Completed

The most important observations
resulting from the audit work

Jan 03, 2021 To Jan 30, 2022

Created By

Abdul Rahman
Director of the Internal Audit office

CONTENTS

Introduction

01

Control Environment

02

Risk Assessment

03

Oversight Activities

04

Information and contact

05

Follow-up activities

06

Introduction

The Office Of Internal Audit Covers The Activities Of The Ministry Of Finance Through The Internal Audit Charter. Pursuant To Cabinet Resolution No. (45) For The Year 2022 Regarding The Organizational Structure Of The Ministry Of Finance, The Internal Audit Office Has Carried Out Audit And Audit Work On The Financial And Administrative Activities Of The Ministry, And The Current Report Deals With A Summary Of The Most Important Observations That Resulted From The Audit Work For The Year XXX.

First: the audit document

The Internal Audit Work Was Carried Out In Accordance With The Laws Regulating The Work Of The Ministry, And The Internal Decisions Issued By His Excellency The Minister For The Year Xxxxx:

Laws and Attributions
  • International Standards For Professional Practices)IPPF)
  • COSO Internal Audit Framework
  • Sawyer's Guide To Internal Auditors
  • Internal Audit Charter
  • Internal Audit Manual
  • Audit Office Strategic Plan 20×Xx - 20
Second : Work Methodology :

On The Basis Of The Charter And Methodology Of The Internal Audit Of Federal Governance And The Guide Of The COSO Committee “Internal Control - An Integrated Framework”, The Elements Of Internal Control Were Divided As Follows:

control environment:

Xx% Of The Annual Audit Plan For The Year 20Xx Has Been Completed. The Number Of Audit Transactions Amounted To ××, Of Which ×× Were Classified As Non-Audible Based On The Restrictions That Were Represented In: Lack Of Specialized Audit Staffnon-Cooperation Of The Audited Entities In Providing Audit Requirements On Time For The Audit Program. Despite The Decrease/Increase In The Audit Programs Implemented For The Year 20Xx, It Is Noticed A Decrease/Increase In The Percentage Of Commitment At The General Level Of Organizational Units, Due To

For Example :

The Non-Cooperation Of The Entities Subject To The Audit By Closing The Notes According To The Approved Treatment Plans, Or The Non-Cooperation With The Auditor In Providing What Is Necessary To Start The Audit Process, Treatment: An Individual Performance Target Has Been Created At The Level Of Departmental Managers In The Sectors In Cooperation With The Performance Evaluation To Raise The Percentage Of Commitment For The Year X 20.

Page 1

Reports of external (governmental) supervisory authorities:

The Number Of Observations Of The Office Of Al-Mohs (Preparation And Follow-Up Of The Implementation Of The Budget) Reached 5 Observations, Including 3 Observations Of High Risk And 2 Observations Of Medium Risk In 2021.

Indicator results for the year 20×:

The Following Table Represents The Results Of The Internal Audit Indicators For The Year 2021 And A Statement Of The Target And Achieved For Each Indicator:

Causation Detective Target Cursor name
Limitations:

Xx% Of The Annual Audit Plan For The Year 20Xx Has Been Completed. The Number Of Audit Transactions Amounted To ×××, Of Which ×× Were Classified As Non-Audible Based On The Restrictions That Were Represented In: Lack Of Specialized Audit Staffnon-Cooperation Of The Audited Entities In Providing Audit Requirements On Time For The Audit Program. Despite The Decrease/Increase In The Audit Programs Implemented For The Year 20×, It Is Noticed A Decrease/Increase In The Percentage Of Commitment At The General Level Of The Sectors, Due To:

For Example :

The Non-Cooperation Of The Entities Subject To The Audit By Closing The Notes According To The Approved Treatment Plans, Or The Non-Cooperation With The Auditor In Providing What Is Necessary To Start The Audit Process, Treatment: An Individual Performance Target Has Been Created At The Level Of Departmental Managers In The Sectors In Cooperation With The Performance Evaluation To Raise The Percentage Of Commitment For The Year X 20.

Page 2

Number of audit transactions Average delay Sector
Grand Total
The most important achievements during 20×××

Human And Financial Resources:

Financial budget:

An Estimated Budget Has Been Allocated For The Year 20×××××××××××××, Including Salaries, Plans And Operational Initiatives.

This Year Approved Budget
2019
2020
2021

The Graph Below Is The Zero-Sum Plan For The Year 20XX.

Audit Days Number of Employees Activity
Total
Risk Assessment:

Risk Register Iternal Audit Office 20×20:

# An analysis of the effectiveness of the measures type of danger Likelihood * Effect Hazard Impact Analysis (1 to 5) Hazard probability analysis (1 to 5) The main outcome of the risk A detailed explanation of the actual or potential danger
1
2
Average The total

Page 3

20xx . audit risk register
# Low Medium High Section Risks
1
2
3
Total
# Effectiveness of internal control procedure Hazard rating Degree Repetition The Influence Type of danger Risk Statement Hazard number
1
2
Types Risk:
# The strategy The Report Commitment Operational
1
Risk Ratings:
# Very High High Average Low
1
Oversight Activities:

Covering Human Resources Activities, Revenues, Starting From Proving The Desire To Contract Until The Payment Of Contract Payments. Performance Audit Activities Were Covered, In Addition To Information Technology Activities, Including Information Security And Protection, The Operation Of The Systems And Programs Used, And The Evaluation Of The Quality Of Internal Audit Work. In Addition To Carrying Out Any Work Assigned To It By Senior Management, And Not Included In The Audit Plan.

Page 4

Information and contact:
Methodological Policy

Provide All Documents Necessary For The Audit Process And Approved Methodologies, Policies And Mechanisms Necessary For The Audit Process.

Send All The Requirements And Documents Necessary For The Audit Process, Without Exception, For The Technical Support Department, In Case The Internal Audit Office Requests For Review And Audit.

Discussing Audit Results Through Audit Notes, Official Letters, And Periodic Meetings.

Provide The Necessary Entitlements Upon Request.

Close The Notes Of The Annual Audit Report

Meeting Types:

Meeting With The Auditors (Starting Work Until Issuing The Report And Closing The Note)

Leadership Meetings (Internal Meetings

Senior Management Meetings

Program (Electronic System)

Inclusion Of All Procedures And Steps From Issuing The Note To Issuing The Audit Report

Follow-up activities:

N This Section, We Review The Results Of Performance Indicatorsiternal Audit Office20××, Which:

  • Office Internalthe Percentage Of Completion Of The Strategic Plan20××-20××According To The Initiatives Related To The Year20×× For Office Internal Audit Percentage××%.
  • The Number Of Audit Transactions Executed During The Year20××(××) Transaction Where Closed××% Audit Task.
  • Follow Up On The Feedback Received From The Internal Evaluation To Ensure And Improve The Quality Of Work
  • Set Auditor Government ××××
  • Appointment Of The External Auditor

Page 5

Overall Assessment of a System of Internal Control
Entity or part of organization structure subject to the assessment (entity, division, operating unit, function)
Objective(s) being considered for the scope of internal control being assessed Considerations regarding management’s acceptable level of risk
Operations
Reporting
Compliance
Present? (Y/N) Functioning? (Y/N) Explanation/Conclusion
Control Environment
Risk Assessment
Control Activitie
Information & Communication
Monitoring Activities
"Are all components operating together in an integrated manner? Evaluate if a combination of internal control deficiencies, when aggregated across components, represent a major deficiency* (Update Summary of Deficiencies Template as needed)"
Is the overall system of internal control effective? *
Basis for conclusion

* If It Is Determined That There Is A Major Deficiency, Management Must Conclude That The System Of Internal Control Is Not Effective.

Page 6

Providing other services and consultations

At The Official Request Of The Authorities And With The Approval Of The Senior Management, The Internal Audit Office Provided The Following Services:

The details of the most important work and activities of the internal audit will be presented as follows
The quality of the internal audit

The Quality Audit Plan Has Been Prepared And Approved To Include Continuous Monitoring Of Internal Audit Activities, Monitoring And Follow-Up Of The Internal Evaluation Observations For The Year 20Xx, Internal Evaluation Of The Work Quality Assurance And Improvement Program (Periodic Review), Measuring The Impact Of Internal Customers - Measuring The Impact Of Internal Audit Staff, And External Evaluation (Follow-Up To The Report Of The Financial Supervisory Authority), In Addition To Strategic Initiatives (Partnerships Initiative - Business Continuity Initiative - Creativity And Innovation Initiative - Happiest Work Environment Initiative - Internal Audit Initiative). Xx% Of The Planned Activities Have Been Accomplished.

First: Continuous supervision of internal audit work

By Checking The Number Of Xxx Reports In The Xxx Program, It Was Found That There Were Errors In The Reports, Including:

  • Not Mentioning Mission Objectives In The Audit Program
  • Not Linking The Strategic Objective To The Task Objective In The Audit Program
  • Failure To Follow The Steps Of Writing The Report According To International Standards In Some Reports
  • Failure To Include The Discussion Of The Party Concerned With The Results Of The Report Through A Meeting Or Evidence Of The Presentation Of Observations
  • Grammar And Spelling Errors
  • Difference In Audit Activities In The Approved Plan
  • Not Including The Description Of Audit Programs In Some Transactions

Technical Audit Of Reports Issued To A Number Of

Scope Technical Audit Report

Technical Audit Report On Business Start-Up Meetings 2021

Periodic Follow-Up Report 2021 - Auditing Description Of Audit Programs (All Sections)

Secondly:Follow-Up Notes Of The Internal Evaluation Of The Work Of The Internal Audit

The Evaluation Observations Were Followed-Up Xxxxxxxxx For The Program To Ensure And Improve The Quality Of The Internal Audit Work And To Monitor The Cases Of Previous Observations. On Examination, The Following Was Found:

hrough the audit, xxx was closed out of xxx notes:( for example )

Although There Is A Demand For A Job Vacancy For The Technical Resources Asset Audit Branch, Not Enough Resources Have Been Assigned To Achieve The Mission Objectives.

Lack Of Skill And Necessary Professional Care (The Note Will Be Closed Until The Employees Obtain The Certificate Of Certified Auditor)

It Was Found That The Internal Audit Observations Were Based On Risks And Not The Institutional Risk Register When Preparing The Internal Audit Plan.

The Candidate Identification Form To Succeed The Incumbent Of The Targeted Position In The Replacement And Succession Process Has Not Been Completed

Page 7

It Was Found That The Internal Audit Manual Was Not Updated

It Was Found That There Was A Delay In The Time Taken For The Audit Process XXXXX, The Closure Of The Audit Programs On Time And The Cancellation Of Some Audit Programs Planned For The Year 20Xx

Exceeding The Actual Time For Receiving Documents As Agreed And Delaying The Inclusion Of Internal Assessment Evidence

Fourthly:Internal evaluation of internal audit work (Business Quality Assurance and Improvement Program) executive summary

The (Internal Evaluation) Of The Program To Ensure And Improve The Quality Of Internal Audit Work Was Carried Out In Xxxxx Out Of 20Xx To Determine The Extent To Which The Internal Audit Activity Complies With International Standards For The Practice Of Internal Audit Work.IPPF. As It Was Found That The Internal Audit Office Is Generally Compliant With International Standards, But There Are Improvement Opportunities For The Next Evaluation

Program Goals

Assessment Of The Compliance Of The Internal Audit Activity With The International Professional Framework For The Practice Of Internal Audit Ork.IPPF) And Its Effectiveness In Carrying Out Its Mission As Described In The Internal Audit Charter.

Identify Business And Audit Staff About Internal Audit Activities And Provide Level Of Satisfaction With Services Provided.

Review And Identify Ways To Enhance Internal Audit Methodology, Policies And Procedures, And Internal Audit Interaction With Stakeholders

Successful Internal Audit Practices
1. Standard 1000 - Purpose, Authority and Responsibility

The Internal Audit Charter Is Comprehensive And Includes The Mandatory Elements Of The International Professional Framework For The Practice Of Internal Auditing. Especially What Was Noted:

There Is Clarity In Defining The Mandatory Nature Of The Basic Principles For The Professional Practice Of Internal Auditing, The Definition Of Internal Auditing, The Code Of Ethics And The Standards.

The Charter Is Reviewed And Approved By Senior Management.

The Charter Appropriately Defines The Functional And Managerial Relationship Of The Chief Audit Executive And Specifically Describes The Nature Of This Relationship.

The Charter Requires The Chief Audit Executive To Assure The Audit Committee The Functional Independence Of Internal Auditing Annually.

The Charter Describes The Chief Audit Executive's Responsibility To Communicate The Results Of The Established Quality Assurance And Improvement Progr

2. Standard 2200[Planning the internal audit assignment]

A Documented Chart Has Been Prepared For Each Audit Engagement. The Outline Includes: Mission Objectives, Scope, Time Domain, Resources Allocated To The Mission And Takes Into Account The Organization's Strategies, Goals, And Risks Related To The Mission.

3. Standard 2330[documentation of information]

Dequate, Reliable, Relevant And Useful Information To Support The Conclusions And Results Of The Assignment Is Documented By The Programgrc

Page 8

The Issue Of Access To Assignment Documents Is Monitored And Senior Management Approval Must Be Obtained, Where Appropriate, Prior To Allowing Third Parties To Access Assignment Documents.

Having A Document Retention Policy

4. Standard 2430[Use of the phrase “the engagement was accomplished in accordance with the International Standards for the Professional Practice of Internal Auditing”

The Auditors Shall State That Their Tasks Have Been Accomplished In Accordance With The International Standards For The Professional Practice Of Internal Auditing And Include The Statement That The Reports Have Been Completed.

5. Standard (1230) Continuing Professional Education

Percentage Of Trained Employees In The Internal Audit Office Xx%

Percentage Of Employees Trained In Innovation,%

Assignment Of 100% Of The Office’s Employees To A Number Of (××) Training Programs And Training

workshops within the country

Affiliation With International Professional Associations (Xxxxxxx)

Percentage Of Participants In The Unified Suggestion Program Xxx%, And Xxx Were Added, Including The Number Of Feasible Ideas Xx.

Details - Compliance Gaps with Standards or Ethics
1. Standard 2100 Nature of Business (Risk Management 2120)

The Effectiveness Of Risk Management And Contribution To The Improvement Of Its Operations Has Not Been Evaluated.

Recommendation: Include The Mission In The 20Xx Plan, Evaluate The Effectiveness Of Risk Management, And Contribute To The Improvement Of Its Operations.

2. Standard 2400 – Communication of results (Reporting Standards 2410 and Quality of Reporting 2420).

It Was Found Not To Follow The Criteria For Communicating Results And Discussing The Observations With The Audited Entity In Some Reports So That They Include The Objectives Of The Mission, The Scope Of The Mission And Its Results. It Was Found Through The Communication Of The Results That The (Task Objectives / Scope / Deliverable Results) Were Not Discussed During The Final Meeting Of The Task.

Recommendation: Be Based On The International Standards For The Professional Practice Of Internal Auditingippf When Exercising The Internal Audit Function And Discussing (Mission Objectives / Scope / Executable Results) When Communicating The Results To The Auditor.

Details - Opportunities for continuous improvement
1. Standard 1200 - Necessary Professional Skills and Care

Auditors Must Determine Which Resources Are Appropriate (The Knowledge, Skills, And Competencies Required To Perform The Task) And Sufficient (The Amount Of Resources Required To Complete The Task With Due Professional Care) To Achieve The Objectives Of The Task And Focus On Evaluating The Nature And Complexity Of Each Task, Time Constraints, And Available Resources. Although The Audit Staff Were Trained On Specialized Courses, The Professional Certificate Of Internal Audit Was Not Obtained, And This Is A Requirement By××××.

Certified Recommendationaudit Certified Audit Certified Recommendation: Raise The Skill Level Of Employees The Desk By Obtaining The Professional Certificate Of Internal Audit Certified Internal Auditor (CIA - 2022 - 2023.

Page 9

Internal evaluation table to ensure and improve the quality of work:

Put a mark (x) as applicable (Mark "X" as applicable)

does not
comply(DNC) 		Partially
complied(PC) 		Generally
complied(GC) 		Inventory recommendations
Inventory of Recommendations
overall assessment
OVERALL EVALUATION
Standards Attribute
ATTRIBUTE STANDARDS
GC 1000 Objectives, Powers, Responsibilities Purpose, authority, and responsibility
GC 1010 Objectives, Powers, Responsibilities Purpose, authority, and responsibility
GC 1010 Acknowledgment of the mandatory directives in the internal audit charter. Recognition of the Definition of Internal Auditing
GC 1010 Independence and objectivity Independence and Objectivity
GC 1010 organizational independence Organizational Independence
GC 1010 Direct interaction with the council Direct Interaction with the Board
GC 1010 The role of the chief audit executive outside of internal audit CAE Role Beyond Internal Auditing
GC 1010 Objectivity at the individual level (conflict of interest) Individual Objectivity(Conflict of interest)
GC 1010 Impact on independence Impairments to Independence or Objectivity
GC 1010 Necessary professional skills and care(training schedule) Proficiency and Due Professional Care(Trainings)

Page 10

Internal evaluation observations and recommendations (ensure and improve the quality of work):
Praiseworthy aspects Number Of Notes Evaluation Activity
Customer Survey ResultsClient Survey Results
Internal Customer Satisfaction SurveyInternal Customer Satisfaction Survey

A Customer Satisfaction Questionnaire (Internal) Was Sent Regarding The Quality Of The Internal Audit Work, And It Showed The Following: A Number Of Xxx Male And Female Employees Were Sent And A Response Was Made To Xxx Employees. The Overall Satisfaction Rate Was Xx%.

Notes The Question

Page 11
Employee happiness resultsIternal audit office 20xxx:

Manageddeskthe Internal Audit Achieved A Percentage Of Xxx% In The Results Of Job Happiness For The Year Xx20 According To The Mechanism Of Xxxxx

secondly : Strategic initiatives

Business Continuity Initiative Charter

Page 12

Page 13

×
Year
2018 2019 2020 2021
Teams
Team1 Team2 Team3 Team4 Team5 Team6 Team7
Role
UI/UX PHP
Division
Hr Project Manager
Risk Rate
Low Medium Hight Very Hight
Quarter
Q1 Q2 Q3 Q4
Is Auditor
Deesignation
Developer Designer
Sub Section
Interview
Month
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Department
Subsidiary
Department Section Branch Division Sub Section
Branch
Dubai UK India Qatar Kuwait