General Our approach is that internal auditing, as an added value to the organization, is an important organizational resource that has to be used efficiently for the advantage of the organization, by focusing on conducting internal audits in areas that are of the highest risk to the organization. Our firm embodies over twenty years of experience in the field of internal auditing. We serve as the internal auditors of a number of international corporations whose shares are traded on the Tel Aviv Stock Exchange and on global exchanges, public companies, not-for profit organizations, and private companies. Our client list in the field of internal auditing includes the following: Matrix, Alvarion, DSPG, Magic Software Industries, Attunity, Beit Berl College, Hagoshrim Hotel, MTI, Emblaze, etc. In addition, we render internal auditing services to internal auditors of companies, including Amdocs, Mekorot, Migdal, etc. The internal audit is conducted in accordance with the provisions of the laws that are relevant to the audited company and pursuant to generally accepted auditing standards. In conducting the audit, we incorporate our experience in the field of information systems, including the field of information systems auditing and systems analysis and make use of advanced auditing techniques, including computerized audit tools. In our opinion, the combination of experience in internal auditing and information systems auditing, together with information systems analysis, provides our audit with added value which is to the benefit of the organization. This is reflected in, among other things, implementation of methodologies from the field of information system analysis that provides for a system wide view of the issues being audited and the ability to analyze the processes of the organization in order to identify control problems and failures. The audit process Risk assessment We perform a risk assessment, the goal of which is to determine the list of issues for the organization-wide internal audit (including subsidiaries), and the level of importance (the risk) of each issue from the perspective of the audit. The level of importance of each audit issue is determined on the basis of a risk assessment model. The result of the assessment is a multi-year internal audit plan from which we derive the audit issues for the annual plan. The assessment is updated periodically.
Preparation of an annual audit plan The internal auditor, in coordination with Company Management, prepares a proposed annual internal audit work plan. This plan is based on the risk assessment and ad-hoc needs of the company and the audit. The plan should include the details of the proposed issues, and for each issue, a breakdown of the major examinations, the budget and the deadline for submitting the audit report. The report is submitted for the approval of audit committee (or the parties in charge of the audit at the organization). Conducting the current audit According to our approach, the internal audit is a process that is supposed to check and improve the control mechanisms of the Company. As part of the audit, we check to see, among other things, whether any given process contains appropriate controls, whether control cycles are closed, whether the controls are effective, and whether the provisions of law and the guidelines of management are adhered to. The audit includes the following major phases: · Introductory discussions with executives – The discussions are held "top-down”, with a goal of obtaining an understanding of the audited issue and the people involved therein, presenting the audit process to the audited party, focusing and setting goals and the scope of the audit. · Planning the audit – Conducting a risk assessment for the relevant audit and identifying the major points of risk on which the audit will focus. On the basis of this assessment, a detailed audit plan is prepared, including prioritization of issues. · Field work – Based on the audit plan, the field work includes, for example, use of computerized audit tools that allow the audit team to efficiently examine large quantities of data, review documents, observations, etc. · Summation meeting – Toward the end of the audit, a meeting is held with the audited party, during which the auditors present the findings of the audit as have been formulated to date. The goal of this meeting is to receive feedback from the audited party regarding the findings, and to jointly formulate the recommendations for remedying the faults that were found. In our opinion, this meeting provides an opportunity for the audit parties to identify with the audit. · Preparation of a draft of the audit report – The audit report is prepared on the basis of a structured format, on the basis of the process that was audited. The report includes an executive summary, summary of findings and recommendations for the convenience of the reader. The report is submitted to the audited party for his comments. · Presentation to management and preparation of a final report – A draft of the report is sent to management. The auditor presents the audit that was conducted and a discussion takes place in connection with the findings and the recommendations. Management feedback is incorporated into the report, following which a final version of the report is prepared. · The report is presented to the audit committee Type of internal audits Our firm has amassed practical experience in internal auditing in Israel and around the world, in all of the major areas of organizational processes. The following is a list of the major areas in which we have conducted internal audits: · Revenue processes · Payroll and premiums · Purchase processes in various areas · Fixed assets · Commissions and interest · IT and information systems · Inventory · Human resources · Project management · Payments · Banks and means of payment · Royalties (expenses and income) · Special issues
|