1 / 52

Initiate preliminary communication with engagement client

Initiate preliminary communication with engagement client Conduct a preliminary survey of the area of engagement Complete a detailed risk assessment of the area (prioritize or evaluate risk/control factors) Coordinate audit engagement efforts

sylvie
Télécharger la présentation

Initiate preliminary communication with engagement client

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Initiate preliminary communication with engagement client Conduct a preliminary survey of the area of engagement Complete a detailed risk assessment of the area (prioritize or evaluate risk/control factors) Coordinate audit engagement efforts Establish/refine engagement objectives and identify/ finalize the scope of engagement Section Topics • Identify or develop criteria for assurance engagements (criteria against which to audit) • Consider the potential for fraud when planning an engagement • Determine engagement procedures • Determine the level of staff and resources needed for the engagement • Establish adequate planning and supervision of the engagement • Prepare engagement work program Part 1, Section 4

  2. “A specific internal audit assignment, task, or review activity, such as an internal audit, control self-assessment review, fraud examination, or consultancy” Engagement, Defined Engagement planning helps to ensure that: Meaningful work is performed. Audit deliverables add value to the organization. Audit resources are used efficiently and effectively. Part 1, Section 4, Introduction

  3. State the engagement objectives. Identify technical requirements, objectives, risks, processes, and transactions that are to be examined (i.e., audit scope). State the nature and extent of testing required. Document the internal auditor’s procedures. Be prepared prior to the start of engagement work and modified, as appropriate, during its course, with the approval of the CAE or designee. Practice Advisory 2200-1, “Engagement Planning” Elements of the Engagement Program The engagement program should: Part 1, Section 4, Topic 1

  4. Planned objectives and scope Resources and timing of work Internal auditor assignments Communication methods, time frames, and individuals who will be responsible Business conditions and operations of the areas being reviewed, including recent changes Concerns and/or requests of management Practice Advisory 2200-1, “Engagement Planning” Initial Client Communication …Plus practical considerations, logistics, and tactical aspects Part 1, Section 4, Topic 1

  5. To become familiar with the activities, risks, and controls To identify areas for engagement emphasis To invite comments and suggestions from engagement clients Clarification of: Purpose of the internal audit Engagement objectives, scope, and timing Processes to be audited Area objectives, related risks, and controls Internal audit resources to be used Relevant standards Why Conduct a Preliminary Survey? Main purposes Realistic outcomes Part 1, Section 4, Topic 2

  6. Preliminary Survey Element—Engagement Client Input Part 1, Section 4, Topic 2

  7. Preliminary Survey Element—Analytical Reviews Part 1, Section 4, Topic 2

  8. Identify the analytical review technique described in the example. Discussion Question Answers: Ratio analysis Variance analysis Variance analysis Trend analysis Part 1, Section 4, Topic 2

  9. True False Discussion Question Comparing the liquidity ratio of a small entry firm with an industry giant shows significant deviation. The most probable determination by the internal audit based on this data finds the deviation to be reasonable. Answer: A. The difference is to be expected. Further, the comparison is not particularly meaningful because the one party is so dominant. Part 1, Section 4, Topic 2

  10. Preliminary Survey Element—Benchmarking Part 1, Section 4, Topic 2

  11. Levels of Benchmarking Part 1, Section 4, Topic 2

  12. Identify the levels of benchmarking described below. Discussion Question Answers: Competitive Internal Functional Generic Part 1, Section 4, Topic 2

  13. Preliminary Survey Element—Interviews Part 1, Section 4, Topic 2

  14. Planning Opening Conducting Closing Documenting Evaluating Successful Interview Elements Part 1, Section 4, Topic 2

  15. Preliminary Survey Element— Prior Audit Reports and Relevant Documents Part 1, Section 4, Topic 2

  16. The evaluation of internal controls for a co-sourced payroll function is part of the regular rotation. In addition to the permanent files from past internal audits, which of the following should be reviewed? (Select all that apply.) Literature on industry practices Statements of authority Performance reports Third-party audit reports of the payroll provider Discussion Question Answer: All of these are appropriate for review. Part 1, Section 4, Topic 2

  17. Preliminary Survey Element—Map Processes Part 1, Section 4, Topic 2

  18. Graphical representation of actual or ideal path. Illustrate the relationship of various steps and control points. Identify what the process does or should do. Internal auditors may review existing flowcharts or prepare new ones. Provide a clear picture of how a process works. Provide a common reference point and standard language. Map Process—Flowcharts Benefits/Concerns Principles • Must be accurate and kept current. • Should avoid unnecessary complexity. Part 1, Section 4, Topic 2

  19. Identify the flowchart formats described below as horizontal, vertical, or both. Discussion Question Answers: Both Horizontal Both Vertical Part 1, Section 4, Topic 2

  20. Provide a step-by-step picture in a single document without the use of detailed symbols or keys. Identify key controls and cases of under- or over-control and processing redundancy. Can provide more detailed information than flowcharts. Are flexible and facilitate open-ended questioning. Map Process—Narratives Principles Benefits/Concerns • May not be complete enough. • Lack of standardization can lead to omissions or difficult interpretation. Part 1, Section 4, Topic 2

  21. Pre-constructed array of questions used to elicit key information about internal control Start with a known or desired answer and then seek specific comments May be completed by the auditor or directly by the business area Efficient and easy to use Provide a checklist to help with further evaluation Map Process—ICQs Benefits/Concerns Principles • Limited to questions with yes/no answers • Do not provide for in-depth investigation • Require knowing what the procedures should be Part 1, Section 4, Topic 2

  22. Pictorial representations of a process or activity Include a series of boxes (or other shapes) and connecting lines to indicate association and direction/order Useful for high-level representations Quick and simple to construct; may be used in lieu of flowcharts Can show the flow of information and organizational arrangements Map Process—Block Diagrams Principles Benefits/Concerns • Not appropriate for detailed analysis Part 1, Section 4, Topic 2

  23. Preliminary Survey Element—Checklists Part 1, Section 4, Topic 2

  24. Which of the following information is appropriate to include when summarizing preliminary survey results? (Select all that apply.) Significant engagement issues Engagement objectives and procedures Evidence of regulatory compliance Potential excess controls Discussion Question Answer: I, II, and IV. While important information, evidence of regulatory compliance would be more pertinent during the engagement. Part 1, Section 4, Topic 2

  25. Reinforcing Activity 1-9 • Part 1, Section 4, Topic 2 • Conduct a Preliminary Survey of the Area of Engagement Part 1, Section 4, Topic 2

  26. The objectives of the activity being reviewed and the means by which the activity controls its performance; The significant risks to the activity, its objectives, resources, and operations and the means by which the potential impact of risk is kept to an acceptable level; The adequacy and effectiveness of the activity’s risk management and control processes compared to a relevant control framework or model; and The opportunities for making significant improvements to the activity’s risk management and control processes.” Performance Standard 2201, “Planning Considerations” “In planning the engagement, internal auditors must consider: Part 1, Section 4, Topic 3

  27. Address the risks associated with the activity under review. For planned engagements, the objectives proceed and align to those initially identified during the risk assessment process. For unplanned engagements, the objectives are established prior to the start and are designed to address the specific issue that prompted the engagement. Practice Advisory 2210-1, “Engagement Objectives” Engagement Objectives Part 1, Section 4, Topic 3

  28. The reliability of management’s assessment of risk. Management’s process for monitoring, reporting, and resolving risk and control issues. Management’s reporting of events that exceeded the limits of the organization’s risk appetite and management’s response to those reports. Risks in related activities relevant to the activity under review. Consideration of Management’s Risk Assessment The internal auditor will want to take into account: Practice Advisory 2210.A1-1, “Risk Assessment in Engagement Planning” Part 1, Section 4, Topic 3

  29. Benefits Focuses the audit on the areas of greatest risk. Documents the complete thought process from risk identification to audit program development. “Teaches” the risk assessment thought process. Facilitates participatory auditing. Steps Identify business objectives. Identify risks to business objectives. Rate each risk in terms of likelihood and significance (L/S). Identify the controls. Evaluate the adequacy of controls. Test the effectiveness of controls. Arrive at the final opinion on adequacy and effectiveness of controls. 1 2 3 4 5 6 7 Use of a Risk Control Matrix Part 1, Section 4, Topic 3

  30. Reinforcing Activity 1-10 • Part 1, Section 4, Topic 3 • Complete a Detailed Risk Assessment of the Area (Prioritize or Evaluate Risk/Control Factors) Part 1, Section 4, Topic 3

  31. Helps combat rising costs for engagements. Minimizes redundancies in audit activities. Helps focus engagement activities on the most significant areas. Provides the most meaningful results to management. Effectiveness Efficiency Economy Coordination and Cooperation with External Auditors and Regulatory Agencies Part 1, Section 4, Topic 4

  32. Engagement Objectives, Defined “Broad statements developed by internal auditors that define intended engagement accomplishments” Engagement procedures are the means to attain engagement objectives. Engagement objectives and procedures, taken together, define the scope and should address the associated risks. Part 1, Section 4, Topic 5

  33. Validate the accuracy of reporting. Hire a chief compliance officer. Increase international market share. Reduce processing time for customer orders. Discussion Question Which of the following is an example of an assurance engagement objective? Answer: A. Engagement objectives are the internal auditor’s means for determining how well operating objectives are being met. Part 1, Section 4, Topic 5

  34. Profitability Delivery of excellent products and services Reduced processing time Safeguarding of assets Support of organizational mission and vision and appropriate work environment Broad Categories of Engagement Objectives Effectiveness and efficiency of operations Reliability of reporting • Maintenance of accurate financial records • Collection of useful, reliable, and timely information for decision-making • Compliance with applicable laws and regulations • Compliance with internal policies and procedures Compliance Part 1, Section 4, Topic 5

  35. Establishes the boundaries of the internal audit Identifies what the internal auditor will do May include a description of the nature and extent of the audit work May include supportive information such as the time period Engagement Scope Part 1, Section 4, Topic 5

  36. Reinforcing Activity 1-11 • Part 1, Section 4, Topic 5 • Establish/Refine Engagement Objectives and Identify/Finalize the Scope of Engagement Part 1, Section 4, Topic 5

  37. control frameworks. management objectives. acts and regulations. industry best practices. Discussion Question All of the following are examples of generally accepted criteria for assurance engagements EXCEPT Answer: B. Management objectives are not generally accepted as suitable criteria. A, C, and D are required by the Standards. Part 1, Section 4, Topic 6

  38. The probability that fraud will occur and the potential severity or consequences when it occurs Often based on: Ease of action Motivational factors leading to fraud The company’s fraud history Fraud Risk Part 1, Section 4, Topic 7

  39. Fraud Triangle Rationalization Motive Opportunity Part 1, Section 4, Topic 7

  40. Signs indicating the: Inadequacy of controls in place Possibility that some perpetrator has committed fraud Only warning signs; not proof Fraud Red Flags Part 1, Section 4, Topic 7

  41. Which of the following exemplify fraud red flags? (Select all that apply.) Ignoring corporate policies for bid requirements High volume of manually prepared disbursement checks Accomplishment of established goals and objectives for a special program Missing or easy access to blank checks Discussion Question Answer: I, II, and IV. The specific nature of the engagement and the judgment skills of the internal auditor help to identify the relevant types of fraud and red flags for inquiry. Part 1, Section 4, Topic 7

  42. Use the organization’s enterprise risk management model (if one exists). Otherwise: Understand fraud schemes that pose threats. Use a risk model (e.g., COSO) to map and assess vulnerability. Consider costs and benefits and whether fraud could be committed by an individual or requires collusion. Consider potential negative effects. Guidelines for Assessing Fraud Risk Part 1, Section 4, Topic 7

  43. Is performed on a systematic and recurring basis Considers possible fraud schemes and scenarios Assesses risk across multiple levels Evaluates likelihood, significance, and pervasiveness Assesses exposure arising from each category of fraud risk Is performed with the involvement of appropriate personnel Considers management override of controls Is updated when special circumstances arise Effective Fraud Risk Assessment Part 1, Section 4, Topic 7

  44. Reinforcing Activity 1-12 • Part 1, Section 4, Topic 7 • Consider the Potential for Fraud When Planning an Engagement Part 1, Section 4, Topic 7

  45. Which of the following are factors shaping engagement procedures? (Select all that apply.) Internal auditor’s judgment Level of evaluation necessary Client’s reputation Training needs of new staff Discussion Question Answer: I and II. Engagement procedures are the means to attain engagement objectives. Part 1, Section 4, Topic 8

  46. Facts used to support audit opinions, conclusions, and recommendations Can be: Physical Documentary Representations (testimonials) Analytical Major types include: Best evidence Secondary evidence Direct evidence Conclusive evidence Circumstantial evidence Corroborative evidence Opinions Hearsay Audit evidence Legal evidence Types of Evidence Part 1, Section 4, Topic 8

  47. Other Evidence Considerations Availability of audit evidence Confidentiality of evidence Access to necessary evidence Part 1, Section 4, Topic 8

  48. The number and experience level of the internal audit staff Knowledge, skills, and other competencies of the internal audit staff Availability of external resources where additional knowledge and competencies are required Training needs of internal auditors Practice Advisory 2230-1, “Engagement Resource Allocation” Resource Considerations Part 1, Section 4, Topic 9

  49. Achievement of engagement objectives Staff competency Travel arrangements On-site logistics Assignments Team communication and supervision Team development Planning and Supervision Considerations Part 1, Section 4, Topic 10

  50. Also called audit program during assurance engagements Becomes guidance for Performance Standard 2300, “Performing the Engagement” Engagement Work Program, Defined “A document that lists the procedures to be followed during an engagement, designed to achieve the engagement plan” Part 1, Section 4, Topic 11

More Related