1 / 54

Section 6

Section 6. Internal, Operational, and Compliance Auditing. Introduction. Internal auditing, operational auditing, and compliance auditing:. Focus so far:. Internal Auditing. Large corporations Institute of Internal Auditors (IIA). Purpose of Internal Auditing. Internal auditing defined:

israel
Télécharger la présentation

Section 6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Section 6 Internal, Operational, and Compliance Auditing

  2. Introduction • Internal auditing, operational auditing, and compliance auditing: • Focus so far:

  3. Internal Auditing • Large corporations • Institute of Internal Auditors (IIA)

  4. Purpose of Internal Auditing • Internal auditing defined: • An independent appraisal activity established within an organization to examine and evaluate its activities as a service to the organization • Objective of internal auditors • Their work encompasses

  5. Evolution of Internal Auditing • Has evolved to meet the needs of • Original demand • Role expanded as a result of

  6. Organizations became larger and more complex • Foreign Corrupt Practices Act of 1977 • Current scope of internal auditing • Statement of Responsibilities of Internal Auditing

  7. Internal Auditing Scope • Review reliability and integrity • Review the systems established to ensure compliance • Review means of safeguarding assets • Appraising economy and efficiency • Reviewing operations and programs to ascertain

  8. Professional Standards of Internal Auditing • Cover five areas of auditing within an organization • Independence • Professional proficiency • Scope of work • Performance of audit work • Management of the internal auditing department

  9. Independence • Employees of the organization • Reporting to the proper level of management • Ideally should report to? • Conflicts of interest

  10. Professional proficiency • Establish policies and procedures • Internal auditing department should collectively possess • Assignment of staff

  11. Scope of work • Extends beyond accounting and financial controls • IIA Standards for scope

  12. Performance of audit work • Adequate planning • Examining and evaluating information • Communicating results • Follow up

  13. Management of the internal auditing department • Guidance for the director • Assure: • Audit work is performed in accordance with • The departments resources are

  14. Operational Auditing • Also called: • Comprehensive examination of an operating unit or complete organization • The focus is on:

  15. Economy • Efficiency • Effectiveness

  16. Objectives of Operational Audits • Managements needs: • Assurance of a unit’s performance • Assurance about its plans • Objective information/Reporting • Weaknesses • Reassurance

  17. Definition of Purpose Familiarization Preliminary Survey Program Development Field Work Report Findings Follow-Up General Approach to Operational Audits

  18. Definition of Purpose • Broad statement • Must specify precisely • Policies and procedures

  19. Familiarization • Comprehensive knowledge • Study of documentation • Interviews • Documentation by the auditor

  20. Preliminary Survey • Preliminary conclusions • Survey serves as a guide

  21. Program Development • Tailor-made program based upon • What does it contain? • Personnel

  22. Field Work • Executing the program • Analysis • Deficiencies

  23. Report Findings • On final completion of field work • Will include • Exit conference

  24. Operational Audit Report • Simon Greed • Vice President – Operations • Baxter Corporation • 238 Queen Street • Hamilton, Ontario, L9V-5R6 • Dear Mr. Greed: • In September 200X we concluded an operational audit of the data processing operations. • Objectives, Scope, and Approach • The general objectives of this engagement, which were more specifically outlined in our letter dated June 30, 200X, we as follows: • To document, analyze, and report on the status of current operations. • To identify areas that require attention. • To make recommendations for corrective action or improvements. • Our operational audit encompassed the centralized data processing facilities and the on-site computer operations of the company’s retailing division. Our evaluations included both the financial and operational condition of the units. Financial data consulted in the course of our analyses were not audited or reviewed by us, and, accordingly we do not express an opinion or any other form of assurance on them.

  25. The operational audit involved interviews with management personnel and selected operations personnel in each of the units studied. We also evaluated selected documents, files, reports, systems, procedures, and policies as we considered appropriate. After analyzing the data, we developed recommendations for improvements. We then discussed our findings and recommendations with appropriate unit management personnel, and with you, prior to submitting this written report. Findings and Recommendations All significant findings are included in this report for your consideration. The recommendations in this report represent, in our judgment, those most likely to bring about improvements to the operations of the organization. The recommendations differ in such aspects as difficulty of implementation, urgency, visibility of benefits, required investment in facilities and equipment or additional personnel.. The varying nature of the recommendations, their implementation costs, and their potential impact on operations should be considered in reaching your decision on courses of action. (Specific Findings and Recommendations)

  26. Follow-up • To ensure? • Done by whom? • Reexaminations

  27. Compliance Auditing • Laws and regulations • Testing and reporting on whether and organization has

  28. Major impetus • Federal and provincial assistance usually provided to whom? • Thus tests of compliance do what?

  29. Objectives of Compliance Auditing • To determine if there have been violations of • To provide a basis for additional reports on compliance • Two categories • Compliance audit as part of a Financial Statement audit • Compliance with specified authorities

  30. Compliance Audit as Part of a Financial Statement Audit • Governmental organizations are subject to a variety of laws and regulations • Receive funds from various sources • Provided if only certain requirements are met

  31. Auditors perform a number of procedures • Discussing laws and regulations • Reviewing relevant grant and loan agreements • Reviewing minutes

  32. When wording of laws subject to interpretation • Written representations • Assessment of risk • Substantive tests of compliance

  33. Two additional reports • Compliance with laws and regulations • Organizations internal control

  34. Reporting Compliance with Laws and Regulations • The report should: • Describe the scope of the audit • Transactions • Authorities • GAAS • Contain the auditors opinion • Complied with specified authorities • Reservations

  35. AUDITORS’ REPORT To the Honourable Minister responsible for ABC Crown Corporation: We have audited the balance sheet of ABC Crown Corporation as at December 31, 200X, and the statements of income, retained earnings, and cash flows for the year then ended and have issued our report thereon dated February 28, 200Y. We conducted our audit in accordance with generally accepted auditing standards. Those standards require that we plan and perform an audit to obtain reasonable assurance whether the financial statements are free of material misstatement. Further, we have examined the transactions that came to our notice in the course of the above-mentioned audit of the financial statements of ABC Crown Corporation for the year ended December 31, 200X, to determine whether they were in accordance with Part XII of the Financial Administration Act, the regulations, the charter and bylaws of the corporation (and any directives given to the corporation pursuant to the act). Our examination of these transactions was made in accordance with generally accepted auditing standards, and accordingly included such tests and other procedures as we considered necessary in the circumstances. In our opinion, these transactions were, in all significant respects, in compliance with the authorities. Carney, Black and Heath, LLP Chartered Accountants Toronto, Canada February 28, 200Y

  36. May be issued in conjunction with the auditor’s report on the F/S • Discovery of violations • Must consider the effect • Resulting misstatement, if uncorrected

  37. Illegal acts • May be included in the auditor’s report • May instead do the following:

  38. Reporting on Internal Control • How do auditors usually communicate problems with internal control? • Report on internal control differs • Also includes: • Managements responsibility • Description of scope

  39. REPORT ON INTERNAL CONTROL To the Members of Council, Inhabitants, and Ratepayers of the Corporation of the City of Rosebud, Ontario We have audited the balance sheet of the Corporation of the City of Rosebud, Ontario as at June 30, 200X, and the statements of operations for the year then ended and have issued our report thereon dated August 15, 200X. We conducted our audit in accordance with generally accepted auditing standards. Those standards require that we plan and perform an audit to obtain reasonable assurance whether the financial statements are free of material misstatement. In planning and performing our audit of the financial statements of the Corporation of the City of Rosebud, Ontario, for the year ended June 30, 200X, we considered its internal control in order to determine our auditing procedures for the purposes of expressing our opinion on the financial statements and not to provide assurance on the internal control. The management of the Corporation of the City of Rosebud, Ontario, is responsible for establishing and maintaining internal control. In fulfilling this responsibility, estimates and judgments by management are required to assess the expected benefits and related costs of internal control policies and procedures. The objectives of internal control are to provide management with reasonable, but not absolute, assurance that assets are safeguarded against loss from unauthorized use or disposition, and that transactions are executed in accordance with management’s authorization and recorded properly to permit the preparation of financial statements in accordance with generally accepted accounting principles. Because of inherent limitations in any internal control, errors, irregularities, or fraud may

  40. nevertheless occur and not be detected. Also, projection of any evaluation of the internal control to future periods is subject to the risk that procedures may become inadequate because of changes in conditions or that the effectiveness of the design and operation of policies and procedures may deteriorate. • For the purpose of this report, we have classified the significant internal control policies and procedures in the following categories: revenue/receipts, purchases/disbursements, and payroll. • For all of the internal control categories listed above, we obtained an understanding of the design of relevant policies and procedures and whether they they have been placed in operation, and we assessed control risk. • We noted certain significant deficiencies in the design or operation of the internal control, that in our judgment, could adversely affect the entity’s ability to record, process, summarize, and report financial data consistent with assertions of management in the financial statements. • Although temporary loans betweens funds are now being reconciled, they are not reconciled on a timely basis. We suggest that the accounting manager reconcile the funds’ loans monthly. • The computer-prepared revenue, expenditure, and vouchers payable reports are not always reconciled to the general ledger accounts on a timely basis. We recommend that the chief accountant reconcile these reports monthly. • A significant deficiency is a condition in which the design or operation of the specific internal control elements does not reduce to a relatively low level the risk that errors, irregularities, or fraud in amounts that would be material in relation to the financial statements being audited may occur and not be detected within a timely period by employees in the normal course of performing their assigned functions.

  41. We also noted other matters involving the internal control and its operation that we have reported to the management of the Corporation of the City of Rosebud, Ontario, in a separate letter dated August 15, 200X. This report is intended for the information of the audit committee, management, and [specify legislative or regulatory body]. This restriction is not intended to limit the distribution of this report, which is a matter of public record. Carney, Black and Heath, LLP Chartered Accountants Toronto, Canada August 15, 200X

  42. Compliance Audit with Specified Authorities • Authorities refers to • May examine and report on a portion of the entity • May be asked to report on: • Follow GAAS and PS section 5300

  43. Designing Compliance procedures for the Programs • Concerned with significant effect on specific programs • Compliance audit as part of F/S audit concerned with • Must be considered on a program-by-program basis

  44. Thus for the specific program: • Assess risk of significant noncompliance • Then assess control risk • Perform review of internal control • Test the internal controls • Design substantive procedures to test each program for compliance

  45. Evaluating the Results of Compliance for Programs • Consider the frequency of noncompliance • A questioned cost • Evaluation of a questioned cost

  46. Reporting on Compliance on Specific Programs • The report should: • Describe the scope: • Identify entity or portion. • Specify authorities. • GAAS • Auditors opinion: • On compliance. • Reservations.

  47. AUDITOR’S REPORT To the Honourable Minister responsible for Entity Inc.: We have made an examination to determine whether Entity Inc. complied with provisions of Part IV of the Government Agencies Act during the year ended March 31, 200X. Our examination was made in accordance with generally accepted auditing standards, and accordingly included such tests and other procedures we considered necessary in the circumstances. In our opinion, Entity Inc. has complied in all significant respects with the provisions of Part IV of the Government Agencies Act during the year ended March 31, 200X. Carney, Black and Heath, LLP Chartered Accountants Toronto, Canada May 12, 200X

  48. Reporting on Internal Controls Relevant to the Programs • Auditors report provides? • Thus auditor must: • Obtain an understanding of • Perform tests of • No opinion on internal control

  49. Question 25-15: Explain why the Auditor General of Canada performs comprehensive audits rather than simply performing financial audits of various government departments. Question 25-17: What does the term “accountability” mean in the context of comprehensive auditing?

  50. Question 25-18: Why are criteria so important that they are mentioned specifically in Public Sector Accounting Recommendation 5400? What does the term “criteria” mean in this context? Provide an example of a criterion that might be used by an auditor in auditing the passenger service of Via Rail.

More Related