Internal Audit Vs Forensic Audit 

Internal Audit is not a new concept, it’s applicable almost all the Company. The journey of Internal Audit has been started long back. But now the Regulatory requirement and expectation of the management are changing very frequently. Hence almost the same observations and suggestions which were in practice in the past will not contribute many roles within the Organization.

ICAI has also taken the forward steps to amend/modify Standards on Internal Audit (SIA) and in the future, some of them may be mandatory. Hence this is the high time to redesign our thought patterns for upskilling our knowledge bank and change our paradigm.

Currently, the importance of Internal Audit and Risk-based audit are increasing in Big Corporate for better control & effective implementation so that the existing framework of the organization can be improved.

On the other side, a forensic auditor may be appointed by the court or other’s regularities. Now Corporates are also appointing a forensic auditor to check the health of the organization and expect some value addition suggestions on current existing system & process deviations (if any).

A forensic Auditor should have Accounting, Law, Taxation, IT and Investigation Skills. The approach of Forensic Auditor is to go beyond True & Fair view and focus on when, how & by whom fraud has been done, also collect the required documents which are suitable to court or management as the case may be.

If the Internal Auditor strongly followed the SIA issued by ICAI and also adopt the forensic audit approach and methodology then most of the future Fraud & Risk can be addressed in advance.

Based on current scenarios it was suggested that every Auditor should do Internal Audit with the Forensic Mind-set. This means that Internal Auditor should incorporate some forensic audit procedure/technique within Internal Audit scope coverage with the agreement of management.

Some of the Forensic Audit procedure can be explained as hereunder:

• a) Understand the Client’s business
• b) Audit program need to revised timely
• c) Review of SOPs and its effectiveness
• d) Use Data Analysis technique/Tools
• e) Audit Evidence Authenticity
• f) External Confirmation (if required)
• g) Testing of ERP reports and review its authenticity
• h) Review of Compliance of various Acts as applicable
• i) Discussion with the external auditor
• j) Focus on each process and find out gaps/deviations
• k) Integration of Accounting, Audit, Taxation, Law requirements

If the Internal Auditor professionals incorporate the above key points in their audit procedure and issue report then most of the risk can be address in advance.

Written by: Satyendra Srivastava