• n the previous issue of Auditable, we dis-

Sponsored Links

Download the ebook

n the previous issue of Auditable, we dis-
cussed about financial risks and the audit
areas related to the same. In this issue
we would learn about the ways to iden-
tify and mitigate these risks.
Audit Objectives
While audit objectives would pri-
marily depend on donor's perspec-
tive, the following can be used as a
guide for framing objectives:
● Optimize overall financial risk
to donor funds entrusted to
Grantee/ Partner;
● Strengthen financial manage-
ment systems of Grantee /
6.Risk based Auditing for NGOs - 2
Oct - Dec 2008 (Released: May 2009)
Should risk be optimized or minimized? At first glance it appears
that risk should be minimized. However, minimization of risk
In this Issue
Audit Objectives
Audit Methodology
Assessing Risk
3. Discussion and review of financial systems
and records -
b. Suggested mitigation measures
4. Debriefing with the Grantee / Partner
Back at the office, a report should be drafted
a. Identification and assessment of risks
which identifies all relevant risks, along with
mitigation measures, where feasible. The
draft should be sent to the Grantee /
Partner for their response and time-
frame for implementing suggested mit-
igation measures. A copy of the draft
report should also be simultaneous-
ly sent to the Donor Agency.
The response from the Grantee /
Partner should be incorporated in
the report at relevant places, along
with suitable comments.The final report
is then released, with one copy going to the
would mean introduction of extensive controls which may affect Partner as well. During subsequent visits, implementation of
the program activities adversely. the suggestions should also be reviewed.
Therefore, one needs to attempt and strike a balance between
financial risk and operational expediency. Because, as Pandit Assessing Risk
Nehru once said, ‘the policy of being too cautious is the greatest One of the key outputs of this audit approach is to help in iden-
risk of all’! tifying the specific risks in the existing systems and controls.
Therefore, when the auditor comes across a single error or
Audit Methodology repeated errors, s/he needs to pause and ask whether this is due
The following program is suggested for a standard audit visit of to a flaw in system design or lapse. If so, then this risk should be
two to four days: listed.
1. Meeting with the Chief Functionary and key members of the Listed risks are then reviewed, and assessed for their implica-
team tions.This gives the auditor an idea whether the risk is significant
2. Courtesy meeting with Board members enough for reporting.
‘The policy of being too cautious is the greatest risk of all’!
-Pandit Jawaharlal Nehru (1889-1964)
AuditAble 6 1
ble 6. Risk based Auditing for NGOs - 2
Oct-Dec’08 (released: April ’09)
All significant risks should be reported to the Partner and the Donor. During reporting, the emphasis should be on clearly iden-
tifying the risk and its implications.
Where a risk requires mitigation, and it is indeed possible to mitigate it1, the mitigation measure should be suggested along-
side. An example of Risk and Mitigation table is given below:
Risk Suggested Mitigation
Signing a blank cheque creates two risks: Partner may consider adopting a multi-tier signatory approach to deal with the problems arising due to non-
1. Possible misuse of the cheque by the other signatory; availability of office bearers at the location. Accordingly, signing authority for operational needs up to a cer-
2. Abdication of his official responsibility (as an office bear- tain monetary limit, say Rs.10,000 or Rs.20,000, can be delegated to the accountant or such other person,
er) by the Finance Trustee. along with an office bearer such as the Managing Trustee. Cheques above this amount would compulsorily
require the signatures of two office bearers.
Expenses may be inflated and Donor funds diverted through Risk arises at a senior management level in Partner organisation and cannot be mitigated by an accounting
use of fictitious or altered duty slips, with or without the procedure.
knowledge of owner of the Taxi Service.
This creates a risk that a bill may be paid or accounted twice, Proof or sample of the material printed should be attached with the bill and voucher. Also the bill should
without the material having been printed. indicate clearly the items printed, and the quantities of each item. Delivery of the items should be acknowl-
edged on the bill by a responsible person at Partner level.
Classification of salary as consultancy payments can lead to Payments made to employees need to be treated as salary and tax should be deducted under section 192,
wrong deduction of tax and subsequent imposition of inter- irrespective of whether the relationship is contractual or through an appointment letter.
est and penalty.
Payment of salaries in cash leaves open the possibility of the Partner may pay all the employees, drawing more than Rs.1500 per month, through account payee cheques
actual payments not being recorded in the register. or bank transfer.
Lack of a manual cash record weakens control over physical Partner should use a cloth bound cash book which can be used as rough cash book and should enter all the
cash as cash cannot be tallied properly. inflows and outflows of cash in this book as and when they occur.
Risk of loss of assets over a period of time, as physical Partner should maintain the Fixed Assets register properly giving the following details:
verification and tally becomes difficult. ● Open one page for each type of asset. For example: one page for computer, one page for TVS, etc.
● Details of assets purchased/donated
● Give identification marks on each asset and also copy these in the asset register
● Location of asset should be mentioned in asset register
● Mention registration number of vehicles in the asset register.
Actual food expenses may be claimed or accounted by If printed cash memo or rubber stamped slip is not available for such expenses, then the plain paper slips
accountant at inflated figures. should show the place (location, village) and shop’s name by hand or the shop owner’s name. The shop
owner himself/ herself should be asked to prepare and sign these. If the shop owner cannot write then the
slip can be prepared by the customer, but must still be signed (or thumb impression marked) by the shop-
There is a risk of booking of expenses which are not Attendance sheets and photographs should be attached with the vouchers. Further, all attendance sheets
supported by adequate operational documents. should carry the following information as a header on all pages to mitigate the risk of mixing up of sheets:
1. Title of workshop,
2. Date,
3. Location,
4. Supported by,
A serial number should be put against each participant’s name.
This type of improper filing can lead to wrong assessment Partner should file a revised income tax return after consulting a CA or tax practitioner familiar with NGO
of income which may lead to imposition of income tax and taxation
penalty on Partner.
By modifying or introducing a procedure or control
2 AuditAble 6
[email protected]
What are the benefits of this approach for the donor and the
Grantee / Partner?
● Tailored coverage of risk in complex forms of
Partnerships (alliances, networks etc.);
● Improved identification of risk by trained financial
● Overall reduction of unexpected risk to Donor funds;
● Strengthened systems at Grantee's / Partner's level,
enabling them to leverage funds from other donors;
● Reduced disruption of critical Partnerships;
● Improved delivery of funds to Donor's/ Partner's
mission and causes.
To implement the above approach successfully, you will need
to work with the Audit Team members and Team Leaders. So
to begin with, they need to understand the concept of Risk-
based auditing.
This essentially involves a shift from locating actual errors
to identifying possibilities of errors. While this is largely a
thinking exercise, it cannot be done sitting in the office. If
feasible, the team should also visit the field area to famil-
iarise itself with the organization’s operating realities.
The risk register can be used as
The team also needs to guard against over-enthusiasm in
loading the NGO with controls and procedures. Each risk
a checklist, which can generate
must be carefully judged for relevance and possible impact, bulk of the Risk and Mitigation
before being listed. Also, the team will need to keep in mind
that an NGO’s operating and control environment is very table. The output can then be
different from a corporation.
modified as required, before
If you are planning to do these audits repeatedly or for a being provided as an annexure
large number of organisations, you can invest some time in
preparing automated worksheet templates using to the report. This approach can
softwares such as Excel or Access. This can be used to build
up a risk register. The risk register can be used as a check-
reduce costs and speed up
list, which can generate bulk of the Risk and Mitigation table
(shown above).The output can then be modified as required,
before being provided as an annexure to the report. This
approach can reduce costs and speed up report-writing.
AuditAble 6 3
a udit
ble 6. Risk based Auditing for NGOs - 2
Oct-Dec’08 (released: April ’09)
the audit plan to reflect emerging issues.
● OmniCompliance (www.newgensoft.com) ensures timely
compliance execution and assessment as well as risk
assessment and controls assessment surveys.
However, most of these are primarily designed for corporate
Software audits and are therefore not very useful for NPO audits.
Computer Assisted Audit Techniques such as Spreadsheets
and SQL databases are being used for quite some time now.
In the Western countries, a large number of computer What is AuditAble:
programs are available for risk-based auditing. Some of the
Each issue of ‘AuditAble’ covers a different topic relat-
audit softwares are:
ed to NGO auditing and is mailed to about 500 NGO

auditors in India. AccountAid encourages reproduction
AutoAudit for Windows® (www.paisley.com) is a com-
or re-distribution of ‘AuditAble’ in professional circles
prehensive audit automation solution to improve the
for non-commercial use, provided the source is
productivity, efficiency and consistency of internal audit
● Reliant Auditor™ (www.reliantaudit.com): By integrat-
AuditAble on the Web: Copies of past issues of
ing continuous monitoring with automated control test-
AuditAble are available at www.Accountaid.net.
ing and remediation, risk assessment, audit plan man-
agement, and a dynamic risk framework, Reliant
Questions?: Your questions, comments and sugges-
Auditor delivers two important outcomes from an audit
tions can be sent to AccountAid India, 55-B, Pocket C,
program: assurance in financial reporting and confi-
Siddharth Extension, New Delhi-110014;
dence in corporate controls.
Phone: 011-2634 3128; Phone/Fax: 011-2634 6041;
● PAWS - Pentana Audit Work System© (www.pen-
e-mail: [email protected]
tana.com) is a solution for governance, risk and assur- © AccountAid™ India iv³m s

Use: 0.0937