Module D Internal Auditing - PowerPoint PPT Presentation

1 / 52
About This Presentation
Title:

Module D Internal Auditing

Description:

Internal auditing is an independent, ... It helps an organization accomplish its objectives by bringing a systematic, ... squeaky wheel gets the grease ... – PowerPoint PPT presentation

Number of Views:115
Avg rating:3.0/5.0
Slides: 53
Provided by: jackar
Category:

less

Transcript and Presenter's Notes

Title: Module D Internal Auditing


1
Module D Internal Auditing
2
Introduction
  • Definition of internal auditing
  • Internal auditing is an independent, objective
    assurance and consulting activity designed to add
    value and improve an organizations operations.
    It helps an organization accomplish its
    objectives by bringing a systematic, disciplined
    approach to evaluate and improve the
    effectiveness of risk management, control, and
    governance processes

3
Introduction
  • Users of internal auditing
  • Any type of organization can benefit from
    internal auditing
  • Used by corporations, not-for-profit
    organizations, and governments

4
Introduction
  • What is internal auditing?
  • It provides services to management
  • that risks to the organization are understood and
    managed appropriately
  • by providing an in-house consulting function
  • Every organization, regardless of size, should
    have some type of internal audit process

5
History
  • History of internal auditing
  • Traced to early 1900s
  • Evolved from the accounting function
  • Originally a very clerical function
  • Many corporations began using IA function

6
Professional Organizations
  • Institute of Internal Auditors
  • Established in 1941
  • 84,000 members in 120 countries
  • Established a code of conduct for internal
    auditors
  • Established professional standards for internal
    auditing
  • gt80 IIA chapters worldwide

7
Certifications
  • Certified Internal Auditor
  • In existence for 30 years
  • About 40,000 worldwide
  • Shows competence in the principles and practices
    of internal auditing

8
Professional Certifications
  • CIA - Certified Internal Auditor
  • CCSA - Control Self-Assessment Auditor
  • CGAP - Certified Government Auditing Professional
  • CFSA - Certified Financial Services Auditor

9
Standards
  • Source of standards IIA
  • The Standards are part of the Professional
    Practices Framework includes definitions, Code
    of Ethics, and the Standards
  • Latest standards issued in 2001

10
Purpose of the standards
  • Delineate basic principles that represent the
    practice of internal auditing as it should be
  • Provide a framework for performing and promoting
    a broad range of value-added internal audit
    activities

11
Purpose of the standards
  • Establish the basis for the measurement of
    internal audit performance
  • Foster improved organizational processes and
    operations

12
Categories of standard
  • Attribute standards (1000 series)
  • address the characteristics of organizations and
    individuals performing internal audit activities

13
Categories of standard
  • Performance standards (2000 series)
  • describe the nature of internal audit activities
    and provide quality criteria against which the
    performance of these services can be measured
  • attribute and performance standards apply to
    internal audit services in general

14
Categories of standard
  • Implementation standards
  • apply the Attribute and Performance Standards to
    specific types of engagements
  • there are only one set of Attribute and
    Performance standards, but there can be multiple
    sets of Implementation Standards

15
Overview of Internal Auditing
  • 9 Step Process

16
Selection of the auditee (step 1)
  • Auditee the part of the organization being
    audited
  • Systematic selection
  • annually, IA department compiles list of possible
    audits
  • rank list by probability of loss
  • precise probability of loss difficult to compute
  • make best estimate of potential loss and
    probability of loss

17
Selection of the auditee (step 1)
  • auditees with higher levels of risk are scheduled
    first
  • those with lower risks are scheduled later if
    time and resources permit

18
Selection of the auditee (step 1)
  • Ad hoc audits
  • squeaky wheel gets the grease
  • management or BoD identify problem area that
    needs immediate attention
  • example receive notice that loan repayment is
    due, but loan is not recorded in books BoD may
    direct IA department to begin immediate review
    over the loan processing procedures

19
Selection of the auditee (step 1)
  • Auditee requests
  • a manager may feel that he needs the impute of
    the IA department to evaluate the operations in
    his division
  • because of various factors (internal politics,
    PR, etc.) IA department may rank request higher
    than original risk ranking

20
Audit planning (step 2)
  • Similar to external audit, except for
    determination of scope and objectives
  • Determination of objectives and scope of audit is
    an important step in an internal audit
  • there are not standard objectives as in an
    external audit

21
Audit planning (step 2)
  • Objectives of the audit
  • the purpose of the audit
  • e.g., examine economy and efficiency, examine
    program results, study and evaluate internal
    control structure, financial statement type audit
    procedures, etc.

22
Audit planning (step 2)
  • Scope relates to the specific parts of the
    organization and information system that will be
    audited
  • focus may be on a narrow or broad aspect of
    operations
  • depth may be superficial or very in-depth
  • after both objectives and scope specified, can
    estimate the necessary resources needed (size of
    audit team, time, travel, etc.)

23
Audit planning (step 2)
  • Study of background information
  • interviews with management
  • learn about auditees policies and procedures
  • look for concerns the auditee may have from
    previous audits
  • look for attitudes of auditee toward control
    consciousness and auditors

24
Audit planning (step 2)
  • Review reports from previous audits
  • some argue that the review of files from previous
    audits should not be done until after completion
    of the preliminary survey
  • they believe it could unduly influence you toward
    previous audit procedures and results
  • others believe reviewing files from previous
    audits now allows you to be better prepared for
    the preliminary survey

25
Audit planning (step 2)
  • Selection of audit team
  • Makeup of audit team (for large audit smaller
    audits fewer people)
  • CAE has overall responsibility provides final
    review and approval for major steps in audit
    process (i.e., selection of auditee, approval of
    objectives and scope, audit program, report)

26
Audit planning (step 2)
  • manager responsible for overall coordination of
    audit work (i.e., selecting audit team,
    scheduling audit, reviewing all audit
    documentation)
  • senior auditor responsible to conduct the audit
    and coordinate the day-to-day activities
  • staff auditor responsible for doing most of the
    routine audit work

27
Audit planning (step 2)
  • Preliminary communication with auditee
  • notify auditee of dates for the audit
  • this allows the auditee to make necessary
    preparations to accommodate the auditors (e.g.,
    access to records, facilities, access to
    employees, etc.)

28
Audit planning (step 2)
  • Preparation of preliminary audit program
  • contains
  • objectives and scope of audit
  • questions to be asked at preliminary survey
  • procedures to be carried out
  • evidence to be examined

29
Audit planning (step 2)
  • Planning the audit report
  • the audit report communicates the results of
    audit findings
  • however, beginning to think of the report now is
    useful
  • determine who will write the report
  • determine who will review and edit the report
  • determine when report will be presented to
    auditee
  • schedule closing conference date and location
  • select alternative dates

30
Preliminary survey (step 3)
  • Objectives of preliminary survey
  • gain initial impressions of auditee
  • gather preliminary evidence for further planning
  • gain cooperation of auditee

31
Preliminary survey (step 3)
  • Opening conference
  • between audit team and auditee management
  • outlines audit schedule to coordinate with
    auditees activities

32
Preliminary survey (step 3)
  • On-site tour
  • auditors learn nature of auditees operations,
    work climate, physical facilities,
    interrelationships with other departments, work
    flow

33
Preliminary survey (step 3)
  • Document study
  • determine what documents exist, how they are
    organized, how they are stored, whether they have
    adequate security
  • Written description
  • document auditees operations
  • Conduct analytical procedures
  • helps to better understand auditees operations,
    and for planning additional audit procedures

34
ICS description, analysis, and evaluation (step
4)
  • Preparing a description of controls
  • documented in flowcharts, questionnaires, or
    narratives

35
ICS description, analysis, and evaluation (step
4)
  • Conduct walk-through tests
  • helps to identify critical control points (where
    potential risks are at their highest)
  • documentation walk-through
  • tracing each step of a transaction through the
    organizational records
  • procedural walk-through
  • performing the procedures yourself during the
    walk-through

36
ICS description, analysis, and evaluation (step
4)
  • Testing of controls
  • determine effectiveness of controls
  • e.g., testing quality controls
  • select sample of rejected items and sample of
    accepted items
  • make sure each meet the criteria to be classified
    as they were
  • look for persuasive evidence
  • audit evidence rarely provides absolute certainty

37
ICS description, analysis, and evaluation (step
4)
  • Evaluation
  • reach conclusions about the quality of the
    internal control system with regard to objectives
    and risks
  • matrix method
  • column 1 critical control points
  • column 2 potential risks
  • column 3 proper control methods
  • column 4 evaluation of auditees controls

38
ICS description, analysis, and evaluation (step
4)
  • Risk reassessment
  • determine if any changes are needed in objectives
    or scope of audit
  • determine how much, if any, expanded audit work
    is needed

39
ICS description, analysis, and evaluation (step
4)
  • First risk assessment was done to rank potential
    auditees
  • this reassessment considers additional evidence
    gathered
  • leads to two possible paths
  • do no additional testing
  • believe would provide little additional
    information
  • believe, even if find additional information,
    other audits are more important
  • do additional testing

40
Expanded testing (step 5)
  • Expand audit program
  • Determine additional resources needed
  • additional auditors
  • additional time
  • additional travel funds
  • Perform additional tests

41
Findings and recommendations (step 6)
  • Develop findings and determine changes necessary
    to improve operations
  • Findings include
  • conditions as actually observed
  • criteria used to evaluate the conditions
  • risk associated with the observed problems
  • causes of the problems

42
Findings and recommendations (step 6)
  • Recommendations may be
  • make no change
  • the problems investigated were not actually
    problems
  • the problems are not as serious as originally
    believed
  • add new controls or modify existing controls

43
Findings and recommendations (step 6)
  • Recommendations may be
  • obtain insurance to mitigate the risks
  • there are no controls that could be added or
    modified
  • insurance is more cost effective
  • recommend an increase in the required rate of
    return for this activity
  • controls cannot be modified
  • insurance is not available or cost prohibitive

44
Reporting (step 7)
  • The IA departments reputation is largely based
    on audit reports
  • it is the only formal presentation of the IAs
    expertise and performance

45
Reporting (step 7)
  • Report addresses audits
  • objectives
  • scope
  • procedures
  • findings
  • recommendations

46
Reporting (step 7)
  • Who writes the report?
  • one person or team effort?
  • Presentation of report
  • done at the closing conference
  • if auditee has previous opportunity to view
    report
  • interaction on findings and recommendations takes
    place

47
Reporting (step 7)
  • If misunderstandings or conflicts are unresolved
  • auditee may prepare formal response to audit
    report
  • audit report and auditees response are submitted
    to top executives and/or BoDs
  • some IA departments include auditees responses
    (whether positive or negative) in the audit report

48
Reporting (step 7)
  • Some auditors believe that the IA department
    report should not make recommendations but only
    present alternatives and let top management
    determine the action to follow without IAs
    recommendations

49
Follow-up (step 8)
  • Steps
  • top management determines if and when audit
    recommendations will be implemented
  • auditee makes changes
  • IA department examines the effect of the changes

50
Follow-up (step 8)
  • Some auditors believe all follow-up examinations
    should be conducted by the auditee under the
    supervision of top management
  • Follow-up (regardless of who performs it) is
    necessary or cannot evaluate the benefit of
    internal auditing

51
Evaluation of the audit (step 9)
  • Evaluation made by the auditors of their own
    performance
  • determine any ongoing concern
  • evaluate effectiveness of audit
  • identify any procedures in conduct of audit that
    should be changed

52
Evaluation of the audit (step 9)
  • Conduct performance of audit team
  • used as basis of promotions, salary adjustments,
    continuing employment status
Write a Comment
User Comments (0)
About PowerShow.com