Audit Discussion (mfg-audit@microfinancegateway.org)

Nubulumko,

As a starting point to establishing the audit function,i would propose
you do the following;

1.Go through all the procedure manuals in place with a view to
understanding them,identifying the controls built in the processes and
also will help understand if they are adequate.

2.The second thing you should do is to walk through the all the
operations of the organisation and document the systems notes and
systems flows for all the transactions -The idea is to compare the
ideal as per the manuals and the actual processess on the ground.in
the interviews to docment the systems ,try and establish if the staff
involved in the various processess do actually understand the controls.

3.If you establish any weak points in controls after the above two
exercise, which is likely-list them out and discuss them with the line
managment -already you have started on adding value to your
organisation.Ask why some controls are not being followed and where
the same is redundant-ask mgt to remove them related sections from the
manuals.Where from the system documentation you come across practice
which is not part of the manuals -request mgt to have it included in
the manuals.

3.The next thing you do is to carry out a risk assesssment across the
organisation-Various ways of doing this- could use the COSO
approach,develop you own risk weighting tool. or circulate a
questionare to various leves of staff and inquire as what the late as
the top ten risks in their departments /sections.Later you can
consolidate this and call in a meeting of the heads of sections and
depts for a brief and from this you will be able to prioritise the
risks.Note that the portfolio risk-in regard to deliquency for an MFI
starts from the point customers are intaken .This is actually preceded
by quality of staff initiating the intake

4.The next thing you do is to understand and document the accounting
system,the chart of accounts, and also understand the information
systems in use.In doing this ,look out for consistencies-do a through
review of the trial balance to establish if it reflects the systems.

5.Study the portfolio in regard to quality,disbursements,and size
against the budget and also per product-Compare with official mgt
reports.establish consistencies

6.Once this is done , identify your audit universe and the units
making up the universe-this could be per departments/sections/all
processess.eg Loan disbursement as a process.

7.With the knowledge from 1,2,3,4,,5- and develop audit programs for
each unit in the universe-must be clear conscise and self explanatory.

8.Develop various audit tools like audit cycle,standards of working
papers,etc

9.Develop the annual work plan guided by the risk assessment report-
priority should go to high risk areas/ units

10.To start work on each unit -do a detailed audit plan-study the unit
in depth-the plan should have -terms of
reference,scope,methodology,team to be involved, methodology,history
of the unit in brief,past loss and fraud cases,possible areas of risk
and last the time schedule and distribution of work in field work.


11.In each audit-circulate the terms to the unit mgt before start of
audit,have a entry meeting with unit mgt and dscuss terms of reference
scope and docs you require, clear issues with unit mgt as they
arise,have an exit meeting-

Nb.

Before all this ensure a clear charter of the audit department and
also for the audit committee

Thanks

Bikuri Martin
Manager Audit K-RepBank
Nrb-Kenya

-----Original Message-----
From: 'Kiringai Kamau'
To: 'MFI Audit Information Centre'
Date: Sun, 10 Aug 2003 14:10:47 +0300
Subject: Re: Risk Assessment and audit plan

> Hi Nabulumkho,
>
> My name is Kiringai, a business and process consultant in Nairobi. I
> have
> been involved in IT audits for a few institutions doing microcredit
> in
> Nairobi.
>
> Your key concern will be to first identify the processes. Are they
> automated
> or manual.
>
> If you are automated, you will need to understand the operating
> system that
> is behind the operational systems in your organization. If not, the
> audit
> shall be the same as a CPA will undertake and therefore not complex.
> A comprehensive explanation of the audit process will also have a
> linkage
> with the operational processes in the field and might therefore be
> slightly
> involved to help you come up with a manual.
>
> If there is anything I can do, kindly let me know as consulting is my
> business.
>
> Kind regards,
>
> Kiringai Kamau
> Principal Consultant
> WillPower Enterprise Development Limited
> PO Box 00200 - 35046, Nairobi
> 4th Floor Pan Africa House, Kenyatta Avenue
> Tel:254-020-240567/240571
> Cell:254-0722-800-986
>
> ----- Original Message -----
> From: 'Nobulumko Portia January'
> To: 'MFI Audit Information Centre'
> Sent: Friday, August 08, 2003 12:26 PM
> Subject: Risk Assessment and audit plan
>
>
> > I have just joined the micro finance business as Internal auditor,
> Internal audit division it is formulated. I'm asking the group please
> help
> us we need to do risk assessment and the audit plan.
> >
> > Next thing review of the policies- operations and finance manual to
> ensure
> adequate and effective controls in place.
> >
> > Regards
> > Marang financial services(South Africa)
> >
> >
> >
> >
> >
> >
> > ---
> > You are currently subscribed to mfiauditdialog as:
> kiringai@willpower.co.ke
> > To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
>
> ---
> You are currently subscribed to mfiauditdialog as:
> mbikuri@k-repbank.com
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
>