Presentation is loading. Please wait.

Presentation is loading. Please wait.

12/06/20161 ObjectiveProcess Risk Inherent Risk – risk of not achieving objectives Inherent risk Inherent risk – before the assessment of any controls.

Published byRodger Summers Modified over 7 years ago

Similar presentations

Presentation on theme: "12/06/20161 ObjectiveProcess Risk Inherent Risk – risk of not achieving objectives Inherent risk Inherent risk – before the assessment of any controls."— Presentation transcript:

1 12/06/20161 ObjectiveProcess Risk Inherent Risk – risk of not achieving objectives Inherent risk Inherent risk – before the assessment of any controls

2 12/06/20162 Risk & recommendations IMPACTx Likelihood Root cause – reasons for high likelihood focus: Audit objectives Field work Recommendations Effect – reasons for a high impact focus: Audit objectives Fieldwork Recommendations

3 12/06/20163 Different impacts Financial Financial Service delivery Service delivery Political Political Legal Legal Environmental Environmental Human resources Human resources

4 12/06/20164 Risk index

5 12/06/20165 Risk management strategy 48 369 2468 12345 152025 121620 1215 10 unacceptable risks acceptable risks 5 10

6 12/06/20166 ObjectiveControlProcess Risk Control to minimize risks Residual risk Inherent risk Residual risk – after the assessment of any controls

7 12/06/20167 COSO – all five components must be present and functioning before a control system can be effective Control environment Safeguard assets Compliance with laws, regulations, contracts Reliability and integrity of information Economy, effectiveness and efficiency Risk assessment Safeguard assets Compliance with laws, regulations, contracts Reliability and integrity of information Economy, effectiveness and efficiency Info and commu- nication Safeguard assets Compliance with laws, regulations, contracts Reliability and integrity of information Economy, effectiveness and efficiency Control activity - prevention Safeguard assets Compliance with laws, regulations, contracts Reliability and integrity of information Economy, effectiveness and efficiency Monitoring activities - detection Safeguard assets Compliance with laws, regulations, contracts Reliability and integrity of information Economy, effectiveness and efficiency

8 Practical exercise Process overview flowchart Process overview flowchart SCRE SCRE Audit objective Audit objective Risk areas Risk areas Preventative and detection controls Preventative and detection controls Audit opinion Audit opinion

9 Enter data Application program Suppliers master file Email the change details to supplier Exception reports number of changes Phone call with password to cell phone INPUT OUTPUT PROCESSING Bank EDI Exception reports Frequency

10 Cheque payment/ EFT requisition Enter data Application program Purchase transaction file Cash disbursement transaction file Suppliers master file Accounts payable master file General ledger master file General ledger transaction file Disbursements journal Purchase journal General ledger summary Exception reports and KPI’s Remittance advice Cheque Purchase order Goods received note, supplier delivery note, invoice INPUT OUTPUT DOCUMENTATION PROCESSING

11 Enter data Application program Purchase transaction file Suppliers master file Purchase order Goods received note, supplier delivery note, invoice S C R E

12 To evaluate the adequacy and effectiveness of the controls relating to reliability and integrity of: Asset count forms Asset count forms Asset removal forms Asset removal forms Capturing Capturing Processing Processing Updating the fixed asset register Updating the fixed asset register

13 Enter data Application program Purchase transaction file Suppliers master file Purchase order Goods received note, supplier delivery note, invoice E S S R R R R

14 Audit objective To evaluate the adequacy and effectiveness of controls relating to: Safeguarding of assets in the goods received area Safeguarding of assets in the goods received area Reliability and integrity of information in the: Reliability and integrity of information in the: Capturing phase Capturing phase Processing phase Processing phase Updating the PTF Updating the PTF Updating the SMF Updating the SMF Economic, effective and efficient use of resources in the ordering phase Economic, effective and efficient use of resources in the ordering phase

15 Audit opinion The controls relating to: Safeguarding of assets in the goods received area Safeguarding of assets in the goods received area Reliability and integrity of information in the: Reliability and integrity of information in the: Capturing phase Capturing phase Processing phase Processing phase Updating the PTF Updating the PTF Updating the SMF Updating the SMF Economic, effective and efficient use of resources in the ordering phase Economic, effective and efficient use of resources in the ordering phase Are adequate and effective

16 Audit objective To evaluate the adequacy and effectiveness of controls relating to: Safeguarding of assets (access control) Safeguarding of assets (access control) Allocation of unique supplier profile passwords Allocation of unique supplier profile passwords in the capturing phase in the capturing phase Reliability and integrity of information in the: Reliability and integrity of information in the: Capturing phase Capturing phase Processing phase Processing phase Updating the SMF Updating the SMF Exception reports (quantity and frequency) Exception reports (quantity and frequency) Email confirmations Email confirmations

17 Audit opinion The controls relating to: Safeguarding of assets (access control) Safeguarding of assets (access control) Allocation of unique supplier profile passwords Allocation of unique supplier profile passwords in the capturing phase in the capturing phase To the availability of the suppliers file To the availability of the suppliers file Reliability and integrity of information in the: Capturing phase Capturing phase Processing phase Processing phase Updating the SMF Updating the SMF Exception reports (quantity and frequency) Exception reports (quantity and frequency) Email confirmations Email confirmations Are adequate and effectiveness

18 12/06/201618 Audit objectives To evaluate the adequacy and effectiveness of the internal control systems that ensures S C R E

19 12/06/201619 Audit objectives To evaluate the adequacy and effectiveness of the internal control systems (choose prevention, detection or correction) that ensures S C R E

20 12/06/201620 Audit objectives To evaluate the adequacy and effectiveness of the prevention controls that ensures R – reliability and integrity of information R – reliability and integrity of information

21 12/06/201621 Audit objectives To evaluate the adequacy and effectiveness of the prevention controls that ensures R – reliability and integrity of information R – reliability and integrity of information of the purchase order

22 12/06/201622 Risk response

23 12/06/201623 Objective ControlProcess Risk R > C Inadequate Control assessment C > R Inefficient C = R Adequate/effec tive CoC > CoR Uneconomic

24 12/06/201624 Control analysis Control activity Maintain physical security over goods received Segregate custodial and record keeping functions PreventionDetectionITManual Added value opportunity Computerise to increase efficiency, economy, effectiveness IT management information allows for effective detection controls Detection control allows development of prevention controls

25 12/06/201625 Added value IMPACTx LikelihoodIMPACTxLikelihood Inadequate controls Recommendation = Added value

26 12/06/201626 Finding Clear Clear Concise Concise Factual Factual Inadequate Inadequate Inefficient Inefficient Ineffective Ineffective Uneconomic Uneconomic Audit report - finding

27 12/06/201627 Determine the causes Determine what circumstances, if any, caused identified weaknesses. Determine what circumstances, if any, caused identified weaknesses. Consider materiality of effect, before spending much time determining causes. Consider materiality of effect, before spending much time determining causes. Determine if participants understand both purpose of and their role Determine if participants understand both purpose of and their role Determine if relationship between accounts payable process and other department processes is clear. Determine if relationship between accounts payable process and other department processes is clear. If process occurs at multiple locations, determine nature and scope of communication and coordination among components. If process occurs at multiple locations, determine nature and scope of communication and coordination among components.

28 12/06/201628 Determine if accounts payable process has adequate human, rand, time, and asset resources. If inadequate, determine if resources have been allocated according to materiality of accounts payable process relative to other processes. Negative trends in reports used to monitor outcome(s) - determine if reports are communicated to and used by appropriate parties to modify process. Determine what internal or external constraints or barriers, if any, must be removed in order to overcome these identified weaknesses. Review applicable laws or regulations to determine if any of them prevent necessary changes from being made in the accounts payable process. Determine the causes

29 12/06/201629 Determine the effect Compare actual process to a recommended alternative process(es) and determine if each weakness in department process is material. Materiality can be measured by comparing the rand cost, impact on economy, risks, etc. of actual process to recommended alternative process(es). Compare actual process to a recommended alternative process(es) and determine if each weakness in department process is material. Materiality can be measured by comparing the rand cost, impact on economy, risks, etc. of actual process to recommended alternative process(es). Measurements can be quantitative, qualitative, or both. Measurements can be quantitative, qualitative, or both. Identify benchmarks (industry standards, historical internal data, other comparable departments, etc.) for process in question and compare to actual performance. Identify benchmarks (industry standards, historical internal data, other comparable departments, etc.) for process in question and compare to actual performance. Measure difference, if possible. Measure difference, if possible. Include cost of additional controls or changes in process. Include cost of additional controls or changes in process.

30 12/06/201630 Estimate cost of the actual process and alternative process(es) and compare. Estimate quantity and/or quality of services provided by actual process and by alternative process(es) and compare. Identify risks associated with actual process and with alternative process(es). Measure and compare the risks. Determine the effect

31 12/06/201631 Develop recommendations Develop specific recommendations to correct weaknesses identified as material. Develop specific recommendations to correct weaknesses identified as material. In developing recommendations, consider tailored criteria, kind of process and control weaknesses identified, causes and barriers, effects, and additional resources In developing recommendations, consider tailored criteria, kind of process and control weaknesses identified, causes and barriers, effects, and additional resources Solicit solutions and recommendations from client. Solicit solutions and recommendations from client. Identify alternative solutions used by other business units. Identify alternative solutions used by other business units. Identify solutions for removing barriers. Identify solutions for removing barriers. Provide general guidelines as to objectives each solution should meet; then the department can tailor the solution to its specific situation. Provide general guidelines as to objectives each solution should meet; then the department can tailor the solution to its specific situation. Provide specific information, if available, on how each recommendation can be implemented. Provide specific information, if available, on how each recommendation can be implemented.

32 12/06/201632 Cause – directs recommendation Root cause of the finding What was inherent risk? What was inherent risk? Did management agree? Did management agree? Root cause? Root cause? Lack of budget/staff/skills? Inadequate detection Inadequate management information systems Lack of responsibility and accountability Infrastructure IMPACT Likelihood

33 12/06/201633 Effect Effect What is the effect? What is the effect? How will it be changed? How will it be changed? How will it be monitored? How will it be monitored? Does it reduce accountability? Does it reduce accountability? IMPACT Likelihood

34 12/06/201634 Recommendation Recommendation - teamwork real time-online real time-online detection focused detection focused reduce risk reduce risk change likelihood/root cause change likelihood/root cause reduce effect/impact reduce effect/impact enhance effectiveness, efficiency and economic use of resources enhance effectiveness, efficiency and economic use of resources assign responsibility assign responsibility Recommendation = responsibility

35 12/06/201635 Accept recommendation Accept the risk Management comment

36 12/06/201636 Inadequate Recommend new control that change effect residual risk Recommend new control that change effect residual risk Measure change Measure change Ineffective Non compliance Non compliance Cause Cause Disciplinary action Disciplinary action Audit report - recommendation Inefficient Difference between basic control and best practice Measure change Cost and benefit

37 12/06/201637 Audit report CriteriaCondition Cause and effect Recommendation Management Comment Accept? What? When? Who? How to fix it What? When? Who?

38 12/06/201638 Audit report - process Audit report Finding worksheet -effectiveness – IA - adequacy - AD Review by AD Benchmark and review by DD Quality control Final draft audit report AuditeeComments Final audit report

39 12/06/201639 Audit opinion The prevention controls that ensures R – reliability and integrity of information R – reliability and integrity of information are adequate and effective

40 12/06/201640 COSO – all five components must be present and functioning before a control system can be effective Control environment Safeguard assets Compliance with laws, regulations, contracts Reliability and integrity of information Economy, effectiveness and efficiency Risk assessment Safeguard assets Compliance with laws, regulations, contracts Reliability and integrity of information Economy, effectiveness and efficiency Info and commu- nication Safeguard assets Compliance with laws, regulations, contracts Reliability and integrity of information Economy, effectiveness and efficiency Control activity - prevention Safeguard assets Compliance with laws, regulations, contracts Reliability and integrity of information Economy, effectiveness and efficiency Monitoring activities - detection Safeguard assets Compliance with laws, regulations, contracts Reliability and integrity of information Economy, effectiveness and efficiency

41 12/06/201641 Audit opinion - adequacy & efficiency Controls are EfficientInefficient Adequate12 Partially adequate 34 InadequateN/A5/6

42 12/06/201642 Audit report CriteriaConditionCause Finding Recommendation Management Comment Effect AccountabilityResponsibility Accept the recommendation or accept the risk! Include in job descriptions! Root cause analysis Title of the finding

43 12/06/201643 Follow up Audit scope and objectives Document system (POF) Identify weaknesses Inadequate opinion No compliance work Recommendations Follow up audit Adequate controls Effectiveness audit Likelihood assessment ADD VALUE

44 12/06/201644 Follow up Identify the Scope for the Follow-up Audit Select the Sample Size and Items to be Tested Execute the Audit Work Develop Informal Queries and Discuss with the Client Report to Management

Download ppt "12/06/20161 ObjectiveProcess Risk Inherent Risk – risk of not achieving objectives Inherent risk Inherent risk – before the assessment of any controls."

Similar presentations

Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.

Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Internal Control.

Internal Control.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Eliot M. Stenzel, CPA,CIA IIA Instructor for many years. 220-3198 Risk Based Auditing.

Eliot M. Stenzel, CPA,CIA IIA Instructor for many years Risk Based Auditing.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS

IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.

Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
INTERNAL CONTROLS. Session Objectives Understand why an organization should have internal controls Understand the key components of internal controls.

INTERNAL CONTROLS. Session Objectives Understand why an organization should have internal controls Understand the key components of internal controls.
Auditing the Purchasing Process

Auditing the Purchasing Process
IA Clinic. การเตรียมการตรวจสอบ แผนการ ตรวจสอบ แผนการ ปฏิบัติงาน ตรวจสอบ หารือ หน่วยรับตรวจ รายงานผล การตรวจสอบ ติดตามผล การตรวจสอบ ผลการประเมินความเสี่ยง.

IA Clinic. การเตรียมการตรวจสอบ แผนการ ตรวจสอบ แผนการ ปฏิบัติงาน ตรวจสอบ หารือ หน่วยรับตรวจ รายงานผล การตรวจสอบ ติดตามผล การตรวจสอบ ผลการประเมินความเสี่ยง.
INTRODUCTION TO PUBLIC FINANCE MANAGEMENT Module 3.2 -Internal Control & Audit.

INTRODUCTION TO PUBLIC FINANCE MANAGEMENT Module 3.2 -Internal Control & Audit.
Control and Accounting Information Systems

Control and Accounting Information Systems

Similar presentations

Ads by Google