{"id":12823,"date":"2026-06-05T13:03:47","date_gmt":"2026-06-05T13:03:47","guid":{"rendered":"https:\/\/promotionexams.com\/?page_id=12823"},"modified":"2026-06-05T13:04:20","modified_gmt":"2026-06-05T13:04:20","slug":"operational-manual-for-internal-audit-notes","status":"publish","type":"page","link":"https:\/\/promotionexams.com\/?page_id=12823","title":{"rendered":"Operational-manual-for-internal-audit Notes"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"12823\" class=\"elementor elementor-12823\">\n\t\t\t\t<div class=\"elementor-element elementor-element-64c4164 e-con-full e-flex e-con e-parent\" data-id=\"64c4164\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-9c89ad0 elementor-widget elementor-widget-html\" data-id=\"9c89ad0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t\t<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n<meta charset=\"UTF-8\">\r\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n<title>Operational Manual for Internal Audit (Central Ministries) \u2014 Study Notes<\/title>\r\n<style>\r\n .elementor-section.elementor-section-stretched,\r\n    .elementor-section-full_width,\r\n    .elementor-container,\r\n    .elementor-column,\r\n    .elementor-column-wrap,\r\n    .elementor-widget-wrap,\r\n    .elementor-element {\r\n        padding: 0 !important;\r\n        margin: 0 !important;\r\n        gap: 0 !important;\r\n    }\r\n  *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }\r\n  :root {\r\n    --navy:   #0f2a4a;\r\n    --blue:   #1a5fa8;\r\n    --sky:    #2d8ecf;\r\n    --teal:   #0e8f7a;\r\n    --amber:  #c97c10;\r\n    --red:    #c0392b;\r\n    --gold:   #c89b0a;\r\n    --purple: #7e3eb5;\r\n    --text:   #1c2b3a;\r\n    --muted:  #5a6d80;\r\n    --border: #e0e8f0;\r\n    --dr:     #993C1D;\r\n    --cr:     #0F6E56;\r\n  }\r\n  html { scroll-behavior: smooth; }\r\n  body {\r\n    font-family: 'DM Sans', -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;\r\n    background: #ffffff;\r\n    color: var(--text);\r\n    font-size: 15px;\r\n    line-height: 1.85;\r\n  }\r\n  a { text-decoration: none; color: inherit; }\r\n\r\n  \/* \u2500\u2500 HERO \u2500\u2500 *\/\r\n  .hero {\r\n    width: 100%;\r\n    background: linear-gradient(130deg, #0f2a4a 0%, #1a5fa8 38%, #7e3eb5 78%, #c89b0a 100%);\r\n    padding: 60px 48px 56px;\r\n    color: #fff;\r\n    position: relative;\r\n    overflow: hidden;\r\n  }\r\n  .hero::before {\r\n    content: ''; position: absolute; inset: 0;\r\n    background: url(\"data:image\/svg+xml,%3Csvg width='60' height='60' viewBox='0 0 60 60' xmlns='http:\/\/www.w3.org\/2000\/svg'%3E%3Cg fill='none'%3E%3Cg fill='%23ffffff' fill-opacity='0.05'%3E%3Cpath d='M36 34v-4h-2v4h-4v2h4v4h2v-4h4v-2h-4zm0-30V0h-2v4h-4v2h4v4h2V6h4V4h-4zM6 34v-4H4v4H0v2h4v4h2v-4h4v-2H6zM6 4V0H4v4H0v2h4v4h2V6h4V4H6z'\/%3E%3C\/g%3E%3C\/g%3E%3C\/svg%3E\");\r\n    pointer-events: none;\r\n  }\r\n  .hero::after {\r\n    content: ''; position: absolute; right: -80px; top: -100px;\r\n    width: 500px; height: 500px; border-radius: 50%;\r\n    background: radial-gradient(circle, rgba(255,255,255,0.10) 0%, transparent 65%);\r\n    pointer-events: none;\r\n  }\r\n  .hero-inner { max-width: 1100px; margin: 0 auto; position: relative; z-index: 1; }\r\n  .hero-grid {\r\n    display: grid;\r\n    grid-template-columns: 1fr 320px;\r\n    gap: 36px;\r\n    align-items: center;\r\n  }\r\n  .hero-text { min-width: 0; }\r\n  .hero-illustration {\r\n    width: 320px; max-width: 100%;\r\n    filter: drop-shadow(0 10px 22px rgba(0,0,0,0.22));\r\n    animation: heroFloat 6s ease-in-out infinite;\r\n  }\r\n  .hero-illustration svg { width: 100%; height: auto; display: block; }\r\n  @keyframes heroFloat {\r\n    0%, 100% { transform: translateY(0); }\r\n    50%      { transform: translateY(-6px); }\r\n  }\r\n  .hero-kicker {\r\n    display: inline-block;\r\n    background: rgba(255,255,255,0.18); color: #fff;\r\n    font-size: 11px; font-weight: 700;\r\n    padding: 6px 14px; border-radius: 20px;\r\n    letter-spacing: 0.14em; text-transform: uppercase;\r\n    margin-bottom: 18px;\r\n    backdrop-filter: blur(4px);\r\n  }\r\n  .hero h1 {\r\n    font-family: 'Crimson Pro', Georgia, serif;\r\n    font-size: clamp(28px, 4.2vw, 44px);\r\n    font-weight: 700; line-height: 1.2;\r\n    margin-bottom: 14px; color: #fff;\r\n    text-shadow: 0 2px 8px rgba(0,0,0,0.18);\r\n  }\r\n  .hero-sub { font-size: 15px; opacity: 0.92; margin-bottom: 24px; max-width: 720px; color: #fff; }\r\n  .hero-pills { display: flex; flex-wrap: wrap; gap: 8px; }\r\n  .hero-pill {\r\n    background: rgba(255,255,255,0.18);\r\n    border: 1px solid rgba(255,255,255,0.30);\r\n    color: #fff; font-size: 12px; font-weight: 600;\r\n    padding: 6px 14px; border-radius: 20px;\r\n    backdrop-filter: blur(6px);\r\n  }\r\n\r\n  \/* \u2500\u2500 BREADCRUMB \u2500\u2500 *\/\r\n  .breadcrumb-bar { background: #fff; border-bottom: 1px solid var(--border); padding: 10px 48px; }\r\n  .breadcrumb-inner {\r\n    max-width: 1100px; margin: 0 auto;\r\n    font-size: 12.5px; color: #aaa;\r\n    display: flex; align-items: center; gap: 6px;\r\n  }\r\n  .breadcrumb-inner a { color: var(--blue); }\r\n  .breadcrumb-inner a:hover { text-decoration: underline; }\r\n  .breadcrumb-inner .sep { color: #ddd; }\r\n\r\n  \/* \u2500\u2500 LAYOUT \u2500\u2500 *\/\r\n  .layout {\r\n    max-width: 1100px; margin: 0 auto;\r\n    padding: 44px 48px 88px;\r\n    display: grid;\r\n    grid-template-columns: 256px 1fr;\r\n    gap: 56px;\r\n    align-items: start;\r\n  }\r\n\r\n  \/* \u2500\u2500 CHAPTER HEADING \u2500\u2500 *\/\r\n  .chapter-heading-block {\r\n    display: flex; align-items: center; gap: 14px;\r\n    margin: 52px 0 22px;\r\n    padding-bottom: 14px;\r\n    border-bottom: 2.5px solid var(--navy);\r\n  }\r\n  .chapter-heading-block:first-child { margin-top: 0; }\r\n  .chapter-badge {\r\n    background: var(--navy); color: #fff;\r\n    font-size: 10px; font-weight: 700;\r\n    padding: 5px 16px; border-radius: 4px;\r\n    letter-spacing: 0.1em; text-transform: uppercase;\r\n    white-space: nowrap; flex-shrink: 0;\r\n  }\r\n  .chapter-heading-block h2 {\r\n    font-family: 'Crimson Pro', Georgia, serif;\r\n    font-size: 23px; font-weight: 700; color: var(--navy); margin: 0;\r\n  }\r\n\r\n  \/* \u2500\u2500 SECTION HEADING \u2500\u2500 *\/\r\n  .section-heading-block {\r\n    display: flex; align-items: center; gap: 12px;\r\n    margin: 38px 0 14px;\r\n  }\r\n  .section-badge {\r\n    background: var(--blue); color: #fff;\r\n    font-size: 9.5px; font-weight: 700;\r\n    padding: 4px 12px; border-radius: 3px;\r\n    letter-spacing: 0.08em; white-space: nowrap; flex-shrink: 0;\r\n  }\r\n  .section-badge.amber  { background: var(--amber); }\r\n  .section-badge.teal   { background: var(--teal); }\r\n  .section-badge.purple { background: var(--purple); }\r\n  .section-badge.red    { background: var(--red); }\r\n  .section-badge.gold   { background: var(--gold); }\r\n  .section-heading-block h3 { font-size: 17px; font-weight: 700; color: var(--navy); margin: 0; }\r\n\r\n  .article h4 { font-size: 14.5px; font-weight: 700; color: var(--navy); margin: 22px 0 10px; }\r\n  .article p { color: #2c3e50; margin-bottom: 12px; text-align: justify; hyphens: auto; }\r\n  .article strong { color: #111; }\r\n\r\n  \/* \u2500\u2500 ICON LIST \u2500\u2500 *\/\r\n  .icon-list { list-style: none; margin: 0 0 14px; display: flex; flex-direction: column; gap: 8px; }\r\n  .icon-list li { display: flex; align-items: flex-start; gap: 10px; font-size: 15px; color: #2c3e50; line-height: 1.78; text-align: justify; }\r\n  .icon-list li .ico { font-size: 15px; flex-shrink: 0; margin-top: 4px; width: 20px; text-align: center; }\r\n\r\n  \/* \u2500\u2500 CALLOUT \u2500\u2500 *\/\r\n  .callout {\r\n    border-left: 3px solid var(--blue);\r\n    padding: 14px 18px; margin: 16px 0 20px;\r\n    background: #f8fbff; border-radius: 0 6px 6px 0;\r\n  }\r\n  .callout.amber  { border-left-color: var(--amber);  background: #fffbf5; }\r\n  .callout.red    { border-left-color: var(--red);    background: #fff8f7; }\r\n  .callout.teal   { border-left-color: var(--teal);   background: #f4fdf9; }\r\n  .callout.purple { border-left-color: var(--purple); background: #faf6ff; }\r\n  .callout.gold   { border-left-color: var(--gold);   background: #fffcf0; }\r\n  .callout-label {\r\n    font-size: 10px; font-weight: 700; text-transform: uppercase;\r\n    letter-spacing: 0.12em; margin-bottom: 8px; color: var(--blue);\r\n  }\r\n  .callout.amber  .callout-label { color: var(--amber); }\r\n  .callout.red    .callout-label { color: var(--red); }\r\n  .callout.teal   .callout-label { color: var(--teal); }\r\n  .callout.purple .callout-label { color: var(--purple); }\r\n  .callout.gold   .callout-label { color: #8a6a00; }\r\n  .callout p { text-align: justify; }\r\n\r\n  \/* \u2500\u2500 DEFINITION CARD \u2500\u2500 *\/\r\n  .def-card {\r\n    background: linear-gradient(135deg, #fffcf0 0%, #fff7e0 100%);\r\n    border: 1.5px solid #e8c87a;\r\n    border-radius: 12px; padding: 22px 26px;\r\n    margin: 18px 0 26px; position: relative;\r\n  }\r\n  .def-card::before {\r\n    content: '\\201C';\r\n    position: absolute; top: 6px; left: 14px;\r\n    font-family: Georgia, serif;\r\n    font-size: 60px; color: rgba(200,155,10,0.25); line-height: 1;\r\n  }\r\n  .def-card .def-label {\r\n    font-size: 10.5px; font-weight: 700; text-transform: uppercase;\r\n    letter-spacing: 0.14em; color: #8a6a00; margin-bottom: 8px;\r\n    position: relative; z-index: 1;\r\n  }\r\n  .def-card .def-text {\r\n    font-size: 15px; color: #4a3500; line-height: 1.78;\r\n    position: relative; z-index: 1;\r\n    text-align: justify;\r\n  }\r\n\r\n  \/* \u2500\u2500 FLOW \u2500\u2500 *\/\r\n  .flow { display: flex; flex-direction: column; margin: 18px 0 24px; }\r\n  .flow-step { display: flex; align-items: flex-start; gap: 18px; position: relative; }\r\n  .flow-step:not(:last-child)::after {\r\n    content: ''; position: absolute; left: 19px; top: 42px;\r\n    width: 2px; height: calc(100% - 6px);\r\n    background: linear-gradient(180deg, var(--blue) 0%, #d0dce6 100%);\r\n  }\r\n  .flow-num {\r\n    width: 40px; height: 40px; border-radius: 50%;\r\n    background: var(--blue); color: #fff;\r\n    display: flex; align-items: center; justify-content: center;\r\n    font-weight: 700; font-size: 14px; flex-shrink: 0;\r\n  }\r\n  .flow-content { flex: 1; padding: 8px 0 26px; }\r\n  .flow-content h5 { font-size: 14.5px; font-weight: 700; color: var(--navy); margin-bottom: 4px; }\r\n  .flow-content p { font-size: 14px; color: var(--muted); margin: 0; }\r\n\r\n  \/* \u2500\u2500 COMPARE TABLE \u2500\u2500 *\/\r\n  .compare-table { width: 100%; border-collapse: collapse; margin: 16px 0 24px; border-radius: 8px; overflow: hidden; border: 1px solid var(--border); }\r\n  .compare-table thead tr { background: var(--navy); color: #fff; }\r\n  .compare-table th { padding: 12px 16px; text-align: left; font-size: 12.5px; font-weight: 700; }\r\n  .compare-table td { padding: 11px 16px; font-size: 14px; border-bottom: 1px solid var(--border); color: #2c3e50; vertical-align: top; }\r\n  .compare-table tr:nth-child(even) td { background: #f9fbfd; }\r\n  .compare-table td.label-cell { font-weight: 700; color: var(--navy); background: #f1f5f9 !important; width: 22%; }\r\n\r\n  \/* \u2500\u2500 PARTS LIST \u2500\u2500 *\/\r\n  .parts-list {\r\n    list-style: none; counter-reset: parts;\r\n    margin: 14px 0 22px;\r\n    display: flex; flex-direction: column; gap: 12px;\r\n  }\r\n  .parts-list > li {\r\n    background: #fff;\r\n    border: 1.5px solid var(--border);\r\n    border-radius: 10px;\r\n    padding: 16px 18px 16px 60px;\r\n    position: relative;\r\n    font-size: 14.5px; color: #2c3e50;\r\n    line-height: 1.72;\r\n    counter-increment: parts;\r\n    text-align: justify;\r\n  }\r\n  .parts-list > li::before {\r\n    content: counter(parts, lower-alpha);\r\n    position: absolute; left: 16px; top: 16px;\r\n    width: 32px; height: 32px;\r\n    background: var(--blue); color: #fff;\r\n    border-radius: 50%;\r\n    display: flex; align-items: center; justify-content: center;\r\n    font-size: 14px; font-weight: 700;\r\n    font-family: 'JetBrains Mono', monospace;\r\n  }\r\n  .parts-list.roman > li::before { content: counter(parts, lower-roman); font-size: 12px; }\r\n  .parts-list.decimal > li::before { content: counter(parts); font-size: 13px; }\r\n  .parts-list.teal > li::before { background: var(--teal); }\r\n  .parts-list.amber > li::before { background: var(--amber); }\r\n  .parts-list.purple > li::before { background: var(--purple); }\r\n  .parts-list.red > li::before { background: var(--red); }\r\n  .parts-list.gold > li::before { background: var(--gold); }\r\n  .parts-list > li strong { color: var(--navy); }\r\n\r\n  \/* \u2500\u2500 NUMBERED LIST (slim) \u2500\u2500 *\/\r\n  .num-list { list-style: none; counter-reset: numlist; margin: 14px 0 18px; }\r\n  .num-list li {\r\n    counter-increment: numlist;\r\n    display: flex; align-items: flex-start; gap: 12px;\r\n    margin-bottom: 8px; font-size: 14.5px; color: #2c3e50;\r\n    line-height: 1.75;\r\n    text-align: justify;\r\n  }\r\n  .num-list li::before {\r\n    content: counter(numlist);\r\n    background: var(--blue); color: #fff;\r\n    width: 26px; height: 26px; border-radius: 50%;\r\n    display: flex; align-items: center; justify-content: center;\r\n    font-size: 12px; font-weight: 700; flex-shrink: 0; margin-top: 2px;\r\n    font-family: 'JetBrains Mono', monospace;\r\n  }\r\n  .num-list.amber li::before { background: var(--amber); }\r\n  .num-list.teal li::before { background: var(--teal); }\r\n\r\n  \/* \u2500\u2500 HIGHLIGHT BOX \u2500\u2500 *\/\r\n  .highlight-box {\r\n    background: linear-gradient(135deg, #f0f7ff 0%, #e8f1fc 100%);\r\n    border-left: 4px solid var(--blue);\r\n    border-radius: 0 10px 10px 0;\r\n    padding: 16px 20px;\r\n    margin: 16px 0 22px;\r\n  }\r\n  .highlight-box .hl-label {\r\n    font-size: 10px; font-weight: 700; text-transform: uppercase;\r\n    letter-spacing: 0.12em; color: var(--blue); margin-bottom: 6px;\r\n  }\r\n  .highlight-box .hl-text { font-size: 14.5px; color: #2c3e50; line-height: 1.72; text-align: justify; }\r\n\r\n  \/* \u2500\u2500 STAT GRID \u2500\u2500 *\/\r\n  .stat-grid { display: grid; grid-template-columns: repeat(4, 1fr); gap: 12px; margin: 18px 0 26px; }\r\n  .stat-card {\r\n    background: #fff; border: 1.5px solid var(--border);\r\n    border-radius: 10px; padding: 16px;\r\n    text-align: center;\r\n  }\r\n  .stat-card.b { border-color: #9dc3ec; background: #f0f7ff; }\r\n  .stat-card.t { border-color: #7fd3c5; background: #f0fdf8; }\r\n  .stat-card.a { border-color: #f0d58a; background: #fffbf0; }\r\n  .stat-card.r { border-color: #f5a0a0; background: #fff5f5; }\r\n  .stat-card .stat-num {\r\n    font-family: 'JetBrains Mono', monospace;\r\n    font-size: 22px; font-weight: 700;\r\n    color: var(--navy); line-height: 1.1;\r\n    margin-bottom: 6px;\r\n  }\r\n  .stat-card.b .stat-num { color: var(--blue); }\r\n  .stat-card.t .stat-num { color: var(--teal); }\r\n  .stat-card.a .stat-num { color: var(--amber); }\r\n  .stat-card.r .stat-num { color: var(--red); }\r\n  .stat-card .stat-label { font-size: 11px; font-weight: 700; text-transform: uppercase; letter-spacing: 0.06em; color: var(--muted); }\r\n  .stat-card .stat-icon { font-size: 24px; margin-bottom: 4px; display: block; }\r\n\r\n  \/* \u2500\u2500 CATEGORY CARDS \u2500\u2500 *\/\r\n  .cat-grid { display: grid; grid-template-columns: repeat(2, 1fr); gap: 14px; margin: 20px 0 28px; }\r\n  .cat-grid.three { grid-template-columns: repeat(3, 1fr); }\r\n  .cat-grid.four { grid-template-columns: repeat(4, 1fr); }\r\n  .cat-card { border-radius: 10px; padding: 18px 18px; border: 1.5px solid var(--border); }\r\n  .cat-card.a { border-color: #9dc3ec; background: #f0f7ff; }\r\n  .cat-card.b { border-color: #7fd3c5; background: #f0fdf8; }\r\n  .cat-card.c { border-color: #f0d58a; background: #fffbf0; }\r\n  .cat-card.d { border-color: #f5a0a0; background: #fff5f5; }\r\n  .cat-card.e { border-color: #d1baf0; background: #f9f5ff; }\r\n  .cat-label { font-size: 9.5px; font-weight: 700; text-transform: uppercase; letter-spacing: 0.12em; color: var(--muted); margin-bottom: 6px; }\r\n  .cat-title { font-size: 14.5px; font-weight: 700; color: var(--navy); margin-bottom: 8px; }\r\n  .cat-card.a .cat-title { color: var(--blue); }\r\n  .cat-card.b .cat-title { color: var(--teal); }\r\n  .cat-card.c .cat-title { color: var(--amber); }\r\n  .cat-card.d .cat-title { color: var(--red); }\r\n  .cat-card.e .cat-title { color: var(--purple); }\r\n  .cat-card p { font-size: 13px; color: #2c3e50; line-height: 1.7; text-align: justify; }\r\n  .cat-badge { display: inline-block; font-size: 24px; font-weight: 900; margin-bottom: 6px; font-family: 'Crimson Pro', Georgia, serif; line-height: 1; }\r\n  .cat-card.a .cat-badge { color: var(--blue); }\r\n  .cat-card.b .cat-badge { color: var(--teal); }\r\n  .cat-card.c .cat-badge { color: var(--amber); }\r\n  .cat-card.d .cat-badge { color: var(--red); }\r\n  .cat-card.e .cat-badge { color: var(--purple); }\r\n\r\n  \/* \u2500\u2500 SCHEDULE BANNER \u2500\u2500 *\/\r\n  .schedule-banner { border: 2px solid var(--amber); border-radius: 10px; padding: 22px 24px; margin: 20px 0 26px; background: #fffcf0; position: relative; }\r\n  .schedule-stamp { position: absolute; top: -11px; left: 20px; background: var(--amber); color: #fff; font-size: 10px; font-weight: 700; letter-spacing: 0.1em; text-transform: uppercase; padding: 3px 14px; border-radius: 4px; }\r\n  .schedule-banner h4 { font-size: 15px; font-weight: 700; color: #4a3500; margin-bottom: 12px; margin-top: 8px; }\r\n\r\n  \/* \u2500\u2500 TAGS \u2500\u2500 *\/\r\n  .tag-yes { background: #edfaf6; color: var(--teal); border-radius: 4px; padding: 2px 8px; font-size: 12px; font-weight: 700; }\r\n  .tag-no  { background: #fef3f2; color: var(--red); border-radius: 4px; padding: 2px 8px; font-size: 12px; font-weight: 700; }\r\n  .tag-b   { background: #e8f2ff; color: var(--blue); border-radius: 4px; padding: 2px 8px; font-size: 12px; font-weight: 700; }\r\n  .tag-c   { background: #fff8e8; color: var(--amber); border-radius: 4px; padding: 2px 8px; font-size: 12px; font-weight: 700; }\r\n\r\n  \/* \u2500\u2500 CHAPTER PANE (tab-style switching) \u2500\u2500 *\/\r\n  .chapter-pane { display: none; animation: fadeIn 0.3s ease; }\r\n  .chapter-pane.active { display: block; }\r\n  @keyframes fadeIn {\r\n    from { opacity: 0; transform: translateY(4px); }\r\n    to   { opacity: 1; transform: translateY(0); }\r\n  }\r\n\r\n  \/* \u2500\u2500 SIDEBAR \u2500\u2500 *\/\r\n  .sidebar { position: sticky; top: 24px; max-height: calc(100vh - 48px); }\r\n  .toc-card {\r\n    background: #fff; border: 1px solid var(--border);\r\n    border-radius: 12px; padding: 16px 12px;\r\n    max-height: calc(100vh - 48px); overflow-y: auto;\r\n  }\r\n  .toc-card-title {\r\n    font-size: 10px; font-weight: 700;\r\n    text-transform: uppercase; letter-spacing: 0.14em;\r\n    color: var(--muted); margin: 4px 0 14px; padding: 0 4px;\r\n  }\r\n  .toc-chapter { margin-bottom: 8px; }\r\n  .toc-chapter-header {\r\n    background: var(--navy);\r\n    border-radius: 10px;\r\n    padding: 12px;\r\n    color: #fff;\r\n    cursor: pointer;\r\n    display: flex; align-items: center; gap: 10px;\r\n    list-style: none;\r\n    transition: background 0.18s;\r\n  }\r\n  .toc-chapter-header::-webkit-details-marker { display: none; }\r\n  .toc-chapter-header:hover { background: #173860; }\r\n  .toc-ch-badge {\r\n    background: #ffd95a;\r\n    color: #0f2a4a;\r\n    font-size: 10px; font-weight: 800;\r\n    letter-spacing: 0.06em;\r\n    padding: 4px 8px; border-radius: 5px;\r\n    flex-shrink: 0;\r\n    min-width: 38px;\r\n    text-align: center;\r\n    line-height: 1;\r\n  }\r\n  .toc-ch-title {\r\n    flex: 1;\r\n    font-size: 13.5px;\r\n    font-weight: 700;\r\n    line-height: 1.25;\r\n    color: #fff;\r\n  }\r\n  .toc-ch-chev {\r\n    font-size: 10px;\r\n    color: rgba(255,255,255,0.8);\r\n    transition: transform 0.22s ease;\r\n    flex-shrink: 0;\r\n  }\r\n  .toc-chapter[open] > .toc-chapter-header { background: #173860; }\r\n  .toc-chapter[open] > .toc-chapter-header .toc-ch-chev { transform: rotate(90deg); }\r\n  .toc-sub-wrap {\r\n    position: relative;\r\n    margin: 6px 0 6px 18px;\r\n    padding-left: 14px;\r\n  }\r\n  .toc-sub-wrap::before {\r\n    content: '';\r\n    position: absolute;\r\n    left: 0; top: 6px; bottom: 8px;\r\n    width: 1px;\r\n    background: repeating-linear-gradient(to bottom, #d0d8e2 0px, #d0d8e2 2px, transparent 2px, transparent 5px);\r\n  }\r\n  .toc-sub-list { list-style: none; }\r\n  .toc-sub-list li {\r\n    display: flex;\r\n    align-items: flex-start;\r\n    gap: 6px;\r\n    padding: 5px 4px 5px 0;\r\n  }\r\n  .toc-sub-num {\r\n    flex-shrink: 0;\r\n    font-family: 'JetBrains Mono', monospace;\r\n    font-size: 10.5px;\r\n    color: var(--muted);\r\n    font-weight: 600;\r\n    line-height: 1.5;\r\n    min-width: 32px;\r\n    padding-top: 1px;\r\n  }\r\n  .toc-sub-list a {\r\n    flex: 1;\r\n    font-size: 13px;\r\n    color: #2c3e50;\r\n    line-height: 1.45;\r\n    padding: 1px 4px;\r\n    border-radius: 3px;\r\n    transition: color 0.15s;\r\n  }\r\n  .toc-sub-list a:hover { color: var(--blue); }\r\n  .toc-sub-list a.active { color: var(--blue); font-weight: 700; }\r\n  .toc-sub-list .toc-app .toc-sub-num,\r\n  .toc-sub-list .toc-app a { color: var(--purple); }\r\n  .toc-sub-list .toc-app a:hover,\r\n  .toc-sub-list .toc-app a.active { color: #5a2a8a; font-weight: 700; }\r\n\r\n  \/* \u2500\u2500 RECAP \u2500\u2500 *\/\r\n  .recap {\r\n    background: linear-gradient(135deg, #0f2a4a 0%, #1a3d6a 100%);\r\n    border-radius: 14px; padding: 28px 30px;\r\n    margin: 44px 0 0; color: #fff;\r\n  }\r\n  .recap-title {\r\n    font-family: 'Crimson Pro', Georgia, serif;\r\n    font-size: 20px; font-weight: 700;\r\n    margin-bottom: 18px;\r\n    display: flex; align-items: center; gap: 10px;\r\n  }\r\n  .recap table { width: 100%; border-collapse: collapse; }\r\n  .recap th, .recap td {\r\n    padding: 10px 14px;\r\n    text-align: left;\r\n    border-bottom: 1px solid rgba(255,255,255,0.12);\r\n    font-size: 13.5px;\r\n  }\r\n  .recap th { font-size: 11px; text-transform: uppercase; letter-spacing: 0.1em; opacity: 0.7; font-weight: 700; }\r\n  .recap td:first-child { font-weight: 700; color: #ffd700; width: 36%; }\r\n  .recap td strong { color: #ffd95a; font-weight: 700; }\r\n  .recap td:first-child strong { color: inherit; }\r\n\r\n  \/* \u2500\u2500 RESPONSIVE \u2500\u2500 *\/\r\n  @media (max-width: 860px) {\r\n    .layout { grid-template-columns: 1fr; gap: 32px; padding: 28px 24px 64px; }\r\n    .sidebar { position: static; }\r\n    .stat-grid, .cat-grid, .cat-grid.three, .cat-grid.four { grid-template-columns: 1fr 1fr; }\r\n    .hero { padding: 48px 24px 44px; }\r\n    .breadcrumb-bar { padding: 10px 24px; }\r\n    .hero-grid { grid-template-columns: 1fr; gap: 24px; text-align: left; }\r\n    .hero-illustration { width: 240px; margin: 0 auto; }\r\n  }\r\n  @media (max-width: 500px) {\r\n    .hero h1 { font-size: 24px; }\r\n    .stat-grid, .cat-grid, .cat-grid.three, .cat-grid.four { grid-template-columns: 1fr; }\r\n    .hero-illustration { display: none; }\r\n    .compare-table td.label-cell { width: auto; }\r\n  }\r\n<\/style>\r\n<link rel=\"preconnect\" href=\"https:\/\/fonts.googleapis.com\">\r\n<link rel=\"preconnect\" href=\"https:\/\/fonts.gstatic.com\" crossorigin>\r\n<link href=\"https:\/\/fonts.googleapis.com\/css2?family=Crimson+Pro:wght@400;600;700&family=DM+Sans:wght@400;500;700&family=JetBrains+Mono:wght@400;700&display=swap\" rel=\"stylesheet\">\r\n<\/head>\r\n<body>\r\n\r\n<!-- \u2500\u2500 HERO \u2500\u2500 -->\r\n<div class=\"hero\">\r\n  <div class=\"hero-inner hero-grid\">\r\n    <div class=\"hero-text\">\r\n      <span class=\"hero-kicker\">Study Notes \u00b7 Internal Audit \u00b7 O\/o CGA<\/span>\r\n      <h1>Operational Manual for Internal Audit in Central Ministries<\/h1>\r\n      <p class=\"hero-sub\">Issued by the Internal Audit Division of the Controller General of Accounts (Ministry of Finance, Dept of Expenditure). A practical companion to the Internal Audit Handbook \u2014 it lays out how Internal Audit Wings are structured, how the audit cycle is planned and performed, the tools used, how results are reported, and how quality and special audits are conducted.<\/p>\r\n      <div class=\"hero-pills\">\r\n        <span class=\"hero-pill\">7 Chapters<\/span>\r\n        <span class=\"hero-pill\">23 Checklists<\/span>\r\n        <span class=\"hero-pill\">8 Exhibits<\/span>\r\n        <span class=\"hero-pill\">5-C Reporting Framework<\/span>\r\n      <\/div>\r\n    <\/div>\r\n    <div class=\"hero-illustration\" aria-hidden=\"true\">\r\n      <svg viewBox=\"0 0 320 280\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" role=\"img\" aria-label=\"Magnifying glass over audit checklist with shield\">\r\n        <ellipse cx=\"160\" cy=\"248\" rx=\"120\" ry=\"13\" fill=\"rgba(0,0,0,0.18)\"\/>\r\n        <!-- clipboard \/ checklist -->\r\n        <g transform=\"translate(58,70)\">\r\n          <rect x=\"6\" y=\"8\" width=\"150\" height=\"180\" rx=\"6\" fill=\"rgba(0,0,0,0.18)\"\/>\r\n          <rect x=\"0\" y=\"0\" width=\"150\" height=\"180\" rx=\"8\" fill=\"#1a5fa8\" stroke=\"#0f2a4a\" stroke-width=\"1.5\"\/>\r\n          <rect x=\"14\" y=\"14\" width=\"122\" height=\"152\" rx=\"4\" fill=\"#f4f8fc\"\/>\r\n          <rect x=\"50\" y=\"-8\" width=\"50\" height=\"20\" rx=\"5\" fill=\"#c89b0a\"\/>\r\n          <!-- checklist rows -->\r\n          <g>\r\n            <rect x=\"26\" y=\"34\" width=\"14\" height=\"14\" rx=\"3\" fill=\"none\" stroke=\"#0e8f7a\" stroke-width=\"2\"\/>\r\n            <path d=\"M28 41 l4 4 l7 -8\" fill=\"none\" stroke=\"#0e8f7a\" stroke-width=\"2.2\" stroke-linecap=\"round\"\/>\r\n            <rect x=\"48\" y=\"38\" width=\"70\" height=\"5\" rx=\"2.5\" fill=\"#9db4c9\"\/>\r\n          <\/g>\r\n          <g>\r\n            <rect x=\"26\" y=\"62\" width=\"14\" height=\"14\" rx=\"3\" fill=\"none\" stroke=\"#0e8f7a\" stroke-width=\"2\"\/>\r\n            <path d=\"M28 69 l4 4 l7 -8\" fill=\"none\" stroke=\"#0e8f7a\" stroke-width=\"2.2\" stroke-linecap=\"round\"\/>\r\n            <rect x=\"48\" y=\"66\" width=\"70\" height=\"5\" rx=\"2.5\" fill=\"#9db4c9\"\/>\r\n          <\/g>\r\n          <g>\r\n            <rect x=\"26\" y=\"90\" width=\"14\" height=\"14\" rx=\"3\" fill=\"none\" stroke=\"#c0392b\" stroke-width=\"2\"\/>\r\n            <path d=\"M29 93 l8 8 M37 93 l-8 8\" fill=\"none\" stroke=\"#c0392b\" stroke-width=\"2.2\" stroke-linecap=\"round\"\/>\r\n            <rect x=\"48\" y=\"94\" width=\"70\" height=\"5\" rx=\"2.5\" fill=\"#9db4c9\"\/>\r\n          <\/g>\r\n          <g>\r\n            <rect x=\"26\" y=\"118\" width=\"14\" height=\"14\" rx=\"3\" fill=\"none\" stroke=\"#0e8f7a\" stroke-width=\"2\"\/>\r\n            <path d=\"M28 125 l4 4 l7 -8\" fill=\"none\" stroke=\"#0e8f7a\" stroke-width=\"2.2\" stroke-linecap=\"round\"\/>\r\n            <rect x=\"48\" y=\"122\" width=\"58\" height=\"5\" rx=\"2.5\" fill=\"#9db4c9\"\/>\r\n          <\/g>\r\n        <\/g>\r\n        <!-- magnifying glass -->\r\n        <g transform=\"translate(178,120)\">\r\n          <circle cx=\"40\" cy=\"40\" r=\"42\" fill=\"rgba(255,255,255,0.12)\" stroke=\"#daa520\" stroke-width=\"6\"\/>\r\n          <circle cx=\"40\" cy=\"40\" r=\"30\" fill=\"none\" stroke=\"#daa520\" stroke-width=\"1.5\" opacity=\"0.6\"\/>\r\n          <line x1=\"72\" y1=\"72\" x2=\"104\" y2=\"104\" stroke=\"#daa520\" stroke-width=\"10\" stroke-linecap=\"round\"\/>\r\n          <text x=\"40\" y=\"50\" text-anchor=\"middle\" font-family=\"Crimson Pro, serif\" font-size=\"30\" font-weight=\"700\" fill=\"#daa520\">&#10003;<\/text>\r\n        <\/g>\r\n        <!-- shield badge -->\r\n        <g transform=\"translate(28,36)\">\r\n          <path d=\"M18 0 L36 7 V20 C36 32 28 40 18 44 C8 40 0 32 0 20 V7 Z\" fill=\"#c89b0a\" stroke=\"#8a6a00\" stroke-width=\"1.4\"\/>\r\n          <text x=\"18\" y=\"26\" text-anchor=\"middle\" font-family=\"DM Sans, sans-serif\" font-size=\"9\" font-weight=\"700\" fill=\"#5a4500\">IAW<\/text>\r\n        <\/g>\r\n        <g fill=\"#fff\" opacity=\"0.85\">\r\n          <circle cx=\"295\" cy=\"60\" r=\"2\"\/>\r\n          <circle cx=\"20\" cy=\"200\" r=\"1.5\"\/>\r\n          <circle cx=\"300\" cy=\"200\" r=\"1.5\"\/>\r\n        <\/g>\r\n      <\/svg>\r\n    <\/div>\r\n  <\/div>\r\n<\/div>\r\n\r\n<!-- \u2500\u2500 BREADCRUMB \u2500\u2500 -->\r\n<div class=\"breadcrumb-bar\">\r\n  <div class=\"breadcrumb-inner\">\r\n    <a href=\"https:\/\/promotionexams.com\/\">Home<\/a>\r\n    <span class=\"sep\">&rsaquo;<\/span>\r\n    <a href=\"https:\/\/promotionexams.com\/?page_id=9409\">Notes<\/a>\r\n    <span class=\"sep\">&rsaquo;<\/span>\r\n    <span>Operational Manual for Internal Audit (Central Ministries)<\/span>\r\n  <\/div>\r\n<\/div>\r\n\r\n<div class=\"layout\">\r\n\r\n  <!-- \u2500\u2500 SIDEBAR \u2500\u2500 -->\r\n  <aside class=\"sidebar\">\r\n    <div class=\"toc-card\">\r\n      <div class=\"toc-card-title\">Table of Contents<\/div>\r\n\r\n      <details class=\"toc-chapter\" data-chapter=\"0\" open>\r\n        <summary class=\"toc-chapter-header\">\r\n          <span class=\"toc-ch-badge\">INTRO<\/span>\r\n          <span class=\"toc-ch-title\">Foundations &amp; Acronyms<\/span>\r\n          <span class=\"toc-ch-chev\">&#9654;<\/span>\r\n        <\/summary>\r\n        <div class=\"toc-sub-wrap\">\r\n          <ul class=\"toc-sub-list\">\r\n            <li><span class=\"toc-sub-num\">0.1<\/span><a href=\"#c0-what\">What This Manual Is<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">0.2<\/span><a href=\"#c0-cae\">Who's Who \u2014 CAE &amp; Bodies<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">0.3<\/span><a href=\"#c0-acro\">Key Acronyms<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">0.4<\/span><a href=\"#c0-cycle\">The Four-Phase Cycle<\/a><\/li>\r\n            <li class=\"toc-app\"><span class=\"toc-sub-num\">&#9733;<\/span><a href=\"#c0-recap\">Intro \u2014 Quick Recap<\/a><\/li>\r\n          <\/ul>\r\n        <\/div>\r\n      <\/details>\r\n\r\n      <details class=\"toc-chapter\" data-chapter=\"1\">\r\n        <summary class=\"toc-chapter-header\">\r\n          <span class=\"toc-ch-badge\">CH 1<\/span>\r\n          <span class=\"toc-ch-title\">Structure &amp; Management of IAWs<\/span>\r\n          <span class=\"toc-ch-chev\">&#9654;<\/span>\r\n        <\/summary>\r\n        <div class=\"toc-sub-wrap\">\r\n          <ul class=\"toc-sub-list\">\r\n            <li><span class=\"toc-sub-num\">1.1<\/span><a href=\"#c1-mission\">Mission of Internal Audit<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">1.2<\/span><a href=\"#c1-cae\">Role of the CAE<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">1.3<\/span><a href=\"#c1-report\">CAE Reporting Duties<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">1.4<\/span><a href=\"#c1-team\">Composition of the Team<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">1.5<\/span><a href=\"#c1-roles\">Roles \u2014 CAE, Head, Members<\/a><\/li>\r\n            <li class=\"toc-app\"><span class=\"toc-sub-num\">&#9733;<\/span><a href=\"#c1-recap\">Chapter 1 \u2014 Quick Recap<\/a><\/li>\r\n          <\/ul>\r\n        <\/div>\r\n      <\/details>\r\n\r\n      <details class=\"toc-chapter\" data-chapter=\"2\">\r\n        <summary class=\"toc-chapter-header\">\r\n          <span class=\"toc-ch-badge\">CH 2<\/span>\r\n          <span class=\"toc-ch-title\">Internal Audit Process<\/span>\r\n          <span class=\"toc-ch-chev\">&#9654;<\/span>\r\n        <\/summary>\r\n        <div class=\"toc-sub-wrap\">\r\n          <ul class=\"toc-sub-list\">\r\n            <li><span class=\"toc-sub-num\">2.1<\/span><a href=\"#c2-phases\">Four Phases<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">2.2<\/span><a href=\"#c2-planning\">Audit &amp; Engagement Planning<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">2.3<\/span><a href=\"#c2-annual\">Annual Plan &amp; 3-Year Programme<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">2.4<\/span><a href=\"#c2-rbia\">Planning for Risk-Based Audit<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">2.5<\/span><a href=\"#c2-prepare\">Preparing \u2014 Work Program<\/a><\/li>\r\n            <li class=\"toc-app\"><span class=\"toc-sub-num\">&#9733;<\/span><a href=\"#c2-recap\">Chapter 2 \u2014 Quick Recap<\/a><\/li>\r\n          <\/ul>\r\n        <\/div>\r\n      <\/details>\r\n\r\n      <details class=\"toc-chapter\" data-chapter=\"3\">\r\n        <summary class=\"toc-chapter-header\">\r\n          <span class=\"toc-ch-badge\">CH 3<\/span>\r\n          <span class=\"toc-ch-title\">Audit Tools &amp; Techniques<\/span>\r\n          <span class=\"toc-ch-chev\">&#9654;<\/span>\r\n        <\/summary>\r\n        <div class=\"toc-sub-wrap\">\r\n          <ul class=\"toc-sub-list\">\r\n            <li><span class=\"toc-sub-num\">3.1<\/span><a href=\"#c3-ic\">Internal Control Evaluation<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">3.2<\/span><a href=\"#c3-means\">Means &amp; Review Process<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">3.3<\/span><a href=\"#c3-rbia\">Risk-Based Internal Audit<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">3.4<\/span><a href=\"#c3-sampling\">Audit Sampling<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">3.5<\/span><a href=\"#c3-caats\">CAATs<\/a><\/li>\r\n            <li class=\"toc-app\"><span class=\"toc-sub-num\">&#9733;<\/span><a href=\"#c3-recap\">Chapter 3 \u2014 Quick Recap<\/a><\/li>\r\n          <\/ul>\r\n        <\/div>\r\n      <\/details>\r\n\r\n      <details class=\"toc-chapter\" data-chapter=\"4\">\r\n        <summary class=\"toc-chapter-header\">\r\n          <span class=\"toc-ch-badge\">CH 4<\/span>\r\n          <span class=\"toc-ch-title\">Performing the Engagement<\/span>\r\n          <span class=\"toc-ch-chev\">&#9654;<\/span>\r\n        <\/summary>\r\n        <div class=\"toc-sub-wrap\">\r\n          <ul class=\"toc-sub-list\">\r\n            <li><span class=\"toc-sub-num\">4.1<\/span><a href=\"#c4-stages\">Four Stages<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">4.2<\/span><a href=\"#c4-intimation\">Intimation of Audit<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">4.3<\/span><a href=\"#c4-entry\">Opening \/ Entry Conference<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">4.4<\/span><a href=\"#c4-field\">Field Work &amp; Evidence<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">4.5<\/span><a href=\"#c4-papers\">Working Papers<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">4.6<\/span><a href=\"#c4-exit\">Exit Meeting<\/a><\/li>\r\n            <li class=\"toc-app\"><span class=\"toc-sub-num\">&#9733;<\/span><a href=\"#c4-recap\">Chapter 4 \u2014 Quick Recap<\/a><\/li>\r\n          <\/ul>\r\n        <\/div>\r\n      <\/details>\r\n\r\n      <details class=\"toc-chapter\" data-chapter=\"5\">\r\n        <summary class=\"toc-chapter-header\">\r\n          <span class=\"toc-ch-badge\">CH 5<\/span>\r\n          <span class=\"toc-ch-title\">Reporting &amp; Follow-up<\/span>\r\n          <span class=\"toc-ch-chev\">&#9654;<\/span>\r\n        <\/summary>\r\n        <div class=\"toc-sub-wrap\">\r\n          <ul class=\"toc-sub-list\">\r\n            <li><span class=\"toc-sub-num\">5.1<\/span><a href=\"#c5-comm\">Communicating Results<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">5.2<\/span><a href=\"#c5-5c\">The 5-C Framework<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">5.3<\/span><a href=\"#c5-risk\">Grouping by Risk<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">5.4<\/span><a href=\"#c5-followup\">Follow-up &amp; ATRs<\/a><\/li>\r\n            <li class=\"toc-app\"><span class=\"toc-sub-num\">&#9733;<\/span><a href=\"#c5-recap\">Chapter 5 \u2014 Quick Recap<\/a><\/li>\r\n          <\/ul>\r\n        <\/div>\r\n      <\/details>\r\n\r\n      <details class=\"toc-chapter\" data-chapter=\"6\">\r\n        <summary class=\"toc-chapter-header\">\r\n          <span class=\"toc-ch-badge\">CH 6<\/span>\r\n          <span class=\"toc-ch-title\">Performance &amp; Quality Control<\/span>\r\n          <span class=\"toc-ch-chev\">&#9654;<\/span>\r\n        <\/summary>\r\n        <div class=\"toc-sub-wrap\">\r\n          <ul class=\"toc-sub-list\">\r\n            <li><span class=\"toc-sub-num\">6.1<\/span><a href=\"#c6-qaip\">QAIP \u2014 Assurance Program<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">6.2<\/span><a href=\"#c6-assess\">Internal vs External Assessment<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">6.3<\/span><a href=\"#c6-doc\">Documentation Policy<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">6.4<\/span><a href=\"#c6-quality\">Quality Check of Report<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">6.5<\/span><a href=\"#c6-perf\">Performance Evaluation<\/a><\/li>\r\n            <li class=\"toc-app\"><span class=\"toc-sub-num\">&#9733;<\/span><a href=\"#c6-recap\">Chapter 6 \u2014 Quick Recap<\/a><\/li>\r\n          <\/ul>\r\n        <\/div>\r\n      <\/details>\r\n\r\n      <details class=\"toc-chapter\" data-chapter=\"7\">\r\n        <summary class=\"toc-chapter-header\">\r\n          <span class=\"toc-ch-badge\">CH 7<\/span>\r\n          <span class=\"toc-ch-title\">Special Audits<\/span>\r\n          <span class=\"toc-ch-chev\">&#9654;<\/span>\r\n        <\/summary>\r\n        <div class=\"toc-sub-wrap\">\r\n          <ul class=\"toc-sub-list\">\r\n            <li><span class=\"toc-sub-num\">7.1<\/span><a href=\"#c7-gender\">Gender Audit<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">7.2<\/span><a href=\"#c7-it\">IT Audit<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">7.3<\/span><a href=\"#c7-itprocess\">IT Audit Process<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">7.4<\/span><a href=\"#c7-gov\">Governance Audit<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">7.5<\/span><a href=\"#c7-scheme\">Scheme \/ Program Audit<\/a><\/li>\r\n            <li class=\"toc-app\"><span class=\"toc-sub-num\">&#9733;<\/span><a href=\"#c7-recap\">Chapter 7 \u2014 Quick Recap<\/a><\/li>\r\n          <\/ul>\r\n        <\/div>\r\n      <\/details>\r\n\r\n      <details class=\"toc-chapter\" data-chapter=\"8\">\r\n        <summary class=\"toc-chapter-header\">\r\n          <span class=\"toc-ch-badge\">CH 8<\/span>\r\n          <span class=\"toc-ch-title\">Checklists &amp; Exhibits<\/span>\r\n          <span class=\"toc-ch-chev\">&#9654;<\/span>\r\n        <\/summary>\r\n        <div class=\"toc-sub-wrap\">\r\n          <ul class=\"toc-sub-list\">\r\n            <li><span class=\"toc-sub-num\">8.1<\/span><a href=\"#c8-checklists\">The 23 Checklists Map<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">8.2<\/span><a href=\"#c8-exhibits\">The 8 Exhibits<\/a><\/li>\r\n            <li><span class=\"toc-sub-num\">8.3<\/span><a href=\"#c8-riskreg\">Anatomy of a Risk Register<\/a><\/li>\r\n            <li class=\"toc-app\"><span class=\"toc-sub-num\">&#9733;<\/span><a href=\"#c8-recap\">Chapter 8 \u2014 Quick Recap<\/a><\/li>\r\n          <\/ul>\r\n        <\/div>\r\n      <\/details>\r\n\r\n    <\/div>\r\n  <\/aside>\r\n\r\n  <main class=\"article\">\r\n\r\n    <!-- \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 INTRO \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 -->\r\n    <section class=\"chapter-pane active\" id=\"pane-ch0\" data-chapter=\"0\">\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c0-what\">\r\n      <span class=\"chapter-badge\">INTRO \u00b7 PART A<\/span>\r\n      <h2>What This Manual Is<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">The document in one breath<\/div>\r\n      <div class=\"def-text\">\r\n        This is the <strong>Operational Manual for Internal Audit<\/strong> issued by the <strong>Internal Audit Division<\/strong> of the Controller General of Accounts (Ministry of Finance, Department of Expenditure). It is the working companion to the <em>Handbook on Internal Audit in Central Civil Ministries\/Departments<\/em> \u2014 where the Handbook lays down policy and guidelines, this Manual supplies the step-by-step process, ready-to-use checklists, and worked exhibits an Internal Audit Wing (IAW) actually runs on.\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"callout\">\r\n      <div class=\"callout-label\">How the manual is built<\/div>\r\n      <p>Seven chapters trace internal audit from <strong>setting up the wing<\/strong> &rarr; <strong>planning<\/strong> &rarr; <strong>choosing tools<\/strong> &rarr; <strong>performing the engagement<\/strong> &rarr; <strong>reporting &amp; follow-up<\/strong> &rarr; <strong>quality control<\/strong> &rarr; <strong>special audits<\/strong>. Threaded through them are <strong>23 numbered checklists<\/strong>, and eight detailed <strong>Exhibits<\/strong> at the back (sample risk registers, self-assessment forms, IT-audit templates).<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c0-cae\">\r\n      <span class=\"section-badge teal\">&sect;1<\/span>\r\n      <h3>Who's Who \u2014 The CAE and the Key Bodies<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"cat-grid\">\r\n      <div class=\"cat-card a\">\r\n        <div class=\"cat-label\">The boss of the wing<\/div>\r\n        <div class=\"cat-title\">CAE \u2014 Chief Audit Executive<\/div>\r\n        <p>The <strong>Pr. CCA \/ CCA \/ CA<\/strong> acting as head of the Internal Audit Wing. Plans the audit, approves plans, manages resources, sets policies, coordinates with senior management, and owns quality assurance.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card b\">\r\n        <div class=\"cat-label\">The wing itself<\/div>\r\n        <div class=\"cat-title\">IAW \u2014 Internal Audit Wing<\/div>\r\n        <p>The team in each Central Civil Ministry that carries out the audits \u2014 at least <strong>five officials<\/strong> under the CAE.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card e\">\r\n        <div class=\"cat-label\">The oversight body<\/div>\r\n        <div class=\"cat-title\">Audit Committee<\/div>\r\n        <p>Receives the CAE's quarterly reports, the Annual Audit Plan, and unresolved high-risk issues. The body to which internal audit is accountable.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card c\">\r\n        <div class=\"cat-label\">The apex coordinator<\/div>\r\n        <div class=\"cat-title\">IAD in O\/o CGA<\/div>\r\n        <p>The <strong>Internal Audit Division<\/strong> in the Office of the CGA \u2014 issues this manual, shares findings across wings, and compiles the annual review of all IAWs.<\/p>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c0-acro\">\r\n      <span class=\"section-badge amber\">&sect;2<\/span>\r\n      <h3>Key Acronyms You Must Know<\/h3>\r\n    <\/div>\r\n\r\n    <table class=\"compare-table\">\r\n      <thead><tr><th>Acronym<\/th><th>Expansion<\/th><\/tr><\/thead>\r\n      <tbody>\r\n        <tr><td class=\"label-cell\">CAE<\/td><td>Chief Audit Executive (refers to Pr. CCA \/ CCA \/ CA)<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">IAW \/ IAD<\/td><td>Internal Audit Wing (at a Ministry) \/ Internal Audit Division (in O\/o CGA)<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">ATR<\/td><td>Action Taken Report<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">CAAT<\/td><td>Computer Assisted Audit Techniques<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">RBIA<\/td><td>Risk Based Internal Audit<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">RAU<\/td><td>Risk and Audit Universe<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">KPI \/ KRI<\/td><td>Key Performance Indicator \/ Key Risk Indicator<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">QAIP<\/td><td>Quality Assurance and Improvement Program<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">IPPF<\/td><td>International Professional Practices Framework (of the IIA)<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">IIA<\/td><td>Institute of Internal Auditors<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">COSO<\/td><td>Committee of Sponsoring Organizations<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">ERM<\/td><td>Enterprise-wide Risk Management<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">IDEA \/ ACL<\/td><td>General-purpose audit software (Interactive Data Extraction &amp; Analysis \/ Audit Command Language)<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">PPS<\/td><td>Programmes, Projects and Schemes<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">DDO \/ PAO<\/td><td>Drawing &amp; Disbursing Officer \/ Pay &amp; Accounts Officer<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">C&amp;AG \/ CVC<\/td><td>Comptroller &amp; Auditor General \/ Central Vigilance Commission<\/td><\/tr>\r\n      <\/tbody>\r\n    <\/table>\r\n\r\n    <div class=\"section-heading-block\" id=\"c0-cycle\">\r\n      <span class=\"section-badge purple\">&sect;3<\/span>\r\n      <h3>The Four-Phase Cycle \u2014 the Spine of the Manual<\/h3>\r\n    <\/div>\r\n\r\n    <p>Every internal audit engagement moves through four phases. Chapters 2&ndash;5 map onto them directly:<\/p>\r\n\r\n    <div class=\"flow\">\r\n      <div class=\"flow-step\">\r\n        <div class=\"flow-num\">1<\/div>\r\n        <div class=\"flow-content\">\r\n          <h5>Planning &amp; Preparing &nbsp;<span style=\"color:var(--blue);font-weight:600;\">(Chapter 2)<\/span><\/h5>\r\n          <p>Engagement planning, risk-based selection, Annual Plan and 3-Year Programme, work program.<\/p>\r\n        <\/div>\r\n      <\/div>\r\n      <div class=\"flow-step\">\r\n        <div class=\"flow-num\">2<\/div>\r\n        <div class=\"flow-content\">\r\n          <h5>Performing the Engagement &nbsp;<span style=\"color:var(--blue);font-weight:600;\">(Chapter 4)<\/span><\/h5>\r\n          <p>Intimation, entry conference, field work, evidence, working papers, exit meeting.<\/p>\r\n        <\/div>\r\n      <\/div>\r\n      <div class=\"flow-step\">\r\n        <div class=\"flow-num\">3<\/div>\r\n        <div class=\"flow-content\">\r\n          <h5>Reporting on the Engagement &nbsp;<span style=\"color:var(--blue);font-weight:600;\">(Chapter 5)<\/span><\/h5>\r\n          <p>Communicating results, drafting via the 5-C framework, grouping findings by risk.<\/p>\r\n        <\/div>\r\n      <\/div>\r\n      <div class=\"flow-step\">\r\n        <div class=\"flow-num\">4<\/div>\r\n        <div class=\"flow-content\">\r\n          <h5>Follow-up Action &nbsp;<span style=\"color:var(--blue);font-weight:600;\">(Chapter 5)<\/span><\/h5>\r\n          <p>Tracking Action Taken Reports, monitoring implementation, escalating unresolved issues.<\/p>\r\n        <\/div>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"highlight-box\">\r\n      <div class=\"hl-label\">&#11088; Why this matters<\/div>\r\n      <div class=\"hl-text\">The manual's mission line is worth memorising: internal audit exists <em>\"to enhance and protect organizational value by providing risk-based and objective assurance, advice and insight.\"<\/em> Every checklist and tool in the document serves that single purpose.<\/div>\r\n    <\/div>\r\n\r\n    <div class=\"recap\" id=\"c0-recap\">\r\n      <div class=\"recap-title\">&#9889; Intro \u2014 Quick Recap<\/div>\r\n      <table>\r\n        <thead><tr><th>Concept<\/th><th>Key Fact<\/th><\/tr><\/thead>\r\n        <tbody>\r\n          <tr><td>Issued by<\/td><td>Internal Audit Division, <strong>O\/o CGA<\/strong>, M\/o Finance (Dept of Expenditure)<\/td><\/tr>\r\n          <tr><td>Companion document<\/td><td>Handbook on Internal Audit in Central Civil Ministries\/Departments<\/td><\/tr>\r\n          <tr><td>CAE means<\/td><td>Pr. CCA \/ CCA \/ CA as head of the IAW<\/td><\/tr>\r\n          <tr><td>Minimum team size<\/td><td>5 officials<\/td><\/tr>\r\n          <tr><td>Numbered checklists<\/td><td>23<\/td><\/tr>\r\n          <tr><td>Exhibits at the back<\/td><td>8 (I to VIII)<\/td><\/tr>\r\n          <tr><td>Four phases<\/td><td>Plan &rarr; Perform &rarr; Report &rarr; Follow-up<\/td><\/tr>\r\n          <tr><td>Mission of internal audit<\/td><td>Enhance &amp; protect organisational value via risk-based assurance, advice &amp; insight<\/td><\/tr>\r\n        <\/tbody>\r\n      <\/table>\r\n    <\/div>\r\n\r\n    <\/section><!-- \/pane-ch0 -->\r\n\r\n    <!-- \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 CHAPTER 1 \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 -->\r\n    <section class=\"chapter-pane\" id=\"pane-ch1\" data-chapter=\"1\">\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c1-mission\">\r\n      <span class=\"chapter-badge\">CH 1 \u00b7 PART A<\/span>\r\n      <h2>Structure &amp; Management of Internal Audit Wings<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">What this chapter does<\/div>\r\n      <div class=\"def-text\">\r\n        Chapter 1 sets up the wing before any audit begins. It fixes the <strong>mission<\/strong>, the <strong>role of the CAE<\/strong>, the <strong>composition of the team<\/strong>, and the detailed <strong>job descriptions<\/strong> of the CAE, the Team Head, and the Team Members.\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"callout teal\">\r\n      <div class=\"callout-label\">Mission of Internal Audit<\/div>\r\n      <p>Each IAW articulates its own mission statement. The model wording offered: <em>\"To enhance and protect organizational value at the Ministry by providing risk-based and objective assurance, advice and insight.\"<\/em><\/p>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c1-cae\">\r\n      <span class=\"section-badge\">&sect;1<\/span>\r\n      <h3>Role of the CAE<\/h3>\r\n    <\/div>\r\n\r\n    <p>The Pr. CCA \/ CCA \/ CA, in their capacity as CAE, perform all activities of the head of the wing:<\/p>\r\n\r\n    <ul class=\"icon-list\">\r\n      <li><span class=\"ico\">&#128203;<\/span><span><strong>Planning<\/strong> the internal audit.<\/span><\/li>\r\n      <li><span class=\"ico\">&#9989;<\/span><span><strong>Communication and approval<\/strong> of the plans.<\/span><\/li>\r\n      <li><span class=\"ico\">&#129309;<\/span><span><strong>Resource management<\/strong> for the wing.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128221;<\/span><span><strong>Laying down policies and procedures<\/strong> for the IAW.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128228;<\/span><span><strong>Coordination and reporting<\/strong> to senior management and the Audit Committee.<\/span><\/li>\r\n      <li><span class=\"ico\">&#127919;<\/span><span><strong>Quality assurance<\/strong> across the wing.<\/span><\/li>\r\n    <\/ul>\r\n\r\n    <div class=\"section-heading-block\" id=\"c1-report\">\r\n      <span class=\"section-badge teal\">&sect;2<\/span>\r\n      <h3>The CAE's Reporting Calendar<\/h3>\r\n    <\/div>\r\n\r\n    <p>Four hard reporting obligations sit on the CAE \u2014 three quarterly, one annual:<\/p>\r\n\r\n    <div class=\"cat-grid\">\r\n      <div class=\"cat-card a\">\r\n        <div class=\"cat-label\">Quarterly<\/div>\r\n        <div class=\"cat-title\">Status to Audit Committee<\/div>\r\n        <p>At least once a quarter on internal-audit status: progress against plan, limitations to independence\/objectivity, and challenges faced by the team.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card b\">\r\n        <div class=\"cat-label\">Quarterly<\/div>\r\n        <div class=\"cat-title\">KPIs &amp; KRIs<\/div>\r\n        <p>Report actual performance against <strong>KPIs<\/strong> and give a written assessment on <strong>KRIs<\/strong> for each significant risk \u2014 both every quarter.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card c\">\r\n        <div class=\"cat-label\">By 15th January<\/div>\r\n        <div class=\"cat-title\">Annual Audit Plan<\/div>\r\n        <p>Submit the <strong>risk-based Annual Audit Plan<\/strong> to the Audit Committee \u2014 consistent with Ministry goals.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card e\">\r\n        <div class=\"cat-label\">By 1st March<\/div>\r\n        <div class=\"cat-title\">Present Plan + 3-Year Programme<\/div>\r\n        <p>Present the Annual Plan and 3-year rolling programme to the Committee, with the impact of resource limitations.<\/p>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c1-team\">\r\n      <span class=\"section-badge amber\">&sect;3<\/span>\r\n      <h3>Composition of the Internal Audit Team<\/h3>\r\n    <\/div>\r\n\r\n    <p>An Internal Audit Team headed by the CAE should comprise <strong>at least five officials<\/strong>:<\/p>\r\n\r\n    <div class=\"stat-grid\">\r\n      <div class=\"stat-card b\">\r\n        <span class=\"stat-icon\">&#128104;&#8205;&#128188;<\/span>\r\n        <div class=\"stat-num\">1<\/div>\r\n        <div class=\"stat-label\">A.O. \/ Sr. A.O.<\/div>\r\n      <\/div>\r\n      <div class=\"stat-card t\">\r\n        <span class=\"stat-icon\">&#128101;<\/span>\r\n        <div class=\"stat-num\">2<\/div>\r\n        <div class=\"stat-label\">A.A.O.<\/div>\r\n      <\/div>\r\n      <div class=\"stat-card a\">\r\n        <span class=\"stat-icon\">&#128203;<\/span>\r\n        <div class=\"stat-num\">2<\/div>\r\n        <div class=\"stat-label\">Accountants \/ Sr.<\/div>\r\n      <\/div>\r\n      <div class=\"stat-card r\">\r\n        <span class=\"stat-icon\">&#128290;<\/span>\r\n        <div class=\"stat-num\">5<\/div>\r\n        <div class=\"stat-label\">Minimum Total<\/div>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"callout\">\r\n      <div class=\"callout-label\">Team size is flexible<\/div>\r\n      <p>The number may vary by assignment, scaled to six factors: <strong>organizational structure; functional activities; financial data<\/strong> (budget, expenditure, funding, receipts, assets); <strong>actual staffing; inherent risks<\/strong> in the audit unit's functioning; and <strong>scope<\/strong> of the internal audit.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c1-roles\">\r\n      <span class=\"chapter-badge\">CH 1 \u00b7 PART B<\/span>\r\n      <h2>Roles &amp; Responsibilities \u2014 Three Levels<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\">\r\n      <span class=\"section-badge purple\">&sect;4<\/span>\r\n      <h3>Responsibilities of the Chief Audit Executive<\/h3>\r\n    <\/div>\r\n\r\n    <ul class=\"icon-list\">\r\n      <li><span class=\"ico\">&#128221;<\/span><span>Develop and document an audit plan (including RBIA) for each engagement \u2014 objective, scope, quantum, timing, resource allocation.<\/span><\/li>\r\n      <li><span class=\"ico\">&#9989;<\/span><span>Ensure assignments are initiated per the approved plan and established notification, standards, policies and procedures.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128269;<\/span><span>Ensure the team obtains all relevant information to fix objective, scope, methodology and resources.<\/span><\/li>\r\n      <li><span class=\"ico\">&#127970;<\/span><span>Understand the entity's mandates, risks, structure, internal control and ongoing issues \u2014 and brief the team before the assignment.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128202;<\/span><span>Maintain and update <strong>Risk Registers<\/strong> for all audit units, schemes, programmes and projects based on findings and feedback.<\/span><\/li>\r\n      <li><span class=\"ico\">&#127891;<\/span><span>Continuously review team performance; provide training on schemes, programmes and audit tools.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128196;<\/span><span>Finalise standard report templates; maintain records of reports\/findings; ensure timely action by audit units.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128228;<\/span><span>Share important findings with other teams and with the IAD in O\/o CGA for cross-Ministry learning.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128197;<\/span><span>Compile the wing's year-end performance into an <strong>annual review report<\/strong> for the Chief Accounting Authority \/ Audit Committee, then to O\/o CGA.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128231;<\/span><span>Start every assignment with an <strong>Audit Memorandum<\/strong> drafted by the wing.<\/span><\/li>\r\n    <\/ul>\r\n\r\n    <div class=\"section-heading-block\">\r\n      <span class=\"section-badge gold\">&sect;5<\/span>\r\n      <h3>Responsibilities of the Head of the Audit Team<\/h3>\r\n    <\/div>\r\n\r\n    <ol class=\"parts-list decimal gold\">\r\n      <li><strong>Issue the audit memorandum at least one month before<\/strong> the planned audit, so the entity can prepare.<\/li>\r\n      <li>Discuss the plan with members; finalise audit strategy (objectives, scope, quantum).<\/li>\r\n      <li>Attend the <strong>entry conference<\/strong> on day one \u2014 introduce the team, discuss issues, learn the entity's functions, status of past findings and high-risk areas.<\/li>\r\n      <li>Guide staff in developing the plan and a checklist of questions; <strong>personally audit key activities \/ risk areas<\/strong>.<\/li>\r\n      <li>Assign each member specific responsibilities <em>in writing<\/em>; supervise every phase; review and approve working papers and primary observations; ensure sufficient evidence.<\/li>\r\n      <li>Conduct a formal <strong>exit conference<\/strong>; brief the entity head on objectives, findings, recommendations; consider the entity's views and additional facts.<\/li>\r\n      <li>Ensure the draft report uses the prescribed template, is presented to the CAE with working papers and evidence on time, and that the approved report is <strong>issued within the prescribed timeline<\/strong>.<\/li>\r\n    <\/ol>\r\n\r\n    <div class=\"section-heading-block\">\r\n      <span class=\"section-badge red\">&sect;6<\/span>\r\n      <h3>Responsibilities of Team Members<\/h3>\r\n    <\/div>\r\n\r\n    <ul class=\"icon-list\">\r\n      <li><span class=\"ico\">&#128221;<\/span><span>Carry out duties assigned <em>in writing<\/em>, verified fully per audit methodology.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128214;<\/span><span>Verify that prescribed records, books and ledgers are accurately maintained, compiled and reconciled; scrutinise sanctioning and purchase procedures for defects.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128176;<\/span><span>Verify payments are correct per rules, and that deductions and recoveries are timely accounted for.<\/span><\/li>\r\n      <li><span class=\"ico\">&#9881;&#65039;<\/span><span>Verify general office-management procedures with financial\/accounting implications; suggest tightening of controls and streamlining of accounting.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128203;<\/span><span>Review scheme\/programme implementation against notified guidelines; record observations within scope.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128193;<\/span><span>Maintain working papers, collect relevant evidence, and develop observations under the Team Head's guidance.<\/span><\/li>\r\n    <\/ul>\r\n\r\n    <div class=\"recap\" id=\"c1-recap\">\r\n      <div class=\"recap-title\">&#9889; Chapter 1 \u2014 Quick Recap<\/div>\r\n      <table>\r\n        <thead><tr><th>Concept<\/th><th>Key Fact<\/th><\/tr><\/thead>\r\n        <tbody>\r\n          <tr><td>Head of the wing<\/td><td><strong>CAE<\/strong> = Pr. CCA \/ CCA \/ CA<\/td><\/tr>\r\n          <tr><td>CAE's six functions<\/td><td>Plan \u00b7 approve \u00b7 resource \u00b7 policies \u00b7 coordinate\/report \u00b7 QA<\/td><\/tr>\r\n          <tr><td>Reporting to Audit Committee<\/td><td>At least once per <strong>quarter<\/strong><\/td><\/tr>\r\n          <tr><td>Annual Audit Plan due<\/td><td>By <strong>15 January<\/strong><\/td><\/tr>\r\n          <tr><td>Present Plan + 3-Year Programme<\/td><td>By <strong>1 March<\/strong><\/td><\/tr>\r\n          <tr><td>Minimum team<\/td><td>1 A.O.\/Sr.AO + 2 A.A.O. + 2 Accountants = <strong>5<\/strong><\/td><\/tr>\r\n          <tr><td>Team size factors<\/td><td>Structure \u00b7 activities \u00b7 financial data \u00b7 staffing \u00b7 inherent risk \u00b7 scope<\/td><\/tr>\r\n          <tr><td>Memorandum timing<\/td><td>Audit memorandum issued <strong>&ge; 1 month before<\/strong> audit<\/td><\/tr>\r\n          <tr><td>Assignments start with<\/td><td>An <strong>Audit Memorandum<\/strong><\/td><\/tr>\r\n          <tr><td>Three role levels<\/td><td>CAE &middot; Head of Team &middot; Team Members<\/td><\/tr>\r\n        <\/tbody>\r\n      <\/table>\r\n    <\/div>\r\n\r\n    <\/section><!-- \/pane-ch1 -->\r\n\r\n    <!-- \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 CHAPTER 2 \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 -->\r\n    <section class=\"chapter-pane\" id=\"pane-ch2\" data-chapter=\"2\">\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c2-phases\">\r\n      <span class=\"chapter-badge\">CH 2 \u00b7 PART A<\/span>\r\n      <h2>The Internal Audit Process<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">What this chapter does<\/div>\r\n      <div class=\"def-text\">\r\n        Chapter 2 covers the <strong>first phase \u2014 planning and preparing<\/strong>. It defines the four phases of the whole process, then drills into engagement planning, the Annual Audit Plan and 3-Year Rolling Programme, planning for risk-based audit, and the engagement work program. Two checklists anchor it: Checklist 1 (planning) and Checklist 2 (work program).\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"callout teal\">\r\n      <div class=\"callout-label\">The four phases (again)<\/div>\r\n      <p>Planning and Preparing &rarr; Performing the engagement &rarr; Reporting upon the engagement &rarr; <strong>Follow-up action<\/strong>. This chapter is all about phase one.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c2-planning\">\r\n      <span class=\"section-badge\">&sect;1<\/span>\r\n      <h3>Audit &amp; Engagement Planning (Checklist 1)<\/h3>\r\n    <\/div>\r\n\r\n    <p>Checklist 1 makes sure the team has answered the foundational questions before fieldwork. The key planning considerations:<\/p>\r\n\r\n    <ol class=\"parts-list decimal\">\r\n      <li><strong>Categorise &amp; risk-rate units.<\/strong> Have audit units been identified by category, with audit plans per category, and a <strong>risk rating\/register<\/strong> driving selection of units, processes and areas?<\/li>\r\n      <li><strong>Document each engagement.<\/strong> Is there a well-developed, documented plan per engagement including <strong>objectives, scope, timing and resource allocation<\/strong>?<\/li>\r\n      <li><strong>Map objectives, controls, risks.<\/strong> Have the program's objectives, the controls ensuring achievement, and the <strong>significant risks<\/strong> (to the activity, its objectives, resources and operations) been assessed \u2014 including whether governance, risk management and control are adequate and working?<\/li>\r\n      <li><strong>Preliminary survey &amp; risk assessment.<\/strong> Was a preliminary survey conducted and its results used to find areas of emphasis? Was a <strong>preliminary risk assessment<\/strong> of the scheme\/program done in the planning stage?<\/li>\r\n      <li><strong>Engagement objective covers all risks.<\/strong> Does the engagement objective include every significant risk found in the preliminary risk assessment?<\/li>\r\n      <li><strong>Working-paper file ready.<\/strong> Before fieldwork, does the file contain the <strong>Audit Planning Memo (APM)<\/strong>, Preliminary Survey findings (with the Risk Assessment Report), Engagement Terms of Reference (TOR), and the Engagement Program?<\/li>\r\n    <\/ol>\r\n\r\n    <div class=\"section-heading-block\" id=\"c2-annual\">\r\n      <span class=\"section-badge teal\">&sect;2<\/span>\r\n      <h3>Annual Audit Plan &amp; 3-Year Rolling Programme<\/h3>\r\n    <\/div>\r\n\r\n    <p>The CAE builds a <strong>risk-based Annual Audit Plan<\/strong> on an understanding of the auditable unit's strategies, objectives and risk framework \u2014 then supplements it with a 3-Year Rolling Audit Programme. Key features:<\/p>\r\n\r\n    <div class=\"cat-grid\">\r\n      <div class=\"cat-card a\">\r\n        <div class=\"cat-label\">Coverage<\/div>\r\n        <div class=\"cat-title\">The Audit Universe<\/div>\r\n        <p>A comprehensive list of auditable units: departmental units, cost centres, schemes, programs, policies, processes, systems, PSUs under the Ministry, financial statements, regulatory compliance.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card b\">\r\n        <div class=\"cat-label\">Frequency by risk<\/div>\r\n        <div class=\"cat-title\">Risk-Driven Coverage<\/div>\r\n        <p>High-risk areas audited <strong>once or more per year<\/strong>; low-risk areas only <strong>once in 2&ndash;3 years<\/strong>. Both assurance and advisory work are weighed.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card c\">\r\n        <div class=\"cat-label\">Deadlines<\/div>\r\n        <div class=\"cat-title\">15 Jan &middot; 15 Feb<\/div>\r\n        <p>Submit plan to the Committee by <strong>15 January<\/strong>; revise for the Finance Bill's impact on Ministry outlay\/operations by <strong>15 February<\/strong>.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card e\">\r\n        <div class=\"cat-label\">Living document<\/div>\r\n        <div class=\"cat-title\">Continuous Update<\/div>\r\n        <p>Revise plan and programme for revised risk ratings, outcome budget changes, anticipated 3-year changes, and new Government directives as they arise.<\/p>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c2-rbia\">\r\n      <span class=\"section-badge amber\">&sect;3<\/span>\r\n      <h3>Planning for Risk-Based Internal Audit<\/h3>\r\n    <\/div>\r\n\r\n    <p>When developing the plan, the CAE weighs these factors:<\/p>\r\n\r\n    <ul class=\"icon-list\">\r\n      <li><span class=\"ico\">&#9888;&#65039;<\/span><span><strong>Inherent risks<\/strong> \u2014 identified and assessed?<\/span><\/li>\r\n      <li><span class=\"ico\">&#128737;&#65039;<\/span><span><strong>Residual risks<\/strong> \u2014 identified and assessed (after controls)?<\/span><\/li>\r\n      <li><span class=\"ico\">&#128279;<\/span><span><strong>Mitigating controls, contingency plans, monitoring<\/strong> \u2014 linked to individual events\/risks?<\/span><\/li>\r\n      <li><span class=\"ico\">&#128202;<\/span><span><strong>Risk registers<\/strong> \u2014 systematic, complete and accurate?<\/span><\/li>\r\n      <li><span class=\"ico\">&#128196;<\/span><span><strong>Documentation<\/strong> \u2014 are the risks and activities documented?<\/span><\/li>\r\n    <\/ul>\r\n\r\n    <div class=\"highlight-box\">\r\n      <div class=\"hl-label\">&#128161; The point of RBIA planning<\/div>\r\n      <div class=\"hl-text\">The wing must identify areas of <strong>high inherent risk, high residual risk<\/strong>, and the key control systems the Ministry most relies on. Where residual risk is <strong>unacceptable<\/strong>, management must be notified so the risk can be addressed. The sample risk registers for RKVY (Ministry of Agriculture) sit in <strong>Exhibit I<\/strong>.<\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c2-prepare\">\r\n      <span class=\"section-badge purple\">&sect;4<\/span>\r\n      <h3>Preparing for Audit \u2014 The Work Program (Checklist 2)<\/h3>\r\n    <\/div>\r\n\r\n    <p>A documented engagement work program must include:<\/p>\r\n\r\n    <div class=\"cat-grid four\">\r\n      <div class=\"cat-card a\">\r\n        <span class=\"cat-badge\">1<\/span>\r\n        <div class=\"cat-label\">Goals<\/div>\r\n        <div class=\"cat-title\">Audit Objectives<\/div>\r\n        <p>What the engagement sets out to achieve.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card b\">\r\n        <span class=\"cat-badge\">2<\/span>\r\n        <div class=\"cat-label\">Targets<\/div>\r\n        <div class=\"cat-title\">Risks &amp; Transactions<\/div>\r\n        <p>The risks, processes and transactions to be examined.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card c\">\r\n        <span class=\"cat-badge\">3<\/span>\r\n        <div class=\"cat-label\">Method<\/div>\r\n        <div class=\"cat-title\">Procedures<\/div>\r\n        <p>For identifying, analysing, evaluating and documenting information.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card d\">\r\n        <span class=\"cat-badge\">4<\/span>\r\n        <div class=\"cat-label\">Testing<\/div>\r\n        <div class=\"cat-title\">Nature of Testing<\/div>\r\n        <p>The kind of testing required.<\/p>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"callout\">\r\n      <div class=\"callout-label\">Schedule alignment<\/div>\r\n      <p>A tentative schedule for <em>all phases<\/em> of the audit must be set and aligned with the <strong>Audit Calendar<\/strong> of the respective Ministry\/Department.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"recap\" id=\"c2-recap\">\r\n      <div class=\"recap-title\">&#9889; Chapter 2 \u2014 Quick Recap<\/div>\r\n      <table>\r\n        <thead><tr><th>Concept<\/th><th>Key Fact<\/th><\/tr><\/thead>\r\n        <tbody>\r\n          <tr><td>Four phases<\/td><td>Plan &amp; Prepare &middot; Perform &middot; Report &middot; Follow-up<\/td><\/tr>\r\n          <tr><td>Planning checklist<\/td><td>Checklist 1 (engagement planning)<\/td><\/tr>\r\n          <tr><td>Engagement plan contains<\/td><td>Objectives, scope, timing, resource allocation<\/td><\/tr>\r\n          <tr><td>Pre-fieldwork file<\/td><td>APM \u00b7 Preliminary Survey (with RAR) \u00b7 TOR \u00b7 Engagement Program<\/td><\/tr>\r\n          <tr><td>Annual Plan due<\/td><td>15 January; revise for Finance Bill by 15 February<\/td><\/tr>\r\n          <tr><td>Rolling programme<\/td><td>3-Year Rolling Audit Programme<\/td><\/tr>\r\n          <tr><td>High vs low risk frequency<\/td><td>High: &ge;1\/yr &nbsp;|&nbsp; Low: once in 2&ndash;3 yrs<\/td><\/tr>\r\n          <tr><td>RBIA factors<\/td><td>Inherent \u00b7 residual risk \u00b7 controls \u00b7 registers \u00b7 documentation<\/td><\/tr>\r\n          <tr><td>Sample risk registers<\/td><td>Exhibit I \u2014 RKVY (M\/o Agriculture)<\/td><\/tr>\r\n          <tr><td>Work program (Checklist 2)<\/td><td>Objectives \u00b7 risks\/transactions \u00b7 procedures \u00b7 testing<\/td><\/tr>\r\n        <\/tbody>\r\n      <\/table>\r\n    <\/div>\r\n\r\n    <\/section><!-- \/pane-ch2 -->\r\n\r\n    <!-- \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 CHAPTER 3 \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 -->\r\n    <section class=\"chapter-pane\" id=\"pane-ch3\" data-chapter=\"3\">\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c3-ic\">\r\n      <span class=\"chapter-badge\">CH 3 \u00b7 PART A<\/span>\r\n      <h2>Audit Tools &amp; Techniques<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">What this chapter does<\/div>\r\n      <div class=\"def-text\">\r\n        Chapter 3 hands the auditor the <strong>toolkit<\/strong>: internal control evaluation, risk-based internal auditing as a method, and two heavyweight techniques \u2014 <strong>audit sampling<\/strong> and <strong>Computer Assisted Audit Techniques (CAATs)<\/strong>.\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c3-ic2\">\r\n      <span class=\"section-badge\">&sect;1<\/span>\r\n      <h3>Objectives of Sound Internal Controls<\/h3>\r\n    <\/div>\r\n\r\n    <p>A sound internal control framework helps a Ministry meet its compliance, financial-reporting and operational goals, minimise surprises, and deal with change. During evaluation the auditor checks that controls achieve six objectives:<\/p>\r\n\r\n    <div class=\"cat-grid three\">\r\n      <div class=\"cat-card a\">\r\n        <div class=\"cat-label\">1<\/div>\r\n        <div class=\"cat-title\">Operational Efficiency<\/div>\r\n        <p>Promote operational efficiency and effectiveness.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card b\">\r\n        <div class=\"cat-label\">2<\/div>\r\n        <div class=\"cat-title\">Reliable Information<\/div>\r\n        <p>Provide reliable financial information.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card c\">\r\n        <div class=\"cat-label\">3<\/div>\r\n        <div class=\"cat-title\">Safeguard Assets<\/div>\r\n        <p>Safeguard assets and records.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card d\">\r\n        <div class=\"cat-label\">4<\/div>\r\n        <div class=\"cat-title\">Policy Adherence<\/div>\r\n        <p>Encourage adherence to prescribed policies.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card e\">\r\n        <div class=\"cat-label\">5<\/div>\r\n        <div class=\"cat-title\">Regulatory Compliance<\/div>\r\n        <p>Comply with regulatory agencies.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card a\">\r\n        <div class=\"cat-label\">6<\/div>\r\n        <div class=\"cat-title\">Correct Liabilities<\/div>\r\n        <p>Correctly identify and measure liabilities.<\/p>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c3-means\">\r\n      <span class=\"section-badge teal\">&sect;2<\/span>\r\n      <h3>Means of Evaluation &amp; The Review Process<\/h3>\r\n    <\/div>\r\n\r\n    <p>The wing evaluates internal controls through four means \u2014 <strong>questionnaires\/checklists, flow charts\/narratives, facilitated workshops, and control self-assessment<\/strong> (Checklist 3 supports this; a sample self-assessment is Exhibit II).<\/p>\r\n\r\n    <div class=\"callout teal\">\r\n      <div class=\"callout-label\">Reviewing effectiveness \u2014 the five-step logic (Checklist 4)<\/div>\r\n      <p>Has the Ministry: <strong>(1)<\/strong> identified its business objectives; <strong>(2)<\/strong> identified and assessed the risks threatening them; <strong>(3)<\/strong> designed controls to manage those risks; <strong>(4)<\/strong> operated the controls per their design; and <strong>(5)<\/strong> monitored the controls to ensure they work? Each \"no\" is a control gap.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c3-rbia\">\r\n      <span class=\"section-badge amber\">&sect;3<\/span>\r\n      <h3>Conducting Risk-Based Internal Audit (RBIA)<\/h3>\r\n    <\/div>\r\n\r\n    <p>Before conducting RBIA, the wing must be able to answer: what is the Ministry's <strong>risk maturity<\/strong>? Has risk profiling been done and to what extent can it be relied on for planning? Do individual audits assure that all inherent risks above the <strong>risk appetite<\/strong> are managed down to within it?<\/p>\r\n\r\n    <div class=\"flow\">\r\n      <div class=\"flow-step\">\r\n        <div class=\"flow-num\">1<\/div>\r\n        <div class=\"flow-content\">\r\n          <h5>Assess risk maturity<\/h5>\r\n          <p>Gauge the Ministry's risk maturity.<\/p>\r\n        <\/div>\r\n      <\/div>\r\n      <div class=\"flow-step\">\r\n        <div class=\"flow-num\">2<\/div>\r\n        <div class=\"flow-content\">\r\n          <h5>Set up the Risk &amp; Audit Universe (RAU)<\/h5>\r\n          <p>Assign risks to audits and draw up a plan for carrying out audits, usually annual.<\/p>\r\n        <\/div>\r\n      <\/div>\r\n      <div class=\"flow-step\">\r\n        <div class=\"flow-num\">3<\/div>\r\n        <div class=\"flow-content\">\r\n          <h5>Carry out audits &amp; feed back<\/h5>\r\n          <p>Perform individual risk-based audits and feed the results back into the RAU.<\/p>\r\n        <\/div>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"callout amber\">\r\n      <div class=\"callout-label\">RBIA assurance covers five things<\/div>\r\n      <p>Whether management's processes <strong>identify all significant risks<\/strong>; whether risks are correctly <strong>scored<\/strong> to prioritise them; whether <strong>responses<\/strong> are appropriate and policy-compliant; whether <strong>reporting<\/strong> of key risks to senior management is accurate, timely and effective; and whether <strong>controls<\/strong> are operational and monitored.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c3-sampling\">\r\n      <span class=\"chapter-badge\">CH 3 \u00b7 PART B<\/span>\r\n      <h2>Audit Sampling<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">Definition<\/div>\r\n      <div class=\"def-text\">\r\n        <strong>Audit sampling<\/strong> is applying audit procedures to <strong>less than 100%<\/strong> of the items in a class of transactions \u2014 letting the auditor evaluate evidence about some characteristic of the selected items and form a conclusion about the whole population.\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"highlight-box\">\r\n      <div class=\"hl-label\">&#128161; How auditors choose what to test<\/div>\r\n      <div class=\"hl-text\">Areas where the department exercises <strong>discretion<\/strong> are riskier than rule-bound ones. Higher-value transactions are often examined for material impact \u2014 but <strong>materiality is irrelevant where compliance is required by law<\/strong>. Past audit reports guide selection, and <strong>March vouchers<\/strong> are invariably picked because of the well-known \"March rush\" in expenditure.<\/div>\r\n    <\/div>\r\n\r\n    <h4>Judgemental vs Statistical Sampling<\/h4>\r\n    <table class=\"compare-table\">\r\n      <thead><tr><th>Approach<\/th><th>How it works<\/th><th>Trade-off<\/th><\/tr><\/thead>\r\n      <tbody>\r\n        <tr>\r\n          <td class=\"label-cell\">Judgemental<\/td>\r\n          <td>Items chosen on the auditor's experience, intuition and judgement.<\/td>\r\n          <td>Simple and popular, but no scientific basis \u2014 hard to extrapolate findings to the population.<\/td>\r\n        <\/tr>\r\n        <tr>\r\n          <td class=\"label-cell\">Statistical<\/td>\r\n          <td>Every unit has an equal chance of selection, eliminating bias.<\/td>\r\n          <td>Lets findings be asserted with a known <strong>degree of confidence<\/strong>; needs sample-size and technique decisions.<\/td>\r\n        <\/tr>\r\n      <\/tbody>\r\n    <\/table>\r\n\r\n    <div class=\"callout\">\r\n      <div class=\"callout-label\">Sample size<\/div>\r\n      <p>Influenced by the purpose of audit, population size and homogeneity, required precision and confidence level. For a <strong>small or homogeneous<\/strong> population a small sample suffices; in general, a sample of <strong>10% or more<\/strong> is considered reasonable.<\/p>\r\n    <\/div>\r\n\r\n    <h4>Common statistical sampling techniques<\/h4>\r\n    <div class=\"cat-grid\">\r\n      <div class=\"cat-card a\">\r\n        <div class=\"cat-label\">Technique 1<\/div>\r\n        <div class=\"cat-title\">Random Number<\/div>\r\n        <p>Number all items, then use a random-number generator to select the sample.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card b\">\r\n        <div class=\"cat-label\">Technique 2<\/div>\r\n        <div class=\"cat-title\">Interval Sampling<\/div>\r\n        <p>Select items at fixed intervals \u2014 e.g. every 10th, 15th or 35th voucher; interval set by population size and sample needed.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card c\">\r\n        <div class=\"cat-label\">Technique 3<\/div>\r\n        <div class=\"cat-title\">Stratified Sampling<\/div>\r\n        <p>Divide the population into discrete homogeneous groups, then pick a pre-decided number from each group.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card d\">\r\n        <div class=\"cat-label\">Technique 4<\/div>\r\n        <div class=\"cat-title\">Attribute Sampling<\/div>\r\n        <p>Select items sharing certain attributes; objective in nature \u2014 items chosen by compliance (yes) or non-compliance (no) with standards. Good for evaluating controls over many similar transactions.<\/p>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c3-caats\">\r\n      <span class=\"section-badge red\">&sect;4<\/span>\r\n      <h3>Computer Assisted Audit Techniques (CAATs)<\/h3>\r\n    <\/div>\r\n\r\n    <p>As Government operations computerise, huge volumes of electronic data accumulate that are impractical to extract manually. CAATs are computer-based tools that run tests on data or IT systems \u2014 especially useful when significant data is electronic.<\/p>\r\n\r\n    <ul class=\"icon-list\">\r\n      <li><span class=\"ico\">&#9889;<\/span><span>CAATs permit <strong>100% testing<\/strong> of data in a short span, repeated tests on different files, and standardisation of audit activity.<\/span><\/li>\r\n      <li><span class=\"ico\">&#129518;<\/span><span><strong>Two broad categories:<\/strong> <em>add-on<\/em> tools used inside existing programs (Excel, MS Access); and <em>general-purpose audit software<\/em> built off-the-shelf for auditors.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128187;<\/span><span>Commonly used general-purpose software: <strong>IDEA<\/strong> (Interactive Data Extraction and Analysis) and <strong>ACL<\/strong> (Audit Command Language).<\/span><\/li>\r\n      <li><span class=\"ico\">&#127891;<\/span><span>Wings should <strong>train staff<\/strong> to use these tools in engagements.<\/span><\/li>\r\n    <\/ul>\r\n\r\n    <div class=\"highlight-box\">\r\n      <div class=\"hl-label\">&#128221; The evolution of audit (per the manual's box)<\/div>\r\n      <div class=\"hl-text\">From \"tick and check\" audits &rarr; systems-based audits focused on key controls &rarr; CAATs. The principles of taking the client's books to audit them haven't changed \u2014 only the practices, now that books are electronic. Auditors who fail to embrace new techniques risk becoming \"surplus to requirements.\" <em>(Source cited: The Internal Auditing Handbook, K. H. Spencer Pickett.)<\/em><\/div>\r\n    <\/div>\r\n\r\n    <div class=\"recap\" id=\"c3-recap\">\r\n      <div class=\"recap-title\">&#9889; Chapter 3 \u2014 Quick Recap<\/div>\r\n      <table>\r\n        <thead><tr><th>Concept<\/th><th>Key Fact<\/th><\/tr><\/thead>\r\n        <tbody>\r\n          <tr><td>Internal control objectives<\/td><td>6: efficiency \u00b7 reliable info \u00b7 safeguard assets \u00b7 policy adherence \u00b7 regulatory compliance \u00b7 correct liabilities<\/td><\/tr>\r\n          <tr><td>Means of evaluation<\/td><td>Questionnaires \u00b7 flowcharts\/narratives \u00b7 facilitated workshops \u00b7 control self-assessment<\/td><\/tr>\r\n          <tr><td>Control review (Checklist 4)<\/td><td>Objectives &rarr; assess risks &rarr; design controls &rarr; operate &rarr; monitor<\/td><\/tr>\r\n          <tr><td>RBIA three stages<\/td><td>Assess maturity &rarr; set up RAU &amp; plan &rarr; audit &amp; feed back<\/td><\/tr>\r\n          <tr><td>Audit sampling<\/td><td>Procedures on &lt;100% of items<\/td><\/tr>\r\n          <tr><td>Materiality &amp; law<\/td><td>Materiality irrelevant where compliance is legally required<\/td><\/tr>\r\n          <tr><td>March vouchers<\/td><td>Invariably selected (\"March rush\")<\/td><\/tr>\r\n          <tr><td>Reasonable sample size<\/td><td>10% or more in general<\/td><\/tr>\r\n          <tr><td>4 statistical techniques<\/td><td>Random number \u00b7 interval \u00b7 stratified \u00b7 attribute<\/td><\/tr>\r\n          <tr><td>CAATs enable<\/td><td>100% testing, repeated tests, standardisation<\/td><\/tr>\r\n          <tr><td>General-purpose software<\/td><td>IDEA &amp; ACL<\/td><\/tr>\r\n        <\/tbody>\r\n      <\/table>\r\n    <\/div>\r\n\r\n    <\/section><!-- \/pane-ch3 -->\r\n\r\n    <!-- \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 CHAPTER 4 \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 -->\r\n    <section class=\"chapter-pane\" id=\"pane-ch4\" data-chapter=\"4\">\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c4-stages\">\r\n      <span class=\"chapter-badge\">CH 4 \u00b7 PART A<\/span>\r\n      <h2>Performing the Audit Engagement<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">What this chapter does<\/div>\r\n      <div class=\"def-text\">\r\n        Chapter 4 is the <strong>doing<\/strong> phase \u2014 the actual conduct of internal audit. It walks four stages from notifying the entity through to the closing meeting, and packs the heaviest cluster of checklists in the manual (Checklists 5&ndash;13) covering intimation, entry conference, fieldwork, evidence, working papers, observations and exit.\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"flow\">\r\n      <div class=\"flow-step\">\r\n        <div class=\"flow-num\">1<\/div>\r\n        <div class=\"flow-content\">\r\n          <h5>Intimation of Audit<\/h5>\r\n          <p>Inform the unit of the audit schedule (Checklist 5).<\/p>\r\n        <\/div>\r\n      <\/div>\r\n      <div class=\"flow-step\">\r\n        <div class=\"flow-num\">2<\/div>\r\n        <div class=\"flow-content\">\r\n          <h5>Opening Meeting (Entry Conference)<\/h5>\r\n          <p>Set scope and understand the entity (Checklist 6).<\/p>\r\n        <\/div>\r\n      <\/div>\r\n      <div class=\"flow-step\">\r\n        <div class=\"flow-num\">3<\/div>\r\n        <div class=\"flow-content\">\r\n          <h5>Performing Field Work<\/h5>\r\n          <p>Evidence, working papers, observations (Checklists 7&ndash;12).<\/p>\r\n        <\/div>\r\n      <\/div>\r\n      <div class=\"flow-step\">\r\n        <div class=\"flow-num\">4<\/div>\r\n        <div class=\"flow-content\">\r\n          <h5>Conducting Exit Meeting<\/h5>\r\n          <p>Discuss the draft report with the client (Checklist 13).<\/p>\r\n        <\/div>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c4-intimation\">\r\n      <span class=\"section-badge\">&sect;1<\/span>\r\n      <h3>Intimation of Audit (Checklist 5)<\/h3>\r\n    <\/div>\r\n\r\n    <p>A <strong>Commencement Letter<\/strong>, addressed to the highest individual responsible for the Ministry\/Department\/Scheme, must include:<\/p>\r\n\r\n    <ul class=\"icon-list\">\r\n      <li><span class=\"ico\">&#127919;<\/span><span>Objective of the audit.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128208;<\/span><span>Scope and the period it covers.<\/span><\/li>\r\n      <li><span class=\"ico\">&#9201;&#65039;<\/span><span>Estimated duration.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128101;<\/span><span>Names of auditors \u2014 especially the <strong>Team Leader<\/strong>.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128197;<\/span><span>Information on entry and exit conferences.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128196;<\/span><span>Request for necessary information and documents.<\/span><\/li>\r\n    <\/ul>\r\n\r\n    <div class=\"section-heading-block\" id=\"c4-entry\">\r\n      <span class=\"section-badge teal\">&sect;2<\/span>\r\n      <h3>Opening \/ Entry Conference (Checklist 6)<\/h3>\r\n    <\/div>\r\n\r\n    <p>The engagement normally starts with an entry conference with the Head of Department\/Office. Points to cover: proposed objectives and scope; the entity's risk-management practices; areas of special concern; logistics (a nodal officer for space, records, meetings); the principal risks being audited; processes included and excluded; special considerations (C&amp;AG findings, recent frauds, major system changes); the approach and testing plan; the communication\/reporting strategy; and the auditee representative who will coordinate management action plans.<\/p>\r\n\r\n    <div class=\"callout red\">\r\n      <div class=\"callout-label\">&#9888; The surprise-audit exception<\/div>\r\n      <p>Audits with an <strong>element of surprise do not have any entry conference<\/strong>.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c4-field\">\r\n      <span class=\"chapter-badge\">CH 4 \u00b7 PART B<\/span>\r\n      <h2>Performing Field Work &amp; Evidence<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\">\r\n      <span class=\"section-badge amber\">&sect;3<\/span>\r\n      <h3>Preliminary Field Work (Checklist 7)<\/h3>\r\n    <\/div>\r\n\r\n    <p>Field work begins with an approved Audit Programme and standardised checklists for recurring schemes. The CAE ensures: staff interviews identifying detailed objectives, risks and high-risk areas; an <strong>agreed audit scope<\/strong> (reasons, objectives, main stages, staff and time, client contact, timetable with draft\/final report dates); sufficient and appropriate evidence; adequate supervision scaled to proficiency and complexity; objective sampling at desired confidence; and <strong>minuted meetings<\/strong> kept as working papers.<\/p>\r\n\r\n    <div class=\"section-heading-block\">\r\n      <span class=\"section-badge purple\">&sect;4<\/span>\r\n      <h3>Reliability of Audit Evidence (Checklist 8)<\/h3>\r\n    <\/div>\r\n\r\n    <p>Evidence must be relevant to the audit objectives, drawn from appropriate sources, and free of unacceptable risk of improper findings, significant limitations, or an inadequate basis. The manual's hierarchy of reliability:<\/p>\r\n\r\n    <ul class=\"icon-list\">\r\n      <li><span class=\"ico\">&#127760;<\/span><span>Evidence from <strong>external sources<\/strong> is more reliable.<\/span><\/li>\r\n      <li><span class=\"ico\">&#9989;<\/span><span>Evidence obtained <strong>directly by the auditor<\/strong> is more reliable.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128196;<\/span><span><strong>Original documents<\/strong> are more reliable than copies.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128202;<\/span><span><strong>Larger samples<\/strong> are more reliable than smaller ones.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128279;<\/span><span>Reliability rises when accounting and internal-control systems <strong>operate effectively<\/strong>.<\/span><\/li>\r\n    <\/ul>\r\n\r\n    <div class=\"callout purple\">\r\n      <div class=\"callout-label\">When evidence is weak or inconsistent<\/div>\r\n      <p>If limitations or uncertainties are significant, the wing should <strong>seek independent corroborating evidence<\/strong>, disclose the limitation in the report, and decide whether to report it as a finding. If sources are <strong>inconsistent<\/strong>, the auditor performs additional procedures to resolve the conflict.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\">\r\n      <span class=\"section-badge gold\">&sect;5<\/span>\r\n      <h3>Documenting &amp; Testing Processes, Risks, Controls (Checklist 9)<\/h3>\r\n    <\/div>\r\n\r\n    <p>The auditor performs <strong>walkthrough tests<\/strong> to confirm processes, surfaces any new risks, and identifies the controls that <em>should<\/em> operate to manage them plus the monitoring management uses. Tests of control effectiveness are defined and run, with special attention to controls carrying a <strong>high control score<\/strong>. The standard: documentation must let <em>an experienced auditor with no prior connection<\/em> understand the nature, timing, extent and results of procedures, the evidence obtained, its source, and the conclusions reached.<\/p>\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c4-papers\">\r\n      <span class=\"chapter-badge\">CH 4 \u00b7 PART C<\/span>\r\n      <h2>Working Papers &amp; Observations<\/h2>\r\n    <\/div>\r\n\r\n    <p>Working papers must be <strong>indexed, referenced and cross-referenced<\/strong> to the relevant observations. They split into two files:<\/p>\r\n\r\n    <div class=\"cat-grid\">\r\n      <div class=\"cat-card a\">\r\n        <div class=\"cat-label\">Checklist 10<\/div>\r\n        <div class=\"cat-title\">Permanent Audit File<\/div>\r\n        <p>Organizational chart; descriptions of schemes\/programs\/systems\/procedures and business plans; corrective action plans; legal &amp; regulatory issues; risk assessment; correspondence of continuing interest; updated audit programmes.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card b\">\r\n        <div class=\"cat-label\">Checklist 11<\/div>\r\n        <div class=\"cat-title\">Current Audit File<\/div>\r\n        <p>Draft &amp; final report copies; significant findings and how resolved; planning documentation; administration\/correspondence; follow-up of previous reports; updated programmes; supporting documentation; minutes of entry &amp; exit meetings.<\/p>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">How an audit observation is born<\/div>\r\n      <div class=\"def-text\">\r\n        An observation emerges by comparing <strong>\"what should exist\"<\/strong> (the audit criteria) with <strong>\"what exists\"<\/strong> (the evidence). When they differ, the auditor assesses the <strong>effect, impact and cause<\/strong> of the variance and documents it. Accumulated observations become the foundation for the engagement's conclusions, recommendations and report. <em>(Checklist 12 governs the field-work steps.)<\/em>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c4-exit\">\r\n      <span class=\"section-badge red\">&sect;6<\/span>\r\n      <h3>Conducting the Exit Meeting (Checklist 13)<\/h3>\r\n    <\/div>\r\n\r\n    <p>A formal exit conference concludes field work. With key officials, the team discusses the <strong>Draft Audit Report<\/strong>, obtains their views and any additional facts, and records any disagreements with reasons. The exit conference is <strong>minuted<\/strong>, the minutes go into the working papers, and a copy is given to the Department.<\/p>\r\n\r\n    <div class=\"recap\" id=\"c4-recap\">\r\n      <div class=\"recap-title\">&#9889; Chapter 4 \u2014 Quick Recap<\/div>\r\n      <table>\r\n        <thead><tr><th>Concept<\/th><th>Key Fact<\/th><\/tr><\/thead>\r\n        <tbody>\r\n          <tr><td>Four stages<\/td><td>Intimation &rarr; Entry conference &rarr; Field work &rarr; Exit meeting<\/td><\/tr>\r\n          <tr><td>Intimation document<\/td><td>Commencement Letter (Checklist 5)<\/td><\/tr>\r\n          <tr><td>Surprise audits<\/td><td><strong>No entry conference<\/strong><\/td><\/tr>\r\n          <tr><td>Most reliable evidence<\/td><td>External source \u00b7 auditor-obtained \u00b7 originals \u00b7 larger samples<\/td><\/tr>\r\n          <tr><td>Confirming processes<\/td><td>Walkthrough tests (Checklist 9)<\/td><\/tr>\r\n          <tr><td>Documentation standard<\/td><td>Understandable to an experienced auditor with no prior connection<\/td><\/tr>\r\n          <tr><td>Two working-paper files<\/td><td>Permanent (Checklist 10) &amp; Current (Checklist 11)<\/td><\/tr>\r\n          <tr><td>Observation = <\/td><td>\"What should exist\" vs \"what exists\" + effect, impact, cause<\/td><\/tr>\r\n          <tr><td>Exit conference<\/td><td>Discuss draft report; minuted; copy to Department (Checklist 13)<\/td><\/tr>\r\n          <tr><td>Field-work checklist<\/td><td>Checklist 12<\/td><\/tr>\r\n        <\/tbody>\r\n      <\/table>\r\n    <\/div>\r\n\r\n    <\/section><!-- \/pane-ch4 -->\r\n\r\n    <!-- \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 CHAPTER 5 \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 -->\r\n    <section class=\"chapter-pane\" id=\"pane-ch5\" data-chapter=\"5\">\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c5-comm\">\r\n      <span class=\"chapter-badge\">CH 5 \u00b7 PART A<\/span>\r\n      <h2>Reporting &amp; Follow-up<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">What this chapter does<\/div>\r\n      <div class=\"def-text\">\r\n        Chapter 5 covers phases three and four: <strong>communicating results<\/strong> and <strong>following up<\/strong>. Its centrepiece is the <strong>5-C framework<\/strong> for drafting observations, supported by Checklist 13 (reporting) and Checklist 14 (follow-up).\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c5-comm2\">\r\n      <span class=\"section-badge\">&sect;1<\/span>\r\n      <h3>Communicating the Results of the Engagement<\/h3>\r\n    <\/div>\r\n\r\n    <ul class=\"icon-list\">\r\n      <li><span class=\"ico\">&#9201;&#65039;<\/span><span>Results must be communicated in a <strong>timely manner<\/strong>.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128221;<\/span><span>Final communication must contain an <strong>opinion and\/or conclusions<\/strong>; an overall opinion must account for the Ministry's expectations and be supported by sufficient, reliable, relevant, useful information.<\/span><\/li>\r\n      <li><span class=\"ico\">&#9888;&#65039;<\/span><span>The reason for an <strong>unfavourable overall opinion must be stated<\/strong>.<\/span><\/li>\r\n    <\/ul>\r\n\r\n    <div class=\"callout\">\r\n      <div class=\"callout-label\">What the report must highlight (Checklist 13)<\/div>\r\n      <p>Before drafting, the supervisor reviews all working papers and checks supporting evidence. The report flags: <strong>weaknesses in internal-control design\/implementation; non-compliance<\/strong> with policies, procedures, rules and regulations; and transactions that fall short of <strong>standards of propriety<\/strong>. It incorporates the auditee's response and planned corrective action (or notes the absence of a response), brings out any scope limitation, and acknowledges <strong>satisfactory performance and best practices<\/strong>.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"callout amber\">\r\n      <div class=\"callout-label\">Don't wait to report serious findings<\/div>\r\n      <p>Where an observation is so serious that delay could harm achievement of programme\/scheme objectives, it must be <strong>communicated early \u2014 even during the audit<\/strong>. Errors or omissions in an issued report must be corrected and circulated to all earlier recipients.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c5-5c\">\r\n      <span class=\"chapter-badge\">CH 5 \u00b7 PART B<\/span>\r\n      <h2>The 5-C Framework<\/h2>\r\n    <\/div>\r\n\r\n    <p>Every audit observation is developed with reference to engagement objectives using five C's. They form a logical chain \u2014 from what was expected, to what happened, to what should be done:<\/p>\r\n\r\n    <ol class=\"parts-list decimal teal\">\r\n      <li><strong>Criteria \u2014 \"What should exist?\"<\/strong> The benchmarks or expectations audit evidence is compared against (policy, SOP, norm).<\/li>\r\n      <li><strong>Condition \u2014 \"What exists?\"<\/strong> The factual evidence found, stating the nature and extent of the observation \u2014 the result of comparing actual evidence with criteria.<\/li>\r\n      <li><strong>Consequence \/ Effect \/ Impact \u2014 \"What effect did it have?\"<\/strong> The risk or exposure from the gap between criteria and condition; often expressed quantitatively. The effect must be serious enough to justify the cost of correction.<\/li>\r\n      <li><strong>Cause \u2014 \"Why did it happen?\"<\/strong> The likely reason for the gap. Similar causes across observations may reveal an underlying theme; identifying the cause is a prerequisite to a meaningful recommendation.<\/li>\r\n      <li><strong>Corrective Action \/ Recommendation \u2014 \"What should be done?\"<\/strong> Actions to correct the situation and prevent recurrence \u2014 within the client's scope, addressing the cause not just the symptoms, and at least intuitively viable.<\/li>\r\n    <\/ol>\r\n\r\n    <div class=\"highlight-box\">\r\n      <div class=\"hl-label\">&#11088; Memory hook for the 5 C's<\/div>\r\n      <div class=\"hl-text\"><strong>Criteria<\/strong> (should) &rarr; <strong>Condition<\/strong> (is) &rarr; <strong>Consequence<\/strong> (so what) &rarr; <strong>Cause<\/strong> (why) &rarr; <strong>Corrective action<\/strong> (fix). Two states, an impact, a reason, a remedy.<\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c5-risk\">\r\n      <span class=\"section-badge amber\">&sect;2<\/span>\r\n      <h3>Grouping Findings by Risk Severity<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"cat-grid three\">\r\n      <div class=\"cat-card d\">\r\n        <div class=\"cat-label\">Red<\/div>\r\n        <div class=\"cat-title\">High Risk<\/div>\r\n        <p>Absence of <strong>immediate<\/strong> corrective action may have a <strong>major negative impact<\/strong> on achievement of objectives.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card c\">\r\n        <div class=\"cat-label\">Orange<\/div>\r\n        <div class=\"cat-title\">Medium Risk<\/div>\r\n        <p>Failure to act could result in <strong>significant consequences<\/strong>.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card b\">\r\n        <div class=\"cat-label\">Green<\/div>\r\n        <div class=\"cat-title\">Low Risk<\/div>\r\n        <p>Suggested action would bring <strong>greater efficiency or enhanced controls<\/strong> at minimal additional cost.<\/p>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c5-followup\">\r\n      <span class=\"section-badge red\">&sect;3<\/span>\r\n      <h3>Reporting &amp; Follow-up (Checklist 14)<\/h3>\r\n    <\/div>\r\n\r\n    <p>Follow-up closes the loop. The CAE conducts follow-up of previous reports and communicates the findings. For the current report there must be a defined time-frame for <strong>Action Taken Reports (ATRs)<\/strong>, and those timelines must be adhered to.<\/p>\r\n\r\n    <div class=\"callout red\">\r\n      <div class=\"callout-label\">&#9888; Escalation of unresolved issues<\/div>\r\n      <p>The CAE establishes a process to monitor whether management actions are effectively implemented \u2014 <strong>or that senior management has accepted the risk of not acting<\/strong> (per IIA Standard 2500.A1). Issues the auditee cannot resolve within <strong>six months<\/strong> are reported to the Audit Committee and included in the quarterly reporting on risks unacceptable to the Ministry.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"recap\" id=\"c5-recap\">\r\n      <div class=\"recap-title\">&#9889; Chapter 5 \u2014 Quick Recap<\/div>\r\n      <table>\r\n        <thead><tr><th>Concept<\/th><th>Key Fact<\/th><\/tr><\/thead>\r\n        <tbody>\r\n          <tr><td>Final communication must contain<\/td><td>An opinion and\/or conclusions<\/td><\/tr>\r\n          <tr><td>Unfavourable opinion<\/td><td>Reason must be stated<\/td><\/tr>\r\n          <tr><td>Report flags<\/td><td>Control weaknesses \u00b7 non-compliance \u00b7 propriety lapses<\/td><\/tr>\r\n          <tr><td>Serious findings<\/td><td>Communicate early \u2014 even during audit<\/td><\/tr>\r\n          <tr><td>The 5 C's<\/td><td>Criteria \u00b7 Condition \u00b7 Consequence \u00b7 Cause \u00b7 Corrective action<\/td><\/tr>\r\n          <tr><td>Criteria \/ Condition<\/td><td>\"Should exist\" \/ \"What exists\"<\/td><\/tr>\r\n          <tr><td>Risk colour coding<\/td><td>Red (high) \u00b7 Orange (medium) \u00b7 Green (low)<\/td><\/tr>\r\n          <tr><td>Action tracking<\/td><td>Action Taken Reports (ATRs) with timelines<\/td><\/tr>\r\n          <tr><td>Escalation window<\/td><td>Unresolved in <strong>6 months<\/strong> &rarr; Audit Committee<\/td><\/tr>\r\n          <tr><td>Standard cited<\/td><td>IIA Standard 2500.A1 (management accepting risk)<\/td><\/tr>\r\n        <\/tbody>\r\n      <\/table>\r\n    <\/div>\r\n\r\n    <\/section><!-- \/pane-ch5 -->\r\n\r\n    <!-- \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 CHAPTER 6 \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 -->\r\n    <section class=\"chapter-pane\" id=\"pane-ch6\" data-chapter=\"6\">\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c6-qaip\">\r\n      <span class=\"chapter-badge\">CH 6 \u00b7 PART A<\/span>\r\n      <h2>Performance Evaluation &amp; Quality Control<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">What this chapter does<\/div>\r\n      <div class=\"def-text\">\r\n        Chapter 6 turns the lens on internal audit itself. Like any function, the wing must add value \u2014 so the head sets objectives, builds processes to meet them, and reports results. The chapter covers the <strong>Quality Assurance and Improvement Program (QAIP)<\/strong>, documentation policy, a quality-check of the audit report (Checklist 15), and a wide performance-evaluation checklist (Checklist 16).\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c6-qaip2\">\r\n      <span class=\"section-badge\">&sect;1<\/span>\r\n      <h3>What Is a QAIP?<\/h3>\r\n    <\/div>\r\n\r\n    <ul class=\"icon-list\">\r\n      <li><span class=\"ico\">&#127919;<\/span><span>A QAIP evaluates the wing's conformance with the <strong>IPPF Standards<\/strong> and whether auditors apply the <strong>Code of Ethics<\/strong>.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128200;<\/span><span>It assesses the efficiency and effectiveness of the activity and identifies improvement opportunities.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128221;<\/span><span>The CAE <strong>must develop and maintain<\/strong> a QAIP covering <em>all aspects<\/em> of the internal audit activity <em>(IIA Standard 1300)<\/em>, and it must include both internal and external assessments <em>(IIA Standard 1310)<\/em>.<\/span><\/li>\r\n    <\/ul>\r\n\r\n    <div class=\"section-heading-block\" id=\"c6-assess\">\r\n      <span class=\"section-badge teal\">&sect;2<\/span>\r\n      <h3>Internal vs External Assessment<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"cat-grid\">\r\n      <div class=\"cat-card a\">\r\n        <div class=\"cat-label\">Internal \u2014 Standard 1311<\/div>\r\n        <div class=\"cat-title\">Two components<\/div>\r\n        <p><strong>Ongoing monitoring<\/strong> \u2014 part of day-to-day supervision, review and measurement, built into routine policies to evaluate conformance with the Code and Standards. Plus <strong>periodic self-assessments<\/strong> (or by others within the organisation with sufficient knowledge) to evaluate conformance with the Manual and Charter.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card e\">\r\n        <div class=\"cat-label\">External \u2014 Independence<\/div>\r\n        <div class=\"cat-title\">No conflict of interest<\/div>\r\n        <p>An <strong>independent<\/strong> assessment means no actual or perceived conflict of interest, and not being part of or under the control of the organisation the activity belongs to. The CAE communicates QAIP results to the <strong>Audit Committee and the IAD in O\/o CGA<\/strong>.<\/p>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c6-doc\">\r\n      <span class=\"section-badge amber\">&sect;3<\/span>\r\n      <h3>Documentation Policy<\/h3>\r\n    <\/div>\r\n\r\n    <p>The CAE must approve a documentation policy \u2014 consistent with organisational guidelines and regulatory requirements \u2014 governing custody, retention and release of engagement records. It must cover:<\/p>\r\n\r\n    <ul class=\"icon-list\">\r\n      <li><span class=\"ico\">&#128196;<\/span><span><strong>Sufficient, reliable, relevant<\/strong> documentation to support engagement results and conclusions.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128274;<\/span><span><strong>Controlled access<\/strong> to records \u2014 and approval of senior management and\/or legal counsel before releasing records to external parties.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128467;&#65039;<\/span><span><strong>Retention requirements<\/strong> for records (regardless of storage medium), consistent with organisational and regulatory rules.<\/span><\/li>\r\n    <\/ul>\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c6-quality\">\r\n      <span class=\"chapter-badge\">CH 6 \u00b7 PART B<\/span>\r\n      <h2>Quality Check of the Audit Report (Checklist 15)<\/h2>\r\n    <\/div>\r\n\r\n    <p>Reports are issued in the format prescribed by O\/o CGA. To be effective they must be <strong>complete, concise, accurate and objective<\/strong>, issued timely, fact-based, free of personal criticism, constructively worded, with recommendations focused on achieving objectives.<\/p>\r\n\r\n    <div class=\"callout teal\">\r\n      <div class=\"callout-label\">The five qualities of a good report<\/div>\r\n      <p>Accurate &middot; Objective &middot; Clear &middot; Concise &middot; Complete. The report structure includes the engagement's <strong>objectives, scope, conclusions, recommendations and action plans<\/strong>.<\/p>\r\n    <\/div>\r\n\r\n    <h4>What the quality check verifies<\/h4>\r\n    <ul class=\"icon-list\">\r\n      <li><span class=\"ico\">&#128209;<\/span><span>Cover page states <em>\"Internal Audit Report of ____ for the period ____\"<\/em>, plus date of issue.<\/span><\/li>\r\n      <li><span class=\"ico\">&#9878;&#65039;<\/span><span>Clearly states the <strong>responsibility split<\/strong>: management owns internal controls and financial statements; the auditor's job is to <strong>express an opinion on the efficiency of internal controls<\/strong> in achieving management objectives.<\/span><\/li>\r\n      <li><span class=\"ico\">&#9989;<\/span><span>Approved by competent authority, signed by the designated authority, and addressed per the Internal Audit Charter.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128202;<\/span><span>Supplemented by an <strong>Executive Summary<\/strong> (objectives, scope, summary of observations).<\/span><\/li>\r\n      <li><span class=\"ico\">&#128308;<\/span><span>Uses <strong>colour coding (Red, Orange, Green)<\/strong> for significance\/risk; develops observations via the <strong>5-C framework<\/strong>; uses photographs where useful.<\/span><\/li>\r\n      <li><span class=\"ico\">&#9989;<\/span><span>Acknowledges satisfactory performance and best practices; brings out any scope limitation.<\/span><\/li>\r\n    <\/ul>\r\n\r\n    <div class=\"section-heading-block\" id=\"c6-perf\">\r\n      <span class=\"section-badge purple\">&sect;4<\/span>\r\n      <h3>Performance Evaluation of the IAW (Checklist 16)<\/h3>\r\n    <\/div>\r\n\r\n    <p>This checklist lets O\/o CGA evaluate a wing's performance. Highlights worth remembering:<\/p>\r\n\r\n    <div class=\"cat-grid\">\r\n      <div class=\"cat-card a\">\r\n        <div class=\"cat-label\">Meetings cadence<\/div>\r\n        <div class=\"cat-title\">4 minimum, 6 ideal<\/div>\r\n        <p>Formally report to the Audit Committee at least <strong>4 times a year<\/strong> (once per quarter), with <strong>6 meetings per year as the ideal target<\/strong>.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card b\">\r\n        <div class=\"cat-label\">Capacity maths<\/div>\r\n        <div class=\"cat-title\">210 working days<\/div>\r\n        <p>Plan staffing at <strong>210 working days per auditor<\/strong>, compute man-days required vs available, and decide how to fill the gap (consultants \/ deputation \/ outsourcing).<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card c\">\r\n        <div class=\"cat-label\">Report contents<\/div>\r\n        <div class=\"cat-title\">Progress vs Plan<\/div>\r\n        <p>Reports include progress vs plan with timelines, limitations to independence\/objectivity, challenges, delays in resolving issues, and action on outstanding paragraphs.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card e\">\r\n        <div class=\"cat-label\">Value added<\/div>\r\n        <div class=\"cat-title\">KPIs &amp; Dashboards<\/div>\r\n        <p>Adopt KPIs and dashboards; track risks mitigated, cost-saving opportunities, and financial-recovery opportunities; run a QAIP and gap analysis against the Handbook.<\/p>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"recap\" id=\"c6-recap\">\r\n      <div class=\"recap-title\">&#9889; Chapter 6 \u2014 Quick Recap<\/div>\r\n      <table>\r\n        <thead><tr><th>Concept<\/th><th>Key Fact<\/th><\/tr><\/thead>\r\n        <tbody>\r\n          <tr><td>QAIP evaluates<\/td><td>Conformance with IPPF Standards &amp; Code of Ethics<\/td><\/tr>\r\n          <tr><td>QAIP must include<\/td><td>Both internal and external assessments (Std 1310)<\/td><\/tr>\r\n          <tr><td>Internal assessment<\/td><td>Ongoing monitoring + periodic self-assessment (Std 1311)<\/td><\/tr>\r\n          <tr><td>Independent assessment<\/td><td>No actual\/perceived conflict; outside the organisation's control<\/td><\/tr>\r\n          <tr><td>QAIP results go to<\/td><td>Audit Committee &amp; IAD in O\/o CGA<\/td><\/tr>\r\n          <tr><td>Documentation policy covers<\/td><td>Sufficiency \u00b7 controlled access \u00b7 retention<\/td><\/tr>\r\n          <tr><td>Report qualities<\/td><td>Accurate \u00b7 Objective \u00b7 Clear \u00b7 Concise \u00b7 Complete<\/td><\/tr>\r\n          <tr><td>Responsibility split<\/td><td>Management owns controls; auditor opines on their efficiency<\/td><\/tr>\r\n          <tr><td>Colour coding<\/td><td>Red \/ Orange \/ Green<\/td><\/tr>\r\n          <tr><td>Committee meetings<\/td><td>Min 4\/yr (quarterly); ideal 6\/yr<\/td><\/tr>\r\n          <tr><td>Capacity assumption<\/td><td>210 working days per auditor<\/td><\/tr>\r\n        <\/tbody>\r\n      <\/table>\r\n    <\/div>\r\n\r\n    <\/section><!-- \/pane-ch6 -->\r\n\r\n    <!-- \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 CHAPTER 7 \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 -->\r\n    <section class=\"chapter-pane\" id=\"pane-ch7\" data-chapter=\"7\">\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c7-gender\">\r\n      <span class=\"chapter-badge\">CH 7 \u00b7 PART A<\/span>\r\n      <h2>Special Audits<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">What this chapter does<\/div>\r\n      <div class=\"def-text\">\r\n        Chapter 7 covers five specialised engagements beyond the routine audit: <strong>Gender Audit, IT Audit, Audit of Governance Activities, and Scheme\/Program Audit<\/strong> \u2014 plus how to fold these into the work program. Each is undertaken on Terms of Reference given by the Ministry, with the Audit Committee informed afterwards.\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c7-gender2\">\r\n      <span class=\"section-badge\">&sect;1<\/span>\r\n      <h3>Gender Audit<\/h3>\r\n    <\/div>\r\n\r\n    <p>A gender audit examines two sets of dimensions \u2014 what the programmes do, and how the organisation is set up.<\/p>\r\n\r\n    <div class=\"cat-grid\">\r\n      <div class=\"cat-card a\">\r\n        <div class=\"cat-label\">What to audit \u2014 set 1<\/div>\r\n        <div class=\"cat-title\">5 Programmatic Dimensions<\/div>\r\n        <p>Situational analysis (planning &amp; annual plan development) \u00b7 policy analysis (programme design, scheme guidelines) \u00b7 budgetary allocations &amp; expenditure \u00b7 monitoring of implementation progress \u00b7 evaluation procedures.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card e\">\r\n        <div class=\"cat-label\">What to audit \u2014 set 2<\/div>\r\n        <div class=\"cat-title\">4 Organizational Dimensions<\/div>\r\n        <p>Gender policy &amp; staffing (support and gender balance) \u00b7 capacity building \u00b7 monitoring systems (gender sensitivity) \u00b7 resource allocation (how far the budget supports gender equity).<\/p>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"callout\">\r\n      <div class=\"callout-label\">Methodology &amp; tools<\/div>\r\n      <p><strong>Process:<\/strong> set up a gender-audit team &rarr; brainstorm to freeze objectives and identify criteria &rarr; develop criteria into a checklist &rarr; build an <strong>Audit Matrix<\/strong> (criteria, questions, verifiable indicators, means of verification) &rarr; entry meeting &rarr; gather data &rarr; analyse &rarr; feedback &rarr; report. <strong>Tools:<\/strong> existing data &amp; schematic guidelines, documentation review, field visits, field surveys, interviews, key-informant interviews, staff questionnaire, and a <strong>Gender Audit Score Card<\/strong>.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c7-it\">\r\n      <span class=\"chapter-badge\">CH 7 \u00b7 PART B<\/span>\r\n      <h2>Information Technology (IT) Audit<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">Purpose of IT Audit<\/div>\r\n      <div class=\"def-text\">\r\n        IT audits assess controls in IT systems that maintain the <strong>CIA triad \u2014 Confidentiality, Integrity and Availability<\/strong> of data. They assure that data isn't modified in an unauthorised way, that controls prevent unauthorised access, and that controls prevent service disruption so systems are available when required.\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"callout teal\">\r\n      <div class=\"callout-label\">Two types of IT audit<\/div>\r\n      <p>The easiest boundary: <strong>Application Control Review Audits<\/strong> (controls relating to Ministry transactions\/processes and their internal security settings) and <strong>General Control Review Audits<\/strong>. Everything that isn't an application control is treated as a <strong>General Computer Control (GCC)<\/strong> \u2014 and GCCs are reviewed first because they form the basis of the IT control environment.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c7-itprocess\">\r\n      <span class=\"section-badge amber\">&sect;2<\/span>\r\n      <h3>The IT Audit Process<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"flow\">\r\n      <div class=\"flow-step\">\r\n        <div class=\"flow-num\">1<\/div>\r\n        <div class=\"flow-content\">\r\n          <h5>Prepare the IT Audit Universe<\/h5>\r\n          <p>Understand the tech environment \u2014 list technologies, the IT processes\/controls against them, and interview program &amp; IT staff (Checklist 17). Sample in Exhibit V; vulnerability survey in Exhibit IV.<\/p>\r\n        <\/div>\r\n      <\/div>\r\n      <div class=\"flow-step\">\r\n        <div class=\"flow-num\">2<\/div>\r\n        <div class=\"flow-content\">\r\n          <h5>Prepare the Annual IT Audit Plan<\/h5>\r\n          <p>List auditable units, identify their risks, prioritise by risk significance, fold into the Annual Audit Plan (Checklist 18).<\/p>\r\n        <\/div>\r\n      <\/div>\r\n      <div class=\"flow-step\">\r\n        <div class=\"flow-num\">3<\/div>\r\n        <div class=\"flow-content\">\r\n          <h5>Conduct IT Risk Assessment<\/h5>\r\n          <p>Document the six IT risk areas; identify assets at risk, threat events, impact, frequency and uncertainty; then run a risk-mitigation analysis (Checklists 19 &amp; 20).<\/p>\r\n        <\/div>\r\n      <\/div>\r\n      <div class=\"flow-step\">\r\n        <div class=\"flow-num\">4<\/div>\r\n        <div class=\"flow-content\">\r\n          <h5>Identify &amp; Report on IT Controls<\/h5>\r\n          <p>Review GCCs; report on information-security incidents, change-management exceptions, project status, etc. \u2014 integrating risks from programmes to IT in one format.<\/p>\r\n        <\/div>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"callout amber\">\r\n      <div class=\"callout-label\">The six IT risk areas (Checklist 19)<\/div>\r\n      <p>Non-availability of the system &middot; unauthorised access to systems (<strong>security<\/strong>) &middot; incomplete\/inaccurate data (<strong>integrity<\/strong>) &middot; unauthorised access to data (<strong>confidentiality<\/strong>) &middot; non-delivery of expected function (<strong>effectiveness<\/strong>) &middot; sub-optimal use of resources (<strong>efficiency<\/strong>).<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"highlight-box\">\r\n      <div class=\"hl-label\">&#128218; IIA guidance &amp; the Centre of Excellence<\/div>\r\n      <div class=\"hl-text\">Wings doing IT audits use the IIA's <strong>GTAGs<\/strong> (Global Technology Audit Guides) \u2014 e.g. GTAG 11 (developing an IT audit plan), GTAG 12 (auditing IT projects), GTAG 13 (fraud prevention in an automated world). Until Ministries build their own IT-audit capability, the <strong>Centre of Excellence (CoE) in O\/o CGA<\/strong> can develop an in-house support team or outsource to specialist firms. A sample PFMS system-audit checklist is Exhibit VI; the IT control-framework checklist is Exhibit VII.<\/div>\r\n    <\/div>\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c7-gov\">\r\n      <span class=\"chapter-badge\">CH 7 \u00b7 PART C<\/span>\r\n      <h2>Governance &amp; Scheme Audits<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\">\r\n      <span class=\"section-badge purple\">&sect;3<\/span>\r\n      <h3>Audit of Governance Activities (Checklist 21)<\/h3>\r\n    <\/div>\r\n\r\n    <p>The CAE assesses whether the audit plan covers the Ministry's governance processes and their risks \u2014 so the wing helps the Ministry be <strong>accountable and transparent<\/strong> while achieving objectives <strong>effectively, efficiently, economically and ethically<\/strong>. Three core questions drive it:<\/p>\r\n\r\n    <ul class=\"icon-list\">\r\n      <li><span class=\"ico\">&#128221;<\/span><span>Has the policy been implemented <strong>as intended<\/strong>?<\/span><\/li>\r\n      <li><span class=\"ico\">&#128176;<\/span><span>Are funds being spent for the <strong>intended purpose<\/strong>?<\/span><\/li>\r\n      <li><span class=\"ico\">&#128737;&#65039;<\/span><span>Are managers implementing <strong>effective controls<\/strong> to minimise risks?<\/span><\/li>\r\n    <\/ul>\r\n\r\n    <div class=\"section-heading-block\" id=\"c7-scheme\">\r\n      <span class=\"section-badge gold\">&sect;4<\/span>\r\n      <h3>Scheme or Program Audit (Checklists 22 &amp; 23)<\/h3>\r\n    <\/div>\r\n\r\n    <p>Scheme audit works from two angles \u2014 the beneficiary's experience and the auditor's verification.<\/p>\r\n\r\n    <div class=\"cat-grid\">\r\n      <div class=\"cat-card a\">\r\n        <div class=\"cat-label\">Checklist 22<\/div>\r\n        <div class=\"cat-title\">Beneficiary Questionnaire<\/div>\r\n        <p>Awareness of the scheme and its benefits; how they heard of it; problems in availing it; online application difficulty; time to sanction and to credit; sufficiency of the amount; complaints and the management's response; whether life improved; whether they'd recommend it.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card c\">\r\n        <div class=\"cat-label\">Checklist 23<\/div>\r\n        <div class=\"cat-title\">Auditor Checklist<\/div>\r\n        <p>Three-year budget vs expenditure; delays in fund transfer at each level (Centre&rarr;State&rarr;District&rarr;CDPO&rarr;beneficiary); diversion of funds; projects completed on time \/ extended; unspent grant refunded; separate bank account under specified authority; periodic reports to the Centre; % of admin expenses; Utilization Certificate (incl. men\/women ratio).<\/p>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"callout teal\">\r\n      <div class=\"callout-label\">Inclusion into work programs<\/div>\r\n      <p>Special audits \u2014 Gender, IT, Governance, Grant or Scheme\/Program \u2014 are undertaken <strong>as and when assigned<\/strong> by the Ministry, per its Terms of Reference. The Audit Committee is informed about these engagements subsequently. A sample Summary of Audit Paras for scheme audit is Exhibit VIII.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"recap\" id=\"c7-recap\">\r\n      <div class=\"recap-title\">&#9889; Chapter 7 \u2014 Quick Recap<\/div>\r\n      <table>\r\n        <thead><tr><th>Concept<\/th><th>Key Fact<\/th><\/tr><\/thead>\r\n        <tbody>\r\n          <tr><td>Five special audits<\/td><td>Gender \u00b7 IT \u00b7 Governance \u00b7 Grant \u00b7 Scheme\/Program<\/td><\/tr>\r\n          <tr><td>Gender audit dimensions<\/td><td>5 programmatic + 4 organizational<\/td><\/tr>\r\n          <tr><td>Gender audit tool<\/td><td>Gender Audit Score Card + Audit Matrix<\/td><\/tr>\r\n          <tr><td>IT audit assures<\/td><td>Confidentiality \u00b7 Integrity \u00b7 Availability (CIA)<\/td><\/tr>\r\n          <tr><td>Two IT audit types<\/td><td>Application Control \u00b7 General Control (GCC)<\/td><\/tr>\r\n          <tr><td>Six IT risk areas<\/td><td>Availability \u00b7 security \u00b7 integrity \u00b7 confidentiality \u00b7 effectiveness \u00b7 efficiency<\/td><\/tr>\r\n          <tr><td>IIA IT guidance<\/td><td>GTAGs; support from CoE in O\/o CGA<\/td><\/tr>\r\n          <tr><td>Governance audit (4 E's)<\/td><td>Effective \u00b7 efficient \u00b7 economical \u00b7 ethical<\/td><\/tr>\r\n          <tr><td>Governance core questions<\/td><td>Policy as intended? \u00b7 funds for purpose? \u00b7 effective controls?<\/td><\/tr>\r\n          <tr><td>Scheme audit angles<\/td><td>Beneficiary (Checklist 22) + Auditor (Checklist 23)<\/td><\/tr>\r\n          <tr><td>Assignment basis<\/td><td>Ministry's Terms of Reference; Committee informed after<\/td><\/tr>\r\n        <\/tbody>\r\n      <\/table>\r\n    <\/div>\r\n\r\n    <\/section><!-- \/pane-ch7 -->\r\n\r\n    <!-- \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 CHAPTER 8 \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 -->\r\n    <section class=\"chapter-pane\" id=\"pane-ch8\" data-chapter=\"8\">\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c8-checklists\">\r\n      <span class=\"chapter-badge\">CH 8 \u00b7 PART A<\/span>\r\n      <h2>The 23 Checklists \u2014 A Navigation Map<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">Why this reference matters<\/div>\r\n      <div class=\"def-text\">\r\n        The manual's real working content lives in <strong>23 numbered checklists<\/strong> scattered through Chapters 2&ndash;7, and <strong>8 Exhibits<\/strong> at the back. This chapter pulls them into one place so you can see, at a glance, which checklist serves which phase.\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <table class=\"compare-table\">\r\n      <thead><tr><th style=\"width:14%;\">Checklist<\/th><th>Purpose<\/th><th style=\"width:18%;\">Phase<\/th><\/tr><\/thead>\r\n      <tbody>\r\n        <tr><td class=\"label-cell\">1<\/td><td>Audit &amp; Engagement Planning<\/td><td>Planning<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">2<\/td><td>Audit Work Program<\/td><td>Planning<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">3<\/td><td>Internal Control Evaluation<\/td><td>Tools<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">4<\/td><td>Reviewing effectiveness of internal controls<\/td><td>Tools<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">5<\/td><td>Audit Intimation (Commencement Letter)<\/td><td>Performing<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">6<\/td><td>Conducting the Entry Conference<\/td><td>Performing<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">7<\/td><td>Preliminary Audit Performance<\/td><td>Performing<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">8<\/td><td>Reliability &amp; Documentation of Audit Evidence<\/td><td>Performing<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">9<\/td><td>Documentation &amp; Testing of processes, risks, controls<\/td><td>Performing<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">10<\/td><td>Working Papers \u2014 Permanent Audit File<\/td><td>Performing<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">11<\/td><td>Working Papers \u2014 Current Audit File<\/td><td>Performing<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">12<\/td><td>Performing Internal Audit Field Work<\/td><td>Performing<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">13<\/td><td>Exit Meeting \/ Audit Communication: Reporting<\/td><td>Reporting<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">14<\/td><td>Audit Communication: Follow-up<\/td><td>Follow-up<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">15<\/td><td>Quality Check of Audit Report<\/td><td>Quality<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">16<\/td><td>Performance Evaluation of the IAW<\/td><td>Quality<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">17<\/td><td>Preparing audit universe for IT audit<\/td><td>Special \u2014 IT<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">18<\/td><td>Planning for IT audit<\/td><td>Special \u2014 IT<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">19<\/td><td>Undertaking IT risk assessment<\/td><td>Special \u2014 IT<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">20<\/td><td>Assisting CAEs in conducting IT audit<\/td><td>Special \u2014 IT<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">21<\/td><td>Audit of Governance Processes<\/td><td>Special \u2014 Gov<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">22<\/td><td>Scheme Audit Questionnaire \u2014 beneficiary<\/td><td>Special \u2014 Scheme<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">23<\/td><td>Scheme Audit Checklist \u2014 auditor<\/td><td>Special \u2014 Scheme<\/td><\/tr>\r\n      <\/tbody>\r\n    <\/table>\r\n\r\n    <div class=\"callout teal\">\r\n      <div class=\"callout-label\">Note on numbering<\/div>\r\n      <p>The manual reuses \"Checklist 13\" for both the exit-meeting checklist and the reporting checklist \u2014 a quirk in the source text. Treat them as the same number serving the close-out \/ reporting boundary.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c8-exhibits\">\r\n      <span class=\"chapter-badge\">CH 8 \u00b7 PART B<\/span>\r\n      <h2>The Eight Exhibits<\/h2>\r\n    <\/div>\r\n\r\n    <p>The Exhibits are full worked samples an auditor can adapt directly. Knowing what each contains is enough for revision:<\/p>\r\n\r\n    <div class=\"cat-grid\">\r\n      <div class=\"cat-card a\">\r\n        <span class=\"cat-badge\">I<\/span>\r\n        <div class=\"cat-label\">Risk register<\/div>\r\n        <div class=\"cat-title\">Sample Risk Register \u2014 RKVY<\/div>\r\n        <p>For Rashtriya Krishi Vikas Yojana (M\/o Agriculture). Maps sub-processes, inherent risks, impact\/likelihood scoring, existing &amp; required controls, residual risk.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card b\">\r\n        <span class=\"cat-badge\">II<\/span>\r\n        <div class=\"cat-label\">Self-assessment<\/div>\r\n        <div class=\"cat-title\">Internal Control Self-Assessment Checklist<\/div>\r\n        <p>A template for a unit to assess its own internal controls.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card c\">\r\n        <span class=\"cat-badge\">III<\/span>\r\n        <div class=\"cat-label\">Compliance<\/div>\r\n        <div class=\"cat-title\">Compliance Audit of DDOs &amp; PAOs<\/div>\r\n        <p>Checklist for compliance audit of Drawing &amp; Disbursing Officers and Pay &amp; Accounts Officers.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card d\">\r\n        <span class=\"cat-badge\">IV<\/span>\r\n        <div class=\"cat-label\">IT survey<\/div>\r\n        <div class=\"cat-title\">Vulnerable Areas of IT Processes<\/div>\r\n        <p>Sample survey to identify vulnerabilities in IT processes.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card e\">\r\n        <span class=\"cat-badge\">V<\/span>\r\n        <div class=\"cat-label\">IT universe<\/div>\r\n        <div class=\"cat-title\">Preparing an IT Audit Universe<\/div>\r\n        <p>Sample for assembling the IT audit universe.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card a\">\r\n        <span class=\"cat-badge\">VI<\/span>\r\n        <div class=\"cat-label\">System audit<\/div>\r\n        <div class=\"cat-title\">Checklist for System Audit (PFMS)<\/div>\r\n        <p>Sample system-audit checklist in the PFMS environment.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card b\">\r\n        <span class=\"cat-badge\">VII<\/span>\r\n        <div class=\"cat-label\">IT controls<\/div>\r\n        <div class=\"cat-title\">Examining the IT Control Framework<\/div>\r\n        <p>Checklist to examine the IT control framework.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card c\">\r\n        <span class=\"cat-badge\">VIII<\/span>\r\n        <div class=\"cat-label\">Scheme paras<\/div>\r\n        <div class=\"cat-title\">Summary of Audit Paras \u2014 Scheme Audit<\/div>\r\n        <p>Sample summary of audit paras for scheme audit, categorised by type (financial \/ operational \/ performance) and risk level.<\/p>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c8-riskreg\">\r\n      <span class=\"section-badge purple\">&sect;1<\/span>\r\n      <h3>Anatomy of a Risk Register (from Exhibit I)<\/h3>\r\n    <\/div>\r\n\r\n    <p>The RKVY register is the clearest illustration of how risk is recorded. Each row carries the following columns \u2014 worth memorising as the standard structure:<\/p>\r\n\r\n    <ol class=\"parts-list decimal purple\">\r\n      <li><strong>Sub-process<\/strong> \u2014 the activity (e.g. \"Approval\", \"Release of funds\").<\/li>\r\n      <li><strong>Inherent risk description<\/strong> \u2014 what could go wrong (e.g. \"delay in approval of projects by States\").<\/li>\r\n      <li><strong>Risk assessment<\/strong> \u2014 Impact and Likelihood, each scored <strong>L \/ M \/ H<\/strong>.<\/li>\r\n      <li><strong>Identification &amp; listing of controls<\/strong> \u2014 split into <em>existing<\/em> controls and <em>required<\/em> controls.<\/li>\r\n      <li><strong>Residual risk<\/strong> \u2014 Impact and Likelihood again (L\/M\/H) <em>after<\/em> existing controls.<\/li>\r\n      <li><strong>Frequency of control, control owner, timeline<\/strong> \u2014 how often the control runs, who owns it (e.g. P.D \u2014 Programme Division), and the implementation date.<\/li>\r\n    <\/ol>\r\n\r\n    <div class=\"highlight-box\">\r\n      <div class=\"hl-label\">&#11088; The takeaway<\/div>\r\n      <div class=\"hl-text\">A risk register is the bridge between Chapter 2 (planning), Chapter 3 (RBIA), and Chapter 7 (scheme audit). It is where inherent risk, controls, and residual risk are made visible \u2014 and it is continuously updated as audits feed findings back into it.<\/div>\r\n    <\/div>\r\n\r\n    <div class=\"recap\" id=\"c8-recap\">\r\n      <div class=\"recap-title\">&#9889; Chapter 8 \u2014 Quick Recap<\/div>\r\n      <table>\r\n        <thead><tr><th>Concept<\/th><th>Key Fact<\/th><\/tr><\/thead>\r\n        <tbody>\r\n          <tr><td>Total numbered checklists<\/td><td>23 (across Chapters 2&ndash;7)<\/td><\/tr>\r\n          <tr><td>Planning checklists<\/td><td>1 &amp; 2<\/td><\/tr>\r\n          <tr><td>Control evaluation<\/td><td>Checklists 3 &amp; 4<\/td><\/tr>\r\n          <tr><td>Performing (heaviest)<\/td><td>Checklists 5&ndash;12<\/td><\/tr>\r\n          <tr><td>Reporting \/ follow-up<\/td><td>Checklists 13 &amp; 14<\/td><\/tr>\r\n          <tr><td>Quality<\/td><td>Checklists 15 &amp; 16<\/td><\/tr>\r\n          <tr><td>IT audit<\/td><td>Checklists 17&ndash;20<\/td><\/tr>\r\n          <tr><td>Governance \/ Scheme<\/td><td>Checklists 21 \/ 22 &amp; 23<\/td><\/tr>\r\n          <tr><td>Exhibit I<\/td><td>RKVY Risk Register (M\/o Agriculture)<\/td><\/tr>\r\n          <tr><td>Exhibit III<\/td><td>Compliance audit of DDOs &amp; PAOs<\/td><\/tr>\r\n          <tr><td>Exhibit VI<\/td><td>PFMS System Audit checklist<\/td><\/tr>\r\n          <tr><td>Risk register columns<\/td><td>Sub-process \u00b7 inherent risk \u00b7 scoring \u00b7 controls \u00b7 residual risk \u00b7 owner\/timeline<\/td><\/tr>\r\n        <\/tbody>\r\n      <\/table>\r\n    <\/div>\r\n\r\n    <\/section><!-- \/pane-ch8 -->\r\n\r\n  <\/main>\r\n<\/div>\r\n\r\n<script>\r\n  \/\/ \u2500\u2500 Chapter tab switching \u2500\u2500\r\n  document.addEventListener('click', function (e) {\r\n    const header = e.target.closest('.toc-chapter-header');\r\n    if (header) {\r\n      const chapterEl = header.parentElement;\r\n      const chNum = chapterEl.getAttribute('data-chapter');\r\n      switchChapter(chNum);\r\n      setTimeout(function () {\r\n        document.querySelectorAll('.toc-chapter').forEach(function (other) {\r\n          if (other !== chapterEl) other.removeAttribute('open');\r\n        });\r\n      }, 0);\r\n      return;\r\n    }\r\n\r\n    const subLink = e.target.closest('.toc-sub-list a');\r\n    if (subLink) {\r\n      const chapterEl = subLink.closest('.toc-chapter');\r\n      const chNum = chapterEl.getAttribute('data-chapter');\r\n      switchChapter(chNum);\r\n      document.querySelectorAll('.toc-chapter').forEach(function (other) {\r\n        if (other !== chapterEl) other.removeAttribute('open');\r\n      });\r\n      document.querySelectorAll('.toc-sub-list a').forEach(function (a) { a.classList.remove('active'); });\r\n      subLink.classList.add('active');\r\n      const href = subLink.getAttribute('href');\r\n      if (href && href.startsWith('#')) {\r\n        e.preventDefault();\r\n        setTimeout(function () {\r\n          const target = document.querySelector(href);\r\n          if (target) target.scrollIntoView({ behavior: 'smooth', block: 'start' });\r\n        }, 60);\r\n      }\r\n      return;\r\n    }\r\n  });\r\n\r\n  function switchChapter (n) {\r\n    document.querySelectorAll('.chapter-pane').forEach(function (pane) {\r\n      if (pane.getAttribute('data-chapter') === n) {\r\n        pane.classList.add('active');\r\n      } else {\r\n        pane.classList.remove('active');\r\n      }\r\n    });\r\n  }\r\n<\/script>\r\n\r\n<\/body>\r\n<\/html>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Operational Manual for Internal Audit (Central Ministries) \u2014 Study Notes Study Notes \u00b7 Internal Audit \u00b7 O\/o CGA Operational Manual [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"site-sidebar-layout":"no-sidebar","site-content-layout":"","ast-site-content-layout":"full-width-container","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"disabled","ast-banner-title-visibility":"disabled","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"disabled","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[],"tags":[],"class_list":["post-12823","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/promotionexams.com\/index.php?rest_route=\/wp\/v2\/pages\/12823","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/promotionexams.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/promotionexams.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/promotionexams.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/promotionexams.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=12823"}],"version-history":[{"count":4,"href":"https:\/\/promotionexams.com\/index.php?rest_route=\/wp\/v2\/pages\/12823\/revisions"}],"predecessor-version":[{"id":12827,"href":"https:\/\/promotionexams.com\/index.php?rest_route=\/wp\/v2\/pages\/12823\/revisions\/12827"}],"wp:attachment":[{"href":"https:\/\/promotionexams.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12823"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/promotionexams.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12823"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/promotionexams.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=12823"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}