1. About Us
Internal Audit Function
The internal audit department is an independent management function, which involves a continuous and critical appraisal of the functioning of MJQE with a view to suggest improvements thereto and add value to and strengthen the overall governance processes, risk management and internal control system.
To be a trusted and innovative internal audit service provider.
Internal Audit Mission
The mission of the internal audit department is to provide the MJQE Board of Directors and Management with an assurance that MJQE performance are maintained at a satisfactory level; that the internal control systems are appropriate, efficient and effective; that risk exposures have been identified and acted upon; and that government legislation and MJQE policies and procedures are being complied with.
Principles and Standards of Internal audit
- Conflict of interest – the department should avoid conflict of interest at all times. He/ she should maintain an impartial, unbiased attitude, characterized by integrity and an objective approach to work and be constantly conscious of and alert to factors which may give rise to conflict of interest.
- Authority – based on the audit objectives and subject to compliance with the internal audit standard, the company should authorize Internal Auditors to have full, free and unrestricted access to all functions, premises, assets, personnel, records, and other documents and information that the internal audit director (IAD) considers necessary in undertaking internal audit activities.
- Confidentiality – the department will ensure complete confidentiality of all information pertaining to its work. Information can only be shared internally or externally with the direct authorization of the Founder, Chairman and CEO, or if there is a binding legal requirement for the company. Any instance of breach of this policy can result in disciplinary action up to dismissal of the concerned staff member(s).
- Objectivity and impartiality – objectivity and impartiality are vital to the effectiveness of the internal audit function. Objectivity means an unbiased mental attitude and professionalism that allows an internal auditor to perform engagements with no quality compromises. The principle of objectivity imposes on all internal auditors the obligation to be fair and intellectually honest. Objectivity requires the auditors not to subordinate their judgment on audit matters to that of others.
- Professional competence – must maintain high standards of competence and professional integrity commensurate with his/her responsibilities and mandated functions. He/she should commit to the highest degree of professional competence, both in the technical and ethical sense, through empowerment and continuing self-development. He/she must possess and continually develop the knowledge, skills and other competencies needed to perform their responsibilities in order to continually enhance the quality of audit. Examples of skills, related knowledge, attributes and other competencies.
The Internal Audit Department is accountable to the MJQE in order to:
- Provide assessments on the adequacy and effectiveness of the MJQE processes for controlling its activities and managing its risks in the areas set forth under the mission and scope of work.
- Report significant issues relating to the processes for controlling MJQE activities including potential improvements to those processes.
- Ensure the efficiency and effectiveness of financial and operational performance.
- Ensure the compliance with internal policy/procedure, laws and regulations.
- Safeguard company assets.
2. Internal Audit Services
The Audit Process
The audit process is divided into four phases, namely: audit engagement planning, audit execution, audit reporting, and audit follow-up. For each phase, there are specific criteria to ensure a successful audit engagement.
Audit Engagement Planning
Audit requires good planning. Planning entails familiarization with the objectives, processes, risks and controls of the auditee and activity to be audited, and developing a strategy and approach in conducting the audit. It is the most important part of the audit as the success of an audit depends on how well it has been planned. The summary of the steps involved in audit engagement planning:
- Document understanding of the program and project
- Determine the audit objective, scope, criteria and evidence
- Determine the resources required for the audit and the target milestones/ Dates
- Develop the audit plan and audit program
- Determine key performance indicators (KPIs) of the audit engagement
- Approval of the audit plan, audit work program and KPIs
Planning is an iterative process with the following important purposes:
- Understanding the control environment and the organization
- Outlining the scope and objectives of the audit
- Establishing the basis for budgeting (time, cost, personnel)
- Identifying the evidence required to develop the audit findings
- Assisting in choosing/determining the audit procedures (nature, extent and timing) and
- Establishing the basis for coordinating the staff
Audit engagement planning is the third stage of planning, after strategic planning and annual work planning. It involves the listing down of audit activities per audit engagement based on the AWP. The results of the strategic planning shall be validated to determine if there are relevant changes in the control component, systems and processes.
Execution of the audit is initiated with an entry conference to discuss the focus, requirements and timelines of the audit. It involves performing the audit techniques and procedures enumerated in the audit work program to gather data and pieces of evidence, to achieve the stated audit objective/s. During audit execution, if the auditor finds a need to revise the audit work program, the revision should be submitted to the internal audit director for approval. The IAD uses the audit work program to supervise and monitor the progress of the audit and to check whether the team is generating sufficient and appropriate pieces of (substantial) evidence. The summary of the steps involved in audit execution:
- Entry conference
- Conduct compliance audit
- Conduct system/ Process audit
- Exit conference
Audit reporting represents the culmination of the audit execution and the associated analysis and considerations made during the audit. The audit report sets out the findings in appropriate format; provides the pieces of evidence gathered to arrive at the audit finding, and the recommendations. The summary of the steps involved in audit execution:
- Develop audit findings
- Develop audit recommendations
- Prepare the draft audit report
- Discuss draft report with unit management
- Prepare and issue the final audit report
- Report distribution
- Founder, Chairman and CEO
- Chief Operation Officer
- Senior Management
- Department Head
Audit Follow Up
Follow-up is a monitoring and feedback activity undertaken to ensure the extent and adequacy of preventive/corrective actions taken by the management to address the inadequacies identified during the audit. It aims to be increase the probability that recommendations will be implemented. The summary of the steps involved in audit follow up:
- Monitor implementation of approved audit findings and recommendations
- Resolve non-implementation/Inadequate implementation of audit recommendations
- Prepare audit follow-up report.
Types of audits
These services may be performed in conjunction with one of the service areas described below:
Annual Required Engagements
An audit or review performed each year in compliance with regulatory requirements or Board of Governor mandates. In certain instances to achieve efficiencies, these audits may be performed biannually. These engagements are generally performed at these intervals in response to a specific management request or based upon heightened risk considering the nature of the activities.
A planned engagement represents an engagement included in the Operating Audit Plan for the current calendar year. A planned engagement will generally be categorized as one or more of the following types of audits:
- Compliance Audit – an evaluation of the degree of compliance with laws, regulations and managerial policies and operating procedures in the agency, including compliance with accountability measures, ethical standards and contractual obligations. This type of audit is a necessary first step to, and part of, management and operations audits.
- Management Audit – a separate evaluation of the effectiveness of internal controls adapted in the operating and support services units/systems to determine whether they achieve the control objectives over a period of time or as of a specific date.
- Operations Audit – a separate evaluation of the outcome, output, process and input to determine whether company operations, programs and projects are effective, efficient, ethical and economical.
- Financial Audit – the analysis of the economic activity (i.e., financial transactions) as measured and reported by accounting methods.
- IT Audit – the examination and evaluation of company’s information technology infrastructure, policies and operation. IT audit can be considered the process of collecting and evaluating evidence to determine whether a computer system safeguards assets, maintains data integrity, allows company goals to be achieved effectively and uses resources efficiently.
While each of the above engagement types has distinct goals and objectives, many audits include aspects of each of these areas to provide thorough coverage of the unit under review.
- Periodically (i.e., every 2-3 years based on risk level)
- Specifically requested by MJQE management or Board of Director
- Frequently investigatory in nature
- May involve possible fraud identified by management
- Scope is designed to address the specific request
Audit Frequency – Upon request
Consulting services frequently involve participation on special projects generally related to MJQE process improvement initiatives. Internal Audit participates on these projects in various consultative roles involving the review of internal controls and operational efficiency and effectiveness of the proposed process. Our internal auditors frequently provide a global perspective to the project teams while simultaneously learning the new process and helping to build in quality control proactively in the developmental stages rather than requesting revisions upon implementation. The scope of these projects varies with each initiative. Participation in these projects helps Internal Audit to directly accomplish its mission of providing an objective consulting activity that is designed to add value and improve the MJQE’s operations.