Wednesday, 19 November 2008
 
 
 
 
 
  internal audit
 
 
   

Muhumuza Geofrey

The Internal Audit Department is responsible for carrying out an independent, objective assurance activity designed to add value and improve NMS operations. Regular internal audits help to protect NMS management against improper activities and provide constructive suggestions for improvement. The Internal Audit Department may audit any NMS department, process, branch, records or staff.

It should however be remembered that Internal Auditors have no authority over the NMS operations being audited and are not responsible for any functions of NMS operating Departments. An audit does not relieve NMS Management and employees of their assigned responsibilities.

The primary objective of the Internal Audit Department is to help NMS accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

 Access

NMS Management is responsible for providing Internal Auditors access to all records, property, and Personnel relevant to the subject under review.

 Code of Ethics

NMS Internal Auditors discharge their duties in a manner consistent with the Code of Ethics of the Institute of Internal Auditors and NMS Internal Audit Charter, the Terms of Reference of the Finance, Audit and Risk Management Committee and Human Resources Manual of National Medical Stores.

 Planning Audits

Except in the case of unannounced cash and inventory counts, Heads of Department shall generally be notified prior to audits.

 The Internal Audit Department shall determine the audit scope from preliminary review of existing internal controls, risk assessment, administrative functions, procedures, and possible problem areas.

Risk Assessment

Just like any entity, National Medical Stores faces a variety of risks which arise from both external and internal sources that need to be assessed. A precondition to risk assessment is the establishment of organizational objectives linked at different levels that must be internally consistent. Risk assessment can be defined as the identification and analysis of relevant risks to achievement of organizational objectives, forming a basis for determining how risks should be managed. Because of the Corporation’s environment in terms of the economy, industry, regulations and operating conditions that will continue to change, mechanisms are needed to identify and deal with special risks associated with change.

 

The identified risks are then analyzed in order to form a basis for determining how they should be managed. Risks are associated with related objectives that may be affected. Risk is assessed on both an inherent and residual basis, and the assessment considers both risk likelihood and impact. There may be a range of possible results associated with a potential event and management needs to consider them together.  Once analysis of the identified risks is completed, techniques to manage these risks are adopted. These include the following: - transfer, avoidance, reduction (mitigation) and acceptance (retention). 

In the case of NMS, risks are assessed using a risk assessment map. The Risk Map prioritizes each risk according to significance and likelihood and maps the risks into four quadrants.  To map the risks into these quadrants, the following steps were followed:

1.     For each risk, we plotted the significance on the vertical axis and the likelihood on the horizontal axis.

2.     Once all the risks were plotted, we looked at the quadrant where the risks are located.   The Position in the quadrant helps prioritize the risks and indicates the level of concern and attention, which should be directed toward mitigating that risk given the potential impact on the Corporation’s ability to accomplish its business strategies. The following risk map was used.


Contact: audit@natmedstores.org
 
 
 
Plot 4-12 Nsamizi Rd,
P. O. Box 16, Entebbe - Uganda.
Tel: 256 41 320524, 320507, 320566,Fax: 256 41 321062.
Email:nms@natmedstores.org