1 / 30

Audit Execution

Audit Execution. Session 5. Audit Execution. Entry conference Evidence collection and evaluation Exit conference. Entry Conference. Meeting with senior management Finalise scope of work Understand the management concerns Schedule the dates Discuss audit methodology.

jbissett
Télécharger la présentation

Audit Execution

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Audit Execution Session 5

  2. Audit Execution • Entry conference • Evidence collection and evaluation • Exit conference

  3. Entry Conference Meeting with senior management • Finalise scope of work • Understand the management concerns • Schedule the dates • Discuss audit methodology

  4. Entry Conference (contd.) Apprise senior management of • Broad objectives of audit • Proposed audit plan • Possible areas of concern

  5. Evidence Collection and Evaluation Types of audit evidence • Observed process and existence of physical items • Documentary audit evidence (including electronic records) • Analysis( including IT enabled analysis using CAATs)

  6. Physical Evidence • Obtained by observing • Get auditee to confirm/accept physical evidence • Visual verification of presence of water and smoke detectors • Physical environment of system to be verified

  7. Interview To obtain qualitative and quantitative evidence • Interview system analysts, programmers, clerical/data entry staff , users and operations staff • Understand functions and controls of systems

  8. Planning for Interview • Ensure that the information required is not readily available elsewhere • Identify those personnel within an organization who can provide the best information of an interview topic • Identify clearly the objectives of the interview • Prepare a report as soon as possible after the interview

  9. Questionnaires • Used to flag areas of system weakness during evidence collection • Avoid • ambiguous questions • leading questions • presumptuous questions • hypothetical questions • embarrassing questions

  10. Flowcharts Control flowcharts show that controls exist in a system and where these controls exist in the system. They have three major audit purposes: • Comprehension; • Evaluation; and • Communication

  11. Analytical Procedures • Use of comparisons and relationships to determine whether data/account balances appear reasonable • CAATs can be useful in analytical audit procedures

  12. Tools of Evidence Collection • Generalised audit software • Industry specific audit software • Specialised audit software • Concurrent auditing tools

  13. Generalised Audit Software • Off-the-shelf software that provides the means to gain access to and manipulate data maintained on computer storage media • Developed specifically to accommodate a wide variety of different hardware and software platforms • Provide a number of functions such as file access, file re- organisation, selection and extraction of data, various data analysis function and reporting functions

  14. Industry Specific Audit Software • Designed to provide high level commands that invoke common audit functions needed within a particular industry • They provide industry specific logic

  15. Specialised Audit Software • Software written to fulfil a specific set of audit tasks • Most well developed systems have embedded audit modules, comprising routines to throw up alerts

  16. Concurrent Auditing Tools • Collecting audit evidence at the same time as an application system undertakes processing of its data • Could be in the form of special audit modules embedded in application systems to collect process and print audit evidence • evaluate application systems with test data • used to select transactions for audit review • used to trace or map the changing states of application systems

  17. Concurrent Auditing Tools (contd.) Some of the concurrent auditing techniques are - • Integrated Test Facility (ITF) • Systems control audit review file and embedded audit modules (SCARF/EAM) • Snapshots • Audit hooks • Continuous and intermittent simulation (CIS)

  18. Audit Tests There are two types of audit tests • Substantive tests • Compliance tests

  19. Substantive Testing • Provides auditors with evidence about the validity and propriety of the transactions and balances

  20. Substantive Testing (contd.) Examples of substantive testing • Conducting system availability analysis • Performing system storage media analysis • Conducting system outage analysis • Comparing computer inventory as per book vis-à-vis actual count • Reconciling account balances

  21. Compliance Testing • Concerned with testing the transactions for compliance with rules and regulations of the entity and provides auditors with evidence about presence/absence of internal controls • Can be used to test the existence and effectiveness of a defined process

  22. Compliance Testing (contd.) Examples of compliance testing • Determining whether passwords are changed periodically • Determining whether system logs are reviewed • Determining whether program changes are authorised • Determining whether controls are functioning as prescribed • Determining whether a disaster recovery plan was tested

  23. Sampling • Testing of selected items within a population to obtain and evaluate evidence about some characteristic of that population, in order to form a conclusion concerning the population • Two primary methods of sampling used by IT auditors • Attribute sampling and • Variable sampling

  24. Sampling (contd.) Advantages of using sampling • Provides a framework for obtaining sufficient audit evidence • Minimizes the risk of over-auditing • Facilitates more expeditious review of working papers • Increases the acceptability of audit conclusions by the auditee

  25. Evaluation of Evidence While arriving at audit conclusions, the auditor needs to benchmark the conditions to ensure that evidence is • factual and discovered by the auditor; • based on standards or guidelines against which the conditions are evaluated; • Effect, impact and significance of variance

  26. Audit Findings • An audit finding is complete to the extent that the audit objectives are satisfied and the report clearly relates those objectives to the finding’s elements. • A deficiency finding should have five elements or attributes as detailed below. • Criteria (what should be) • Condition (what is) • Cause (why condition occurred) • Effect (what is the consequence) • Recommendation (what is to be done)

  27. Significance of Audit Findings Significance of audit findings can be assessed from two aspects: • the nature of the finding itself and • the quality of the recommendations

  28. Significance of Audit Findings (contd.) Two advantages of focused audit findings and recommendations • quantitative aspects • revenues increased, cost decreased, number of defects reduced etc. • qualitative aspects • citizens/client satisfaction increased, employee morale improved and compliance with laws and regulations is achieved

  29. Exit Conference • Communication and discussion of audit observations formally with management • Ensures better understanding and increase buy-in of audit recommendations • Gives the auditee organisation an opportunity to express their viewpoints on the issues raised • Help in finalizing recommendations which are practical and feasible

  30. Reporting and Follow up Structure of an Audit Report • Introduction • Audit Objectives, Scope and Methodology • Audit Findings • Audit Conclusions • Recommendations

More Related