{"id":12861,"date":"2026-06-09T11:16:48","date_gmt":"2026-06-09T11:16:48","guid":{"rendered":"https:\/\/promotionexams.com\/?page_id=12861"},"modified":"2026-06-19T12:24:06","modified_gmt":"2026-06-19T12:24:06","slug":"handbook-on-internal-audit-in-central-civil-ministries-departments-notes","status":"publish","type":"page","link":"https:\/\/promotionexams.com\/?page_id=12861","title":{"rendered":"Handbook on Internal Audit in Central Civil Ministries\/Departments Notes"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"12861\" class=\"elementor elementor-12861\">\n\t\t\t\t<div class=\"elementor-element elementor-element-249a21a e-con-full e-flex e-con e-parent\" data-id=\"249a21a\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-7d58f4b elementor-widget elementor-widget-html\" data-id=\"7d58f4b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t\t<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n<meta charset=\"UTF-8\">\r\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n<title>Handbook on Internal Audit in Central Civil Ministries\/Departments \u2014 Interactive Study Notes<\/title>\r\n<style>\r\n.elementor-section.elementor-section-stretched,\r\n    .elementor-section-full_width,\r\n    .elementor-container,\r\n    .elementor-column,\r\n    .elementor-column-wrap,\r\n    .elementor-widget-wrap,\r\n    .elementor-element { padding:0 !important; margin:0 !important; gap:0 !important; }\r\n\r\n  *, *::before, *::after { box-sizing:border-box; margin:0; padding:0; }\r\n  :root {\r\n    --navy:#10243f; --blue:#1c5da6; --sky:#2d8ecf; --teal:#0e8f7a;\r\n    --amber:#c97c10; --red:#c0392b; --gold:#c89b0a; --purple:#7e3eb5;\r\n    --slate:#41617f;\r\n    --text:#1c2b3a; --muted:#5a6d80; --border:#dde6ef;\r\n  }\r\n  html { scroll-behavior:smooth; }\r\n  body { font-family:'DM Sans',-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif; background:#fff; color:var(--text); font-size:15px; line-height:1.85; }\r\n  a { text-decoration:none; color:inherit; }\r\n\r\n  .hero { width:100%; background:linear-gradient(125deg,#0a1f3c 0%,#10243f 30%,#13507f 70%,#0e8f7a 100%); padding:60px 48px 56px; color:#fff; position:relative; overflow:hidden; }\r\n  .hero::before { content:''; position:absolute; inset:0;\r\n    background-image:linear-gradient(rgba(255,255,255,0.05) 1px,transparent 1px),linear-gradient(90deg,rgba(255,255,255,0.05) 1px,transparent 1px);\r\n    background-size:34px 34px; pointer-events:none; }\r\n  .hero::after { content:''; position:absolute; right:-90px; top:-110px; width:520px; height:520px; border-radius:50%; background:radial-gradient(circle,rgba(255,255,255,0.10) 0%,transparent 65%); pointer-events:none; }\r\n  .hero-inner { max-width:1120px; margin:0 auto; position:relative; z-index:1; }\r\n  .hero-grid { display:grid; grid-template-columns:1fr 340px; gap:36px; align-items:center; }\r\n  .hero-text { min-width:0; }\r\n  .hero-illustration { width:340px; max-width:100%; filter:drop-shadow(0 12px 24px rgba(0,0,0,0.28)); animation:heroFloat 6s ease-in-out infinite; }\r\n  .hero-illustration svg { width:100%; height:auto; display:block; }\r\n  @keyframes heroFloat { 0%,100%{transform:translateY(0);} 50%{transform:translateY(-7px);} }\r\n  .hero-kicker { display:inline-block; background:rgba(255,255,255,0.16); color:#fff; font-size:11px; font-weight:700; padding:6px 14px; border-radius:20px; letter-spacing:0.14em; text-transform:uppercase; margin-bottom:18px; backdrop-filter:blur(4px); }\r\n  .hero h1 { font-family:'Crimson Pro',Georgia,serif; font-size:clamp(28px,4.2vw,44px); font-weight:700; line-height:1.18; margin-bottom:14px; color:#fff; text-shadow:0 2px 8px rgba(0,0,0,0.20); }\r\n  .hero-sub { font-size:15px; opacity:0.93; margin-bottom:24px; max-width:740px; color:#fff; }\r\n  .hero-pills { display:flex; flex-wrap:wrap; gap:8px; }\r\n  .hero-pill { background:rgba(255,255,255,0.16); border:1px solid rgba(255,255,255,0.30); color:#fff; font-size:12px; font-weight:600; padding:6px 14px; border-radius:20px; backdrop-filter:blur(6px); }\r\n\r\n  .scope-banner { background:#fff7ec; border-bottom:1px solid #f0dcb8; padding:10px 48px; }\r\n  .scope-inner { max-width:1120px; margin:0 auto; font-size:13px; color:#8a5a10; display:flex; align-items:center; gap:8px; }\r\n  .scope-inner strong { color:#6b4408; }\r\n\r\n  .breadcrumb-bar { background:#fff; border-bottom:1px solid var(--border); padding:10px 48px; }\r\n  .breadcrumb-inner { max-width:1120px; margin:0 auto; font-size:12.5px; color:#aaa; display:flex; align-items:center; gap:6px; }\r\n  .breadcrumb-inner a { color:var(--blue); }\r\n  .breadcrumb-inner a:hover { text-decoration:underline; }\r\n  .breadcrumb-inner .sep { color:#ddd; }\r\n\r\n  .layout { max-width:1120px; margin:0 auto; padding:44px 48px 88px; display:grid; grid-template-columns:264px 1fr; gap:56px; align-items:start; }\r\n\r\n  .chapter-heading-block { display:flex; align-items:center; gap:14px; margin:52px 0 22px; padding-bottom:14px; border-bottom:2.5px solid var(--navy); }\r\n  .chapter-heading-block:first-child { margin-top:0; }\r\n  .chapter-badge { background:var(--navy); color:#fff; font-size:10px; font-weight:700; padding:5px 16px; border-radius:4px; letter-spacing:0.1em; text-transform:uppercase; white-space:nowrap; flex-shrink:0; }\r\n  .chapter-heading-block h2 { font-family:'Crimson Pro',Georgia,serif; font-size:23px; font-weight:700; color:var(--navy); margin:0; }\r\n\r\n  .section-heading-block { display:flex; align-items:center; gap:12px; margin:38px 0 14px; }\r\n  .section-badge { background:var(--blue); color:#fff; font-size:9.5px; font-weight:700; padding:4px 12px; border-radius:3px; letter-spacing:0.08em; white-space:nowrap; flex-shrink:0; }\r\n  .section-badge.amber{background:var(--amber);} .section-badge.teal{background:var(--teal);}\r\n  .section-badge.purple{background:var(--purple);} .section-badge.red{background:var(--red);} .section-badge.gold{background:var(--gold);} .section-badge.slate{background:var(--slate);}\r\n  .section-heading-block h3 { font-size:17px; font-weight:700; color:var(--navy); margin:0; }\r\n\r\n  .article h4 { font-size:14.5px; font-weight:700; color:var(--navy); margin:22px 0 10px; }\r\n  .article p { color:#2c3e50; margin-bottom:12px; text-align:justify; hyphens:auto; }\r\n  .article strong { color:#111; }\r\n  .layout > .article, .layout > .sidebar { min-width:0; }\r\n  .table-wrap { max-width:100%; }\r\n\r\n  .icon-list { list-style:none; margin:0 0 14px; display:flex; flex-direction:column; gap:8px; }\r\n  .icon-list li { display:flex; align-items:flex-start; gap:10px; font-size:15px; color:#2c3e50; line-height:1.78; text-align:justify; }\r\n  .icon-list li .ico { font-size:15px; flex-shrink:0; margin-top:4px; width:20px; text-align:center; }\r\n\r\n  .callout { position:relative; padding:15px 18px 16px; margin:18px 0 22px; background:#f6faff;\r\n             border:1px solid #e3edf8; border-left:3px solid var(--blue); border-radius:4px 9px 9px 4px;\r\n             transition:box-shadow .18s ease, transform .18s ease; }\r\n  .callout:hover { box-shadow:0 6px 20px -12px rgba(20,40,80,.35); }\r\n  .callout > p { text-align:justify; }\r\n  .callout > p:last-child { margin-bottom:0; }\r\n  .callout-label { display:flex; align-items:center; gap:9px; margin-bottom:11px;\r\n                   font-family:'DM Sans',sans-serif; font-size:10.5px; font-weight:700;\r\n                   text-transform:uppercase; letter-spacing:0.11em; color:var(--blue); }\r\n  .callout-label::before { content:'\\25C6'; flex:none; width:23px; height:23px; border-radius:6px;\r\n                   display:inline-grid; place-items:center; background:var(--blue); color:#fff;\r\n                   font-family:'JetBrains Mono',monospace; font-size:12px; line-height:1;\r\n                   box-shadow:0 1px 0 rgba(0,0,0,.12) inset, 0 2px 5px -2px rgba(0,0,0,.4); }\r\n  .callout.blue   { background:#f6faff; border-left-color:var(--blue);  }\r\n  .callout.teal   { background:#f3fdf9; border-color:#cdeee0; border-left:3px dotted var(--teal); }\r\n  .callout.teal   .callout-label { color:var(--teal); }   .callout.teal   .callout-label::before{ content:'\\22A1'; background:var(--teal); }\r\n  .callout.amber  { background:#fffbf3; border-color:#f3e3c3; border-left-color:var(--amber); }\r\n  .callout.amber  .callout-label { color:#9a6a00; }       .callout.amber  .callout-label::before{ content:'\\0021'; background:var(--amber); }\r\n  .callout.purple { background:#faf6ff; border-color:#e7dcf6; border-left-color:var(--purple); }\r\n  .callout.purple .callout-label { color:var(--purple); } .callout.purple .callout-label::before{ content:'\\2756'; background:var(--purple); }\r\n  .callout.slate  { background:#f6f8fb; border:1px solid #dde5ee; border-left-width:1px; }\r\n  .callout.slate  .callout-label { color:var(--slate); }  .callout.slate  .callout-label::before{ content:'\\25B8'; background:var(--slate); }\r\n  .callout.gold   { background:#fffdf3; border:1.5px solid #e7cf8e; border-left-width:1.5px; border-radius:9px; }\r\n  .callout.gold   .callout-label { color:#8a6a00; }       .callout.gold   .callout-label::before{ content:'\\00A7'; background:var(--gold); color:#3a2c00; }\r\n  .callout.gold::before, .callout.gold::after { content:''; position:absolute; width:9px; height:9px; border:1.5px solid var(--gold); }\r\n  .callout.gold::before { top:6px; left:6px; border-right:0; border-bottom:0; }\r\n  .callout.gold::after  { bottom:6px; right:6px; border-left:0; border-top:0; }\r\n  .callout.red    { background:#fff7f6; border-color:#f3cfca; border-left:4px solid var(--red); overflow:hidden; }\r\n  .callout.red    .callout-label { color:var(--red); margin:-15px -18px 12px; padding:11px 18px;\r\n                   background:linear-gradient(90deg,#fdecea,#fff7f6); border-bottom:1px solid #f3cfca; }\r\n  .callout.red    .callout-label::before{ content:'\\2691'; background:var(--red); }\r\n  .callout.purple { overflow:hidden; }\r\n  .callout.purple::after { content:''; position:absolute; top:0; right:0; border-width:0 16px 16px 0;\r\n                   border-style:solid; border-color:#fff #fff var(--purple) var(--purple); opacity:.55; }\r\n  @media (prefers-reduced-motion: reduce){ .callout{ transition:none; } }\r\n\r\n  .def-card { background:linear-gradient(135deg,#f3f8fd 0%,#e9f2fb 100%); border:1.5px solid #b9d2ec; border-radius:12px; padding:22px 26px; margin:18px 0 26px; position:relative; }\r\n  .def-card::before { content:'\\201C'; position:absolute; top:6px; left:14px; font-family:Georgia,serif; font-size:60px; color:rgba(28,93,166,0.18); line-height:1; }\r\n  .def-card .def-label { font-size:10.5px; font-weight:700; text-transform:uppercase; letter-spacing:0.14em; color:var(--blue); margin-bottom:8px; position:relative; z-index:1; }\r\n  .def-card .def-text { font-size:15px; color:#1f3a55; line-height:1.78; position:relative; z-index:1; text-align:justify; }\r\n\r\n  .compare-table { width:100%; border-collapse:collapse; margin:16px 0 24px; border-radius:8px; overflow:hidden; border:1px solid var(--border); table-layout:fixed; }\r\n  .compare-intro { margin:20px 0 -2px; font-size:14.5px; color:#42526b; }\r\n  .table-wrap { overflow-x:auto; -webkit-overflow-scrolling:touch; margin:16px 0 24px; }\r\n  .table-wrap > .compare-table { margin:0; }\r\n  .compare-table thead tr { background:var(--navy); color:#fff; }\r\n  .compare-table th { padding:12px 16px; text-align:left; font-size:12.5px; font-weight:700; }\r\n  .compare-table td { padding:11px 16px; font-size:14px; border-bottom:1px solid var(--border); color:#2c3e50; vertical-align:top; word-wrap:break-word; }\r\n  .compare-table tr:nth-child(even) td { background:#f8fbfd; }\r\n  .compare-table td.label-cell { font-weight:700; color:var(--navy); background:#eef4fa !important; }\r\n  .compare-table td.code-cell { font-family:'JetBrains Mono',monospace; font-weight:700; color:var(--blue); background:#eef4fa !important; text-align:center; }\r\n\r\n  .info-row { display:grid; grid-template-columns:repeat(auto-fit,minmax(150px,1fr)); gap:14px; margin:18px 0 26px; }\r\n  .info-card { background:#fff; border:1.5px solid var(--border); border-top:4px solid var(--blue); border-radius:12px; padding:18px 16px; }\r\n  .info-card.t-teal { border-top-color:var(--teal); }\r\n  .info-card.t-amber { border-top-color:var(--amber); }\r\n  .info-card.t-gold { border-top-color:var(--gold); }\r\n  .info-card.t-red { border-top-color:var(--red); }\r\n  .info-card.t-purple { border-top-color:var(--purple); }\r\n  .info-card.t-slate { border-top-color:var(--slate); }\r\n  .info-card .ic-big { font-family:'JetBrains Mono',monospace; font-weight:800; font-size:20px; color:var(--navy); line-height:1.12; margin-bottom:5px; }\r\n  .info-card .ic-cap { font-size:12.5px; color:#5a6b7d; line-height:1.5; }\r\n\r\n  .parts-list { list-style:none; counter-reset:parts; margin:14px 0 22px; display:flex; flex-direction:column; gap:12px; }\r\n  .parts-list > li { background:#fff; border:1.5px solid var(--border); border-radius:10px; padding:16px 18px 16px 60px; position:relative; font-size:14.5px; color:#2c3e50; line-height:1.72; counter-increment:parts; text-align:justify; }\r\n  .parts-list > li::before { content:counter(parts,lower-alpha); position:absolute; left:16px; top:16px; width:32px; height:32px; background:var(--blue); color:#fff; border-radius:50%; display:flex; align-items:center; justify-content:center; font-size:14px; font-weight:700; font-family:'JetBrains Mono',monospace; }\r\n  .parts-list.roman > li::before { content:counter(parts,lower-roman); font-size:12px; }\r\n  .parts-list.decimal > li::before { content:counter(parts); font-size:13px; }\r\n  .parts-list.teal > li::before{background:var(--teal);} .parts-list.amber > li::before{background:var(--amber);}\r\n  .parts-list.purple > li::before{background:var(--purple);} .parts-list.red > li::before{background:var(--red);} .parts-list.gold > li::before{background:var(--gold);} .parts-list.slate > li::before{background:var(--slate);}\r\n  .parts-list > li strong { color:var(--navy); }\r\n\r\n  .highlight-box { background:linear-gradient(135deg,#eef6ff 0%,#e4eefb 100%); border-left:4px solid var(--blue); border-radius:0 10px 10px 0; padding:16px 20px; margin:16px 0 22px; }\r\n  .highlight-box .hl-label { font-size:10px; font-weight:700; text-transform:uppercase; letter-spacing:0.12em; color:var(--blue); margin-bottom:6px; }\r\n  .highlight-box .hl-text { font-size:14.5px; color:#2c3e50; line-height:1.72; text-align:justify; }\r\n\r\n  .flow { display:flex; flex-wrap:wrap; gap:0; margin:20px 0 28px; align-items:stretch; }\r\n  .flow-step { flex:1 1 0; min-width:140px; background:#fff; border:1.5px solid var(--border); border-radius:12px; padding:14px 15px; position:relative; }\r\n  .flow-step + .flow-step { margin-left:28px; }\r\n  .flow-step + .flow-step::before { content:'\\2192'; position:absolute; left:-23px; top:50%; transform:translateY(-50%); color:var(--sky); font-size:19px; font-weight:700; }\r\n  .flow-step .fs-num { font-family:'JetBrains Mono',monospace; font-size:10.5px; font-weight:700; color:var(--blue); letter-spacing:0.08em; margin-bottom:6px; }\r\n  .flow-step .fs-title { font-size:13px; font-weight:700; color:var(--navy); margin-bottom:4px; line-height:1.3; }\r\n  .flow-step .fs-text { font-size:12px; color:#5a6b7d; line-height:1.55; }\r\n  .flow.teal .flow-step+.flow-step::before{color:var(--teal);} .flow.teal .fs-num{color:var(--teal);}\r\n  .flow.amber .flow-step+.flow-step::before{color:var(--amber);} .flow.amber .fs-num{color:#9a6a00;}\r\n  .flow.purple .flow-step+.flow-step::before{color:var(--purple);} .flow.purple .fs-num{color:var(--purple);}\r\n  @media (max-width:720px){ .flow{flex-direction:column;} .flow-step+.flow-step{margin-left:0;margin-top:28px;} .flow-step+.flow-step::before{content:'\\2193';left:50%;top:-24px;transform:translateX(-50%);} }\r\n\r\n  .cat-grid { display:grid; grid-template-columns:repeat(2,1fr); gap:14px; margin:20px 0 28px; }\r\n  .cat-grid.three{grid-template-columns:repeat(3,1fr);} .cat-grid.four{grid-template-columns:repeat(4,1fr);}\r\n  .cat-card { border-radius:10px; padding:18px 18px; border:1.5px solid var(--border); }\r\n  .cat-card.a{border-color:#9dc3ec;background:#f0f7ff;} .cat-card.b{border-color:#7fd3c5;background:#f0fdf8;}\r\n  .cat-card.c{border-color:#f0d58a;background:#fffbf0;} .cat-card.d{border-color:#f5a0a0;background:#fff5f5;} .cat-card.e{border-color:#d1baf0;background:#f9f5ff;}\r\n  .cat-label { font-size:9.5px; font-weight:700; text-transform:uppercase; letter-spacing:0.12em; color:var(--muted); margin-bottom:6px; }\r\n  .cat-title { font-size:14.5px; font-weight:700; color:var(--navy); margin-bottom:8px; }\r\n  .cat-card.a .cat-title{color:var(--blue);} .cat-card.b .cat-title{color:var(--teal);} .cat-card.c .cat-title{color:var(--amber);} .cat-card.d .cat-title{color:var(--red);} .cat-card.e .cat-title{color:var(--purple);}\r\n  .cat-card p { font-size:13px; color:#2c3e50; line-height:1.7; text-align:justify; }\r\n  .cat-badge { display:inline-block; font-size:22px; font-weight:900; margin-bottom:6px; font-family:'JetBrains Mono',monospace; line-height:1; }\r\n  .cat-card.a .cat-badge{color:var(--blue);} .cat-card.b .cat-badge{color:var(--teal);} .cat-card.c .cat-badge{color:var(--amber);} .cat-card.d .cat-badge{color:var(--red);} .cat-card.e .cat-badge{color:var(--purple);}\r\n\r\n  .chapter-pane { display:none; animation:fadeIn 0.3s ease; }\r\n  .chapter-pane.active { display:block; }\r\n  @keyframes fadeIn { from{opacity:0;transform:translateY(4px);} to{opacity:1;transform:translateY(0);} }\r\n\r\n  .sidebar { position:sticky; top:24px; max-height:calc(100vh - 48px); }\r\n  .toc-card { background:#fff; border:1px solid var(--border); border-radius:12px; padding:16px 12px; max-height:calc(100vh - 48px); overflow-y:auto; }\r\n  .toc-card-title { font-size:10px; font-weight:700; text-transform:uppercase; letter-spacing:0.14em; color:var(--muted); margin:4px 0 14px; padding:0 4px; }\r\n  .toc-chapter { margin-bottom:8px; }\r\n  .toc-chapter-header { background:var(--navy); border-radius:10px; padding:12px; color:#fff; cursor:pointer; display:flex; align-items:center; gap:10px; list-style:none; transition:background 0.18s; }\r\n  .toc-chapter-header::-webkit-details-marker { display:none; }\r\n  .toc-chapter-header:hover { background:#163457; }\r\n  .toc-ch-badge { background:#ffd95a; color:#10243f; font-size:10px; font-weight:800; letter-spacing:0.06em; padding:4px 8px; border-radius:5px; flex-shrink:0; min-width:38px; text-align:center; line-height:1; }\r\n  .toc-ch-title { flex:1; font-size:13.5px; font-weight:700; line-height:1.25; color:#fff; }\r\n  .toc-ch-chev { font-size:10px; color:rgba(255,255,255,0.8); transition:transform 0.22s ease; flex-shrink:0; }\r\n  .toc-chapter[open] > .toc-chapter-header { background:#163457; }\r\n  .toc-chapter[open] > .toc-chapter-header .toc-ch-chev { transform:rotate(90deg); }\r\n  .toc-sub-wrap { position:relative; margin:6px 0 6px 18px; padding-left:14px; }\r\n  .toc-sub-wrap::before { content:''; position:absolute; left:0; top:6px; bottom:8px; width:1px; background:repeating-linear-gradient(to bottom,#d0d8e2 0px,#d0d8e2 2px,transparent 2px,transparent 5px); }\r\n  .toc-sub-list { list-style:none; }\r\n  .toc-sub-list li { display:flex; align-items:flex-start; gap:6px; padding:5px 4px 5px 0; }\r\n  .toc-sub-num { flex-shrink:0; font-family:'JetBrains Mono',monospace; font-size:10.5px; color:var(--muted); font-weight:600; line-height:1.5; min-width:40px; padding-top:1px; }\r\n  .toc-sub-list a { flex:1; font-size:13px; color:#2c3e50; line-height:1.45; padding:1px 4px; border-radius:3px; transition:color 0.15s; }\r\n  .toc-sub-list a:hover { color:var(--blue); }\r\n  .toc-sub-list a.active { color:var(--blue); font-weight:700; }\r\n  .toc-sub-list .toc-app .toc-sub-num, .toc-sub-list .toc-app a { color:var(--purple); }\r\n  .toc-sub-list .toc-app a:hover, .toc-sub-list .toc-app a.active { color:#5a2a8a; font-weight:700; }\r\n\r\n  .recap { background:linear-gradient(135deg,#10243f 0%,#193b63 100%); border-radius:14px; padding:28px 30px; margin:44px 0 0; color:#fff; }\r\n  .recap-title { font-family:'Crimson Pro',Georgia,serif; font-size:20px; font-weight:700; margin-bottom:18px; display:flex; align-items:center; gap:10px; }\r\n  .recap table { width:100%; border-collapse:collapse; }\r\n  .recap th, .recap td { padding:10px 14px; text-align:left; border-bottom:1px solid rgba(255,255,255,0.12); font-size:13.5px; }\r\n  .recap th { font-size:11px; text-transform:uppercase; letter-spacing:0.1em; opacity:0.7; font-weight:700; }\r\n  .recap td:first-child { font-weight:700; color:#ffd700; width:38%; }\r\n  .recap td strong { color:#ffd95a; font-weight:700; }\r\n  .recap td:first-child strong { color:inherit; }\r\n\r\n  .ix { border:1.5px solid var(--border); border-radius:14px; margin:30px 0 28px; overflow:hidden; background:#fff; }\r\n  .ix-head { background:linear-gradient(135deg,#10243f 0%,#193b63 100%); color:#fff; padding:14px 20px; display:flex; align-items:center; gap:12px; }\r\n  .ix-head .ix-chip { background:#ffd95a; color:#10243f; font-size:9.5px; font-weight:800; letter-spacing:0.1em; padding:4px 10px; border-radius:20px; text-transform:uppercase; flex-shrink:0; }\r\n  .ix-head h4 { font-size:14px; font-weight:700; color:#fff; margin:0; }\r\n  .ix-body { padding:20px; }\r\n  .ix-help { font-size:12.5px; color:var(--muted); margin:0 0 14px; }\r\n  .quiz-q { font-size:14.5px; font-weight:700; color:var(--navy); margin-bottom:14px; display:flex; gap:8px; align-items:baseline; }\r\n  .quiz-q .q-tag { font-family:'JetBrains Mono',monospace; font-size:24px; font-weight:700; color:var(--blue); flex-shrink:0; }\r\n  .quiz-opts { display:grid; grid-template-columns:repeat(2,1fr); gap:10px; margin-bottom:6px; }\r\n  .quiz-opt { border:1.5px solid var(--border); border-radius:9px; padding:12px 14px; font-size:13.5px; font-weight:600; color:#2c3e50; cursor:pointer; transition:all 0.15s; text-align:left; background:#fff; }\r\n  .quiz-opt:hover { border-color:var(--blue); background:#f0f7ff; }\r\n  .quiz-opt.correct { border-color:var(--teal); background:#eafaf5; color:#0a6354; }\r\n  .quiz-opt.wrong { border-color:var(--red); background:#fdf2f1; color:var(--red); }\r\n  .quiz-opt.lock { pointer-events:none; opacity:0.55; }\r\n  .quiz-opt.lock.correct, .quiz-opt.lock.wrong { opacity:1; }\r\n  .quiz-fb { margin-top:12px; font-size:13px; line-height:1.6; color:var(--muted); padding:0 2px; min-height:18px; }\r\n  .quiz-fb strong { color:var(--navy); }\r\n  .quiz-foot { display:flex; align-items:center; justify-content:space-between; margin-top:16px; padding-top:14px; border-top:1px solid var(--border); }\r\n  .quiz-score { font-size:12.5px; font-weight:700; color:var(--navy); font-family:'JetBrains Mono',monospace; }\r\n  .quiz-btn { background:var(--blue); color:#fff; border:none; font-family:'DM Sans',sans-serif; font-size:12.5px; font-weight:700; padding:9px 18px; border-radius:8px; cursor:pointer; transition:background 0.15s; }\r\n  .quiz-btn:hover { background:#16538f; }\r\n  .quiz-btn:disabled { background:#b9c6d4; cursor:default; }\r\n\r\n  .term-grid { display:grid; grid-template-columns:repeat(auto-fit,minmax(150px,1fr)); gap:10px; margin:16px 0 24px; }\r\n  .term-chip { background:#fff; border:1.5px solid var(--border); border-radius:10px; padding:11px 12px; transition:transform .15s, box-shadow .15s, border-color .15s; }\r\n  .term-chip:hover { transform:translateY(-3px); box-shadow:0 8px 20px rgba(16,36,63,.10); border-color:var(--teal); }\r\n  .term-chip .tc-num { font-family:'JetBrains Mono',monospace; font-weight:800; font-size:11px; color:var(--blue); }\r\n  .term-chip .tc-name { font-size:12.5px; font-weight:700; color:var(--navy); line-height:1.35; margin-top:2px; }\r\n\r\n  .note-list { list-style:none; display:flex; flex-direction:column; gap:10px; margin:14px 0 22px; }\r\n  .note-list > li { display:flex; gap:12px; align-items:flex-start; background:#fff; border:1.5px solid var(--border); border-left:3px solid var(--blue); border-radius:0 9px 9px 0; padding:12px 16px; }\r\n  .note-list > li .nl-tag { flex-shrink:0; font-family:'JetBrains Mono',monospace; font-size:10.5px; font-weight:800; color:#fff; background:var(--blue); padding:5px 9px; border-radius:6px; letter-spacing:.03em; min-width:58px; text-align:center; line-height:1.3; margin-top:1px; }\r\n  .note-list > li .nl-text { font-size:14px; color:#2c3e50; line-height:1.7; text-align:justify; }\r\n  .note-list > li .nl-text strong { color:var(--navy); }\r\n  .note-list.amber > li { border-left-color:var(--amber); } .note-list.amber > li .nl-tag { background:var(--amber); }\r\n  .note-list.red > li { border-left-color:var(--red); } .note-list.red > li .nl-tag { background:var(--red); }\r\n  .note-list.teal > li { border-left-color:var(--teal); } .note-list.teal > li .nl-tag { background:var(--teal); }\r\n  .note-list.purple > li { border-left-color:var(--purple); } .note-list.purple > li .nl-tag { background:var(--purple); }\r\n  .note-list.gold > li { border-left-color:var(--gold); } .note-list.gold > li .nl-tag { background:#a8810f; }\r\n  .note-list.slate > li { border-left-color:var(--slate); } .note-list.slate > li .nl-tag { background:var(--slate); }\r\n\r\n  @media (max-width:880px) {\r\n    .layout { grid-template-columns:1fr; gap:32px; padding:28px 24px 64px; }\r\n    .sidebar { position:static; }\r\n    .cat-grid, .cat-grid.three, .cat-grid.four { grid-template-columns:1fr 1fr; }\r\n    .hero { padding:48px 24px 44px; }\r\n    .breadcrumb-bar, .scope-banner { padding:10px 24px; }\r\n    .hero-grid { grid-template-columns:1fr; gap:24px; }\r\n    .hero-illustration { width:250px; margin:0 auto; }\r\n  }\r\n  @media (max-width:640px) {\r\n    .compare-table.wide { min-width:560px; }\r\n    .table-wrap { border:1px solid var(--border); border-radius:10px;\r\n      background:linear-gradient(90deg,#fff 30%,rgba(255,255,255,0)),\r\n                 linear-gradient(90deg,rgba(255,255,255,0),#fff 70%) 100% 0,\r\n                 radial-gradient(farthest-side at 0 50%,rgba(16,36,63,.14),transparent),\r\n                 radial-gradient(farthest-side at 100% 50%,rgba(16,36,63,.14),transparent) 100% 0;\r\n      background-repeat:no-repeat; background-size:40px 100%,40px 100%,14px 100%,14px 100%;\r\n      background-attachment:local,local,scroll,scroll; }\r\n    .compare-table th { font-size:12px; padding:10px 12px; }\r\n    .compare-table td { font-size:13px; padding:9px 12px; }\r\n  }\r\n  @media (max-width:520px) {\r\n    .hero h1 { font-size:24px; }\r\n    .cat-grid, .cat-grid.three, .cat-grid.four { grid-template-columns:1fr; }\r\n    .quiz-opts { grid-template-columns:1fr 1fr; }\r\n    .hero-illustration { display:none; }\r\n    .layout { padding:22px 16px 56px; gap:26px; }\r\n    .breadcrumb-bar, .scope-banner { padding:9px 16px; }\r\n    .hero { padding:40px 18px 36px; }\r\n    .recap { padding:20px 18px; }\r\n    .callout { padding:14px 15px 15px; }\r\n    .def-card { padding:18px 18px; }\r\n    .def-card::before { font-size:46px; }\r\n    .info-row { grid-template-columns:1fr; }\r\n    .section-heading-block { margin:30px 0 12px; }\r\n  }\r\n<\/style>\r\n<link rel=\"preconnect\" href=\"https:\/\/fonts.googleapis.com\">\r\n<link rel=\"preconnect\" href=\"https:\/\/fonts.gstatic.com\" crossorigin>\r\n<link href=\"https:\/\/fonts.googleapis.com\/css2?family=Crimson+Pro:wght@400;600;700&family=DM+Sans:wght@400;500;700&family=JetBrains+Mono:wght@400;700&display=swap\" rel=\"stylesheet\">\r\n<\/head>\r\n<body>\r\n\r\n<!-- \u2500\u2500 HERO \u2500\u2500 -->\r\n<div class=\"hero\">\r\n  <div class=\"hero-inner hero-grid\">\r\n    <div class=\"hero-text\">\r\n     \r\n      <h1>Handbook on Internal Audit in Central Civil Ministries\/Departments<\/h1>\r\n      <p class=\"hero-sub\">The policy-and-principles reference issued by the Internal Audit Division of the Controller General of Accounts (Ministry of Finance, Department of Expenditure). Anchored in <strong>Article 150<\/strong> of the Constitution, the <strong>GFR 2017<\/strong> (Rules 70, 72 &amp; 236), the <strong>Civil Accounts Manual<\/strong> and the <strong>IIA's IPPF<\/strong>, it embeds the <strong>32 CGA Internal Audit Guidelines<\/strong> and the theory of risk, COSO controls and RBIA. These notes cover the <strong>Foundations<\/strong> and <strong>all six chapters<\/strong> plus the six Exhibits, each with a self-test.<\/p>\r\n    <\/div>\r\n    <div class=\"hero-illustration\" aria-hidden=\"true\">\r\n      <svg viewBox=\"0 0 340 280\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" role=\"img\" aria-label=\"An open handbook beneath the scales of governance, a magnifier and an audit tick\">\r\n        <ellipse cx=\"170\" cy=\"262\" rx=\"132\" ry=\"12\" fill=\"rgba(0,0,0,0.18)\"\/>\r\n        <!-- open handbook -->\r\n        <g transform=\"translate(52,150)\">\r\n          <path d=\"M0 12 C42 -4 84 -4 122 10 L122 88 C84 74 42 74 0 90 Z\" fill=\"#f4f8fc\" stroke=\"#0a2238\" stroke-width=\"2\"\/>\r\n          <path d=\"M236 12 C194 -4 152 -4 114 10 L114 88 C152 74 194 74 236 90 Z\" fill=\"#e0ebf6\" stroke=\"#0a2238\" stroke-width=\"2\"\/>\r\n          <line x1=\"118\" y1=\"9\" x2=\"118\" y2=\"89\" stroke=\"#0a2238\" stroke-width=\"2.5\"\/>\r\n          <g stroke=\"#9db4c9\" stroke-width=\"3\" stroke-linecap=\"round\">\r\n            <line x1=\"16\" y1=\"28\" x2=\"96\" y2=\"22\"\/><line x1=\"16\" y1=\"42\" x2=\"96\" y2=\"36\"\/><line x1=\"16\" y1=\"56\" x2=\"96\" y2=\"50\"\/>\r\n            <line x1=\"140\" y1=\"22\" x2=\"220\" y2=\"28\"\/><line x1=\"140\" y1=\"36\" x2=\"220\" y2=\"42\"\/><line x1=\"140\" y1=\"50\" x2=\"220\" y2=\"56\"\/>\r\n          <\/g>\r\n        <\/g>\r\n        <!-- scales of governance -->\r\n        <g transform=\"translate(132,42)\" stroke=\"#ffd95a\" stroke-width=\"4\" fill=\"none\" stroke-linecap=\"round\">\r\n          <line x1=\"38\" y1=\"6\" x2=\"38\" y2=\"74\"\/>\r\n          <line x1=\"6\" y1=\"22\" x2=\"70\" y2=\"22\"\/>\r\n          <circle cx=\"38\" cy=\"6\" r=\"5\" fill=\"#ffd95a\"\/>\r\n          <path d=\"M6 22 L-5 46 H17 Z\" fill=\"rgba(255,255,255,0.14)\"\/>\r\n          <path d=\"M70 22 L59 46 H81 Z\" fill=\"rgba(255,255,255,0.14)\"\/>\r\n          <line x1=\"20\" y1=\"74\" x2=\"56\" y2=\"74\"\/>\r\n        <\/g>\r\n        <!-- magnifier over the book -->\r\n        <g transform=\"translate(196,150)\">\r\n          <circle cx=\"30\" cy=\"30\" r=\"30\" fill=\"rgba(255,255,255,0.12)\" stroke=\"#2d8ecf\" stroke-width=\"5\"\/>\r\n          <line x1=\"52\" y1=\"52\" x2=\"76\" y2=\"76\" stroke=\"#2d8ecf\" stroke-width=\"8\" stroke-linecap=\"round\"\/>\r\n          <text x=\"30\" y=\"39\" text-anchor=\"middle\" font-family=\"Crimson Pro,serif\" font-size=\"26\" font-weight=\"700\" fill=\"#2d8ecf\">&#10003;<\/text>\r\n        <\/g>\r\n        <!-- audit tick badge -->\r\n        <circle cx=\"84\" cy=\"118\" r=\"22\" fill=\"#0e8f7a\" stroke=\"#0a6354\" stroke-width=\"3\"\/>\r\n        <path d=\"M74 118 l7 8 13 -16\" fill=\"none\" stroke=\"#fff\" stroke-width=\"4\" stroke-linecap=\"round\" stroke-linejoin=\"round\"\/>\r\n      <\/svg>\r\n    <\/div>\r\n  <\/div>\r\n<\/div>\r\n\r\n<!-- \u2500\u2500 SCOPE BANNER \u2500\u2500 -->\r\n<div class=\"scope-banner\">\r\n  <div class=\"scope-inner\">\r\n    <span>&#9654;<\/span>\r\n    <span><strong>This covers the complete handbook.<\/strong> Foundations (history, statutory anchors &amp; acronyms) &middot; Ch 1 Introduction &amp; the 32 Guidelines &middot; Ch 2 Audits, Risks &amp; Controls &middot; Ch 3 Management of Internal Audit &middot; Ch 4 Other Domains (Gender, IT, Governance) &middot; Ch 5 Quality Assurance &middot; Ch 6 Human Resource Management &middot; Exhibits &amp; Glossary.<\/span>\r\n  <\/div>\r\n<\/div>\r\n\r\n<!-- \u2500\u2500 BREADCRUMB \u2500\u2500 -->\r\n<div class=\"breadcrumb-bar\">\r\n  <div class=\"breadcrumb-inner\">\r\n    <a href=\"https:\/\/promotionexams.com\/\">Home<\/a>\r\n    <span class=\"sep\">&rsaquo;<\/span>\r\n    <a href=\"https:\/\/promotionexams.com\/?page_id=9409\">Notes<\/a>\r\n    <span class=\"sep\">&rsaquo;<\/span>\r\n    <span>Handbook on Internal Audit in Central Civil Ministries\/Departments<\/span>\r\n  <\/div>\r\n<\/div>\r\n\r\n<div class=\"layout\">\r\n  <aside class=\"sidebar\">\r\n    <div class=\"toc-card\">\r\n      <div class=\"toc-card-title\">Table of Contents<\/div>\r\n\r\n      <details class=\"toc-chapter\" data-chapter=\"0\" open>\r\n        <summary class=\"toc-chapter-header\">\r\n          <span class=\"toc-ch-badge\">FND<\/span>\r\n          <span class=\"toc-ch-title\">Foundations: History &amp; Anchors<\/span>\r\n          <span class=\"toc-ch-chev\">&#9654;<\/span>\r\n        <\/summary>\r\n        <div class=\"toc-sub-wrap\"><ul class=\"toc-sub-list\">\r\n          <li><span class=\"toc-sub-num\">F.1<\/span><a href=\"#f-pair\">Handbook vs Manual<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">F.2<\/span><a href=\"#f-history\">Historical Milestones<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">F.3<\/span><a href=\"#f-anchors\">Statutory &amp; Rule Anchors<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">F.4<\/span><a href=\"#f-acro\">Key Acronyms<\/a><\/li>\r\n          <li class=\"toc-app\"><span class=\"toc-sub-num\">&#9733;<\/span><a href=\"#f-recap\">Foundations \u2014 Quick Recap<\/a><\/li>\r\n        <\/ul><\/div>\r\n      <\/details>\r\n\r\n      <details class=\"toc-chapter\" data-chapter=\"1\">\r\n        <summary class=\"toc-chapter-header\">\r\n          <span class=\"toc-ch-badge\">CH 1<\/span>\r\n          <span class=\"toc-ch-title\">Introduction &amp; the 32 Guidelines<\/span>\r\n          <span class=\"toc-ch-chev\">&#9654;<\/span>\r\n        <\/summary>\r\n        <div class=\"toc-sub-wrap\"><ul class=\"toc-sub-list\">\r\n          <li><span class=\"toc-sub-num\">1.1<\/span><a href=\"#c1-def\">Definition &amp; Mission<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">1.2<\/span><a href=\"#c1-core\">Ten Core Principles<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">1.3<\/span><a href=\"#c1-iag\">IAG Architecture &amp; Audit Risk<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">1.4<\/span><a href=\"#c1-secA\">Section A \u2014 General (1\u20138)<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">1.5<\/span><a href=\"#c1-secB\">Section B \u2014 CGA Level (9\u201313)<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">1.6<\/span><a href=\"#c1-secC\">Section C \u2014 Ministry Level (14\u201324)<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">1.7<\/span><a href=\"#c1-secD\">Section D \u2014 Engagement (25\u201332)<\/a><\/li>\r\n          <li class=\"toc-app\"><span class=\"toc-sub-num\">&#9733;<\/span><a href=\"#c1-recap\">Chapter 1 \u2014 Quick Recap<\/a><\/li>\r\n        <\/ul><\/div>\r\n      <\/details>\r\n\r\n      <details class=\"toc-chapter\" data-chapter=\"2\">\r\n        <summary class=\"toc-chapter-header\">\r\n          <span class=\"toc-ch-badge\">CH 2<\/span>\r\n          <span class=\"toc-ch-title\">Audits, Risks &amp; Controls<\/span>\r\n          <span class=\"toc-ch-chev\">&#9654;<\/span>\r\n        <\/summary>\r\n        <div class=\"toc-sub-wrap\"><ul class=\"toc-sub-list\">\r\n          <li><span class=\"toc-sub-num\">2.1<\/span><a href=\"#c2-types\">Three Types of Audit<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">2.2<\/span><a href=\"#c2-rbia\">RBIA Methodology<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">2.3<\/span><a href=\"#c2-risk\">Risk &amp; Risk Scoring<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">2.4<\/span><a href=\"#c2-response\">The 4 T's of Risk Response<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">2.5<\/span><a href=\"#c2-coso\">COSO &amp; Controls<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">2.6<\/span><a href=\"#c2-role\">Auditor's Role in Risk<\/a><\/li>\r\n          <li class=\"toc-app\"><span class=\"toc-sub-num\">&#9733;<\/span><a href=\"#c2-recap\">Chapter 2 \u2014 Quick Recap<\/a><\/li>\r\n        <\/ul><\/div>\r\n      <\/details>\r\n\r\n      <details class=\"toc-chapter\" data-chapter=\"3\">\r\n        <summary class=\"toc-chapter-header\">\r\n          <span class=\"toc-ch-badge\">CH 3<\/span>\r\n          <span class=\"toc-ch-title\">Management of Internal Audit<\/span>\r\n          <span class=\"toc-ch-chev\">&#9654;<\/span>\r\n        <\/summary>\r\n        <div class=\"toc-sub-wrap\"><ul class=\"toc-sub-list\">\r\n          <li><span class=\"toc-sub-num\">3.1<\/span><a href=\"#c3-cga\">Role &amp; Mission of O\/o CGA<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">3.2<\/span><a href=\"#c3-reporting\">Reporting to Expenditure Secy<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">3.3<\/span><a href=\"#c3-mandate\">Mandate &amp; Audit Committee<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">3.4<\/span><a href=\"#c3-charter\">Internal Audit Charter<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">3.5<\/span><a href=\"#c3-cae\">Managing the Activity \u2014 CAE<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">3.6<\/span><a href=\"#c3-kpi\">KPIs &amp; Dashboards<\/a><\/li>\r\n          <li class=\"toc-app\"><span class=\"toc-sub-num\">&#9733;<\/span><a href=\"#c3-recap\">Chapter 3 \u2014 Quick Recap<\/a><\/li>\r\n        <\/ul><\/div>\r\n      <\/details>\r\n\r\n      <details class=\"toc-chapter\" data-chapter=\"4\">\r\n        <summary class=\"toc-chapter-header\">\r\n          <span class=\"toc-ch-badge\">CH 4<\/span>\r\n          <span class=\"toc-ch-title\">Other Domains of Audit<\/span>\r\n          <span class=\"toc-ch-chev\">&#9654;<\/span>\r\n        <\/summary>\r\n        <div class=\"toc-sub-wrap\"><ul class=\"toc-sub-list\">\r\n          <li><span class=\"toc-sub-num\">4.1<\/span><a href=\"#c4-gender\">Gender Audit<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">4.2<\/span><a href=\"#c4-it\">IT Audit Framework<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">4.3<\/span><a href=\"#c4-itprocess\">Performing the IT Audit<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">4.4<\/span><a href=\"#c4-gov\">Governance Processes<\/a><\/li>\r\n          <li class=\"toc-app\"><span class=\"toc-sub-num\">&#9733;<\/span><a href=\"#c4-recap\">Chapter 4 \u2014 Quick Recap<\/a><\/li>\r\n        <\/ul><\/div>\r\n      <\/details>\r\n\r\n      <details class=\"toc-chapter\" data-chapter=\"5\">\r\n        <summary class=\"toc-chapter-header\">\r\n          <span class=\"toc-ch-badge\">CH 5<\/span>\r\n          <span class=\"toc-ch-title\">Quality Assurance<\/span>\r\n          <span class=\"toc-ch-chev\">&#9654;<\/span>\r\n        <\/summary>\r\n        <div class=\"toc-sub-wrap\"><ul class=\"toc-sub-list\">\r\n          <li><span class=\"toc-sub-num\">5.1<\/span><a href=\"#c5-qa\">QA &amp; Its Benefits<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">5.2<\/span><a href=\"#c5-hierarchy\">Hierarchy of QA Elements<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">5.3<\/span><a href=\"#c5-reviews\">Self \/ Peer \/ External Reviews<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">5.4<\/span><a href=\"#c5-files\">Statutory Interface &amp; Work Papers<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">5.5<\/span><a href=\"#c5-ten\">Ten Things Not to Say<\/a><\/li>\r\n          <li class=\"toc-app\"><span class=\"toc-sub-num\">&#9733;<\/span><a href=\"#c5-recap\">Chapter 5 \u2014 Quick Recap<\/a><\/li>\r\n        <\/ul><\/div>\r\n      <\/details>\r\n\r\n      <details class=\"toc-chapter\" data-chapter=\"6\">\r\n        <summary class=\"toc-chapter-header\">\r\n          <span class=\"toc-ch-badge\">CH 6<\/span>\r\n          <span class=\"toc-ch-title\">Human Resource Management<\/span>\r\n          <span class=\"toc-ch-chev\">&#9654;<\/span>\r\n        <\/summary>\r\n        <div class=\"toc-sub-wrap\"><ul class=\"toc-sub-list\">\r\n          <li><span class=\"toc-sub-num\">6.1<\/span><a href=\"#c6-hrp\">HR Planning &amp; Staffing<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">6.2<\/span><a href=\"#c6-external\">External Service Providers<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">6.3<\/span><a href=\"#c6-skills\">Skills, Training &amp; Proficiency<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">6.4<\/span><a href=\"#c6-pdp\">Professional Development Plan<\/a><\/li>\r\n          <li class=\"toc-app\"><span class=\"toc-sub-num\">&#9733;<\/span><a href=\"#c6-recap\">Chapter 6 \u2014 Quick Recap<\/a><\/li>\r\n        <\/ul><\/div>\r\n      <\/details>\r\n\r\n      <details class=\"toc-chapter\" data-chapter=\"7\">\r\n        <summary class=\"toc-chapter-header\">\r\n          <span class=\"toc-ch-badge\">CH 7<\/span>\r\n          <span class=\"toc-ch-title\">Exhibits &amp; Glossary<\/span>\r\n          <span class=\"toc-ch-chev\">&#9654;<\/span>\r\n        <\/summary>\r\n        <div class=\"toc-sub-wrap\"><ul class=\"toc-sub-list\">\r\n          <li><span class=\"toc-sub-num\">7.1<\/span><a href=\"#c7-exhibits\">The Six Exhibits<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">7.2<\/span><a href=\"#c7-rbia\">RBIA Stages &amp; Maturity Ladder<\/a><\/li>\r\n          <li><span class=\"toc-sub-num\">7.3<\/span><a href=\"#c7-glossary\">Glossary of Key Terms<\/a><\/li>\r\n          <li class=\"toc-app\"><span class=\"toc-sub-num\">&#9733;<\/span><a href=\"#c7-recap\">Exhibits \u2014 Quick Recap<\/a><\/li>\r\n        <\/ul><\/div>\r\n      <\/details>\r\n\r\n    <\/div>\r\n  <\/aside>\r\n\r\n  <main class=\"article\">\r\n    <!-- \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 FOUNDATIONS \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 -->\r\n    <section class=\"chapter-pane active\" id=\"pane-ch0\" data-chapter=\"0\">\r\n\r\n    <div class=\"chapter-heading-block\" id=\"f-pair\">\r\n      <span class=\"chapter-badge\">FND \u00b7 FOUNDATIONS<\/span>\r\n      <h2>History, Statutory Anchors &amp; Acronyms<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">The document in one line<\/div>\r\n      <div class=\"def-text\">\r\n        This is the <strong>Handbook on Internal Audit in Central Civil Ministries\/Departments<\/strong>, issued by the <strong>Internal Audit Division (IAD)<\/strong> of the Controller General of Accounts (M\/o Finance, Department of Expenditure). It is the <em>conceptual and policy<\/em> reference \u2014 it explains the background, the theory of risk and control, and embeds the <strong>32 CGA Internal Audit Guidelines<\/strong> that are mandatory for every Internal Audit Wing (IAW).\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <p class=\"compare-intro\"><strong>Handbook vs Manual<\/strong> \u2014 the framework is a two-book set, each serving a distinct purpose.<\/p>\r\n    <div class=\"table-wrap\"><table class=\"compare-table wide\">\r\n      <colgroup><col style=\"width:22%\"><col style=\"width:39%\"><col style=\"width:39%\"><\/colgroup>\r\n      <thead><tr><th>Aspect<\/th><th>Handbook (this document)<\/th><th>Manual (companion)<\/th><\/tr><\/thead>\r\n      <tbody>\r\n        <tr><td class=\"label-cell\">Answers<\/td><td>The \"why\" and \"what\".<\/td><td>The \"how\".<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Contents<\/td><td>Theory, concepts, definitions, and the <strong>32 Guidelines<\/strong>.<\/td><td><strong>Practice advisories, checklists, and worked exhibits.<\/strong><\/td><\/tr>\r\n        <tr><td class=\"label-cell\">When used<\/td><td>To understand principles, risk, COSO and the management framework.<\/td><td>While actually <strong>performing<\/strong> the engagement.<\/td><\/tr>\r\n      <\/tbody>\r\n    <\/table><\/div>\r\n\r\n    <div class=\"callout blue\">\r\n      <div class=\"callout-label\">Two words that carry legal weight<\/div>\r\n      <p>The Guidelines use <strong>\"must\"<\/strong> for an <strong>unconditional requirement<\/strong> and <strong>\"should\"<\/strong> where conformance is expected <em>unless<\/em>, on applying functional judgment, circumstances justify deviation. The word <strong>\"Program\"<\/strong> denotes any auditable unit \u2014 programs, schemes, departments, units, processes, structures or PSUs.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"f-history\">\r\n      <span class=\"section-badge teal\">F.2<\/span>\r\n      <h3>Historical milestones<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"table-wrap\"><table class=\"compare-table wide\">\r\n      <colgroup><col style=\"width:18%\"><col style=\"width:82%\"><\/colgroup>\r\n      <thead><tr><th>Date<\/th><th>What happened<\/th><\/tr><\/thead>\r\n      <tbody>\r\n        <tr><td class=\"code-cell\">Jan 1973<\/td><td>Group of Ministers (GOM) constituted; a sub-group of <strong>eight members<\/strong> under Finance Secretary <strong>Shri M.P. Yardi<\/strong> (\"Yardi Committee\") set up on 27 Feb 1973.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">14 Aug 1973<\/td><td>Yardi Committee report submitted (endorsed by GOM on 4 Sep 1973) \u2014 recommended <strong>Departmentalisation of Accounts<\/strong>, a Management Accounting System (MAS), and strengthening of Internal Audit.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">1 Mar 1976<\/td><td>Two ordinances promulgated \u2014 the C&amp;AG (DPC) Amendment Ordinance and the Departmentalisation of Union Accounts (Transfer of Personnel) Ordinance.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">1 Apr 1976<\/td><td>The <strong>Civil Accounts Organisation under the Controller General of Accounts came into existence.<\/strong><\/td><\/tr>\r\n        <tr><td class=\"code-cell\">27 Sep 1980<\/td><td>Role of the Civil Accounting Organisation outlined in the <strong>Allocation of Business Rules<\/strong> (notification CD-896\/80, Annexure 2.3).<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">Apr 1989<\/td><td>High Powered Committee under <strong>Shri S.B. Lal<\/strong> reviewed the Departmentalisation scheme \u2014 noted qualitative improvement in Internal Audit.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">1 Jun 2006<\/td><td><strong>Redefined Charter of Financial Advisers<\/strong> (OM 5(6)\/L&amp;C\/2006) \u2014 moved internal audit beyond compliance to controls, risk and value-for-money.<\/td><\/tr>\r\n      <\/tbody>\r\n    <\/table><\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"f-anchors\">\r\n      <span class=\"section-badge amber\">F.3<\/span>\r\n      <h3>The statutory &amp; rule anchors \u2014 exact citations<\/h3>\r\n    <\/div>\r\n\r\n    <p>These provisions recur throughout the Handbook, each cited below with its exact number and full scope.<\/p>\r\n\r\n    <ul class=\"note-list gold\">\r\n      <li><span class=\"nl-tag\">GFR 70<\/span><span class=\"nl-text\"><strong>Rule 70, GFR 2017<\/strong> \u2014 the <strong>Secretary, as Chief Accounting Authority<\/strong>, is responsible and accountable for the financial management of the Ministry\/Department, must ensure public funds are used for their intended purpose, and must keep full &amp; proper records and adopt systems\/procedures that at all times afford internal controls, to avoid <strong>unauthorised, irregular and wasteful expenditure<\/strong>.<\/span><\/li>\r\n      <li><span class=\"nl-tag\">GFR 72<\/span><span class=\"nl-text\"><strong>Rule 72, GFR 2017<\/strong> (read with <strong>Article 150<\/strong> of the Constitution) \u2014 the accounts of the Union shall be kept in such form as the <strong>President prescribes on the advice of the C&amp;AG<\/strong>; the <strong>CGA<\/strong> (M\/o Finance, Dept of Expenditure) is responsible for prescribing the form of accounts of the Union and States and for framing\/revising the related rules and manuals on the President's behalf.<\/span><\/li>\r\n      <li><span class=\"nl-tag\">CAM 12.2.1<\/span><span class=\"nl-text\"><strong>Para 12.2.1, Civil Accounts Manual<\/strong> \u2014 the Internal Audit Unit works <strong>directly under the Pr. CCA \/ CCA \/ CA (with independent charge)<\/strong>, with overall responsibility remaining with the concerned <strong>Financial Adviser and the Secretary<\/strong>. Its <strong>jurisdiction<\/strong> covers the Principal Accounts Office, the Pay &amp; Accounts Offices, the offices of the DDOs, Indian Missions and other GoI offices abroad \u2014 and, in addition, the <strong>implementing agencies<\/strong> of the Ministry's schemes\/programmes.<\/span><\/li>\r\n      <li><span class=\"nl-tag\">GFR 236<\/span><span class=\"nl-text\"><strong>Rule 236(1), GFR 2017<\/strong> \u2014 the accounts of <strong>all Grantee Institutions or Organisations<\/strong> shall be open to <strong>inspection by the sanctioning authority<\/strong> and to <strong>audit by both<\/strong> \u2014 (a) the <strong>Comptroller &amp; Auditor General of India<\/strong> under the provisions of the <strong>C&amp;AG's (DPC) Act, 1971<\/strong>, and (b) <strong>internal audit by the Principal Accounts Office<\/strong> of the Ministry\/Department \u2014 whenever the Institution or Organisation is called upon to do so. A provision to this effect must <strong>invariably be incorporated in all orders sanctioning Grants-in-aid<\/strong>.<\/span><\/li>\r\n    <\/ul>\r\n\r\n    <p>Two further roots worth noting: the digitisation of Government accounts through <strong>PFMS<\/strong> was approved by an OM dated <strong>2 December 2014<\/strong>; and the <strong>Eleventh Five Year Plan (2007\u201312)<\/strong> recorded the Government's commitment to undertaking <strong>gender audits<\/strong>, with Gender Budgeting adopted by India in <strong>2005<\/strong>.<\/p>\r\n\r\n    <div class=\"section-heading-block\" id=\"f-acro\">\r\n      <span class=\"section-badge slate\">F.4<\/span>\r\n      <h3>Key acronyms<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"table-wrap\"><table class=\"compare-table\">\r\n      <colgroup><col style=\"width:24%\"><col style=\"width:76%\"><\/colgroup>\r\n      <thead><tr><th>Acronym<\/th><th>Expansion<\/th><\/tr><\/thead>\r\n      <tbody>\r\n        <tr><td class=\"code-cell\">CAE<\/td><td>Chief Audit Executive (refers to Pr. CCA \/ CCA \/ CA)<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">Pr.CCA \/ CCA \/ CA<\/td><td>Principal Chief Controller \/ Chief Controller \/ Controller of Accounts<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">IAW \/ IAD<\/td><td>Internal Audit Wing (at a Ministry) \/ Internal Audit Division (in O\/o CGA)<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">IAG<\/td><td>Internal Audit Guidelines (the 32 CGA guidelines)<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">IPPF \/ IIA<\/td><td>International Professional Practices Framework \/ Institute of Internal Auditors<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">COSO \/ ERM<\/td><td>Committee of Sponsoring Organizations \/ Enterprise-wide Risk Management<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">RBIA \/ RAU<\/td><td>Risk Based Internal Audit \/ Risk and Audit Universe<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">IA-CM \/ IA-CoE<\/td><td>Internal Audit Capability Maturity Model \/ IA Centre of Excellence (IAD)<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">QAIP<\/td><td>Quality Assurance and Improvement Program<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">KPI \/ KRI<\/td><td>Key Performance Indicator \/ Key Risk Indicator<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">PPS<\/td><td>Programmes, Projects and Schemes<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">GFR \/ DDO<\/td><td>General Financial Rules (2017) \/ Drawing &amp; Disbursing Officer<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">PFMS \/ INGAF<\/td><td>Public Financial Management System \/ Institute of Govt Accounts &amp; Finance<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">CIPFA \/ ICAI<\/td><td>Chartered Institute of Public Finance &amp; Accountancy \/ Institute of Chartered Accountants of India<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">CVC \/ C&amp;AG<\/td><td>Central Vigilance Commission \/ Comptroller &amp; Auditor General<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">ISSAI<\/td><td>International Standards of Supreme Audit Institutions<\/td><\/tr>\r\n      <\/tbody>\r\n    <\/table><\/div>\r\n\r\n    <!-- QUIZ F -->\r\n    <div class=\"ix\" id=\"quizF\">\r\n      <div class=\"ix-head\"><span class=\"ix-chip\">Self-test<\/span><h4>Foundations Quiz \u2014 history &amp; the rule anchors<\/h4><\/div>\r\n      <div class=\"ix-body\">\r\n        <p class=\"ix-help\">Eight questions on the history and the statutory anchors. Pick an answer to lock it; the explanation appears below.<\/p>\r\n        <div id=\"quizStageF\"><\/div>\r\n        <div class=\"quiz-foot\"><span class=\"quiz-score\" id=\"quizScoreF\">Score 0 \/ 0<\/span><button class=\"quiz-btn\" id=\"quizNextF\" disabled>Next &rarr;<\/button><\/div>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"recap\" id=\"f-recap\">\r\n      <div class=\"recap-title\">&#9889; Foundations \u2014 Quick Recap<\/div>\r\n      <table>\r\n        <thead><tr><th>Concept<\/th><th>Key Fact<\/th><\/tr><\/thead>\r\n        <tbody>\r\n          <tr><td>Issued by<\/td><td>Internal Audit Division, <strong>O\/o CGA<\/strong>, M\/o Finance (Dept of Expenditure)<\/td><\/tr>\r\n          <tr><td>Handbook vs Manual<\/td><td>Theory + 32 Guidelines &nbsp;|&nbsp; advisories, checklists, exhibits<\/td><\/tr>\r\n          <tr><td>Yardi Committee<\/td><td>1973 \u2014 recommended <strong>Departmentalisation of Accounts<\/strong><\/td><\/tr>\r\n          <tr><td>CGA organisation born<\/td><td><strong>1 April 1976<\/strong><\/td><\/tr>\r\n          <tr><td>Rule 70 GFR<\/td><td>Secretary = <strong>Chief Accounting Authority<\/strong><\/td><\/tr>\r\n          <tr><td>Rule 72 GFR + Art 150<\/td><td>President prescribes form of accounts on <strong>C&amp;AG's advice<\/strong>; CGA prescribes it<\/td><\/tr>\r\n          <tr><td>Rule 236(1) GFR<\/td><td>Grantee accounts open to audit by <strong>both<\/strong> \u2014 C&amp;AG (DPC Act 1971) <strong>and<\/strong> internal audit by the PAO<\/td><\/tr>\r\n          <tr><td>Para 12.2.1 CAM<\/td><td>IAU under <strong>Pr.CCA\/CCA\/CA<\/strong>; jurisdiction = PAO, PAOs, DDOs, Missions, offices abroad + implementing agencies<\/td><\/tr>\r\n          <tr><td>PFMS digitisation OM<\/td><td><strong>2 December 2014<\/strong><\/td><\/tr>\r\n        <\/tbody>\r\n      <\/table>\r\n    <\/div>\r\n\r\n    <\/section><!-- \/pane-ch0 -->\r\n    <!-- \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 CHAPTER 1 \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 -->\r\n    <section class=\"chapter-pane\" id=\"pane-ch1\" data-chapter=\"1\">\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c1-def\">\r\n      <span class=\"chapter-badge\">CH 1 \u00b7 INTRODUCTION<\/span>\r\n      <h2>Introduction to Internal Audit &amp; the 32 Guidelines<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">IIA Definition of Internal Auditing<\/div>\r\n      <div class=\"def-text\">\r\n        \"An <strong>independent, objective assurance and consulting activity<\/strong> designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a <strong>systematic, disciplined approach<\/strong> to evaluate and improve the effectiveness of <strong>risk management, control, and governance<\/strong> processes.\" It was earlier described as \"a managerial control which functions by measuring and evaluating the effectiveness of other controls.\"\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <p>Each IAW articulates its own <strong>Mission<\/strong>; the model wording is: <em>\"To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.\"<\/em> The need for the function stems from the need for <strong>objective feedback to Government<\/strong> through periodic review of risks, internal controls and governance.<\/p>\r\n\r\n    <div class=\"section-heading-block\" id=\"c1-core\">\r\n      <span class=\"section-badge teal\">\u00a7 1.2<\/span>\r\n      <h3>The ten Core Principles (IIA)<\/h3>\r\n    <\/div>\r\n\r\n    <p>Taken as a whole, these articulate an effective internal audit. <strong>All<\/strong> should be present and operating \u2014 failure on any one implies the activity is not as effective as it could be in achieving its mission.<\/p>\r\n\r\n    <div class=\"cat-grid four\">\r\n      <div class=\"cat-card a\"><div class=\"cat-label\">1<\/div><div class=\"cat-title\">Integrity<\/div><p>Demonstrates integrity.<\/p><\/div>\r\n      <div class=\"cat-card b\"><div class=\"cat-label\">2<\/div><div class=\"cat-title\">Competence<\/div><p>Competence &amp; due professional care.<\/p><\/div>\r\n      <div class=\"cat-card c\"><div class=\"cat-label\">3<\/div><div class=\"cat-title\">Objective<\/div><p>Objective &amp; free from undue influence (independent).<\/p><\/div>\r\n      <div class=\"cat-card d\"><div class=\"cat-label\">4<\/div><div class=\"cat-title\">Aligned<\/div><p>Aligns with strategies, objectives &amp; risks.<\/p><\/div>\r\n      <div class=\"cat-card e\"><div class=\"cat-label\">5<\/div><div class=\"cat-title\">Positioned<\/div><p>Appropriately positioned &amp; adequately resourced.<\/p><\/div>\r\n      <div class=\"cat-card a\"><div class=\"cat-label\">6<\/div><div class=\"cat-title\">Quality<\/div><p>Quality &amp; continuous improvement.<\/p><\/div>\r\n      <div class=\"cat-card b\"><div class=\"cat-label\">7<\/div><div class=\"cat-title\">Communicates<\/div><p>Communicates effectively.<\/p><\/div>\r\n      <div class=\"cat-card c\"><div class=\"cat-label\">8<\/div><div class=\"cat-title\">Risk-based<\/div><p>Provides risk-based assurance.<\/p><\/div>\r\n      <div class=\"cat-card d\"><div class=\"cat-label\">9<\/div><div class=\"cat-title\">Insightful<\/div><p>Insightful, proactive, future-focused.<\/p><\/div>\r\n      <div class=\"cat-card e\"><div class=\"cat-label\">10<\/div><div class=\"cat-title\">Improving<\/div><p>Promotes organizational improvement.<\/p><\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c1-iag\">\r\n      <span class=\"section-badge amber\">\u00a7 1.3<\/span>\r\n      <h3>The IAG architecture &amp; \"Audit Risk\"<\/h3>\r\n    <\/div>\r\n\r\n    <p>The CGA's Internal Audit Guidelines exist to <strong>decrease Audit Risk<\/strong>. There are <strong>32 guidelines in 4 Sections<\/strong>, mandatory and principle-based. The word \"professional\" is read to include the \"function\" of internal audit from the Civil Ministries' perspective.<\/p>\r\n\r\n    <div class=\"callout slate\">\r\n      <div class=\"callout-label\">Audit Risk \u2014 the two failures it guards against<\/div>\r\n      <p><strong>False positive<\/strong> \u2014 giving a <em>positive<\/em> assurance when there is actually a substantial issue. <strong>False negative<\/strong> \u2014 giving an <em>adverse<\/em> opinion when the actual conditions are satisfactory. Tolerable audit risk is set by the Ministry's Audit Committee.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"info-row\">\r\n      <div class=\"info-card\"><div class=\"ic-big\">Section A<\/div><div class=\"ic-cap\">Guidelines <strong>1\u20138<\/strong> \u2014 General. The foundation for objective, risk-based assurance.<\/div><\/div>\r\n      <div class=\"info-card t-teal\"><div class=\"ic-big\">Section B<\/div><div class=\"ic-cap\">Guidelines <strong>9\u201313<\/strong> \u2014 CGA Level. CGA's oversight of audit across all Ministries.<\/div><\/div>\r\n      <div class=\"info-card t-amber\"><div class=\"ic-big\">Section C<\/div><div class=\"ic-cap\">Guidelines <strong>14\u201324<\/strong> \u2014 Ministry Level. Managing the IAW at each Ministry.<\/div><\/div>\r\n      <div class=\"info-card t-red\"><div class=\"ic-big\">Section D<\/div><div class=\"ic-cap\">Guidelines <strong>25\u201332<\/strong> \u2014 Engagement. Performing each engagement.<\/div><\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c1-secA\">\r\n      <span class=\"section-badge\">\u00a7 1.4<\/span>\r\n      <h3>Section A \u2014 General Guidelines (1\u20138)<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"table-wrap\"><table class=\"compare-table wide\">\r\n      <colgroup><col style=\"width:8%\"><col style=\"width:30%\"><col style=\"width:62%\"><\/colgroup>\r\n      <thead><tr><th>No.<\/th><th>Guideline<\/th><th>The crux<\/th><\/tr><\/thead>\r\n      <tbody>\r\n        <tr><td class=\"code-cell\">1<\/td><td class=\"label-cell\">Internal Audit Principles<\/td><td>The ten core principles; mandatory and CGA-updated.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">2<\/td><td class=\"label-cell\">Code of Conduct &amp; Ethics<\/td><td>Serve the <strong>public interest<\/strong>; follow GoI rules &amp; CVC ethical guidelines. Five ethical principles: <strong>public interest, integrity, objectivity, proper use of Govt information\/resources\/positions, professional behaviour<\/strong> (adapted from US GAO Yellow Book). A yearly declaration of adherence is taken from each auditor.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">3<\/td><td class=\"label-cell\">Independence &amp; Objectivity<\/td><td>Activity must be independent; auditors objective \u2014 in <strong>fact and appearance<\/strong>. Achieved via a <strong>dual-reporting relationship<\/strong> with direct, unrestricted access to senior management. (Five-test rule below.)<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">4<\/td><td class=\"label-cell\">Proficiency &amp; Due Care<\/td><td>Consider extent of work; complexity\/materiality; adequacy of GRC; probability of fraud\/non-compliance; cost vs benefit. Must consider technology-based &amp; data-analysis techniques.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">5<\/td><td class=\"label-cell\">Use of Professional Judgement<\/td><td>Document significant decisions affecting objectives, scope, methodology, findings, conclusions; built on independence, objectivity, integrity, proficiency, <strong>skepticism &amp; critical thinking<\/strong>.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">6<\/td><td class=\"label-cell\">Definition of Internal Audit<\/td><td>The IIA definition \u2014 assurance + advisory.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">7<\/td><td class=\"label-cell\">Nature of Work<\/td><td>Evaluate &amp; improve <strong>Governance, Risk Management, Control<\/strong> via a systematic, risk-based approach (IIA Std 2100\/2110\/2120\/2130).<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">8<\/td><td class=\"label-cell\">Types of Services<\/td><td><strong>Assurance<\/strong> (3 parties: process owner, auditor, user) &amp; <strong>Advisory<\/strong> (2 parties: auditor, Ministry). Procedures: <strong>examination, review, agreed-upon procedures<\/strong>.<\/td><\/tr>\r\n      <\/tbody>\r\n    <\/table><\/div>\r\n\r\n    <div class=\"callout teal\">\r\n      <div class=\"callout-label\">Guideline 3 \u2014 the five-test presumption of independence<\/div>\r\n      <p>A Ministry's IAW is <strong>presumed free of organizational impairment<\/strong> if the CAE meets <strong>ALL<\/strong> of: <BR>(a) is <strong>accountable to the Secretary<\/strong>; <br>(b) reports audit results to <strong>both the Secretary and the Audit Committee<\/strong>; <br>(c) is located <strong>outside the staff or line management<\/strong> of the Ministry; <br>(d) has <strong>access to the Audit Committee<\/strong>; <br>(e) is sufficiently removed from political pressure to report findings <strong>without fear of political reprisal<\/strong>.<\/p>\r\n    <\/div>\r\n\r\n    <p>Under Guideline 8 the three engagement procedures differ sharply: an <strong>examination<\/strong> forms an opinion on conformance with criteria in all material respects (used for controls\/compliance); a <strong>review<\/strong> does sufficient testing to express a conclusion on whether anything came to attention showing non-conformity; an <strong>agreed-upon procedure<\/strong> engagement expresses <strong>no opinion or conclusion<\/strong> \u2014 it only reports the findings of the applied procedure.<\/p>\r\n\r\n    <div class=\"section-heading-block\" id=\"c1-secB\">\r\n      <span class=\"section-badge teal\">\u00a7 1.5<\/span>\r\n      <h3>Section B \u2014 CGA Level Guidelines (9\u201313)<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"table-wrap\"><table class=\"compare-table wide\">\r\n      <colgroup><col style=\"width:8%\"><col style=\"width:32%\"><col style=\"width:60%\"><\/colgroup>\r\n      <thead><tr><th>No.<\/th><th>Guideline<\/th><th>The crux<\/th><\/tr><\/thead>\r\n      <tbody>\r\n        <tr><td class=\"code-cell\">9<\/td><td class=\"label-cell\">Managing Govt Internal Audit<\/td><td>CGA's oversight; IAD obtains Annual Reviews and reports the <strong>\"Annual Review at a Glance\"<\/strong> to the Finance\/Expenditure Secretary.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">10<\/td><td class=\"label-cell\">Establishing Best Practices<\/td><td>CGA lays down best practices including the IAGs in the Handbook; the new Charter of duties (Secretary, Dept of Expenditure) to be adopted by Ministries.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">11<\/td><td class=\"label-cell\">Supporting Engagement with Audit Committees<\/td><td>CGA builds the working relationship between the CAE and the Audit Committee.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">12<\/td><td class=\"label-cell\">Technical Support (Data Analytics)<\/td><td>Delivered through the <strong>Internal Audit Centre of Excellence (IA-CoE)<\/strong> \u2014 a central repository of best practice; helps IAWs climb the IA-CM; signed an <strong>MoU with IIA India<\/strong>.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">13<\/td><td class=\"label-cell\">Maintaining Proficiency<\/td><td>Certification via <strong>INGAF<\/strong>; where a resource gap carries significant audit risk, CGA may nominate proficient auditors \/ outsourced providers to that team.<\/td><\/tr>\r\n      <\/tbody>\r\n    <\/table><\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c1-secC\">\r\n      <span class=\"section-badge purple\">\u00a7 1.6<\/span>\r\n      <h3>Section C \u2014 Ministry Level Guidelines (14\u201324)<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"table-wrap\"><table class=\"compare-table wide\">\r\n      <colgroup><col style=\"width:8%\"><col style=\"width:30%\"><col style=\"width:62%\"><\/colgroup>\r\n      <thead><tr><th>No.<\/th><th>Guideline<\/th><th>The crux<\/th><\/tr><\/thead>\r\n      <tbody>\r\n        <tr><td class=\"code-cell\">14<\/td><td class=\"label-cell\">Role of the CAE<\/td><td><strong>Effectively managed<\/strong> (achieves charter purpose, conforms to the Handbook), <strong>adds value<\/strong> (considers strategies\/objectives\/risks), <strong>proficiency<\/strong> (sought for advice on risks &amp; controls).<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">15<\/td><td class=\"label-cell\">Reporting by the CAE<\/td><td>Report regularly to the IFA, periodically to Secretary &amp; Audit Committee; <strong>at least once a quarter<\/strong> on status. Report against <strong>KPIs<\/strong> each quarter; the Audit Committee fixes <strong>risk appetite\/tolerance<\/strong>; the CAE gives a written assessment on <strong>KRIs<\/strong> each quarter. Introduces the <strong>IA-CM<\/strong> (six elements).<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">16<\/td><td class=\"label-cell\">Annual Plan &amp; 3-Year Programme<\/td><td>Risk-based Annual Plan by <strong>15 January<\/strong>; revise by <strong>15 February<\/strong> for the Finance Bill. High-risk areas <strong>\u22651\/year<\/strong>; low-risk once in <strong>2\u20133 years<\/strong>. Plan must contain <strong>both assurance and advisory<\/strong>; documented risk assessment at least annually.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">17<\/td><td class=\"label-cell\">Communication &amp; Approval of Plans<\/td><td>Present plan + 3-year programme to the Audit Committee by <strong>1 March<\/strong>, with impact of resource limitations; present challenges in three risk categories: <strong>audit failure, false assurance, reputation risk<\/strong>.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">18<\/td><td class=\"label-cell\">Resource Management<\/td><td>Resources must be <strong>appropriate<\/strong> (right mix), <strong>sufficient<\/strong> (right quantity), <strong>effectively deployed<\/strong>; gaps reported in writing before every meeting.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">19<\/td><td class=\"label-cell\">Mandatory Compliance<\/td><td>Compliance is mandatory and part of the CAE's appraisal; <strong>non-conformance during an engagement must be stated in the report<\/strong>.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">20<\/td><td class=\"label-cell\">Technical Support from IA-CoE<\/td><td>CAE prepares the Ministry's own IA Manual, maintains a Risk Register, reports IA-CM capability, shares best practices.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">21<\/td><td class=\"label-cell\">Internal Audit of Governance<\/td><td>Report to Secretary, IFA &amp; Audit Committee on the adequacy of governance processes.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">22<\/td><td class=\"label-cell\">External Service Providers<\/td><td>Fill competency gaps; each member needn't be qualified in all disciplines, but the team <strong>collectively<\/strong> must be competent; document scope in an engagement letter.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">23<\/td><td class=\"label-cell\">Value Add to Risk Management<\/td><td>Review\/advise on ERM, facilitate Risk Self-Assessment workshops \u2014 but <strong>do not assume management responsibility<\/strong> by actually managing risks.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">24<\/td><td class=\"label-cell\">QAIP<\/td><td>CAE maintains a QAIP covering all IAW activities; communicate results <strong>annually<\/strong> to IFA &amp; Audit Committee; covers <strong>internal &amp; external assessments<\/strong>; the external assessment is done by an assessor engaged by the CGA.<\/td><\/tr>\r\n      <\/tbody>\r\n    <\/table><\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c1-secD\">\r\n      <span class=\"section-badge red\">\u00a7 1.7<\/span>\r\n      <h3>Section D \u2014 Engagement Guidelines (25\u201332)<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"table-wrap\"><table class=\"compare-table wide\">\r\n      <colgroup><col style=\"width:8%\"><col style=\"width:30%\"><col style=\"width:62%\"><\/colgroup>\r\n      <thead><tr><th>No.<\/th><th>Guideline<\/th><th>The crux<\/th><\/tr><\/thead>\r\n      <tbody>\r\n        <tr><td class=\"code-cell\">25<\/td><td class=\"label-cell\">Engagement Planning<\/td><td>Plan = objectives, scope, timing, resources; submit a <strong>TOR<\/strong> before the field visit. Pre-fieldwork file: <strong>Audit Planning Memo (APM), Preliminary Survey Findings (incl. Risk Assessment Report \u2014 RAR), Engagement TOR<\/strong>.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">26<\/td><td class=\"label-cell\">Engagement Work Program<\/td><td>Written, updated program: objectives; risks\/processes\/transactions; <strong>nature of testing<\/strong>; procedures. Ready before the field visit except <strong>sample size<\/strong>.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">27<\/td><td class=\"label-cell\">Engagement Supervision<\/td><td>Oversight scaled to auditor proficiency\/experience and engagement complexity, to mitigate audit risk.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">28<\/td><td class=\"label-cell\">Sufficient &amp; Appropriate Evidence<\/td><td><strong>Appropriateness<\/strong> = quality (relevance, reliability, usefulness); <strong>Sufficiency<\/strong> = quantity. Where limitations are significant: <strong>seek corroboration, disclose in report, decide whether to report as a finding<\/strong>.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">29<\/td><td class=\"label-cell\">Performing Field Work<\/td><td>Gather via surveys\/interviews\/checklists, analytical procedures, process maps; use <strong>Generalised Audit Software (GAS)<\/strong> &amp; continuous monitoring; secure electronic working papers. Be proficient in choosing sampling \u2014 <strong>statistical, judgemental, discovery<\/strong>.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">30<\/td><td class=\"label-cell\">Documenting Engagement Activities<\/td><td>Detail enough for <strong>an experienced auditor with no previous connection<\/strong> to understand nature\/timing\/extent\/results; control access &amp; retention (IIA Std 2330 series).<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">31<\/td><td class=\"label-cell\">Communicating Results<\/td><td>Timely; contains an <strong>opinion and\/or conclusion<\/strong>; the <strong>reason for an unfavourable opinion must be stated<\/strong>; communicate serious findings early; CAE issues all reports and circulates corrections.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">32<\/td><td class=\"label-cell\">Monitoring Progress &amp; Acceptance of Risk<\/td><td>Monitor disposition of results; inordinate delay implies <strong>management has accepted the risk<\/strong> \u2014 include in yearly reporting of unacceptable risks to the Audit Committee.<\/td><\/tr>\r\n      <\/tbody>\r\n    <\/table><\/div>\r\n\r\n    <!-- QUIZ 1 -->\r\n    <div class=\"ix\" id=\"quiz1\">\r\n      <div class=\"ix-head\"><span class=\"ix-chip\">Self-test<\/span><h4>Chapter 1 Quiz \u2014 principles &amp; the 32 Guidelines<\/h4><\/div>\r\n      <div class=\"ix-body\">\r\n        <p class=\"ix-help\">Eight questions from Chapter 1. Pick an answer to lock it; the explanation appears below.<\/p>\r\n        <div id=\"quizStage1\"><\/div>\r\n        <div class=\"quiz-foot\"><span class=\"quiz-score\" id=\"quizScore1\">Score 0 \/ 0<\/span><button class=\"quiz-btn\" id=\"quizNext1\" disabled>Next &rarr;<\/button><\/div>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"recap\" id=\"c1-recap\">\r\n      <div class=\"recap-title\">&#9889; Chapter 1 \u2014 Quick Recap<\/div>\r\n      <table>\r\n        <thead><tr><th>Concept<\/th><th>Key Fact<\/th><\/tr><\/thead>\r\n        <tbody>\r\n          <tr><td>Total guidelines \/ sections<\/td><td><strong>32 guidelines \u00b7 4 Sections<\/strong> (A 1\u20138 \u00b7 B 9\u201313 \u00b7 C 14\u201324 \u00b7 D 25\u201332)<\/td><\/tr>\r\n          <tr><td>Core principles<\/td><td><strong>10<\/strong> \u2014 all should operate effectively<\/td><\/tr>\r\n          <tr><td>Audit Risk<\/td><td>False positive \/ false negative<\/td><\/tr>\r\n          <tr><td>Five ethical principles<\/td><td>Public interest \u00b7 integrity \u00b7 objectivity \u00b7 proper use of Govt resources \u00b7 professional behaviour<\/td><\/tr>\r\n          <tr><td>Independence via<\/td><td>Dual-reporting relationship (five-test presumption)<\/td><\/tr>\r\n          <tr><td>Three services procedures<\/td><td>Examination \u00b7 review \u00b7 agreed-upon procedures<\/td><\/tr>\r\n          <tr><td>Plan deadlines<\/td><td>15 Jan (plan) \u00b7 15 Feb (Finance Bill) \u00b7 1 Mar (present)<\/td><\/tr>\r\n          <tr><td>Three engagement risks<\/td><td>Audit failure \u00b7 false assurance \u00b7 reputation risk<\/td><\/tr>\r\n          <tr><td>Pre-fieldwork file<\/td><td>APM \u00b7 Preliminary Survey (incl. RAR) \u00b7 TOR<\/td><\/tr>\r\n          <tr><td>QAIP results reported<\/td><td><strong>Annually<\/strong> to IFA &amp; Audit Committee<\/td><\/tr>\r\n        <\/tbody>\r\n      <\/table>\r\n    <\/div>\r\n\r\n    <\/section><!-- \/pane-ch1 -->\r\n    <!-- \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 CHAPTER 2 \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 -->\r\n    <section class=\"chapter-pane\" id=\"pane-ch2\" data-chapter=\"2\">\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c2-types\">\r\n      <span class=\"chapter-badge\">CH 2 \u00b7 RISK &amp; CONTROL<\/span>\r\n      <h2>Internal Audits, Risks &amp; Internal Controls<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">The pivot of the chapter<\/div>\r\n      <div class=\"def-text\">\r\n        The <strong>Revised Charter of Financial Advisers (June 2006)<\/strong> shifted Central Ministries from auditing everything on a fixed periodicity to auditing by <strong>criticality and risk<\/strong>. The chapter explains the three audit types, the RBIA methodology, and the theory of risk, risk management and internal control \u2014 anchored in <strong>COSO<\/strong>.\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\">\r\n      <span class=\"section-badge teal\">\u00a7 2.1<\/span>\r\n      <h3>The three types of audit<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"cat-grid three\">\r\n      <div class=\"cat-card a\">\r\n        <div class=\"cat-label\">Type 1<\/div>\r\n        <div class=\"cat-title\">Compliance Audit<\/div>\r\n        <p>Verifies expenditure conforms to laws, rules &amp; orders governing the power to <strong>incur\/sanction<\/strong>, and that service, pay, allowance &amp; pension rules are followed. The auditor flags deviations and suggests remedies; <strong>further action rests with the Ministry<\/strong>.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card c\">\r\n        <div class=\"cat-label\">Type 2<\/div>\r\n        <div class=\"cat-title\">Propriety Audit<\/div>\r\n        <p>Reviews actions suggesting improper expenditure or waste <em>even if<\/em> covered by rules. Extends \"beyond the formality of the expenditure, to its <strong>wisdom, faithfulness and economy<\/strong>\" (Hallam). <strong>Financial Audit<\/strong> is conducted as part of it \u2014 grant\/contract audits and fraud\/financial-irregularity audits.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card d\">\r\n        <div class=\"cat-label\">Type 3<\/div>\r\n        <div class=\"cat-title\">Performance Audit<\/div>\r\n        <p>Ascertains whether stated objectives are achieved with economy &amp; efficiency; examines the <strong>inputs \u2192 outputs \u2192 outcomes<\/strong> chain in schemes\/programmes.<\/p>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <p>Performance Audit is assessed from five angles: <strong>Effectiveness<\/strong> (program accomplishments \u2014 gender-disaggregated data is a pre-requisite to measuring it), <strong>Efficiency<\/strong> (productivity, unit cost, utilisation), <strong>Economy<\/strong> (minimising input use consistent with quality), <strong>Data reliability<\/strong> (controls over non-financial reporting), and <strong>Risk assessment<\/strong> (including the political and societal risks unique to Government).<\/p>\r\n\r\n    <div class=\"section-heading-block\" id=\"c2-rbia\">\r\n      <span class=\"section-badge blue\">\u00a7 2.2\u20132.3<\/span>\r\n      <h3>Risk Based Internal Audit (RBIA) methodology<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">Definition<\/div>\r\n      <div class=\"def-text\">\r\n        RBIA is \"a <strong>methodology that links internal auditing to the Ministry's overall risk management framework<\/strong>.\" The distinction matters: compliance, propriety and performance are <em>types<\/em> of audit, whereas <strong>RBIA is a methodology<\/strong> for planning and conducting them. It begins by assessing the <strong>ERM system<\/strong> at the specific program\/scheme.\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"callout slate\">\r\n      <div class=\"callout-label\">Strategy depends on the program's risk maturity<\/div>\r\n      <p>Where risk maturity is <strong>low<\/strong>: report the ERM deficiencies, provide advisory to train program officers to prepare a risk register, and build the plan on the auditor's <em>own<\/em> risk assessment. Where it is <strong>adequate<\/strong>: use the program's risk register, identify significant risks, and include them in the plan. Risk assessment is done <strong>separately for each unit\/geography<\/strong> \u2014 there is no one plan that fits all.<\/p>\r\n    <\/div>\r\n\r\n    <p>Implementation has <strong>three stages<\/strong> (detailed in Exhibit IV) \u2014 the CAE shall:<\/p>\r\n    <div class=\"flow\">\r\n      <div class=\"flow-step\"><div class=\"fs-num\">STAGE 1<\/div><div class=\"fs-title\">Assess risk maturity<\/div><div class=\"fs-text\">Of the Ministry\/Department, determining the internal audit strategy.<\/div><\/div>\r\n      <div class=\"flow-step\"><div class=\"fs-num\">STAGE 2<\/div><div class=\"fs-title\">Prepare the Audit Plan<\/div><div class=\"fs-text\">Assign risks to audits; set up the Risk &amp; Audit Universe (RAU).<\/div><\/div>\r\n      <div class=\"flow-step\"><div class=\"fs-num\">STAGE 3<\/div><div class=\"fs-title\">Carry out audits<\/div><div class=\"fs-text\">Perform individual risk-based audits and feed results back into the RAU.<\/div><\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c2-risk\">\r\n      <span class=\"section-badge amber\">\u00a7 2.4<\/span>\r\n      <h3>Risk &amp; its scoring<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">Definition of Risk<\/div>\r\n      <div class=\"def-text\">\r\n        Risk is \"the possibility of an event occurring that will have an <strong>adverse impact<\/strong> on the achievement of objectives.\" Every risk has two components \u2014 <strong>likelihood<\/strong> and <strong>impact<\/strong>. The three analysis questions: <em>What can go wrong? (identification) \u00b7 What is the probability? (likelihood) \u00b7 What are the consequences? (impact)<\/em>. Some activities are inherently riskier \u2014 e.g. <strong>procurement<\/strong> more than accounting for expenditure; <strong>year-end expenditure<\/strong> driven by avoiding budget lapse needs closer control.\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"info-row\">\r\n      <div class=\"info-card t-amber\"><div class=\"ic-big\">1 to 3<\/div><div class=\"ic-cap\">Consequence &amp; likelihood each scored (e.g. L\/M\/H = 1\u20133), then combined.<\/div><\/div>\r\n      <div class=\"info-card t-red\"><div class=\"ic-big\">9<\/div><div class=\"ic-cap\">The highest possible score on a 1\u20133 grid (impact \u00d7 likelihood).<\/div><\/div>\r\n      <div class=\"info-card t-red\"><div class=\"ic-big\">\u2265 6<\/div><div class=\"ic-cap\">Any risk scoring <strong>6 or above is a \"key risk\"<\/strong> \u2014 action must be taken.<\/div><\/div>\r\n      <div class=\"info-card t-teal\"><div class=\"ic-big\">Control score<\/div><div class=\"ic-cap\">Inherent minus residual risk; the <strong>higher the control score, the more important the control<\/strong>.<\/div><\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c2-response\">\r\n      <span class=\"section-badge purple\">\u00a7 2.5<\/span>\r\n      <h3>Risk response \u2014 the 4 T's<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"cat-grid four\">\r\n      <div class=\"cat-card a\"><span class=\"cat-badge\">T<\/span><div class=\"cat-title\">Transfer<\/div><p>Shift the risk elsewhere \u2014 e.g. obtaining insurance.<\/p><\/div>\r\n      <div class=\"cat-card b\"><span class=\"cat-badge\">T<\/span><div class=\"cat-title\">Tolerate<\/div><p>Accept it \u2014 when control cost outweighs benefit, or the outcome is inconsequential.<\/p><\/div>\r\n      <div class=\"cat-card c\"><span class=\"cat-badge\">T<\/span><div class=\"cat-title\">Terminate<\/div><p>Stop the activity \u2014 for grave consequences; not always possible in Govt due to political\/social sensitivities.<\/p><\/div>\r\n      <div class=\"cat-card d\"><span class=\"cat-badge\">T<\/span><div class=\"cat-title\">Treat<\/div><p>Apply control activities \u2014 usually the most obvious &amp; relevant choice for Ministries.<\/p><\/div>\r\n    <\/div>\r\n\r\n    <p><strong>Residual risk<\/strong> remaining after controls may be tolerated if elimination costs are high and it is within acceptable limits. <strong>Acceptable risk<\/strong> is one understood and tolerated because the cost\/difficulty of a countermeasure exceeds the expected loss \u2014 a judgement for the Ministry. The benefits of risk reduction must exceed the cost of controls; the target is bringing risk within the Ministry's <strong>risk appetite<\/strong>.<\/p>\r\n\r\n    <div class=\"section-heading-block\" id=\"c2-coso\">\r\n      <span class=\"section-badge gold\">\u00a7 2.6<\/span>\r\n      <h3>Internal control &amp; the COSO framework<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">Internal Control (INTOSAI)<\/div>\r\n      <div class=\"def-text\">\r\n        \"The process by which an organization governs its activities to effectively and efficiently accomplish its mission.\" It is a <strong>continuous process<\/strong>, not isolated events \u2014 and <em>everyone<\/em> in the Ministry has some responsibility for it. It gives reasonable assurance of: orderly\/ethical\/economical\/efficient\/effective\/equitable operations; accountability; legal compliance; and safeguarding resources against loss, misuse &amp; damage.\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"info-row\">\r\n      <div class=\"info-card\"><div class=\"ic-big\">1<\/div><div class=\"ic-cap\"><strong>Control Environment<\/strong> \u2014 sets the tone; integrity &amp; ethical values.<\/div><\/div>\r\n      <div class=\"info-card t-teal\"><div class=\"ic-big\">2<\/div><div class=\"ic-cap\"><strong>Risk Assessment<\/strong> \u2014 identification, evaluation (L\/M\/H), acceptance.<\/div><\/div>\r\n      <div class=\"info-card t-amber\"><div class=\"ic-big\">3<\/div><div class=\"ic-cap\"><strong>Control Activities<\/strong> \u2014 the controls themselves.<\/div><\/div>\r\n      <div class=\"info-card t-purple\"><div class=\"ic-big\">4<\/div><div class=\"ic-cap\"><strong>Information &amp; Communication<\/strong> \u2014 must flow down, across &amp; up; timely, reliable, gender-sensitive.<\/div><\/div>\r\n      <div class=\"info-card t-red\"><div class=\"ic-big\">5<\/div><div class=\"ic-cap\"><strong>Monitoring<\/strong> \u2014 ongoing activities and\/or separate evaluations.<\/div><\/div>\r\n    <\/div>\r\n\r\n    <p class=\"compare-intro\"><strong>Types of control<\/strong> \u2014 with representative examples of each.<\/p>\r\n    <div class=\"table-wrap\"><table class=\"compare-table wide\">\r\n      <colgroup><col style=\"width:22%\"><col style=\"width:34%\"><col style=\"width:44%\"><\/colgroup>\r\n      <thead><tr><th>Type<\/th><th>Purpose<\/th><th>Examples<\/th><\/tr><\/thead>\r\n      <tbody>\r\n        <tr><td class=\"label-cell\">Preventive<\/td><td>Prevents\/minimises errors before they occur.<\/td><td>Segregation of duties; dual cheque-signing; purchase policy; barring unauthorised entry.<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Detective<\/td><td>Highlights errors after they occur.<\/td><td>Bank reconciliation; audit; physical verification of fixed assets; supervision.<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Reconstructive<\/td><td>Provides effective backup.<\/td><td>Disaster Recovery Procedures.<\/td><\/tr>\r\n      <\/tbody>\r\n    <\/table><\/div>\r\n\r\n    <p>Internal control is most effective when controls are <strong>\"built in\" and not \"superimposed.\"<\/strong> Internal Audit is itself a critical component of the internal control system \u2014 entrusted with the review function \u2014 and, being a control, also entails costs, so must be run with due regard to economy, efficiency and effectiveness.<\/p>\r\n\r\n    <div class=\"section-heading-block\" id=\"c2-role\">\r\n      <span class=\"section-badge red\">\u00a7 2.7<\/span>\r\n      <h3>The internal auditor's role in risk management<\/h3>\r\n    <\/div>\r\n\r\n    <ul class=\"icon-list\">\r\n      <li><span class=\"ico\">&#128226;<\/span><span>Be <strong>advocates<\/strong> for formal risk management and help expedite and sustain it.<\/span><\/li>\r\n      <li><span class=\"ico\">&#127919;<\/span><span>Provide assurance on <strong>risk management as a whole<\/strong>, not just on individual risks.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128279;<\/span><span>When conducting a risk-based audit, <strong>link the audit scope to specific risks<\/strong> faced by the Ministry's objectives.<\/span><\/li>\r\n      <li><span class=\"ico\">&#128260;<\/span><span>Update the risk assessment <strong>as and when risks arise<\/strong>, not on a fixed periodicity.<\/span><\/li>\r\n      <li><span class=\"ico\">&#9888;&#65039;<\/span><span>Be cautious that Ministry requests don't divert resources from <strong>higher-risk areas<\/strong>; never assume a management role.<\/span><\/li>\r\n    <\/ul>\r\n\r\n    <!-- QUIZ 2 -->\r\n    <div class=\"ix\" id=\"quiz2\">\r\n      <div class=\"ix-head\"><span class=\"ix-chip\">Self-test<\/span><h4>Chapter 2 Quiz \u2014 audit types, RBIA &amp; COSO<\/h4><\/div>\r\n      <div class=\"ix-body\">\r\n        <p class=\"ix-help\">Eight questions from Chapter 2. Pick an answer to lock it; the explanation appears below.<\/p>\r\n        <div id=\"quizStage2\"><\/div>\r\n        <div class=\"quiz-foot\"><span class=\"quiz-score\" id=\"quizScore2\">Score 0 \/ 0<\/span><button class=\"quiz-btn\" id=\"quizNext2\" disabled>Next &rarr;<\/button><\/div>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"recap\" id=\"c2-recap\">\r\n      <div class=\"recap-title\">&#9889; Chapter 2 \u2014 Quick Recap<\/div>\r\n      <table>\r\n        <thead><tr><th>Concept<\/th><th>Key Fact<\/th><\/tr><\/thead>\r\n        <tbody>\r\n          <tr><td>Three audit types<\/td><td>Compliance \u00b7 Propriety \u00b7 Performance<\/td><\/tr>\r\n          <tr><td>Propriety (Hallam)<\/td><td>Beyond formality \u2014 to wisdom, faithfulness, economy<\/td><\/tr>\r\n          <tr><td>Financial Audit sits within<\/td><td>Propriety Audit<\/td><\/tr>\r\n          <tr><td>Performance audit angles<\/td><td>Effectiveness \u00b7 efficiency \u00b7 economy \u00b7 data reliability \u00b7 risk assessment<\/td><\/tr>\r\n          <tr><td>RBIA is a<\/td><td><strong>Methodology<\/strong> (not a type); links audit to ERM<\/td><\/tr>\r\n          <tr><td>RBIA three stages<\/td><td>Assess maturity \u2192 prepare plan\/RAU \u2192 audit &amp; feed back<\/td><\/tr>\r\n          <tr><td>Risk components<\/td><td>Likelihood &amp; impact<\/td><\/tr>\r\n          <tr><td>Key risk threshold<\/td><td>Score <strong>\u22656<\/strong> (1\u20133 grid; max 9)<\/td><\/tr>\r\n          <tr><td>Control score<\/td><td>Inherent minus residual risk<\/td><\/tr>\r\n          <tr><td>4 T's<\/td><td>Transfer \u00b7 Tolerate \u00b7 Terminate \u00b7 Treat<\/td><\/tr>\r\n          <tr><td>COSO 5 components<\/td><td>Control environment \u00b7 risk assessment \u00b7 control activities \u00b7 info &amp; communication \u00b7 monitoring<\/td><\/tr>\r\n          <tr><td>Control types<\/td><td>Preventive \u00b7 Detective \u00b7 Reconstructive<\/td><\/tr>\r\n          <tr><td>Controls best when<\/td><td>\"Built in,\" not \"superimposed\"<\/td><\/tr>\r\n        <\/tbody>\r\n      <\/table>\r\n    <\/div>\r\n\r\n    <\/section><!-- \/pane-ch2 -->\r\n    <!-- \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 CHAPTER 3 \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 -->\r\n    <section class=\"chapter-pane\" id=\"pane-ch3\" data-chapter=\"3\">\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c3-cga\">\r\n      <span class=\"chapter-badge\">CH 3 \u00b7 MANAGEMENT<\/span>\r\n      <h2>Management of Internal Audit in Government<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">What this chapter does<\/div>\r\n      <div class=\"def-text\">\r\n        Chapter III shows the <strong>reporting levels<\/strong> at the Centre and the Ministry, and the activities the <strong>CAE<\/strong> performs to organise and manage the IAW. Its big-ticket items: the <strong>Audit Committee<\/strong>, the <strong>Internal Audit Charter<\/strong> (with a model charter), the <strong>Documentation Policy<\/strong>, and the <strong>KPI dashboard<\/strong>.\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"callout teal\">\r\n      <div class=\"callout-label\">CGA Vision &amp; Mission (approved 6 Aug 2011)<\/div>\r\n      <p><strong>Vision:<\/strong> \"As a professional accounting organization, our vision is to strengthen governance through excellence in public financial management.\" One mission limb is squarely about audit: <em>\"Develop new paradigms of internal audit for improved transparency and accountability.\"<\/em> The IAD's own stated mission is to provide <strong>\"dynamic leadership\"<\/strong> for Government internal auditing in India.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c3-reporting\">\r\n      <span class=\"section-badge\">\u00a7 3.1\u20133.4<\/span>\r\n      <h3>Reporting by CGA to the Expenditure Secretary<\/h3>\r\n    <\/div>\r\n\r\n    <p>The CGA has a direct relationship with the <strong>Secretary (Expenditure)<\/strong>, M\/o Finance, and submits the <strong>Annual Review<\/strong> \u2014 a consolidation of the Annual Reviews received from line Ministries. The IAD compiles an <strong>\"Annual Review at a Glance\"<\/strong> summarising important observations and reflecting financial implications <strong>above Rupees One Crore<\/strong>.<\/p>\r\n\r\n    <div class=\"info-row\">\r\n      <div class=\"info-card\"><div class=\"ic-big\">15 Jan<\/div><div class=\"ic-cap\">Annual Audit Plan finalised.<\/div><\/div>\r\n      <div class=\"info-card t-teal\"><div class=\"ic-big\">15 Feb<\/div><div class=\"ic-cap\">Copy of the plan endorsed to IAD, O\/o CGA.<\/div><\/div>\r\n      <div class=\"info-card t-amber\"><div class=\"ic-big\">31 May<\/div><div class=\"ic-cap\">Annual Review on the previous year's performance reaches O\/o CGA (Exhibit I format).<\/div><\/div>\r\n      <div class=\"info-card t-red\"><div class=\"ic-big\">Quarterly<\/div><div class=\"ic-cap\">The CAE puts a quarterly review before the Audit Committee.<\/div><\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c3-mandate\">\r\n      <span class=\"section-badge purple\">\u00a7 3.6<\/span>\r\n      <h3>Mandate of internal audit &amp; the Audit Committee<\/h3>\r\n    <\/div>\r\n\r\n    <p>The requirements are detailed in a clearly defined <strong>Audit Mandate<\/strong>, which the <strong>Internal Audit Charter<\/strong> formally documents. An <strong>Audit Committee<\/strong> is constituted in each Ministry for oversight, with this composition:<\/p>\r\n\r\n    <div class=\"table-wrap\"><table class=\"compare-table\">\r\n      <colgroup><col style=\"width:34%\"><col style=\"width:66%\"><\/colgroup>\r\n      <thead><tr><th>Role<\/th><th>Office holder<\/th><\/tr><\/thead>\r\n      <tbody>\r\n        <tr><td class=\"label-cell\">Chairperson<\/td><td><strong>Secretary<\/strong> of the Ministry\/Department<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Vice-Chairperson<\/td><td><strong>Financial Advisor<\/strong><\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Convener \/ Member Secretary<\/td><td><strong>CCA \/ CA (the CAE)<\/strong>, or an officer nominated by the CAE<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Members<\/td><td><strong>Programme Division Heads<\/strong>; plus subject-matter experts (e.g. a Gender Audit or Internal Audit expert) where necessary<\/td><\/tr>\r\n      <\/tbody>\r\n    <\/table><\/div>\r\n\r\n    <div class=\"callout slate\">\r\n      <div class=\"callout-label\">The Audit Committee's eight terms of reference<\/div>\r\n      <p>Ensure an effective <strong>Risk Management<\/strong> system; supervise the IAW &amp; set priorities; provide strategic direction &amp; resources; <strong>approve the Internal Audit Charter<\/strong>; <strong>approve the Annual Internal Audit Plan<\/strong>; evaluate IAW performance &amp; guide improvement; ensure observations are implemented; determine modalities to resolve key audit issues. The committee may also <strong>assign special audits<\/strong> on which the CAE reports directly to it within a prescribed time-frame.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c3-charter\">\r\n      <span class=\"section-badge amber\">\u00a7 3.7<\/span>\r\n      <h3>The Internal Audit Charter<\/h3>\r\n    <\/div>\r\n\r\n    <p>The Charter is the <strong>reference point<\/strong> for internal audit at the Ministry \u2014 it defines <strong>purpose, authority &amp; responsibility<\/strong>, sets functional &amp; administrative reporting lines, establishes the IAW's position, authorises access to records\/personnel\/property, and is the foundation for the Annual Audit Plan. It must be <strong>gender inclusive<\/strong> and <strong>approved by the Audit Committee<\/strong>. The 2006 revised charter moved audit beyond compliance to:<\/p>\r\n\r\n    <ol class=\"parts-list decimal teal\">\r\n      <li>Appraisal, monitoring &amp; evaluation of <strong>individual schemes<\/strong>.<\/li>\r\n      <li>Assessment of adequacy &amp; effectiveness of <strong>internal controls<\/strong> and soundness of financial systems.<\/li>\r\n      <li>Identification &amp; monitoring of <strong>risk factors<\/strong> (including those in the Outcome Budget).<\/li>\r\n      <li>Critical assessment of <strong>economy, efficiency &amp; effectiveness<\/strong> of service delivery \u2014 value for money.<\/li>\r\n      <li>Providing an effective monitoring system to facilitate <strong>mid-course corrections<\/strong>.<\/li>\r\n    <\/ol>\r\n\r\n    <div class=\"callout gold\">\r\n      <div class=\"callout-label\">The 60\/40 working-days rule<\/div>\r\n      <p>CGA guidelines recommend utilising <strong>60% of working days for Risk-Based Internal Audit of Schemes<\/strong> and <strong>40% for Compliance\/Regularity Audit<\/strong> \u2014 and planning for <em>both<\/em> follows a risk-based approach. Reports should be prepared <strong>within one week<\/strong> and issued after the CAE's approval. An auditor must <strong>not audit his own decision<\/strong>, nor a unit where he worked <strong>within the past one year<\/strong>.<\/p>\r\n    <\/div>\r\n\r\n    <p>Reporting lines under the Charter: the IAW is headed by a <strong>Pr.CCA\/CCA\/CA acting as CAE<\/strong>; <em>administratively<\/em> the CAE reports to the <strong>Secretary through the Financial Advisor<\/strong>, while <em>functionally<\/em> the IAW reports to the <strong>Audit Committee<\/strong>. The IAD in O\/o CGA is structured in three sections \u2014 <strong>(i) Centre of Excellence, (ii) Planning &amp; Coordination, (iii) Inspection Wing<\/strong>. Each Ministry also has an <strong>Internal Audit Management Team<\/strong> headed by the CAE for closer supervision &amp; quality assurance.<\/p>\r\n\r\n    <div class=\"section-heading-block\" id=\"c3-cae\">\r\n      <span class=\"section-badge blue\">\u00a7 3.8\u20133.9<\/span>\r\n      <h3>Managing the activity &amp; the documentation policy<\/h3>\r\n    <\/div>\r\n\r\n    <p>To add value, the CAE (per IIA Standards 2000\u20132060): establishes a <strong>risk-based plan<\/strong>; communicates plans &amp; resource needs (Std 2020); ensures resources are appropriate, sufficient &amp; effectively deployed (Std 2030); establishes guidelines &amp; procedures (Std 2040); shares information &amp; relies on other assurance providers (Std 2050) \u2014 while <strong>remaining accountable for the conclusions<\/strong>; and reports periodically (Std 2060) on purpose, authority, responsibility &amp; performance, including any risk management deems unacceptable.<\/p>\r\n\r\n    <div class=\"callout purple\">\r\n      <div class=\"callout-label\">Documentation Policy (Para 3.9)<\/div>\r\n      <p>The CAE approves a documentation policy covering: the need to document <strong>sufficient, reliable, relevant<\/strong> information; <strong>controlled access<\/strong> (the CAE obtains approval of senior management and\/or legal counsel before releasing records to external parties); and <strong>retention requirements<\/strong> regardless of storage medium \u2014 consistent with Ministry guidelines and regulatory requirements.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c3-kpi\">\r\n      <span class=\"section-badge gold\">\u00a7 3.10<\/span>\r\n      <h3>KPIs &amp; dashboards \u2014 the six IA-CM elements<\/h3>\r\n    <\/div>\r\n\r\n    <p>KPIs are organised around the six elements of the <strong>Internal Audit Capability Model<\/strong> for the public sector:<\/p>\r\n\r\n    <div class=\"cat-grid three\">\r\n      <div class=\"cat-card a\"><div class=\"cat-label\">Element 1<\/div><div class=\"cat-title\">Services of IA<\/div><p>Completed vs planned assignments; man-days utilised; % consulting &amp; % RBIA assignments; recommendations by H\/M\/L; impact (recoveries, overpayments, idle machinery, irregular expenditure); client satisfaction.<\/p><\/div>\r\n      <div class=\"cat-card b\"><div class=\"cat-label\">Element 2<\/div><div class=\"cat-title\">People Management<\/div><p>Staff utilisation; training plan vs actual; staffing requirement &amp; authorised vs actual; appropriately qualified vs total; persons recognised for certification.<\/p><\/div>\r\n      <div class=\"cat-card c\"><div class=\"cat-label\">Element 3<\/div><div class=\"cat-title\">Professional Practices<\/div><p>IA-CM assessment &amp; action plans; QAIP; gap analysis against the Handbook.<\/p><\/div>\r\n      <div class=\"cat-card d\"><div class=\"cat-label\">Element 4<\/div><div class=\"cat-title\">Performance Mgmt &amp; Accountability<\/div><p>MIS periodicity; stakeholder feedback; ability to meet plans; risks mitigated, cost-saving &amp; recovery opportunities.<\/p><\/div>\r\n      <div class=\"cat-card e\"><div class=\"cat-label\">Element 5<\/div><div class=\"cat-title\">Organisation Relationships &amp; Culture<\/div><p>Org structure plan vs actual; CAE in the management team; access to information\/people; relations with external auditors.<\/p><\/div>\r\n      <div class=\"cat-card a\"><div class=\"cat-label\">Element 6<\/div><div class=\"cat-title\">Governance Structure<\/div><p>How the CAE fits in; reporting relationship; how independence is assured. <strong>Audit Committee KPIs:<\/strong> meeting frequency, attendance, induction of external SMEs.<\/p><\/div>\r\n    <\/div>\r\n\r\n    <!-- QUIZ 3 -->\r\n    <div class=\"ix\" id=\"quiz3\">\r\n      <div class=\"ix-head\"><span class=\"ix-chip\">Self-test<\/span><h4>Chapter 3 Quiz \u2014 committee, charter &amp; KPIs<\/h4><\/div>\r\n      <div class=\"ix-body\">\r\n        <p class=\"ix-help\">Eight questions from Chapter 3. Pick an answer to lock it; the explanation appears below.<\/p>\r\n        <div id=\"quizStage3\"><\/div>\r\n        <div class=\"quiz-foot\"><span class=\"quiz-score\" id=\"quizScore3\">Score 0 \/ 0<\/span><button class=\"quiz-btn\" id=\"quizNext3\" disabled>Next &rarr;<\/button><\/div>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"recap\" id=\"c3-recap\">\r\n      <div class=\"recap-title\">&#9889; Chapter 3 \u2014 Quick Recap<\/div>\r\n      <table>\r\n        <thead><tr><th>Concept<\/th><th>Key Fact<\/th><\/tr><\/thead>\r\n        <tbody>\r\n          <tr><td>CGA reports to<\/td><td>Secretary (Expenditure), M\/o Finance<\/td><\/tr>\r\n          <tr><td>\"At a Glance\" threshold<\/td><td>Financial implications above <strong>Rs 1 Crore<\/strong><\/td><\/tr>\r\n          <tr><td>Annual Review reaches CGA by<\/td><td><strong>31 May<\/strong> (Exhibit I format)<\/td><\/tr>\r\n          <tr><td>Audit Committee Chair<\/td><td>Secretary of the Ministry<\/td><\/tr>\r\n          <tr><td>Vice-Chair \/ Convener<\/td><td>Financial Advisor \/ CCA-CA (CAE)<\/td><\/tr>\r\n          <tr><td>Committee approves<\/td><td>The Charter &amp; the Annual Audit Plan<\/td><\/tr>\r\n          <tr><td>Charter defines<\/td><td>Purpose, authority, responsibility<\/td><\/tr>\r\n          <tr><td>The 60\/40 rule<\/td><td>60% RBIA of schemes \u00b7 40% compliance\/regularity<\/td><\/tr>\r\n          <tr><td>Reports prepared within<\/td><td><strong>One week<\/strong><\/td><\/tr>\r\n          <tr><td>Independence rule<\/td><td>No self-audit; no unit worked in within past 1 year<\/td><\/tr>\r\n          <tr><td>IAD three sections<\/td><td>CoE \u00b7 Planning &amp; Coordination \u00b7 Inspection Wing<\/td><\/tr>\r\n          <tr><td>IA-CM elements<\/td><td><strong>6<\/strong> (drive the KPI dashboard)<\/td><\/tr>\r\n        <\/tbody>\r\n      <\/table>\r\n    <\/div>\r\n\r\n    <\/section><!-- \/pane-ch3 -->\r\n    <!-- \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 CHAPTER 4 \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 -->\r\n    <section class=\"chapter-pane\" id=\"pane-ch4\" data-chapter=\"4\">\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c4-gender\">\r\n      <span class=\"chapter-badge\">CH 4 \u00b7 DOMAINS<\/span>\r\n      <h2>Other Domains of Internal Audit<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">What this chapter does<\/div>\r\n      <div class=\"def-text\">\r\n        Chapter IV covers three specialised domains every IAW must weave into the plan: <strong>Gender Audit<\/strong>, the <strong>IT Audit framework<\/strong>, and <strong>Audit of Governance Processes<\/strong>.\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\">\r\n      <span class=\"section-badge teal\">\u00a7 4.1<\/span>\r\n      <h3>Gender Audit<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">Definition (UNICEF \/ UNESCO)<\/div>\r\n      <div class=\"def-text\">\r\n        Gender Audit is a tool for evaluating the degree to which <strong>gender issues are mainstreamed<\/strong> into an office or programme (UNICEF); a <strong>management &amp; planning tool<\/strong> assessing how far gender equality is progressing (UNESCO). It assesses accountability to, and the extent of, <strong>Gender Budgeting<\/strong> \u2014 adopted by the Government of India in <strong>2005<\/strong>. The ultimate goal of the gender-equality process is <strong>Gender Mainstreaming<\/strong>. Women constitute about <strong>48% of India's population<\/strong>.\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <p class=\"compare-intro\"><strong>Mandate<\/strong> \u2014 Gender Audit is inclusive in <em>two<\/em> of the audit types.<\/p>\r\n    <div class=\"table-wrap\"><table class=\"compare-table wide\">\r\n      <colgroup><col style=\"width:30%\"><col style=\"width:70%\"><\/colgroup>\r\n      <thead><tr><th>As part of\u2026<\/th><th>Objective<\/th><\/tr><\/thead>\r\n      <tbody>\r\n        <tr><td class=\"label-cell\">Compliance Audit<\/td><td>Ensure adherence to constitutional provisions and Government regulations\/procedures from a <strong>gender-sensitive perspective<\/strong>.<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Performance Audit<\/td><td>Assess the <strong>economy, efficiency &amp; effectiveness<\/strong> of gender equality in a project\/programme (most performance audits do not focus on gender-equality results).<\/td><\/tr>\r\n      <\/tbody>\r\n    <\/table><\/div>\r\n\r\n    <div class=\"callout teal\">\r\n      <div class=\"callout-label\">The five sections of any audit checklist<\/div>\r\n      <p>Every gender-audit checklist (built at the planning stage, encoded by serial numbers) has five sections: <br><strong>(i) scope, <br>(ii) evidence collection, <br>(iii) audit tests, <br>(iv) analysis of results, <br>(v) conclusion<\/strong>.<br> For beneficiary-oriented schemes, evidence collection <strong>must include sex-disaggregated data<\/strong>; both direct and indirect (proxy) evidence is collected.<\/p>\r\n    <\/div>\r\n\r\n    <p>The expected output is three-fold: an <strong>insight<\/strong> into the status of gender mainstreaming in the scheme; a <strong>pool of information<\/strong> on gender mainstreaming for discussion &amp; analysis; and a <strong>participatory process<\/strong> that builds organisational ownership of the gender-equality objective.<\/p>\r\n\r\n    <div class=\"section-heading-block\" id=\"c4-it\">\r\n      <span class=\"section-badge purple\">\u00a7 4.2<\/span>\r\n      <h3>IT Audit framework<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">Purpose &amp; the CIA triad<\/div>\r\n      <div class=\"def-text\">\r\n        IT Audit evaluates an entity's information systems and the safeguards protecting them from emerging risks including cyber risk. It reviews attributes of data \u2014 the <strong>CIA objectives<\/strong>: <strong>Confidentiality<\/strong> (prevent unauthorised disclosure), <strong>Integrity<\/strong> (prevent unauthorised modification), <strong>Availability<\/strong> (prevent disruption of service) \u2014 plus physical storage and IT assets\/resources, through review of General Controls and Application Controls.\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"callout slate\">\r\n      <div class=\"callout-label\">Key issues the CAE must grasp<\/div>\r\n      <p>IT Audit Risk (early stages \u2192 engage SMEs); understanding the technology environment; auditing in a <strong>Big Data<\/strong> environment with <strong>integrated auditing<\/strong>; identifying IT risks &amp; controls \u2014 <strong>General Computer Controls (GCC) are reviewed first<\/strong> because they form the basis of the IT control environment; the interplay between manual and automated controls; and using technology as an audit opportunity (CAATs).<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c4-itprocess\">\r\n      <span class=\"section-badge amber\">\u00a7 4.2.4<\/span>\r\n      <h3>Performing the IT audit<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"flow amber\">\r\n      <div class=\"flow-step\"><div class=\"fs-num\">STEP 1<\/div><div class=\"fs-title\">Prepare the IT Audit Universe<\/div><div class=\"fs-text\">List specific technologies, then the IT processes\/controls\/activities against them (sample in Exhibit V). Benchmark with a framework like COSO ERM.<\/div><\/div>\r\n      <div class=\"flow-step\"><div class=\"fs-num\">STEP 2<\/div><div class=\"fs-title\">Prepare the Annual IT Audit Plan<\/div><div class=\"fs-text\">Prioritise auditable units by risk significance; fold into the Annual Plan + 3-year programme; keep an emerging-risk register; quarterly review.<\/div><\/div>\r\n      <div class=\"flow-step\"><div class=\"fs-num\">STEP 3<\/div><div class=\"fs-title\">Undertake IT Risk Assessment<\/div><div class=\"fs-text\">Determine inherent risk over key IT processes \u2014 development, operations, business continuity, network, information security, change management.<\/div><\/div>\r\n      <div class=\"flow-step\"><div class=\"fs-num\">STEP 4<\/div><div class=\"fs-title\">Report on IT Risks &amp; Controls<\/div><div class=\"fs-text\">Cover security incidents, change-management exceptions, project status \u2014 an integrated format from Programmes\/Processes to IT.<\/div><\/div>\r\n    <\/div>\r\n\r\n    <div class=\"callout purple\">\r\n      <div class=\"callout-label\">IIA's GTAGs &amp; the Centre of Excellence<\/div>\r\n      <p>IT audits draw on the IIA's <strong>GTAGs<\/strong> (Global Technology Audit Guides) \u2014 e.g. <strong>GTAG 5<\/strong> (managing &amp; auditing IT risks), <strong>GTAG 6<\/strong> (IT vulnerabilities), <strong>GTAG 9<\/strong> (identity &amp; access management), <strong>GTAG 10<\/strong> (business continuity), <strong>GTAG 11<\/strong> (developing an IT audit plan), <strong>GTAG 12<\/strong> (auditing IT projects), <strong>GTAG 13<\/strong> (fraud prevention in an automated world) \u2014 plus <strong>GAIT<\/strong> for IT general controls. Until Ministries build capability, the <strong>CoE in O\/o CGA<\/strong> develops an in-house team or outsources to specialist firms, and compiles a library of sample IT Audit Reports.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c4-gov\">\r\n      <span class=\"section-badge red\">\u00a7 4.3<\/span>\r\n      <h3>Audit of Governance Processes<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">Definition of Governance<\/div>\r\n      <div class=\"def-text\">\r\n        \"The combination of <strong>processes and structures<\/strong> implemented by the Audit Committee to <strong>inform, direct, manage and monitor<\/strong> the activities of the Ministry\/Department toward the achievement of its objectives.\" Governance, risk management and internal control are <strong>interrelated<\/strong> \u2014 not independent. The IAW supports being <strong>accountable, transparent<\/strong> and achieving objectives <strong>effectively, efficiently, economically and ethically<\/strong>.\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <p class=\"compare-intro\"><strong>The IAW supports three governance roles<\/strong> \u2014 oversight, insight, foresight.<\/p>\r\n    <div class=\"table-wrap\"><table class=\"compare-table wide\">\r\n      <colgroup><col style=\"width:22%\"><col style=\"width:78%\"><\/colgroup>\r\n      <thead><tr><th>Role<\/th><th>What it does<\/th><\/tr><\/thead>\r\n      <tbody>\r\n        <tr><td class=\"label-cell\">Oversight<\/td><td>Whether Ministries are doing what they should \u2014 serves to <strong>detect &amp; deter public corruption<\/strong>; verifies spending for the intended purpose.<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Insight<\/td><td>An independent assessment of <strong>which programs &amp; policies are working and which are not<\/strong>; benchmarking &amp; best practice.<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Foresight<\/td><td>Identifies <strong>trends &amp; emerging challenges<\/strong> (demographic, economic, security) in implementing PPS.<\/td><\/tr>\r\n      <\/tbody>\r\n    <\/table><\/div>\r\n\r\n    <div class=\"callout amber\">\r\n      <div class=\"callout-label\">Four key objectives of a governance audit<\/div>\r\n      <p>Assess how the Ministry: <br><strong>(1)<\/strong> promotes <strong>ethics &amp; values<\/strong> (code of conduct, RTI, anti-fraud\/whistleblowing, hotline); <br><strong>(2)<\/strong> ensures <strong>performance management &amp; accountability<\/strong> (objective-setting, KPIs); <br><strong>(3)<\/strong> <strong>communicates risk &amp; control information<\/strong> to appropriate areas; and <br><strong>(4)<\/strong> <strong>coordinates activities<\/strong> among the board, external\/internal auditors &amp; management.<\/p>\r\n    <\/div>\r\n\r\n    <p>Beyond these, the chapter distinguishes <strong>Detection<\/strong> (identifying inappropriate\/illegal\/fraudulent acts already transpired \u2014 e.g. payroll, accounts-payable, IS-security audits) from <strong>Deterrence<\/strong> (reducing the conditions that allow corruption \u2014 assessing controls, reviewing contracts for conflicts of interest). Auditors may give <strong>advisory, assistance or investigative services<\/strong>, but <strong>may not make management decisions or assume a management role<\/strong>, and must keep independence for subsequent audits \u2014 in short, <strong>they should not audit their own work<\/strong>.<\/p>\r\n\r\n    <!-- QUIZ 4 -->\r\n    <div class=\"ix\" id=\"quiz4\">\r\n      <div class=\"ix-head\"><span class=\"ix-chip\">Self-test<\/span><h4>Chapter 4 Quiz \u2014 Gender, IT &amp; Governance audits<\/h4><\/div>\r\n      <div class=\"ix-body\">\r\n        <p class=\"ix-help\">Seven questions from Chapter 4. Pick an answer to lock it; the explanation appears below.<\/p>\r\n        <div id=\"quizStage4\"><\/div>\r\n        <div class=\"quiz-foot\"><span class=\"quiz-score\" id=\"quizScore4\">Score 0 \/ 0<\/span><button class=\"quiz-btn\" id=\"quizNext4\" disabled>Next &rarr;<\/button><\/div>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"recap\" id=\"c4-recap\">\r\n      <div class=\"recap-title\">&#9889; Chapter 4 \u2014 Quick Recap<\/div>\r\n      <table>\r\n        <thead><tr><th>Concept<\/th><th>Key Fact<\/th><\/tr><\/thead>\r\n        <tbody>\r\n          <tr><td>Three domains<\/td><td>Gender \u00b7 IT \u00b7 Governance<\/td><\/tr>\r\n          <tr><td>Gender Budgeting adopted<\/td><td><strong>2005<\/strong>; commitment in 11th Plan (2007\u201312)<\/td><\/tr>\r\n          <tr><td>Gender audit mandate<\/td><td>Both Compliance &amp; Performance audit<\/td><\/tr>\r\n          <tr><td>Audit checklist sections<\/td><td>Scope \u00b7 evidence \u00b7 tests \u00b7 analysis \u00b7 conclusion<\/td><\/tr>\r\n          <tr><td>Gender evidence needs<\/td><td>Sex-disaggregated data<\/td><\/tr>\r\n          <tr><td>IT Audit assures<\/td><td>Confidentiality \u00b7 Integrity \u00b7 Availability (CIA)<\/td><\/tr>\r\n          <tr><td>Reviewed first in IT<\/td><td><strong>GCC<\/strong> (General Computer Controls)<\/td><\/tr>\r\n          <tr><td>IT guidance<\/td><td>GTAGs (5,6,9,10,11,12,13) &amp; GAIT<\/td><\/tr>\r\n          <tr><td>Governance = <\/td><td>Processes &amp; structures to inform, direct, manage, monitor<\/td><\/tr>\r\n          <tr><td>Three governance roles<\/td><td>Oversight \u00b7 Insight \u00b7 Foresight<\/td><\/tr>\r\n          <tr><td>Four governance objectives<\/td><td>Ethics \u00b7 performance\/accountability \u00b7 risk communication \u00b7 coordination<\/td><\/tr>\r\n          <tr><td>Advisory limit<\/td><td>No management role; no auditing own work<\/td><\/tr>\r\n        <\/tbody>\r\n      <\/table>\r\n    <\/div>\r\n\r\n    <\/section><!-- \/pane-ch4 -->\r\n    <!-- \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 CHAPTER 5 \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 -->\r\n    <section class=\"chapter-pane\" id=\"pane-ch5\" data-chapter=\"5\">\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c5-qa\">\r\n      <span class=\"chapter-badge\">CH 5 \u00b7 QUALITY<\/span>\r\n      <h2>Quality Assurance<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">What this chapter does<\/div>\r\n      <div class=\"def-text\">\r\n        Chapter V establishes a <strong>Quality Assurance &amp; Improvement Programme (QAIP)<\/strong> so the IAW is seen as a <em>trusted advisor<\/em>. It covers the QA hierarchy, self\/peer\/external reviews, the statutory-audit interface, confidentiality, working papers, and Richard Chambers' \"Ten Things Not to Say in an Internal Audit Report.\"\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <p>QA matters because audit engagements review the use of <strong>public money<\/strong> and must be done with due regard for ethics, economy, efficiency &amp; effectiveness. Its benefits: <strong>consistent application of processes, standardisation &amp; completeness of documentation, adequate linkage of recommendations to working papers, and enhanced credibility<\/strong> \u2014 increasing the effectiveness of supervisory elements and the reliability of reports.<\/p>\r\n\r\n    <div class=\"section-heading-block\" id=\"c5-hierarchy\">\r\n      <span class=\"section-badge teal\">\u00a7 5.3<\/span>\r\n      <h3>Hierarchy of Quality Assurance elements<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"table-wrap\"><table class=\"compare-table wide\">\r\n      <colgroup><col style=\"width:24%\"><col style=\"width:30%\"><col style=\"width:28%\"><col style=\"width:18%\"><\/colgroup>\r\n      <thead><tr><th>Control element<\/th><th>Covers<\/th><th>Source \/ who reviews<\/th><th>Assurance level<\/th><\/tr><\/thead>\r\n      <tbody>\r\n        <tr><td class=\"label-cell\">Professionalism (Due Care)<\/td><td>The individual auditor's work<\/td><td>Individual<\/td><td>Individual Auditor<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Supervisory Review<\/td><td>The engagement<\/td><td>Supervisor <em>within<\/em> the line of responsibility<\/td><td>Audit Function Management<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Internal Review<\/td><td>Aggregate of engagements \/ divisional offices<\/td><td>Supervisor\/peer <em>outside<\/em> the line of responsibility<\/td><td>Chief Audit Executive<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">External Review<\/td><td>The audit function as a whole<\/td><td>Qualified persons from outside the Ministry<\/td><td>Audit Committee<\/td><\/tr>\r\n      <\/tbody>\r\n    <\/table><\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c5-reviews\">\r\n      <span class=\"section-badge amber\">\u00a7 5.3.3<\/span>\r\n      <h3>Self, peer &amp; external reviews<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"cat-grid three\">\r\n      <div class=\"cat-card a\">\r\n        <div class=\"cat-label\">Responsibility: CAE<\/div>\r\n        <div class=\"cat-title\">Self-Assessment<\/div>\r\n        <p>The responsibility of the Chief Audit Executive; built into ongoing supervision &amp; monitoring.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card b\">\r\n        <div class=\"cat-label\">Responsibility: IAW members<\/div>\r\n        <div class=\"cat-title\">Peer Review<\/div>\r\n        <p>Conducted by members of IAWs of (other) Ministries\/Departments.<\/p>\r\n      <\/div>\r\n      <div class=\"cat-card e\">\r\n        <div class=\"cat-label\">Responsibility: O\/o CGA or IIA<\/div>\r\n        <div class=\"cat-title\">External Review<\/div>\r\n        <p>Done by O\/o CGA or outsourced reviewers from the IIA \u2014 examines the audit plan, working papers, report &amp; follow-up; can be before or after reports are finalised; deficiencies rectified timely.<\/p>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c5-files\">\r\n      <span class=\"section-badge purple\">\u00a7 5.4\u20135.5<\/span>\r\n      <h3>Statutory interface, confidentiality &amp; work papers<\/h3>\r\n    <\/div>\r\n\r\n    <p>Internal audit must develop <strong>synergy with statutory audit<\/strong>, the two complementing each other. The Audit Committee reviews statutory observations too; the IAW maintains a <strong>DDO-wise count of outstanding objections<\/strong> from the Test Audit Notes issued by statutory audit, and monitors settlement. Auditors must respect the <strong>confidentiality<\/strong> of information \u2014 used only for the purpose obtained, disclosed only with proper authorisation.<\/p>\r\n\r\n    <p class=\"compare-intro\"><strong>The two working-paper files<\/strong> \u2014 same split that appears in the Manual.<\/p>\r\n    <div class=\"table-wrap\"><table class=\"compare-table wide\">\r\n      <colgroup><col style=\"width:26%\"><col style=\"width:74%\"><\/colgroup>\r\n      <thead><tr><th>File<\/th><th>Typical contents<\/th><\/tr><\/thead>\r\n      <tbody>\r\n        <tr><td class=\"label-cell\">Permanent Audit File<\/td><td>Organisational chart; descriptions of schemes\/programs\/systems\/procedures &amp; business plans; corrective action plans; legal &amp; regulatory issues; risk assessment; correspondence of continuing interest; updated audit programmes.<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Current Audit File<\/td><td>Draft &amp; final report copies; significant findings &amp; how resolved; planning documentation; administration correspondence; follow-up of previous reports; updated programmes; supporting documentation; minutes of entry &amp; exit meetings.<\/td><\/tr>\r\n      <\/tbody>\r\n    <\/table><\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c5-ten\">\r\n      <span class=\"section-badge red\">\u00a7 5.6<\/span>\r\n      <h3>Ten Things Not to Say in an Internal Audit Report<\/h3>\r\n    <\/div>\r\n\r\n    <p>Richard Chambers' reflections, embedded in the Handbook as a reporting-quality aid:<\/p>\r\n\r\n    <ol class=\"parts-list decimal red\">\r\n      <li>Don't say <strong>\"Management should consider\u2026\"<\/strong> \u2014 offer solid, specific recommendations, not a nebulous call to action.<\/li>\r\n      <li>Don't use <strong>\"weasel words\"<\/strong> (\"it seems that,\" \"our impression is,\" \"there appears to be\") \u2014 they make solid recommendations sound like hunches.<\/li>\r\n      <li>Use <strong>\"intensifiers\" sparingly<\/strong> (\"clearly,\" \"significant,\" \"very large\") \u2014 numbers like 23% or $3 billion tell a story; vague intensifiers don't.<\/li>\r\n      <li>The problem is <strong>rarely universal<\/strong> \u2014 avoid \"everything,\" \"nothing,\" \"never,\" \"always.\"<\/li>\r\n      <li>Avoid the <strong>\"blame game\"<\/strong> \u2014 get to the root cause, not \"it was Fred's fault.\"<\/li>\r\n      <li>Don't say <strong>\"management failed\"<\/strong> \u2014 state the condition without assigning blame.<\/li>\r\n      <li><strong>\"Auditee\" is old-school<\/strong> \u2014 prefer \"audit client\" \/ \"audit customer\"; audit is collaborative.<\/li>\r\n      <li>Avoid unnecessary <strong>technical jargon<\/strong> (\"asynchronous transfer mode,\" \"stratified sampling methodology\").<\/li>\r\n      <li>Avoid <strong>taking all the credit<\/strong> \u2014 \"internal audit found \/ we found\" can sound like throwing management under the bus.<\/li>\r\n      <li><strong>If it sounds impressive, you probably need a re-write<\/strong> \u2014 apply the \"fifth-grader test\": if a middle-schooler can't understand it, it's too complicated.<\/li>\r\n    <\/ol>\r\n\r\n    <!-- QUIZ 5 -->\r\n    <div class=\"ix\" id=\"quiz5\">\r\n      <div class=\"ix-head\"><span class=\"ix-chip\">Self-test<\/span><h4>Chapter 5 Quiz \u2014 QA hierarchy, reviews &amp; reporting<\/h4><\/div>\r\n      <div class=\"ix-body\">\r\n        <p class=\"ix-help\">Seven questions from Chapter 5. Pick an answer to lock it; the explanation appears below.<\/p>\r\n        <div id=\"quizStage5\"><\/div>\r\n        <div class=\"quiz-foot\"><span class=\"quiz-score\" id=\"quizScore5\">Score 0 \/ 0<\/span><button class=\"quiz-btn\" id=\"quizNext5\" disabled>Next &rarr;<\/button><\/div>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"recap\" id=\"c5-recap\">\r\n      <div class=\"recap-title\">&#9889; Chapter 5 \u2014 Quick Recap<\/div>\r\n      <table>\r\n        <thead><tr><th>Concept<\/th><th>Key Fact<\/th><\/tr><\/thead>\r\n        <tbody>\r\n          <tr><td>QA benefits<\/td><td>Consistency \u00b7 standardisation \u00b7 linkage \u00b7 credibility<\/td><\/tr>\r\n          <tr><td>QA hierarchy (4 levels)<\/td><td>Professionalism \u00b7 Supervisory \u00b7 Internal \u00b7 External review<\/td><\/tr>\r\n          <tr><td>Self-assessment by<\/td><td>The CAE<\/td><\/tr>\r\n          <tr><td>Peer review by<\/td><td>Members of IAWs of Ministries<\/td><\/tr>\r\n          <tr><td>External review by<\/td><td>O\/o CGA or IIA reviewers<\/td><\/tr>\r\n          <tr><td>Statutory interface<\/td><td>Maintain DDO-wise count of outstanding objections (Test Audit Notes)<\/td><\/tr>\r\n          <tr><td>Two working-paper files<\/td><td>Permanent &amp; Current<\/td><\/tr>\r\n          <tr><td>\"Ten Things\" author<\/td><td>Richard Chambers<\/td><\/tr>\r\n          <tr><td>The readability test<\/td><td>The \"fifth-grader\" test<\/td><\/tr>\r\n        <\/tbody>\r\n      <\/table>\r\n    <\/div>\r\n\r\n    <\/section><!-- \/pane-ch5 -->\r\n    <!-- \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 CHAPTER 6 \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 -->\r\n    <section class=\"chapter-pane\" id=\"pane-ch6\" data-chapter=\"6\">\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c6-hrp\">\r\n      <span class=\"chapter-badge\">CH 6 \u00b7 HR<\/span>\r\n      <h2>Human Resource Management<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">Why people are decisive<\/div>\r\n      <div class=\"def-text\">\r\n        \"The success of any plan or strategy will ultimately be determined by the quality, appropriateness, sufficiency and effective deployment of personnel responsible for its execution.\" Three critical evaluation parameters run through the chapter: <strong>staffing levels, staff qualifications, and staff utilization rates<\/strong>.\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\">\r\n      <span class=\"section-badge\">\u00a7 6.2<\/span>\r\n      <h3>HR planning \u2014 staffing the wing<\/h3>\r\n    <\/div>\r\n\r\n    <p>Each Department must have a dedicated IAW staffed by auditors &amp; supervisors at <strong>Group A, B and C<\/strong> levels in adequate numbers, assessed rationally and scientifically. Parameters for setting staffing requirements:<\/p>\r\n\r\n    <ul class=\"note-list\">\r\n      <li><span class=\"nl-tag\">UNITS<\/span><span class=\"nl-text\">Number of audit units, and number of employees in each unit.<\/span><\/li>\r\n      <li><span class=\"nl-tag\">BUDGET<\/span><span class=\"nl-text\">Budget of each audit unit, and the <strong>inherent risks<\/strong> in its functioning.<\/span><\/li>\r\n      <li><span class=\"nl-tag\">TIME<\/span><span class=\"nl-text\">Time to complete an engagement (incl. travel) and for <strong>report writing<\/strong>.<\/span><\/li>\r\n      <li><span class=\"nl-tag\">CPE<\/span><span class=\"nl-text\">Time reserved for <strong>training &amp; continuous professional education<\/strong>, and the period spent on leave.<\/span><\/li>\r\n      <li><span class=\"nl-tag\">EXTRA<\/span><span class=\"nl-text\">Nature &amp; length of assignments, plus additional <strong>special audits<\/strong>; staff requirement reviewed at periodic intervals.<\/span><\/li>\r\n    <\/ul>\r\n\r\n    <p>Manpower is worked out from these parameters plus the number of auditee units identified for <strong>annual, biennial and triennial<\/strong> audit, the audit man-days required, and the available working days in a calendar year. The numbers vary by Ministry; only generic parameters are given, and forming the team is the CAE's responsibility.<\/p>\r\n\r\n    <div class=\"section-heading-block\" id=\"c6-external\">\r\n      <span class=\"section-badge teal\">\u00a7 6.3<\/span>\r\n      <h3>External service providers<\/h3>\r\n    <\/div>\r\n\r\n    <div class=\"callout teal\">\r\n      <div class=\"callout-label\">Hiring specialists \u2014 the conditions<\/div>\r\n      <p>With increasingly complex operations, the CAE may hire individuals\/firms with the requisite skills, after adhering to <strong>GFR provisions<\/strong> and Government orders. The CAE assesses their <strong>competency, independence &amp; objectivity<\/strong> against experience, education, training and professional membership. Consultants work under the CAE's overall control, and <strong>responsibility for quality &amp; timely delivery remains with the CAE<\/strong>.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c6-skills\">\r\n      <span class=\"section-badge amber\">\u00a7 6.4<\/span>\r\n      <h3>Skills, training &amp; proficiency<\/h3>\r\n    <\/div>\r\n\r\n    <p>With RBIA, computerisation, governance thrust and Big Data, auditors must be trained extensively in <strong>seven areas<\/strong>:<\/p>\r\n\r\n    <div class=\"info-row\">\r\n      <div class=\"info-card t-amber\"><div class=\"ic-big\">1<\/div><div class=\"ic-cap\">Evaluation of internal controls.<\/div><\/div>\r\n      <div class=\"info-card t-amber\"><div class=\"ic-big\">2<\/div><div class=\"ic-cap\">Risk-based audit, risk assessment, risk-matrix design, mapping risks with controls.<\/div><\/div>\r\n      <div class=\"info-card t-amber\"><div class=\"ic-big\">3<\/div><div class=\"ic-cap\">Application of professional standards.<\/div><\/div>\r\n      <div class=\"info-card t-amber\"><div class=\"ic-big\">4<\/div><div class=\"ic-cap\">Sampling techniques.<\/div><\/div>\r\n      <div class=\"info-card t-amber\"><div class=\"ic-big\">5<\/div><div class=\"ic-cap\">Report-writing techniques.<\/div><\/div>\r\n      <div class=\"info-card t-amber\"><div class=\"ic-big\">6<\/div><div class=\"ic-cap\">Auditing in a computerised environment (CAATs).<\/div><\/div>\r\n      <div class=\"info-card t-amber\"><div class=\"ic-big\">7<\/div><div class=\"ic-cap\">Performance &amp; governance audits.<\/div><\/div>\r\n    <\/div>\r\n\r\n    <p>Auditors are encouraged to pursue certifications \u2014 the <strong>Certified Internal Auditor (CIA)<\/strong> and <strong>CGAP<\/strong> designations \u2014 and must continue their education (<strong>CPE<\/strong>) to stay current with the IIA's <strong>IPPF<\/strong> guidance. The internal audit activity must <strong>collectively<\/strong> possess the necessary knowledge, skills &amp; competencies \u2014 an annual analysis identifies gaps to fill by development, recruiting or co-sourcing. Maintaining proficiency also covers the knowledge to <strong>identify indicators of fraud<\/strong>, knowledge of key IT risks\/controls, understanding of Government rules for assessing materiality of deviations, and strong people &amp; communication skills.<\/p>\r\n\r\n    <div class=\"section-heading-block\" id=\"c6-pdp\">\r\n      <span class=\"section-badge purple\">\u00a7 6.5\u20136.6<\/span>\r\n      <h3>Competency planning &amp; the Professional Development Plan<\/h3>\r\n    <\/div>\r\n\r\n    <p class=\"compare-intro\"><strong>The five stages of competency planning.<\/strong><\/p>\r\n    <ol class=\"parts-list decimal purple\">\r\n      <li>Establish the <strong>vision &amp; desired capability level<\/strong> of the Internal Audit Department.<\/li>\r\n      <li>Develop a <strong>strategic competency plan<\/strong>.<\/li>\r\n      <li>Identify <strong>existing competencies<\/strong>.<\/li>\r\n      <li>Identify <strong>competency gaps<\/strong>.<\/li>\r\n      <li>Develop an action plan to fill the gaps \u2014 <strong>\"buy, build, retain\"<\/strong> people strategies.<\/li>\r\n    <\/ol>\r\n\r\n    <p>The four steps to establish the <strong>Professional Development Plan<\/strong> (a strategic driver presented to the Audit Committee):<\/p>\r\n    <div class=\"flow purple\">\r\n      <div class=\"flow-step\"><div class=\"fs-num\">STEP 1<\/div><div class=\"fs-title\">Review now<\/div><div class=\"fs-text\">Including gaps from the strategic competency plan.<\/div><\/div>\r\n      <div class=\"flow-step\"><div class=\"fs-num\">STEP 2<\/div><div class=\"fs-title\">Decide vision &amp; skills<\/div><div class=\"fs-text\">Goals, audit plan and the skills to develop.<\/div><\/div>\r\n      <div class=\"flow-step\"><div class=\"fs-num\">STEP 3<\/div><div class=\"fs-title\">Decide how<\/div><div class=\"fs-text\">Incorporate into a professional development plan.<\/div><\/div>\r\n      <div class=\"flow-step\"><div class=\"fs-num\">STEP 4<\/div><div class=\"fs-title\">Implement &amp; report<\/div><div class=\"fs-text\">Periodically report results to the Audit Committee.<\/div><\/div>\r\n    <\/div>\r\n\r\n    <p>Time-tested methods for <strong>developing &amp; retaining<\/strong> quality professionals: challenging, varied assignments; quality supervision; participation across audit phases; opportunities to lead; involvement in QA-review prep &amp; Departmental task forces; rotation through teams\/programs; and participation in annual risk-assessment activities.<\/p>\r\n\r\n    <!-- QUIZ 6 -->\r\n    <div class=\"ix\" id=\"quiz6\">\r\n      <div class=\"ix-head\"><span class=\"ix-chip\">Self-test<\/span><h4>Chapter 6 Quiz \u2014 staffing, skills &amp; development<\/h4><\/div>\r\n      <div class=\"ix-body\">\r\n        <p class=\"ix-help\">Seven questions from Chapter 6. Pick an answer to lock it; the explanation appears below.<\/p>\r\n        <div id=\"quizStage6\"><\/div>\r\n        <div class=\"quiz-foot\"><span class=\"quiz-score\" id=\"quizScore6\">Score 0 \/ 0<\/span><button class=\"quiz-btn\" id=\"quizNext6\" disabled>Next &rarr;<\/button><\/div>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"recap\" id=\"c6-recap\">\r\n      <div class=\"recap-title\">&#9889; Chapter 6 \u2014 Quick Recap<\/div>\r\n      <table>\r\n        <thead><tr><th>Concept<\/th><th>Key Fact<\/th><\/tr><\/thead>\r\n        <tbody>\r\n          <tr><td>Three evaluation parameters<\/td><td>Staffing levels \u00b7 qualifications \u00b7 utilization rates<\/td><\/tr>\r\n          <tr><td>Staff levels<\/td><td>Group A, B and C officials<\/td><\/tr>\r\n          <tr><td>Audit periodicity classes<\/td><td>Annual \u00b7 biennial \u00b7 triennial<\/td><\/tr>\r\n          <tr><td>External providers \u2014 GFR<\/td><td>Hired per GFR; <strong>CAE retains responsibility<\/strong> for quality<\/td><\/tr>\r\n          <tr><td>Seven training areas<\/td><td>Controls \u00b7 RBIA \u00b7 standards \u00b7 sampling \u00b7 reporting \u00b7 CAATs \u00b7 perf\/governance<\/td><\/tr>\r\n          <tr><td>Certifications<\/td><td>CIA &amp; CGAP; ongoing CPE<\/td><\/tr>\r\n          <tr><td>Competency planning<\/td><td>5 stages \u2192 \"buy, build, retain\"<\/td><\/tr>\r\n          <tr><td>Development plan<\/td><td>4 steps; presented to Audit Committee<\/td><\/tr>\r\n        <\/tbody>\r\n      <\/table>\r\n    <\/div>\r\n\r\n    <\/section><!-- \/pane-ch6 -->\r\n    <!-- \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 CHAPTER 7 (EXHIBITS) \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 -->\r\n    <section class=\"chapter-pane\" id=\"pane-ch7\" data-chapter=\"7\">\r\n\r\n    <div class=\"chapter-heading-block\" id=\"c7-exhibits\">\r\n      <span class=\"chapter-badge\">CH 7 \u00b7 REFERENCE<\/span>\r\n      <h2>Exhibits &amp; Glossary<\/h2>\r\n    <\/div>\r\n\r\n    <div class=\"def-card\">\r\n      <div class=\"def-label\">Why this reference matters<\/div>\r\n      <div class=\"def-text\">\r\n        The Handbook closes with <strong>six Exhibits<\/strong> \u2014 worked formats an auditor can adapt directly. Exhibits <strong>IV<\/strong> (RBIA steps) and <strong>VI<\/strong> (Risk Register) carry the most operational detail.\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"table-wrap\"><table class=\"compare-table wide\">\r\n      <colgroup><col style=\"width:10%\"><col style=\"width:34%\"><col style=\"width:56%\"><\/colgroup>\r\n      <thead><tr><th>#<\/th><th>Exhibit<\/th><th>What it contains<\/th><\/tr><\/thead>\r\n      <tbody>\r\n        <tr><td class=\"code-cell\">I<\/td><td class=\"label-cell\">Annual Review Format for IAW<\/td><td>The prescribed format submitted to O\/o CGA by 31 May. Three chapters: executive summary &amp; performance; summary of paras; and the list of important irregularities (non-recovery of Govt dues, overpayment, idle machinery\/surplus stores, loss\/infructuous stores).<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">II<\/td><td class=\"label-cell\">Internal Audit Report Template<\/td><td>The sample structure for an internal audit report.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">III<\/td><td class=\"label-cell\">Role of Financial Advisor<\/td><td>The <strong>Redefined Charter for Financial Advisers<\/strong> (OM F.No.5(6)\/L&amp;C\/2006, dated 1 June 2006) \u2014 the scheme of the Integrated Financial Adviser.<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">IV<\/td><td class=\"label-cell\">Steps on Risk Based Audit<\/td><td>The detailed three-stage RBIA methodology and the five-level risk-maturity ladder (see \u00a77.2 below).<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">V<\/td><td class=\"label-cell\">Vulnerable Areas of IT<\/td><td>Sample survey for identifying vulnerable areas of IT (and the IT Audit Universe).<\/td><\/tr>\r\n        <tr><td class=\"code-cell\">VI<\/td><td class=\"label-cell\">Sample Risk Register<\/td><td>A sample risk register for Ministries\/Departments \u2014 maps risks, impact\/likelihood, existing &amp; required controls, residual risk, control owner &amp; timeline.<\/td><\/tr>\r\n      <\/tbody>\r\n    <\/table><\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c7-rbia\">\r\n      <span class=\"section-badge teal\">\u00a7 7.2<\/span>\r\n      <h3>RBIA stages &amp; the maturity ladder (Exhibit IV)<\/h3>\r\n    <\/div>\r\n\r\n    <p>Before commencing RBIA, the CAE presents the benefits and challenges to the Ministry and prepares a register of significant risks and audit activities \u2014 the <strong>Risk and Audit Universe (RAU)<\/strong>. The three stages:<\/p>\r\n\r\n    <div class=\"flow teal\">\r\n      <div class=\"flow-step\"><div class=\"fs-num\">STAGE 1<\/div><div class=\"fs-title\">Assess risk maturity<\/div><div class=\"fs-text\">Meet officials; assemble objectives, risk-scoring &amp; risk-appetite info; audit the risk-management processes; conclude with a Report on Risk Maturity.<\/div><\/div>\r\n      <div class=\"flow-step\"><div class=\"fs-num\">STAGE 2<\/div><div class=\"fs-title\">Produce the audit plan<\/div><div class=\"fs-text\">Filter inherent risks (no-audit \/ tolerate \/ third-party \/ assured), assign risks to audits, set up the RAU.<\/div><\/div>\r\n      <div class=\"flow-step\"><div class=\"fs-num\">STAGE 3<\/div><div class=\"fs-title\">Individual assurance audits<\/div><div class=\"fs-text\">Perform risk-based audits and feed results back into the RAU.<\/div><\/div>\r\n    <\/div>\r\n\r\n    <p class=\"compare-intro\"><strong>The five levels of risk maturity<\/strong> (IIA position statement) \u2014 they depend on the design &amp; effectiveness of the ERM system.<\/p>\r\n    <div class=\"table-wrap\"><table class=\"compare-table\">\r\n      <colgroup><col style=\"width:26%\"><col style=\"width:74%\"><\/colgroup>\r\n      <thead><tr><th>Level<\/th><th>Meaning<\/th><\/tr><\/thead>\r\n      <tbody>\r\n        <tr><td class=\"label-cell\">Risk Na\u00efve<\/td><td>No formal approach to risk management developed.<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Risk Aware<\/td><td>Scattered, silo approach to risk management; no risk register, only a few managers have determined their risks.<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Risk Defined<\/td><td>Strategy &amp; policies defined and communicated.<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Risk Managed<\/td><td>Enterprise-wide approach developed and communicated.<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Risk Enabled<\/td><td>Risk management &amp; internal control fully embedded in operations.<\/td><\/tr>\r\n      <\/tbody>\r\n    <\/table><\/div>\r\n\r\n    <div class=\"callout amber\">\r\n      <div class=\"callout-label\">The na\u00efve \/ aware caution<\/div>\r\n      <p>For Departments subject to risk-management regulations, the <strong>\"risk na\u00efve\" and \"risk aware\" levels are not acceptable<\/strong>, and the Audit Committee must be told. At low maturity, internal audit should <em>not<\/em> determine risks without Ministry involvement or maintain its own list \u2014 that reinforces the false belief that internal audit owns risk management. But where the Ministry cannot participate, the IAW may prepare its own Risk Registers, share them, and conclude (after a specified reasonable period without feedback) that its assessment is acceptable \u2014 a <strong>short-term solution only<\/strong>.<\/p>\r\n    <\/div>\r\n\r\n    <div class=\"section-heading-block\" id=\"c7-glossary\">\r\n      <span class=\"section-badge purple\">\u00a7 7.3<\/span>\r\n      <h3>Glossary of key terms<\/h3>\r\n    <\/div>\r\n\r\n    <p>The Handbook's glossary supplies the precise wording of the key terms used throughout. The principal terms:<\/p>\r\n\r\n    <div class=\"table-wrap\"><table class=\"compare-table\">\r\n      <colgroup><col style=\"width:26%\"><col style=\"width:74%\"><\/colgroup>\r\n      <thead><tr><th>Term<\/th><th>Definition<\/th><\/tr><\/thead>\r\n      <tbody>\r\n        <tr><td class=\"label-cell\">Add Value<\/td><td>Facilitate achievement of objectives by identifying areas &amp; recommending measures to reduce risk and\/or improve operations.<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Audit Observation<\/td><td>Any identified &amp; validated gap between the current and desired state arising from an engagement.<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Audit Sampling<\/td><td>Auditing a part of a population to draw an inference about the entire population.<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Criteria<\/td><td>The standards\/measures used in evaluation \u2014 <strong>\"what should exist.\"<\/strong><\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Condition<\/td><td>The factual evidence the auditor found \u2014 <strong>\"what does exist.\"<\/strong><\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Cause<\/td><td>The reason(s) for the difference between expected and actual conditions.<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Effect \/ Consequence<\/td><td>The risk or exposure arising from the variance between condition and criteria.<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Residual Risk<\/td><td>The portion of inherent risk remaining after management executes its risk-management process.<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Reasonable Assurance<\/td><td>A level of assurance supported by generally accepted procedures and judgments.<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Internal Control<\/td><td>A process providing reasonable assurance on effectiveness\/efficiency of operations, reliability of financial reporting, and compliance with laws.<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Gender Mainstreaming<\/td><td>Incorporating a gender-equality perspective at all levels\/stages of policy; ultimate goal is gender equality.<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Risk Response (Mitigation)<\/td><td>Action to achieve a risk strategy \u2014 avoidance, reduction, sharing or acceptance.<\/td><\/tr>\r\n        <tr><td class=\"label-cell\">Fraud<\/td><td>Any illegal act to obtain money\/property\/services, avoid payment, or secure personal\/business advantage.<\/td><\/tr>\r\n      <\/tbody>\r\n    <\/table><\/div>\r\n\r\n    <!-- QUIZ 7 -->\r\n    <div class=\"ix\" id=\"quiz7\">\r\n      <div class=\"ix-head\"><span class=\"ix-chip\">Self-test<\/span><h4>Exhibits Quiz \u2014 Exhibits, RBIA stages &amp; glossary<\/h4><\/div>\r\n      <div class=\"ix-body\">\r\n        <p class=\"ix-help\">Eight questions from the Exhibits &amp; glossary. Pick an answer to lock it; the explanation appears below.<\/p>\r\n        <div id=\"quizStage7\"><\/div>\r\n        <div class=\"quiz-foot\"><span class=\"quiz-score\" id=\"quizScore7\">Score 0 \/ 0<\/span><button class=\"quiz-btn\" id=\"quizNext7\" disabled>Next &rarr;<\/button><\/div>\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <div class=\"recap\" id=\"c7-recap\">\r\n      <div class=\"recap-title\">&#9889; Exhibits \u2014 Quick Recap<\/div>\r\n      <table>\r\n        <thead><tr><th>Concept<\/th><th>Key Fact<\/th><\/tr><\/thead>\r\n        <tbody>\r\n          <tr><td>Total Exhibits<\/td><td><strong>6<\/strong> (I\u2013VI)<\/td><\/tr>\r\n          <tr><td>Exhibit I<\/td><td>Annual Review Format (due 31 May)<\/td><\/tr>\r\n          <tr><td>Exhibit III<\/td><td>Redefined Charter for Financial Advisers (1 June 2006)<\/td><\/tr>\r\n          <tr><td>Exhibit IV<\/td><td>RBIA steps &amp; maturity ladder<\/td><\/tr>\r\n          <tr><td>Exhibit VI<\/td><td>Sample Risk Register<\/td><\/tr>\r\n          <tr><td>RBIA three stages<\/td><td>Assess maturity \u2192 produce plan\/RAU \u2192 assurance audits<\/td><\/tr>\r\n          <tr><td>5 maturity levels<\/td><td>Na\u00efve \u00b7 Aware \u00b7 Defined \u00b7 Managed \u00b7 Enabled<\/td><\/tr>\r\n          <tr><td>Na\u00efve\/Aware acceptable?<\/td><td><strong>No<\/strong> for regulated Departments \u2014 tell the Committee<\/td><\/tr>\r\n          <tr><td>Criteria \/ Condition<\/td><td>\"Should exist\" \/ \"What exists\"<\/td><\/tr>\r\n          <tr><td>Residual risk<\/td><td>Inherent risk remaining after risk management<\/td><\/tr>\r\n        <\/tbody>\r\n      <\/table>\r\n    <\/div>\r\n\r\n    <\/section><!-- \/pane-ch7 -->\r\n  <\/main>\r\n<\/div>\r\n<script>\r\n\/* \u2500\u2500\u2500\u2500\u2500 Chapter (tab) switching + sidebar navigation \u2500\u2500\u2500\u2500\u2500 *\/\r\n(function(){\r\n  var details = Array.prototype.slice.call(document.querySelectorAll('details.toc-chapter'));\r\n  var panes   = Array.prototype.slice.call(document.querySelectorAll('section.chapter-pane'));\r\n\r\n  function showChapter(n, scrollTop){\r\n    panes.forEach(function(p){ p.classList.toggle('active', p.getAttribute('data-chapter') === String(n)); });\r\n    if (scrollTop){\r\n      var pane = document.getElementById('pane-ch'+n);\r\n      if (pane) pane.scrollIntoView({behavior:'smooth', block:'start'});\r\n    }\r\n  }\r\n\r\n  details.forEach(function(d){\r\n    d.addEventListener('toggle', function(){\r\n      if (d.open){\r\n        details.forEach(function(o){ if (o !== d) o.open = false; });\r\n        showChapter(d.getAttribute('data-chapter'), false);\r\n      }\r\n    });\r\n  });\r\n\r\n  Array.prototype.slice.call(document.querySelectorAll('.toc-sub-list a[href^=\"#\"]')).forEach(function(a){\r\n    a.addEventListener('click', function(e){\r\n      var id = a.getAttribute('href').slice(1);\r\n      var target = document.getElementById(id);\r\n      if (!target) return;\r\n      e.preventDefault();\r\n      var pane = target.closest('.chapter-pane');\r\n      if (pane){\r\n        var ch = pane.getAttribute('data-chapter');\r\n        var d  = document.querySelector('details.toc-chapter[data-chapter=\"'+ch+'\"]');\r\n        if (d && !d.open) d.open = true;\r\n        showChapter(ch, false);\r\n      }\r\n      Array.prototype.slice.call(document.querySelectorAll('.toc-sub-list a.active')).forEach(function(x){ x.classList.remove('active'); });\r\n      a.classList.add('active');\r\n      requestAnimationFrame(function(){ target.scrollIntoView({behavior:'smooth', block:'start'}); });\r\n    });\r\n  });\r\n})();\r\n\r\n\/* \u2500\u2500\u2500\u2500\u2500 Quiz factory \u2500\u2500\u2500\u2500\u2500 *\/\r\nfunction buildQuiz(stageId, scoreId, nextId, questions){\r\n  var stage = document.getElementById(stageId);\r\n  var scoreEl = document.getElementById(scoreId);\r\n  var nextBtn = document.getElementById(nextId);\r\n  if (!stage) return;\r\n  var idx = 0, score = 0, answered = 0;\r\n\r\n  function render(){\r\n    var q = questions[idx];\r\n    var html = '<div class=\"quiz-q\"><span class=\"q-tag\">Q'+(idx+1)+'<\/span><span>'+q.q+'<\/span><\/div><div class=\"quiz-opts\">';\r\n    q.opts.forEach(function(opt, i){ html += '<button class=\"quiz-opt\" data-i=\"'+i+'\">'+opt+'<\/button>'; });\r\n    html += '<\/div><div class=\"quiz-fb\"><\/div>';\r\n    stage.innerHTML = html;\r\n    var fb = stage.querySelector('.quiz-fb');\r\n    var opts = Array.prototype.slice.call(stage.querySelectorAll('.quiz-opt'));\r\n    opts.forEach(function(b){\r\n      b.addEventListener('click', function(){\r\n        var chosen = parseInt(b.getAttribute('data-i'), 10);\r\n        opts.forEach(function(x){ x.classList.add('lock'); });\r\n        opts[q.a].classList.add('correct');\r\n        if (chosen === q.a){ score++; }\r\n        else { b.classList.add('wrong'); }\r\n        answered++;\r\n        scoreEl.textContent = 'Score '+score+' \/ '+answered;\r\n        fb.innerHTML = (chosen === q.a ? '<strong>Correct.<\/strong> ' : '<strong>Not quite.<\/strong> ') + q.fb;\r\n        nextBtn.disabled = (idx >= questions.length - 1);\r\n        if (idx >= questions.length - 1){ nextBtn.textContent = 'Done \\u2713'; }\r\n      });\r\n    });\r\n  }\r\n  nextBtn.addEventListener('click', function(){\r\n    if (idx < questions.length - 1){ idx++; nextBtn.disabled = true; render(); }\r\n  });\r\n  render();\r\n}\r\n\r\nbuildQuiz('quizStageF','quizScoreF','quizNextF',[\r\n  {q:'Under Rule 236(1) of GFR 2017, the accounts of all Grantee Institutions are open to audit by \\u2014', opts:['Only the C&AG','Only internal audit by the PAO','Both the C&AG (under the DPC Act 1971) and internal audit by the Principal Accounts Office','Only the sanctioning authority'], a:2, fb:'Rule 236(1) is explicit: grantee accounts are open to inspection by the sanctioning authority AND to audit by BOTH the C&AG (under the DPC Act, 1971) and internal audit by the Principal Accounts Office. A provision to this effect must invariably be in all grants-in-aid sanction orders.'},\r\n  {q:'Under Rule 70 of GFR 2017, the Chief Accounting Authority of a Ministry\/Department is the \\u2014', opts:['Financial Adviser','Secretary','Controller General of Accounts','Chief Controller of Accounts'], a:1, fb:'Rule 70 makes the Secretary the Chief Accounting Authority, responsible and accountable for financial management and for adopting systems that afford internal controls to avoid unauthorised, irregular and wasteful expenditure.'},\r\n  {q:'Rule 72 of GFR 2017, read with Article 150 of the Constitution, provides that the form of Union accounts is prescribed by \\u2014', opts:['The C&AG directly','The President on the advice of the C&AG, with the CGA prescribing the form','Parliament by resolution','The Finance Minister'], a:1, fb:'Under Article 150 the accounts are kept in the form the President prescribes on the C&AG\\u2019s advice; Rule 72 places the responsibility for prescribing that form (for the Union and States) on the Controller General of Accounts.'},\r\n  {q:'Para 12.2.1 of the Civil Accounts Manual places the Internal Audit Unit directly under the \\u2014', opts:['Secretary','Financial Adviser','Pr.CCA \/ CCA \/ CA (with independent charge)','C&AG'], a:2, fb:'Para 12.2.1 CAM: the IAU works directly under the Pr.CCA\/CCA\/CA (independent charge), with overall responsibility remaining with the Financial Adviser and the Secretary; its jurisdiction also extends to implementing agencies of schemes.'},\r\n  {q:'The Civil Accounts Organisation under the Controller General of Accounts came into existence on \\u2014', opts:['1 April 1973','1 April 1976','1 April 1980','1 April 1989'], a:1, fb:'Following departmentalisation of accounts (recommended by the Yardi Committee, 1973), the CGA\\u2019s Civil Accounts Organisation came into existence on 1 April 1976.'},\r\n  {q:'The committee that recommended departmentalisation of accounts and strengthening of internal audit was the \\u2014', opts:['S.B. Lal Committee','Yardi Committee','Rattan Watal Committee','L.K. Jha Committee'], a:1, fb:'The Yardi Committee (eight members under Finance Secretary M.P. Yardi, report 14 Aug 1973) recommended departmentalisation of accounts, a Management Accounting System, and strengthening of internal audit.'},\r\n  {q:'This Handbook differs from its companion Manual in that the Handbook primarily provides \\u2014', opts:['Checklists and worked exhibits for fieldwork','Theory, concepts and the 32 Internal Audit Guidelines','Statutory audit formats','Pay and pension rules'], a:1, fb:'The Handbook is the conceptual\/policy reference (the \"why\" and \"what\") and embeds the 32 Guidelines; the Manual carries the practice advisories, checklists and exhibits (the \"how\").'},\r\n  {q:'In the Guidelines, the word \"must\" denotes \\u2014', opts:['A recommended best practice','An unconditional requirement','An optional step','A deadline'], a:1, fb:'\"Must\" signals an unconditional requirement, whereas \"should\" indicates conformance is expected unless functional judgment justifies a deviation.'}\r\n]);\r\n\r\nbuildQuiz('quizStage1','quizScore1','quizNext1',[\r\n  {q:'The CGA\\u2019s Internal Audit Guidelines number \\u2014', opts:['24 in 3 Sections','28 in 4 Sections','32 in 4 Sections','36 in 6 Sections'], a:2, fb:'There are 32 mandatory, principle-based Guidelines arranged in four Sections: A General (1\\u20138), B CGA-Level (9\\u201313), C Ministry-Level (14\\u201324), D Engagement (25\\u201332).'},\r\n  {q:'The IIA definition describes internal auditing as an independent, objective assurance and consulting activity that evaluates and improves \\u2014', opts:['Only financial statements','Risk management, control and governance processes','Only statutory compliance','Procurement only'], a:1, fb:'The definition centres on a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.'},\r\n  {q:'\"Audit Risk\" guarded against by the Guidelines includes giving a positive assurance when a substantial issue exists \\u2014 this is a \\u2014', opts:['False negative','False positive','Residual risk','Inherent risk'], a:1, fb:'A false positive is a positive assurance despite a real issue; a false negative is an adverse opinion when conditions are actually satisfactory. Tolerable audit risk is set by the Audit Committee.'},\r\n  {q:'Under Guideline 3, a Ministry\\u2019s IAW is presumed independent only if the CAE meets \\u2014', opts:['Any one of the five criteria','A majority of the criteria','ALL of the five criteria','The Secretary\\u2019s sole approval'], a:2, fb:'The five-test presumption requires ALL of: accountable to the Secretary; reports results to both Secretary and Audit Committee; outside line\/staff management; access to the Audit Committee; free of political reprisal \\u2014 achieved via a dual-reporting relationship.'},\r\n  {q:'Under Guideline 8, the three types of engagement procedures are \\u2014', opts:['Audit, inspection and survey','Examination, review and agreed-upon procedures','Compliance, propriety and performance','Planning, fieldwork and reporting'], a:1, fb:'Guideline 8 lists examination, review, and agreed-upon procedures; an agreed-upon-procedures engagement expresses no opinion or conclusion \\u2014 only the findings of the applied procedure.'},\r\n  {q:'Under Guideline 16, the risk-based Annual Internal Audit Plan is finalised by \\u2014', opts:['15 January','15 February','1 March','31 May'], a:0, fb:'The plan is finalised by 15 January and revised by 15 February to align with the Finance Bill; it is presented to the Audit Committee by 1 March.'},\r\n  {q:'Under Guideline 17, the CAE presents the plan\\u2019s challenges in three risk categories \\u2014', opts:['Inherent, residual and control risk','Audit failure, false assurance and reputation risk','Strategic, operational and financial risk','High, medium and low risk'], a:1, fb:'Guideline 17 frames challenges as audit failure, false assurance, and reputation risk, along with the impact of resource limitations.'},\r\n  {q:'Under Guideline 32, an inordinate delay in disposing of audit results is treated as \\u2014', opts:['A reason to re-audit','Management having accepted the risk','A QAIP deficiency','Grounds to close the engagement'], a:1, fb:'Inordinate delay implies management has accepted the risk; this is included in the yearly reporting of unacceptable risks to the Audit Committee.'}\r\n]);\r\n\r\nbuildQuiz('quizStage2','quizScore2','quizNext2',[\r\n  {q:'Which of the following is a methodology rather than a type of audit?', opts:['Compliance audit','Propriety audit','Performance audit','RBIA'], a:3, fb:'Compliance, propriety and performance are types of audit; RBIA (Risk Based Internal Audit) is a methodology that links internal auditing to the Ministry\\u2019s overall risk-management framework.'},\r\n  {q:'Propriety audit \\u2014 examining the wisdom, faithfulness and economy of expenditure even if rules are followed \\u2014 includes which audit as part of it?', opts:['Performance audit','Financial audit','Gender audit','IT audit'], a:1, fb:'Financial audit (grant\/contract audit and fraud\/financial-irregularity audit) is conducted as part of propriety audit, which goes beyond the formality of expenditure.'},\r\n  {q:'Every risk has two components, namely \\u2014', opts:['Cause and effect','Likelihood and impact','Inherent and residual','Strategic and operational'], a:1, fb:'A risk is the possibility of an adverse event; its two components are likelihood (probability) and impact (consequence).'},\r\n  {q:'On a 1\\u20133 scoring grid, a risk is treated as a \"key risk\" requiring action when its score is \\u2014', opts:['3 or above','4 or above','6 or above','9 only'], a:2, fb:'The maximum score is 9 (impact \\u00d7 likelihood); any risk scoring 6 or above is a key risk on which action must be taken.'},\r\n  {q:'The control score is calculated as \\u2014', opts:['Inherent risk plus residual risk','Inherent risk minus residual risk','Likelihood times impact','Residual risk minus acceptable risk'], a:1, fb:'Control score = inherent risk minus residual risk; the higher the control score, the more important the control.'},\r\n  {q:'The \"4 T\\u2019s\" of risk response are \\u2014', opts:['Test, Track, Tolerate, Transfer','Transfer, Tolerate, Terminate, Treat','Treat, Trace, Transfer, Tolerate','Terminate, Test, Track, Treat'], a:1, fb:'The four responses are Transfer (e.g. insurance), Tolerate (accept), Terminate (stop the activity) and Treat (apply controls \\u2014 usually the most relevant in Government).'},\r\n  {q:'How many components does the COSO internal-control framework have?', opts:['Three','Four','Five','Six'], a:2, fb:'COSO has five components: control environment, risk assessment, control activities, information & communication, and monitoring.'},\r\n  {q:'Bank reconciliation and physical verification of fixed assets are examples of which control type?', opts:['Preventive','Detective','Reconstructive','Corrective'], a:1, fb:'These highlight errors after they occur \\u2014 detective controls. Preventive controls (e.g. segregation of duties) stop errors beforehand; reconstructive controls (e.g. disaster recovery) provide backup.'}\r\n]);\r\n\r\nbuildQuiz('quizStage3','quizScore3','quizNext3',[\r\n  {q:'The \"Annual Review at a Glance\" compiled by the IAD reflects financial implications above \\u2014', opts:['Rs 10 lakh','Rs 50 lakh','Rs 1 crore','Rs 5 crore'], a:2, fb:'The IAD\\u2019s \"Annual Review at a Glance\" for the Expenditure Secretary summarises important observations and reflects financial implications above Rupees One Crore.'},\r\n  {q:'The Annual Review on the previous year\\u2019s performance must reach O\/o CGA by \\u2014', opts:['15 January','15 February','31 March','31 May'], a:3, fb:'Key dates: plan finalised 15 Jan, endorsed to IAD 15 Feb, and the Annual Review (Exhibit I format) reaches O\/o CGA by 31 May; the CAE also reviews quarterly before the Audit Committee.'},\r\n  {q:'The Chairperson of a Ministry\\u2019s Audit Committee is the \\u2014', opts:['Financial Advisor','Secretary of the Ministry','CCA\/CA','Joint Secretary'], a:1, fb:'The Secretary chairs the Audit Committee; the Financial Advisor is Vice-Chairperson and the CCA\/CA (the CAE) is the Convener\/Member Secretary.'},\r\n  {q:'Which two documents must the Audit Committee approve?', opts:['The Charter and the Annual Internal Audit Plan','The Budget and the Appropriation Accounts','The Risk Register and the QAIP','The DDG and the SBE'], a:0, fb:'Among its eight terms of reference, the Audit Committee approves the Internal Audit Charter and the Annual Internal Audit Plan.'},\r\n  {q:'CGA guidelines recommend splitting working days between RBIA of schemes and compliance\/regularity audit in the ratio \\u2014', opts:['50:50','60:40','70:30','40:60'], a:1, fb:'The recommended split is 60% of working days for Risk-Based Internal Audit of schemes and 40% for compliance\/regularity audit \\u2014 with both planned on a risk basis.'},\r\n  {q:'To preserve independence, an auditor must not audit a unit where he worked within the past \\u2014', opts:['Six months','One year','Two years','Three years'], a:1, fb:'An auditor must not audit his own decisions, nor a unit in which he worked within the past one year; reports should be prepared within one week and issued after the CAE\\u2019s approval.'},\r\n  {q:'The Internal Audit Division in the O\/o CGA is organised into how many sections?', opts:['Two','Three','Four','Five'], a:1, fb:'The IAD has three sections: (i) Centre of Excellence, (ii) Planning & Coordination, and (iii) Inspection Wing.'},\r\n  {q:'The KPI dashboard is organised around the six elements of the \\u2014', opts:['COSO framework','Internal Audit Capability Model (IA-CM)','FRBM Act','IPPF'], a:1, fb:'KPIs are built around the six IA-CM elements: services of IA, people management, professional practices, performance management & accountability, organisation relationships & culture, and governance structure.'}\r\n]);\r\n\r\nbuildQuiz('quizStage4','quizScore4','quizNext4',[\r\n  {q:'Gender Budgeting was adopted by the Government of India in \\u2014', opts:['2001','2005','2011','2017'], a:1, fb:'India adopted Gender Budgeting in 2005; the Eleventh Five Year Plan (2007\\u201312) recorded the commitment to gender audits. Women constitute about 48% of India\\u2019s population.'},\r\n  {q:'Gender Audit is inclusive as part of which audit types?', opts:['Only performance audit','Only compliance audit','Both compliance and performance audit','Only IT audit'], a:2, fb:'Gender Audit features in compliance audit (gender-sensitive adherence to rules) and performance audit (economy, efficiency & effectiveness of gender equality).'},\r\n  {q:'The five sections of an audit checklist are scope, evidence collection, audit tests, analysis of results, and \\u2014', opts:['Sampling','Conclusion','Follow-up','Reporting'], a:1, fb:'The five sections are scope, evidence collection, audit tests, analysis of results, and conclusion; for beneficiary schemes evidence must include sex-disaggregated data.'},\r\n  {q:'In IT audit, the CIA objectives stand for \\u2014', opts:['Control, Integrity, Access','Confidentiality, Integrity, Availability','Compliance, Inspection, Assurance','Capability, Independence, Authority'], a:1, fb:'IT audit reviews Confidentiality (no unauthorised disclosure), Integrity (no unauthorised modification) and Availability (no service disruption).'},\r\n  {q:'In an IT audit, which controls are reviewed first because they form the basis of the IT control environment?', opts:['Application controls','General Computer Controls (GCC)','Manual controls','Detective controls'], a:1, fb:'General Computer Controls (GCC) are reviewed first; they underpin the IT control environment before application-level controls are assessed.'},\r\n  {q:'The three governance roles supported by the IAW are \\u2014', opts:['Plan, do, check','Oversight, insight, foresight','Detect, deter, deflect','Inform, direct, monitor'], a:1, fb:'The IAW supports oversight (detect & deter corruption), insight (what works and what doesn\\u2019t) and foresight (trends & emerging challenges).'},\r\n  {q:'When giving advisory or investigative services on governance, internal auditors must \\u2014', opts:['Take over the management decision','Not make management decisions or assume a management role','Sign off on the accounts','Replace the statutory auditor'], a:1, fb:'Auditors may advise, assist or investigate but may not make management decisions or assume a management role, and must not audit their own work \\u2014 preserving independence for later audits.'}\r\n]);\r\n\r\nbuildQuiz('quizStage5','quizScore5','quizNext5',[\r\n  {q:'The four-level hierarchy of quality-assurance elements is professionalism, supervisory review, internal review and \\u2014', opts:['Statutory review','External review','Peer rotation','Self-certification'], a:1, fb:'The hierarchy runs Professionalism (individual) \\u2192 Supervisory Review (engagement) \\u2192 Internal Review (aggregate, by a peer outside the line) \\u2192 External Review (the whole function), assured to the Audit Committee.'},\r\n  {q:'A self-assessment of internal audit quality is the responsibility of the \\u2014', opts:['Audit Committee','Chief Audit Executive','Secretary','C&AG'], a:1, fb:'Self-assessment is the CAE\\u2019s responsibility; peer review is by members of other Ministries\\u2019 IAWs; external review is by O\/o CGA or IIA reviewers.'},\r\n  {q:'An external quality review of an IAW is conducted by \\u2014', opts:['The Ministry\\u2019s own staff','O\/o CGA or outsourced IIA reviewers','The Audit Committee alone','The statutory auditor'], a:1, fb:'External reviews are done by the O\/o CGA or outsourced reviewers from the IIA; they examine the plan, working papers, report and follow-up.'},\r\n  {q:'For the statutory-audit interface, the IAW maintains a count of outstanding objections that is \\u2014', opts:['Scheme-wise','DDO-wise','Year-wise','Officer-wise'], a:1, fb:'The IAW keeps a DDO-wise count of outstanding objections from the Test Audit Notes issued by statutory audit, and monitors their settlement.'},\r\n  {q:'Working papers are kept in two files, namely the \\u2014', opts:['Draft and Final files','Permanent and Current files','Risk and Control files','Entry and Exit files'], a:1, fb:'The Permanent Audit File holds enduring material (org chart, system descriptions, risk assessment); the Current Audit File holds the engagement\\u2019s reports, findings, planning and follow-up.'},\r\n  {q:'The \"Ten Things Not to Say in an Internal Audit Report\" were articulated by \\u2014', opts:['Richard Chambers','M.P. Yardi','S.B. Lal','Rattan Watal'], a:0, fb:'The list is Richard Chambers\\u2019 reflections, embedded in the Handbook as a reporting-quality aid.'},\r\n  {q:'Chambers\\u2019 readability check \\u2014 if a young student can\\u2019t understand it, it is too complicated \\u2014 is the \\u2014', opts:['Plain-English test','Fifth-grader test','Materiality test','Reasonable-person test'], a:1, fb:'The \"fifth-grader test\": if a middle-schooler can\\u2019t understand the sentence, it is too complicated and needs a re-write.'}\r\n]);\r\n\r\nbuildQuiz('quizStage6','quizScore6','quizNext6',[\r\n  {q:'The three critical parameters for evaluating internal-audit HR are staffing levels, qualifications and \\u2014', opts:['Salary bands','Utilization rates','Tenure','Location'], a:1, fb:'The chapter turns on staffing levels, staff qualifications and staff utilization rates.'},\r\n  {q:'A dedicated IAW is staffed by auditors and supervisors at which levels?', opts:['Group A only','Group A and B only','Group A, B and C','Group C only'], a:2, fb:'Each Department\\u2019s IAW must have adequate numbers at Group A, B and C levels, assessed rationally and scientifically.'},\r\n  {q:'When hiring external service providers, responsibility for quality and timely delivery \\u2014', opts:['Passes to the provider','Remains with the CAE','Rests with the Audit Committee','Rests with the Secretary'], a:1, fb:'External providers are engaged per GFR provisions and work under the CAE\\u2019s overall control; responsibility for quality and timely delivery remains with the CAE.'},\r\n  {q:'How many core areas of training are prescribed for internal auditors?', opts:['Five','Six','Seven','Eight'], a:2, fb:'Seven areas: evaluation of internal controls; risk-based audit; professional standards; sampling; report writing; auditing in a computerised environment (CAATs); and performance & governance audits.'},\r\n  {q:'Which professional certifications does the Handbook encourage auditors to pursue?', opts:['CA and CMA','CIA and CGAP','CISA and CISSP','CFA and FRM'], a:1, fb:'It encourages the Certified Internal Auditor (CIA) and CGAP designations, with ongoing CPE to stay current with the IIA\\u2019s IPPF.'},\r\n  {q:'Competency planning ends with an action plan based on which people strategies?', opts:['Hire, fire, promote','Buy, build, retain','Train, test, transfer','Recruit, rotate, retire'], a:1, fb:'The five-stage competency plan concludes with \"buy, build, retain\" strategies to fill identified competency gaps.'},\r\n  {q:'The competency required to identify indicators of fraud is part of \\u2014', opts:['Maintaining proficiency','The QAIP','The Audit Charter','The risk register'], a:0, fb:'Maintaining proficiency includes the knowledge to identify indicators of fraud, key IT risks\/controls, materiality of deviations, and strong communication skills.'}\r\n]);\r\n\r\nbuildQuiz('quizStage7','quizScore7','quizNext7',[\r\n  {q:'How many Exhibits does the Handbook contain?', opts:['Four','Five','Six','Eight'], a:2, fb:'There are six Exhibits (I\\u2013VI), from the Annual Review Format (I) to the Sample Risk Register (VI).'},\r\n  {q:'The detailed three-stage RBIA methodology and the risk-maturity ladder appear in \\u2014', opts:['Exhibit I','Exhibit III','Exhibit IV','Exhibit VI'], a:2, fb:'Exhibit IV sets out the steps on Risk Based Audit, including the three RBIA stages and the five-level maturity ladder.'},\r\n  {q:'The three stages of RBIA are assess risk maturity, produce the audit plan, and \\u2014', opts:['Issue the report','Carry out individual risk-based assurance audits','Train the staff','Set the risk appetite'], a:1, fb:'Stage 1 assess maturity; Stage 2 produce the plan and set up the Risk & Audit Universe (RAU); Stage 3 perform individual risk-based audits and feed results back into the RAU.'},\r\n  {q:'The five levels of risk maturity, in order, are \\u2014', opts:['Naive, Aware, Defined, Managed, Enabled','Aware, Naive, Managed, Defined, Enabled','Defined, Naive, Aware, Enabled, Managed','Naive, Defined, Aware, Managed, Enabled'], a:0, fb:'The ladder runs Risk Naive \\u2192 Risk Aware \\u2192 Risk Defined \\u2192 Risk Managed \\u2192 Risk Enabled.'},\r\n  {q:'For Departments subject to risk-management regulations, which maturity levels are NOT acceptable?', opts:['Defined and Managed','Naive and Aware','Managed and Enabled','Aware and Defined'], a:1, fb:'\"Risk Naive\" and \"Risk Aware\" are not acceptable for regulated Departments, and the Audit Committee must be informed.'},\r\n  {q:'In audit terminology, \"what should exist\" (the standard for evaluation) is the \\u2014', opts:['Condition','Criteria','Cause','Effect'], a:1, fb:'Criteria = \"what should exist\"; Condition = \"what does exist\"; Cause = the reason for the difference; Effect\/Consequence = the resulting risk or exposure.'},\r\n  {q:'Residual risk is defined as \\u2014', opts:['The total inherent risk','The risk remaining after management executes its risk-management process','The risk that is transferred','The acceptable risk threshold'], a:1, fb:'Residual risk is the portion of inherent risk that remains after management has executed its risk-management (control) process.'},\r\n  {q:'The Redefined Charter for Financial Advisers reproduced in Exhibit III is dated \\u2014', opts:['1 April 1976','1 June 2006','2 December 2014','18 September 2015'], a:1, fb:'Exhibit III reproduces the Redefined Charter for Financial Advisers (OM dated 1 June 2006), which moved internal audit beyond compliance to controls, risk and value-for-money.'}\r\n]);\r\n<\/script>\r\n\r\n<\/body>\r\n<\/html>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Handbook on Internal Audit in Central Civil Ministries\/Departments \u2014 Interactive Study Notes Handbook on Internal Audit in Central Civil Ministries\/Departments [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"site-sidebar-layout":"no-sidebar","site-content-layout":"","ast-site-content-layout":"full-width-container","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"disabled","ast-banner-title-visibility":"disabled","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"disabled","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[],"tags":[],"class_list":["post-12861","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/promotionexams.com\/index.php?rest_route=\/wp\/v2\/pages\/12861","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/promotionexams.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/promotionexams.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/promotionexams.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/promotionexams.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=12861"}],"version-history":[{"count":13,"href":"https:\/\/promotionexams.com\/index.php?rest_route=\/wp\/v2\/pages\/12861\/revisions"}],"predecessor-version":[{"id":13019,"href":"https:\/\/promotionexams.com\/index.php?rest_route=\/wp\/v2\/pages\/12861\/revisions\/13019"}],"wp:attachment":[{"href":"https:\/\/promotionexams.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12861"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/promotionexams.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12861"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/promotionexams.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=12861"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}