Background
The department was setup in December 2002 with an establishment of one staff; currently we have two staff and are contemplating to increase the number of staff in the view of growth the Society’s business.
Mission
The mission of Internal Audit at Stima SACCO is to ensure that the Society’s operations are conducted according to the highest standards by providing an independent, objective assurance function and by advising on best practice. Through a systematic and disciplined approach, Internal Audit helps the Society to accomplish its objectives by evaluating and improving the effectiveness of risk management, control and governance processes.
Independence and objectivity
To ensure independence, Internal Audit is directly responsible to the Audit Committee of the Board. Administratively though, the department reports to the Office of the CEO. In addition, it regularly prepares reports for discussion at Management meetings.
To maintain objectivity, Internal Audit is not involved in day-to-day operations and control procedures. Instead, each business unit is responsible for its internal controls and operational efficiency.
Scope of work and responsibilities
The scope of Internal Audit work includes the review of risk management procedures, internal control systems, information systems and governance processes. This work also involves periodic testing of transactions, best practice reviews, special investigations, appraisals of compliance with legal and regulatory requirements, and measures to help prevent and detect fraud.
To fulfill its responsibilities, Internal Audit Manager and Staff have responsibility to:
i. Develop a flexible annual Audit plan using an appropriate risk-based methodology, including taking into account risk and/or control concerns identified by the Management, and submit that plan to the Audit Committee for review and approval as well as provide periodic updates.
ii. Implement the annual Audit plan, as approved, including as appropriate any special tasks or projects requested by the Management and the Audit Committee.
iii. Maintain a professional Audit staff with sufficient knowledge, skill, experience, and professional certifications to meet the Society’s objectives.
iv. Evaluate and assess significant business functions and new or changing services/ processes/ operations, with respect to their development, implementation, and /or expansion.
v. Issue periodic reports to the Audit Committee and Management summarizing results of Internal Audit activities.
vi. Keep the Audit Committee informed of emerging trends and successful practices in Internal Auditing.
vii. Provide a list of significant measurement goals and results to the Audit Committee.
viii. Assist in the investigation of significant suspected fraudulent activities within the Society and notify the Management and the Audit Committee of the results.
ix. Consider the scope of work of the external Auditors and regulators, as appropriate, for the purpose of providing optimal Audit coverage to the organization at a reasonable overall cost.
x. Liaise with the Stima Sacco Supervisory Committee by issuing them with appropriate reports upon request and integrating their findings in the formulation of a risk based Audit plan.
Authority
Internal Audit aims to promote effective controls at reasonable cost. To achieve this, Internal Audit is authorized, in the course of its activities, to:
§ Enter all areas of the Society and have access to any documents and records considered necessary for the performance of its functions.
§ Require all members of staff and Management to supply such information and explanations as may be needed within a reasonable period of time.
Heads of Department should inform Internal Audit without delay of any significant incident concerning security and/or compliance with regulations and procedures.
Accountability
Internal Audit shall prepare an Annual Internal Audit plan. The plan is based on a risk model that considers business risks, as well as input from Management and the Audit Committee. It provides information about the risk assessment, the current order of priority of audit projects and how they are to be carried out.
The plan is presented to the Audit Committee for approval. In case of need, adjustments could be made to the plan during the year. They would be approved by the Audit Committee.
Internal Audit is responsible for planning; conducting, reporting and following up on audit projects included in the audit plan, and decides on the scope and timing of audits. The conduct of these audit projects is guided by detailed work programmes prepared for each assignment.
Audit fieldwork is required to be conducted in a professional and timely manner. Reporting of results on its part includes an open process to agree on the facts and the validity of audit recommendations.
A detailed audit report and a letter to Management summarizing the objectives and scope of the audit as well as observations and recommendations, is presented. In all cases, follow-up work is required to be undertaken to ensure adequate response to audit recommendations.
Internal Audit is also required to submit an annual report to Management and to the Audit Committee on the results of the audit work including significant risk exposures and control issues. The function is also required to coordinate with external audit to ensure proper coverage and avoid duplication of effort.
Standards of Work
Internal Audit at Stima SACCO adheres to the standards of best professional practice, such as those published by the Institute of Internal Auditors, the Information Systems Audit and Control Association(ISACA), among others. In addition, Internal Audit is guided by regulatory and best practice guidance from various sources.