, the procedures adopted in this context, and internal controls and its effectiveness.
Risk management and internal controls are correlated. The success of risk management is dependent on the effectiveness of internal controls.
Event, incident, occurrence from internal or external sources that affects achievement of objectives can have negative impact, positive impact, or both. Events with negative impact represent risks.
Risk is a concept that denotes a potential negative impact to some characteristic of value that may arise from a future event. It is possibility of an adverse event that may negatively affect the ability of an enterprise to achieve its objectives. Exposure to the consequences of uncertainty constitutes a risk.
Risk management is a process which increases confidence in the ability of an enterprise to anticipate, prioritize, and overcome obstacles to the attainment of its strategic goals and objectives.

MAJOR RISK FACTORS
The risks facing an enterprise and its operations can result from factors both external and internal to the enterprise. The risks can be categorized as follows: