Internal Audit Consulting Service In The Finance Sector - Audit Report, Procedure, and Functions

Updated on April 25, 2024 12:24:43 PM

The finance industry is among the industries with the highest level of regulation in the world. Financial institutions must be held to a high standard of accountability because they play a vital role in the economy. Financial institutions are able to comply with regulations and manage risks by implementing Internal audit in the Finance Sector.

Internal audit in Financial Services Industry plays a pivotal role in the finance sector by serving as a crucial function that ensures the integrity, compliance, and overall health of financial operations within organisations. In this dynamic and highly regulated industry, financial institutions, corporations, and other entities rely on internal audit teams to assess and monitor their internal controls, risk management practices, and financial reporting processes.

These audits provide a systematic and independent evaluation of an organisation's financial activities, helping to identify potential weaknesses, irregularities, and areas for improvement. Ultimately, internal audit in the finance sector serves as a cornerstone for maintaining transparency, accountability, and sound financial practices, thereby contributing to the stability and trustworthiness of the industry as a whole.

Internal Audit Procedure in Investment Firms

Investment firms are organisations that provide financial services to individuals and businesses. They offer a variety of services such as asset management, security trading, and investment banking.

Internal auditing in Investment Firms are crucial to ensure that the firm’s operations are in compliance with laws and regulations, and its financial reporting is accurate and reliable.

Internal Controls

In order to evaluate the system of internal control relating to investments, the auditor should determine the nature, timing and extent of his other audit procedures.

To assess properly, the auditor should review following aspects of internal control:

  • Controlling the acquisition, accretion, and disposal of investments.
    Proper authority is necessary for sanctioning, acquiring, and disposing of investments (including renunciation of rights). It should also be ensured that investments are made in accordance with legal requirements governing the entity as also with its internal regulations.
  • Safeguarding of investments
    Investments must be made in the entity's name while adhering to legal requirements and protecting securities and other title documents.
  • Controls relating to title to investment
    Make sure to expedite the transfer of title and accrual of benefits for investment acquisitions.
  • Information controls
    It is important to have reliable information through internal controls in procurement, accreditations, transfers, and market value verification.

Verification of Transaction

It is the responsibility of the auditor to determine if the entity's investments are within its authority. In this regard, the auditor should examine whether the legal requirements governing the entity are related to investments and have been complied with. In addition, an auditor must make sure that any other covenants or conditions that restrict, qualify, or limit the right to own and dispose of investments are included.

It is important for the auditor to pay special attention to determining if the investments have been acquired or sold. The broker's contract note, bill of costs, receipts, and other similar evidence should be used to verify the acquisition/disposal of investments.

Examination of Valuation and Disclosure

The auditor should assess that the investments have been valued and disclosed in the financial statements in accordance with the accounting policies and practices. Examine whether the method of valuation followed by the entity is being applied consistently.

Also, the auditor should verify if the expenditures incurred for transfer fees, stamp duty, brokerage, and other expenses are included in the cost of investments.

Analytical Review Procedure

As a means of evaluating the overall reasonableness of the amounts assigned to investments, the auditor has the option to compare the amount of income received from investments with the corresponding figures of investments and compare that ratio with the similar ratio for previous years.

In the case of other securities, the auditor may review the schedule of dividend and other returns and schedules of investment prepared by the entity and judge their reasonableness.

Management Representation

For balance sheet purposes, the auditor should obtain a written statement from the entity management regarding the classification and valuation of investments. While such a representation letter serves as a formal acknowledgement of management’s responsibilities with regard to investments, it does not relieve the auditor of his responsibility for performing audit procedures to obtain sufficient appropriate audit evidence from the basis for the expression of his opinion on the financial information.

pu seperater

Internal Audit Procedure in Payment Service Sector

The payment service industry encompasses companies and technologies that aid in financial transactions, such as online payments, mobile wallets, and digital banking. To ensure secure and efficient payment processing, Internal auditing in the Payment Service Sector involves assessing financial controls, compliance, and risk management.

Parameters of Assessment

Internal audit focus areas for mitigating risk and increasing internal controls are as follow:

Legal and Statutory Compliance

Legal and Statutory compliance is a critical aspect of the payment service sector. Payment service providers must comply with a variety of laws and regulations including, AML (anti-money laundering), KYC (know your client), data privacy and consumer protection.

Internal auditors needs to check the compliance of various enactments as mentioned below:

Compliance under direct Tax laws:

  • Income Tax Act, 1961

Compliance under Indirect Tax laws:

  • Central Excise Act, 1944
  • Service Tax
  • The Value added Tax/Central Sales Tax Act, 1956 was passed in 1956
  • Goods and Service Tax (GST) Laws

Compliance under other relevant Enactments:

  • Employees State Insurance (ESI) Act, 1948
  • Minimum Wages Act, 1948
  • Payment of Wages Act, 1936
  • Shops and Establishments Act, 1953
  • Payment of Bonus Act, 1965
  • Payment of Gratuity Act, 1972
  • Contract Labour (Regulation and Abolition) Act, 1970
  • Companies Act, 2013

Anti - money laundering (AML) - PSPs must have AML policies and procedures in place to prevent money laundering and terrorist financing. These policies and procedures should include customer due diligence (CDD), transaction monitoring, and reporting requirements.

Know Your Client (KYC) - PSPs must verify the identity of their customers in order to comply with KYC requirements. This typically involves collecting information such as the customer’s name, address, date of birth, and government issued ID number.

Risk Management and Controls

To safeguard financial transactions and customer data, risk management in the payment service sector is crucial. The main sources of risk include cyber threats, fraud, regulatory changes and operational interruptions.

Payment Controls

Significant risk exposures are not escalated on a consistent basis to support the efficient allocation of financial resources.

A firm doesn’t have the necessary information to manage and monitor significant payment flows across schemes, merchants, vendors and customers. Managing payment flows requires a robust end to end process and associated systems and controls.

Cyber Security Risk

The current and target state of cyber risk exposure should be effectively displayed in a good cyber security report. It should also show how the target state level is achieved and remains within a certain level of risk appetite.

Some of the key risk faced are:

  • Lack of process for identifying and prioritising cyber security risks leads to a poor allocation of resources to improve IT security..
  • The failure to transform organisations' cyber resilience is a result of a lack of transparency in cyber risks.
  • The absence of real-time data leads to conflicting information when describing or evaluating the same aspects of cyber risks.

To alleviate these risks, the auditors focus on certain areas to maintain a level of accuracy such as;

  • A process that continuously monitors cyber risks and threats.
  • Dynamic cyber risk dashboards - Completeness and Accuracy of cyber risks and metrics reporting.
  • Cyber risk and control framework.

Data Protection and Privacy

General Data Protection Regulation (GDPR)/ Data Protection and Privacy (DPA) 2018 was the largest change to data protection legislation since 1995. Payment services may process large amounts of financial data, which may be sensitive/ personal data in nature.

pu seperater

Internal Audit Procedure in Banking Sector

Cash and Bank Balance are liquid assets that can be easily converted into cash. They are important assets for businesses and organisations, as they can be used to pay for expenses, make investments, and meet financial obligations. Internal Auditing in the Banking Sector results in increasing efficiency of internal controls.


Documentation refers to thorough record-keeping, ensuring accuracy and completeness of financial transactions, statements, and supporting evidence, facilitating transparency and accountability.

The documentation in bank are required at the time of cash and bank balance audit are:

  • Receipt book and payment vouchers
  • Payroll and time of sheet of workers
  • Bank statements/ reconciliation
  • Deposit slips of cheques or cash
  • FDR Receipts
  • Petty cash book, if used.

Legal Compliance

Ensure that all financial transactions and records comply with the laws and regulations that govern financial operations and reporting.

Balances with banks: The amount held in bank accounts, which include savings, current, and fixed deposit accounts, as per Schedule III of the Companies Act, 2013.

Cheques/ Drafts on hand: Checks or drafts that have not been processed yet have not been deposited into a bank account.

Cash on hand: The company has a physical currency that can be used immediately in daily operations.

Other specific nature: Any other cash or cash equivalents that are not included in the previous categories, with a detailed description of their nature and purpose for legal compliance.

Internal Control Evaluation

For effective internal control, the auditor must ensure and confirm the followings:

  • Daily recording of transactions.
  • Periodic reconciliation of bank balances.
  • The safekeeping of cash, cheque books, receipt books, etc., and security documents.
  • Segregation of duties relating to transactions, handling of cash/ issuance of cheques and writing of books of account, and rotation of the duties periodically.

Verification of Cash Balances

The balance sheet date requires the auditor to physically verify cash. It's important to check if the cash balance in the financial statements matches the physical verification results.

The auditor should also conduct surprise cash verification during the year, in addition to physical verification at or around the date of the balance sheet.

It is the responsibility of the internal auditor to check if currency notes that have been torn or mutilated are exchanged within a reasonable time.

If the cash on hand doesn’t match with balances as shown in the books, he should seek explanation from seniors in the entity.

Verification of cash balances brings transparency, accountability and accuracy within the entity.

Verification of Bank Balances

The auditor should verify that the entity has:

  • Requested bank conformations for all bank accounts, including dormants and closed accounts.
  • Segregated responsibilities for bank reconciliations from cash receipt and payment functions.
  • Verify that outstanding items in the reconciliation statements have been properly adjusted or written off.
  • Examined relevant receipts/certificates for fixed deposits and other bank deposits.
  • Had all reconciliations approved and reviewed by an official not responsible for receipts and disbursements.

Examination of Valuation and Disclosure

To ensure compliance with recognized accounting policies, practices and relevant statutory requirements, the auditor must verify that cash and bank balances have been valued and disclosed in the financial statements.

Further cash and bank balances to be disclosed as ‘cash and cash equivalent’ as per Schedule III of Companies Act, 2013.

Further as per Companies act, 2013 the following additional disclosures are also required to be made:

  • Bank deposits that have a maturity period of more than 12 months.
  • The balance with banks is used as margin money/security against borrowings.
  • The balance that has been reserved for banks, such as the unpaid dividend.


Though the reports are generated as per the requirement of a particular organisation, following exceptional reports may be useful from internal audit point of view:

  • Cash and bank balances should exclude temporary advances.
  • The list of outstanding 'cheques issued but not yet presented' and 'cheques sent for collection but not yet collected' is lengthy.
  • A list of cheques that are either stale or dishonoured
pu seperater

Common Functions that are Audited in Finance Sector

Audit of Payables

The objective of Audits of payables and purchases of goods/services is to determine whether they are presented fairly in the context of financial statements as a whole. The purchase is closely related to the payables, therefore, payables should be of equal amount to the value of goods/services of the organisation.

The following parameters helps in conducting an efficient internal audit:


Internal auditor should prepare the audit documentation so as to enable an experienced auditor, having no previous connection with the audit, to understand the basis of finalisation of the audit report.

To prepare audit report on a timely basis, one must consider the documentations that provides:

  • Evidence that the internal audit was performed in accordance with ASs and SAs and other applicable legal and regulatory framework, if any.
  • The basis for an internal audit report requires a sufficient and appropriate record.

Legal Compliance

Internal auditors should ensure that the organisation has compiled with the legal requirements of the Central and State laws & regulations related to VAT Act, Service Tax, Excise Act, Micro, Small and Medium Enterprises Development Act,2006 (MSMED Act,2006) Limitation Act, 1963 and other laws.

Procedures/ Controls

Below given are the steps taken for internal audits of payables:

Trace payable report: Internal auditors trace accounts payable trial balance to general ledger.

Test Verification of Invoices: Internal auditor verifies accounts payable vouchers with supporting docs.

Confirm accounts payable: Auditor contacts customers to confirm unpaid accounts payable.

Review payment receipts: Auditors unable to confirm accounts payable may verify payment through cash or bank records.

Review credit/debit notes: Auditors review credit/debit notes to verify authorization, timing, and potential problems.

Bills and hold purchase: In bill-and-hold transactions, auditors will examine supporting docs to determine liability & credit.

Recording of Transactions

The internal auditor must ensure that all purchases of goods/services transactions must be recorded in books of account and should be cross checked with goods inward memo with invoices received from the customers.


Preliminary Audit Report

The preliminary report consists of the draft audit report after all comments have been resolved. It should be sent to a designated partner/ MD/ COO as a confidential document. They have to provide a formal response to the recommendations in the report within a specified time.

Final Audit Report

This is the combination of the preliminary audit report and response in one document. The final audit report to be sent to the proprietor/ designated Partner/MD/ Chairman of the Audit Committee and should be discussed at their next regularly scheduled meeting.

Audit recommendations are not implemented until they are followed up and action plans are determined.

Audit of Receivables

The main objective of auditing accounts receivable and sales/service revenue is to cross-check the fairness of financial statements as a whole. The sales/ services/ revenue account is closely related with accounts receivables, therefore, value of all receivable should be equal to sales/ services/ revenue of the organisation.


An auditor should prepare a list of documentation required, such as credit policy of organisation, proforma invoice, purchase order of customer, sales order, copy of invoice and documents evidencing the delivery to customer, to provide:

  • A sufficient and appropriate record of the basis of the audit report.
  • Evidence that the audit was performed in accordance with Accounting Standards on Auditing and other applicable legal and regulatory requirements.

Authorisation Matrix

A documented authorisation matrix is desirable and should be recommended. Compliance to the authorisation matrix should be checked at the time of vouching. It covers the following:

  • Credit limits and terms
  • Credit note issue
  • Bad debt provision and write-off.

Procedures/ Controls

The following procedure may be followed for internal audit of receivables:

Investigate reconciling items: The documentation for larger journal entries in accounts receivable should be reviewed by auditors.

Match invoices to dispatch log: Internal auditors ensure that sales are recorded in the correct period by matching invoice and shipment dates.

Confirm receivable balance: Auditors verify unpaid accounts receivable by reaching out to customers directly, particularly for larger balances but also for some minor ones.

Review payment receipts: In the event that it is not possible to confirm accounts receivable, auditors can verify customer payments using cash or bank records.

Sales/ Services/ Revenue return: Sales returns will be reviewed by internal auditors to detect any unusual patterns that could indicate inflated sales

Related party receivable: Internal auditors are capable of reviewing receivables from related parties to confirm their validity and ensure that they are recorded properly.

Recording of Transactions

The internal auditor must ensure that all revenue transactions must be recorded in books of account as per AS9 “Revenue Recognition” and as per accounting policy it should be cross reconciled with goods dispatched/ challan issued with invoices issued to the customers.


Preliminary Audit Report

The preliminary audit report consists of the draft audit report after all comments have been resolved. It should be sent to the Proprietor/ Designated Partner/ MD/ CEO as a confidential document. They will have to provide a formal response to the recommendations in the report within a specified time.

Final Audit Report

Approval of proprietor/ designated partner/ MD/ CEO’s response to the preliminary audit report, the final report is prepared. The final report should be sent to the Proprietor/ Designated Partner/ MD/ Chairman of the Audit Committee and should be discussed at their next regularly scheduled meeting.

pu seperater


Internal auditing in the finance sector is essential to ensure the accuracy and reliability of financial information, the effectiveness of risk management and control process and compliance with applicable laws and regulations. By providing independent and objective assurance, internal auditors can help to protect the interests of stakeholders and promote the efficient and effective operations of the finance functions.

pu seperater
why choose image

Why Professional Utilities?

At Professional Utilities, we leverage our industry knowledge and expertise to help businesses navigate complex regulations, minimize risks, and optimize operations for maximum efficiency and profitability.

best price in market

Best Price

Easy Registration

Easy Registration

All Corporate Services

One Stop Corporate Solution

PAN India Services

PAN India

Expert CA/CS Assistance

Free Expert

Google Verified Bussiness

Google Verified

Dedicated Support staff

Dedicated Support

Money-Back Guarantee


Trusted By

clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
clients logo
Lappy Maker
pu seperater

Frequently Asked Questions (FAQs)

What is the internal audit of the finance sector?

In order to ensure accuracy, transparency, and regulatory adherence, the finance department's internal audit involves independent examination of financial processes, controls, and compliance.

What is the role of an internal auditor in the finance sector?

In the finance sector, an internal auditor is responsible for assessing financial processes, controls, and compliance, ensuring accuracy and integrity

What is the frequency of internal audits in the finance department?

Annual audits are the typical frequency, with more frequent audits for high-risk areas or significant changes in operations.

Can finance firms outsource their internal audit function?

For cost-effectiveness and specialised expertise, some firms choose to outsource internal audit services to independent audit firms or consultants.

Speak Directly to our Expert Today