1 / 69

Audit Engagement Overview

Audit Engagement Overview. Plan. Perform. Communicate. Monitor. Research and apply Standards. Maintain fraud awareness. Assess risk. Collect, evaluate, analyze, interpret data. Report findings, conclusions, recommendations. Monitor engagement outcomes. Develop workpapers.

celine
Télécharger la présentation

Audit Engagement Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Audit Engagement Overview Plan Perform Communicate Monitor Research and apply Standards Maintain fraud awareness Assess risk Collect, evaluate, analyze, interpret data. Report findings, conclusions, recommendations. Monitor engagement outcomes. Develop workpapers. Part 2, Section A, Overview

  2. Research and apply appropriate international standards Maintain an awareness of the potential for fraud when conducting an engagement Collect data Evaluate the relevance, sufficiency, and competence of evidence Analyze and interpret data Develop working papers Review working papers Section Topics • Communicate interim progress • Draw conclusions • Develop recommendations when appropriate • Report engagement results • Conduct client satisfaction survey • Complete performance appraisals of engagement staff Part 2, Section A

  3. Definition of internal auditing Code of Ethics III. Standards IV. Practice Advisories V. Practice Guides and Position Papers Discussion Question Which parts of the International Professional Practices Framework are mandatory for IIA members? (Select all that apply.) Answer: I, II, and III Part 2, Section A, Topic 1

  4. “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” Internal Auditing: IIA Definition Part 2, Section A, Topic 1

  5. Integrity Objectivity Competency Discussion Question Which of the four principles underlying The IIA Code of Ethics is missing from the following list? Confidentiality Part 2, Section A, Topic 1

  6. IIA Code of Ethics Part 2, Section A, Topic 1

  7. Discussion Question What should you do when confronted by an ethical dilemma that can’t be resolved by reference to any of the specific Rules of Conduct? Answer: Apply the four principles to determine an ethical course of action. Part 2, Section A, Topic 1

  8. Characteristics of organizations and parties performing internal audit services The IIA’s Standards: 3 Types Attribute Standards Performance Standards Implementation Standards Descriptions of the nature of internal audit services and quality criteria for service performance measurement Mandatory instructions for implementing Attribute and Performance Standards for assurance and consulting engagements Part 2, Section A, Topic 1

  9. Objective assessment of evidence. Independent opinion or conclusions about a process, system, etc. Internal auditor determines nature and scope. Three parties generally involved. Discussion Question Which list describes assurance audit services and which describes consulting audit services? Answer: Assurance Consulting • Advisory engagement. • Requested by client. • Nature and scope subject to client-auditor agreement. • Two parties generally involved. Part 2, Section A, Topic 1

  10. Financial assurance Controls assurance Information technology (IT) Compliance Operations Integrated Management requests Due diligence assignments in mergers and acquisitions Consulting Engagements Engagement Examples Assurance Engagements Part 2, Section A, Topic 1

  11. Practice Advisories IIA Nonmandatory Guidance: Three Types Practice Guides • IIA-sanctioned best practices • Address approach, methodology, and considerations Detailed guidance for internal audit activities (e.g., processes and procedures—tools and techniques, programs, and approaches) Position Papers • Statements to assist a wide range of interested parties Part 2, Section A, Topic 1

  12. US Racketeer Influenced and Corrupt Practices Act (RICO) 1970 1977 1987 1992 2002 2004 2006 2007 Treadway Commission Report (COSO) Sarbanes-Oxley Act COSO for small business COSO Internal Control—Integrated Framework (revised 1994) COSO Enterprise Risk Management—Integrated Framework • Revised Yellow Book standards • Auditing Standard Number 5 (AS5) US Foreign Corrupt Practices Act (FCPA) Other Relevant Standards Part 2, Section A, Topic 1

  13. Outside auditor may not also do internal audits; co-sourcing is acceptable. Audit committee shall: Appoint, compensate, etc., the outside auditor. Contain only independent members (no consulting fees accepted). Contain at least one financial expert (or disclose as to why not). Establish procedures for monitoring controls, handling complaints, etc. All SEC filings must contain an internal control report. Sarbanes-Oxley Act’s Impact Part 2, Section A, Topic 1

  14. Auditing Standard Number 5 (AS5) “Top-down, risk-based approach” Clarifies how entity level controls should be used in performing an integrated audit Broadens the expected use of the work of other external auditors beyond internal auditors Allows increased use of work of others by external auditors as the level of risk decreases Requires that an understanding of the flow of transactions be obtained Excuses walkthroughs if external auditors can rely on the work performed by internal audit in this area Part 2, Section A, Topic 1

  15. Control environment Risk assessment Control activities Information and communication Monitoring Committee of Sponsoring Organizations (COSO) Internal Control—Integrated Framework* Enterprise Risk Management—Integrated Framework 1 Internal environment Objective setting Event identification Risk assessment Risk response Control activities Information and communication Monitoring 1 2 2 3 3 4 4 5 5 6 7 8 *Same components for 2006 “Internal Control Over Financial Reporting” for smaller public companies Part 2, Section A, Topic 1

  16. Financial statements The COSO Challenge: Take a Broader View of Control Environment “Tone at the top” Ethics Competency Human resource policies Corporate culture + Part 2, Section A, Topic 1

  17. Are there sets of standards similar to COSO that apply outside the US? Discussion Question Sample answer: Yes, for example, CoCo in Canada and the Cadbury Commission’s model in the UK. Part 2, Section A, Topic 1

  18. Name at least four specific actions every internal auditor should be able to accomplish regarding fraud. Discussion Question • Answer: • Notice indicators of fraud. • Design appropriate steps to address significant risk of fraud. • Employ audit tests to detect fraud. • Determine if any suspected fraud merits investigation. Part 2, Section A, Topic 2

  19. “Any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the application of threat of violence or of physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.” IPPF Glossary Definition of Fraud Part 2, Section A, Topic 2

  20. Fraud perpetrated to the detriment of the organization Discussion Question What are some examples of the two major types of fraud listed below? Fraud perpetrated on behalf of the organization • Sample answer: • Bribes and kickbacks • Diverting profitable transactions • Embezzlement • Intentional concealment of events, etc. • Submitting claims for goods or services not provided • Sample answer: • Improper payments to government officials • Intentional, improper valuations • Intentional, improper transfer pricing • Sale or assignment of fictitious assets Part 2, Section A, Topic 2

  21. What are some examples of red flags indicating the potential for fraud? Discussion Question Sample answer: Loose internal controls, poor management philosophy, poor financial position, low employee morale, confusion about ethics, lack of background checks in hiring, lack of employee support programs. Part 2, Section A, Topic 2

  22. What three conditions suggest the possibility of fraud? Discussion Question • Answer: • Opportunity (e.g., poor control design) • Motive (e.g., desire for power, greed, pressure) • Rationalization (“I’m entitled.”) Part 2, Section A, Topic 2

  23. Design Appropriate Engagement Steps What controls pass a cost-benefit analysis? What would tempt employees here? How about managers? What are the e-commerce implications? Part 2, Section A, Topic 2

  24. The internal auditor needs authority to take necessary engagement steps. What are some specific powers the internal auditor should seek from management? Discussion Question Sample answer: Authority to review annual reports, audit consulting contracts, review executive-approved transactions, have access to the board’s actions, review transactions with subsidiaries and associated organizations, test documentation supporting financial reports, monitor compliance of record-retention policies, ask about political contributions, review expense accounts, monitor conflicts of interest. Part 2, Section A, Topic 2

  25. Analytical Tools for Fraud Tests What’s the ratio of A to B? (proportional analysis) Condition A Does this change in a trend have a reasonable explanation? (trend analysis) Will computer analysis make testing more efficient and effective? (verifying transactions with computers) Outcome B Part 2, Section A, Topic 2

  26. Research to identify a root cause Software that runs on an ongoing basis Ratio analysis of high risks Comparative transactions Discussion Question Which of the following statements best describes continuous auditing? Answer: B. Continuous auditing (or continuous monitoring) uses computerized techniques to perpetually audit the processing of business transactions. Part 2, Section A, Topic 2

  27. Name several major types of audit evidence and give examples of each. Discussion Question Sample answer: Physical evidence (e.g., stored media, security system in operation) Documentary evidence (e.g., letters, e-mails, memos, invoices) Representations or testimonial evidence (responses to inquiries supported by documentation) Analytical evidence (e.g., computations, reasoning, analytical audit tests) Part 2, Section A, Topic 3

  28. Persuasive Evidence Part 2, Section A, Topic 3

  29. Generally documentary Copy of a document or oral evidence of contents Eyewitness testimony, for example Leads to only one conclusion Proves an intermediate fact Supplemental supporting evidence Usually admissible only when provided by experts Secondhand; generally ruled inadmissible in court B F A D H G E C Discussion Question Match the type of legal evidence on the left with its description on the right. Secondary Corroborative Best Conclusive Hearsay Opinion Circumstantial Direct Part 2, Section A, Topic 3

  30. Other Concerns About Evidence Will the evidence be available when I need it for testing? Can I use the evidence without violating confidentiality (Code of Ethics)? Will I have access to the evidence without interference? Part 2, Section A, Topic 3

  31. Define sufficiency, competence (reliability), and relevance in regard to audit evidence. Discussion Question Sample answer: Sufficient evidence—Factual, adequate, and convincing so that a prudent, informed person would reach the same conclusion as the auditor. Competent (called “reliable” in Standards) evidence—Reliable and best obtainable through the use of appropriate techniques. Relevant evidence—Supports engagement observations and recommendations and is consistent with engagement objectives. Part 2, Section A, Topic 4

  32. Evidence-Gathering Techniques • What are appropriate times to use: • Inquiry? • Observation? • Inspection? • Vouching? • Tracing? • Re-performance? • Analytical procedures? • Confirmation? Part 2, Section A, Topic 4

  33. Reinforcing Activity 2-1 • Part 2, Section A, Topic 4 • Evaluate the Relevance, Sufficiency, and Competence of Evidence Part 2, Section A, Topic 4

  34. Assumed: Variety of techniques for gathering data; solid basis for determining conclusions. Question: What are some conditions the internal auditor discovers by using analytical procedures? Discussion Question • Sample answer: • Unexpected differences • Absence of expected differences • Potential errors • Potential irregularities or illegal acts • Other unusual or nonrecurring transactions and events Part 2, Section A, Topic 5

  35. The heart of analysis is comparison. What are some types of comparisons used to analyze and interpret audit evidence? Discussion Question • Sample answer: • Comparison of current to prior period • Comparison ofcurrent period to budget or forecast • Comparison offinancial data to nonfinancial data • Study of relationships among elements of information (e.g., interest expense to debt balance) • Comparison ofone organizational unit’s performance to another unit’s • Comparison oforganization to industry benchmark Part 2, Section A, Topic 5

  36. Define and provide examples of two types of ratio analysis. Discussion Question Sample answer: Two commonly used types of ratio analysis are 1) common-size statements, with all statement items formulated as ratios with a common denominator, and 2) financial ratios used to evaluate organizational structure and performance (debt/equity, price/earnings, etc.). Part 2, Section A, Topic 5

  37. Provide a definition and some examples of trend analysis. Discussion Question Sample answer: Trend analysis traces relationships over time and is the analytical technique most commonly used by internal auditors. Some trends analyzed include revenues, expenses, same-store sales, store openings; trends in ratios are also subject to analysis. Part 2, Section A, Topic 5

  38. Give a brief definition of regression analysis. 70,000 60,000 50,000 Sales Revenues (USD) 40,000 30,000 20,000 10,000 0 20 40 60 80 100 120 140 Marketing Expenditures (USD) Discussion Question Sample answer: Statistical technique used to measure the amount of change in one value caused by change in another. Part 2, Section A, Topic 5

  39. What are some common types of analytical comparisons? Discussion Question Sample answer: Period-to-period comparisons of performance—quarter to quarter, etc. Comparisons of actual revenues, profits, etc. to budgets and forecasts Comparisons with other causal factors such as benchmarks or best practices Part 2, Section A, Topic 5

  40. Significance of the area under examination Degree of risk in the area under examination Availability and reliability of information Prediction of analytical results Availability and comparability of information regarding the industry in which the organization operates Extent to which engagement procedures support results Other Analytical Considerations Part 2, Section A, Topic 5

  41. “Internal auditors must document relevant information to support the conclusions and engagement results.” Standard2330 2330.A1—CAE controls access to engagement records and obtains approval of senior management and/or legal counsel prior to releasing records. 2330.A2—CAE must develop retention requirements consistent with organization and regulatory requirements. 2330.C1—CAE must develop policies for retention and release of records (internal and external). Part 2, Section A, Topic 6

  42. Discussion Question What are the purposes of working papers? Support engagement communications. Facilitate third-party reviews. Provide basis for quality assurance and improvement program. Aid engagement planning, performance, and review. Engagement working papers Document achievement of engagement objectives. Demonstrate compliance with Standards. Part 2, Section A, Topic 6

  43. Documenting the Engagement (PA 2330-1) Working papers document all aspects of the engagement process from planning to communicating results. The organization, design, and content of engagement working papers depend on the engagement’s nature and objectives and the organization’s needs. Engagement working papers Internal audit activity determines the media used. Part 2, Section A, Topic 6

  44. Engagement working papers Necessary Working Paper Contents • Should contain all the work done during the engagement • Should document the audit’s objectives and methods so thoroughly that a new auditor, added to the project at any point, could fully comprehend the engagement from the working papers and bring the audit to a successful conclusion Part 2, Section A, Topic 6

  45. Engagement working papers Working Paper Format Engagement identification; description of contents or purpose Signature or initials of IA performer and date Index or reference number of the working paper Explanation of verification (tick marks, etc.) Clear identification of data sources Summaries Magnetic disk Part 2, Section A, Topic 6

  46. Who is responsible for control of working papers, and why is control a significant concern? Discussion Question Answer: CAE is responsible for retention policies (2330.A1). Issues: Crucial to engagement success or survival and may contain confidential information. Part 2, Section A, Topic 6

  47. Engagement Supervision Span of CAE Engagement Supervisory Responsibility Staff developed Data gathering Data analysis Fraud awareness Communication Planning Findings Follow-up preparation Assures that engagement has been carried out according to high quality standards, objectives achieved, staff evaluated for professional development. CAE dd/mm/yyyy Part 2, Section A, Topic 7

  48. Elements of Proper Engagement Supervision • Trained auditor—knowledge, skills, and competencies to perform. • Proper instructions during the planning and approval of engagement program. • Program is completed and modified using accepted practices. • Working papers support observations, conclusions, and recommendations. • Communications are accurate, objective, clear, concise, constructive, and timely. • Engagement objectives are met. • Opportunities for developing auditors’ knowledge, skills, and competence. Part 2, Section A, Topic 7

  49. What are some reasons for filing an interim report? Discussion Question Sample answer: To alert management to information too important to put on hold, including information that requires immediate attention, a change in scope, and strong suspicion of fraud. (See PA 2410-1.) Part 2, Section A, Topic 8

  50. Facts Facts Facts Facts Facts Facts Discussion Question Findings should be based on solid facts. What are the five parts of a finding? Internal Audit Finding Answer: Criteria Condition Cause Effect Recommendation Part 2, Section A, Topic 9

More Related