Presentation is loading. Please wait.

Presentation is loading. Please wait.

Section Topics Initiate preliminary communication with engagement client Conduct a preliminary survey of the area of engagement Complete a detailed risk.

Published byMartina Logan Modified over 8 years ago

Similar presentations

Presentation on theme: "Section Topics Initiate preliminary communication with engagement client Conduct a preliminary survey of the area of engagement Complete a detailed risk."— Presentation transcript:

1 Section Topics Initiate preliminary communication with engagement client Conduct a preliminary survey of the area of engagement Complete a detailed risk assessment of the area (prioritize or evaluate risk/control factors) Coordinate audit engagement efforts Establish/refine engagement objectives and identify/ finalize the scope of engagement Identify or develop criteria for assurance engagements (criteria against which to audit) Consider the potential for fraud when planning an engagement Determine engagement procedures Determine the level of staff and resources needed for the engagement Establish adequate planning and supervision of the engagement Prepare engagement work program Part 1, Section 4

2 Part 1, Section 4, Introduction
Engagement, Defined “A specific internal audit assignment, task, or review activity, such as an internal audit, control self-assessment review, fraud examination, or consultancy” Engagement planning helps to ensure that: Meaningful work is performed. Audit deliverables add value to the organization. Audit resources are used efficiently and effectively. Part 1, Section 4, Introduction

3 Elements of the Engagement Program
The engagement program should: State the engagement objectives. Identify technical requirements, objectives, risks, processes, and transactions that are to be examined (i.e., audit scope). State the nature and extent of testing required. Document the internal auditor’s procedures. Be prepared prior to the start of engagement work and modified, as appropriate, during its course, with the approval of the CAE or designee. Practice Advisory , “Engagement Planning” Part 1, Section 4, Topic 1

4 Initial Client Communication
Planned objectives and scope Resources and timing of work Internal auditor assignments Communication methods, time frames, and individuals who will be responsible Business conditions and operations of the areas being reviewed, including recent changes Concerns and/or requests of management Practice Advisory , “Engagement Planning” …Plus practical considerations, logistics, and tactical aspects Part 1, Section 4, Topic 1

5 Why Conduct a Preliminary Survey?
Main purposes Realistic outcomes To become familiar with the activities, risks, and controls To identify areas for engagement emphasis To invite comments and suggestions from engagement clients Clarification of: Purpose of the internal audit Engagement objectives, scope, and timing Processes to be audited Area objectives, related risks, and controls Internal audit resources to be used Relevant standards Part 1, Section 4, Topic 2

6 Preliminary Survey Element—Engagement Client Input
Description Considerations Discussions about: Operational objectives or goals Level of compliance Key processes Organizational structure Information systems Identified key risks Current controls Can be helpful with subsequent analytical reviews, testing, and benchmarking Part 1, Section 4, Topic 2

7 Preliminary Survey Element—Analytical Reviews
Description Considerations Examine relationships among information. Identify discrepancies in information: Unexpected differences. No differences. Apply the concept of “reasonableness.” Part 1, Section 4, Topic 2

8 Discussion Question Identify the analytical review technique described in the example. Answers: Ratio analysis Examines sales of inventory across four quarters Compares the liquidity position of different divisions Evaluates retention goals with employee turnover statistics Compares data from repetitive audits Variance analysis Variance analysis Trend analysis Part 1, Section 4, Topic 2

9 Discussion Question Comparing the liquidity ratio of a small entry firm with an industry giant shows significant deviation. The most probable determination by the internal audit based on this data finds the deviation to be reasonable. True False Answer: A. The difference is to be expected. Further, the comparison is not particularly meaningful because the one party is so dominant. Part 1, Section 4, Topic 2

10 Preliminary Survey Element—Benchmarking
Description Considerations Compares performance measures against those of an internal or external group Determines areas for potential improvement and identifies best practices Numerous sources Choice influenced by: Ease of access to the information Caliber of information sought Part 1, Section 4, Topic 2

11 Levels of Benchmarking
Internal Compares similar information within an entity. Competitive Compares measures with similar measures of direct competitors, either locally, nationally, or worldwide. Functional Compares processes to organizations with similar processes in the same function but in a different industry. Generic Compares measures with those of organizations that are best in class. Part 1, Section 4, Topic 2

12 Discussion Question Identify the levels of benchmarking described below. Answers: Competitive Compares management career paths between two computer manufacturers Compares domestic and international operations Compares disaster recovery plans for a television station and a newspaper Compares internal performance to best in class Internal Functional Generic Part 1, Section 4, Topic 2

13 Preliminary Survey Element—Interviews
Description Considerations Structured discussion to: Facilitate a high-level dialogue. Secure management perspective. Clarify information about the area to be audited. Collect additional necessary information. Provide an observation of activities to be audited. Allow an internal auditor to: Explain the internal audit process. Build rapport with the client. Request the client’s buy-in. Part 1, Section 4, Topic 2

14 Successful Interview Elements
Planning Opening Conducting Closing Documenting Evaluating Part 1, Section 4, Topic 2

15 Preliminary Survey Element— Prior Audit Reports and Relevant Documents
Description Considerations Study of permanent files and previous internal audit working papers findings, reports, replies, auditor comments, photographs, and other related information relevant to the current audit. Can include documentation in any format. Part 1, Section 4, Topic 2

16 Discussion Question The evaluation of internal controls for a co-sourced payroll function is part of the regular rotation. In addition to the permanent files from past internal audits, which of the following should be reviewed? (Select all that apply.) Literature on industry practices Statements of authority Performance reports Third-party audit reports of the payroll provider Answer: All of these are appropriate for review. Part 1, Section 4, Topic 2

17 Preliminary Survey Element—Map Processes
Description Considerations Documentation of operational processes: Flowcharts Narratives Internal control questionnaires (ICQs) Block diagrams Reveal the physical flow of material and documents Promote an understanding of the operation’s processes and process control points Part 1, Section 4, Topic 2

18 Map Process—Flowcharts
Principles Benefits/Concerns Graphical representation of actual or ideal path. Illustrate the relationship of various steps and control points. Identify what the process does or should do. Internal auditors may review existing flowcharts or prepare new ones. Provide a clear picture of how a process works. Provide a common reference point and standard language. Must be accurate and kept current. Should avoid unnecessary complexity. Part 1, Section 4, Topic 2

19 Discussion Question Identify the flowchart formats described below as horizontal, vertical, or both. Answers: Both Uses a rectangle to indicate a process and a diamond to indicate a choice point Emphasizes the flow of the steps in the overall process, moving from left to right May use footnotes to direct the reviewer to narratives describing the process steps Emphasizes process flow and leaves considerable room outside the diagram for descriptions of the steps Horizontal Both Vertical Part 1, Section 4, Topic 2

20 Map Process—Narratives
Principles Benefits/Concerns Provide a step-by-step picture in a single document without the use of detailed symbols or keys. Identify key controls and cases of under- or over-control and processing redundancy. Can provide more detailed information than flowcharts. Are flexible and facilitate open-ended questioning. May not be complete enough. Lack of standardization can lead to omissions or difficult interpretation. Part 1, Section 4, Topic 2

21 Map Process—ICQs Principles Benefits/Concerns
Pre-constructed array of questions used to elicit key information about internal control Start with a known or desired answer and then seek specific comments May be completed by the auditor or directly by the business area Efficient and easy to use Provide a checklist to help with further evaluation Limited to questions with yes/no answers Do not provide for in-depth investigation Require knowing what the procedures should be Part 1, Section 4, Topic 2

22 Map Process—Block Diagrams
Principles Benefits/Concerns Pictorial representations of a process or activity Include a series of boxes (or other shapes) and connecting lines to indicate association and direction/order Useful for high-level representations Quick and simple to construct; may be used in lieu of flowcharts Can show the flow of information and organizational arrangements Not appropriate for detailed analysis Part 1, Section 4, Topic 2

23 Preliminary Survey Element—Checklists
Description Considerations Reminder lists used to establish and maintain order during an engagement. Support important administrative tasks and help to establish consistency and completeness. Different formats are possible. Guide the internal audit activity and help fulfill the scope. Part 1, Section 4, Topic 2

24 Discussion Question Which of the following information is appropriate to include when summarizing preliminary survey results? (Select all that apply.) Significant engagement issues Engagement objectives and procedures Evidence of regulatory compliance Potential excess controls Answer: I, II, and IV. While important information, evidence of regulatory compliance would be more pertinent during the engagement. Part 1, Section 4, Topic 2

25 Reinforcing Activity 1-9
Part 1, Section 4, Topic 2 Conduct a Preliminary Survey of the Area of Engagement Part 1, Section 4, Topic 2

26 Performance Standard 2201, “Planning Considerations”
“In planning the engagement, internal auditors must consider: The objectives of the activity being reviewed and the means by which the activity controls its performance; The significant risks to the activity, its objectives, resources, and operations and the means by which the potential impact of risk is kept to an acceptable level; The adequacy and effectiveness of the activity’s risk management and control processes compared to a relevant control framework or model; and The opportunities for making significant improvements to the activity’s risk management and control processes.” Part 1, Section 4, Topic 3

27 Engagement Objectives
Address the risks associated with the activity under review. For planned engagements, the objectives proceed and align to those initially identified during the risk assessment process. For unplanned engagements, the objectives are established prior to the start and are designed to address the specific issue that prompted the engagement. Practice Advisory , “Engagement Objectives” Part 1, Section 4, Topic 3

28 Consideration of Management’s Risk Assessment
The internal auditor will want to take into account: The reliability of management’s assessment of risk. Management’s process for monitoring, reporting, and resolving risk and control issues. Management’s reporting of events that exceeded the limits of the organization’s risk appetite and management’s response to those reports. Risks in related activities relevant to the activity under review. Practice Advisory 2210.A1-1, “Risk Assessment in Engagement Planning” Part 1, Section 4, Topic 3

29 Use of a Risk Control Matrix
Steps Identify business objectives. Identify risks to business objectives. Rate each risk in terms of likelihood and significance (L/S). Identify the controls. Evaluate the adequacy of controls. Test the effectiveness of controls. Arrive at the final opinion on adequacy and effectiveness of controls. Benefits Focuses the audit on the areas of greatest risk. Documents the complete thought process from risk identification to audit program development. “Teaches” the risk assessment thought process. Facilitates participatory auditing. 1 2 3 4 5 6 7 Part 1, Section 4, Topic 3

30 Reinforcing Activity 1-10
Part 1, Section 4, Topic 3 Complete a Detailed Risk Assessment of the Area (Prioritize or Evaluate Risk/Control Factors) Part 1, Section 4, Topic 3

31 Coordination and Cooperation with External Auditors and Regulatory Agencies
Helps combat rising costs for engagements. Minimizes redundancies in audit activities. Helps focus engagement activities on the most significant areas. Provides the most meaningful results to management. Economy Efficiency Effectiveness Part 1, Section 4, Topic 4

32 Engagement Objectives, Defined
“Broad statements developed by internal auditors that define intended engagement accomplishments” Engagement procedures are the means to attain engagement objectives. Engagement objectives and procedures, taken together, define the scope and should address the associated risks. Part 1, Section 4, Topic 5

33 Discussion Question Which of the following is an example of an assurance engagement objective? Validate the accuracy of reporting. Hire a chief compliance officer. Increase international market share. Reduce processing time for customer orders. Answer: A. Engagement objectives are the internal auditor’s means for determining how well operating objectives are being met. Part 1, Section 4, Topic 5

34 Broad Categories of Engagement Objectives
Profitability Delivery of excellent products and services Reduced processing time Safeguarding of assets Support of organizational mission and vision and appropriate work environment Effectiveness and efficiency of operations Reliability of reporting Maintenance of accurate financial records Collection of useful, reliable, and timely information for decision-making Compliance Compliance with applicable laws and regulations Compliance with internal policies and procedures Part 1, Section 4, Topic 5

35 Engagement Scope Establishes the boundaries of the internal audit
Identifies what the internal auditor will do May include a description of the nature and extent of the audit work May include supportive information such as the time period Part 1, Section 4, Topic 5

36 Reinforcing Activity 1-11
Part 1, Section 4, Topic 5 Establish/Refine Engagement Objectives and Identify/Finalize the Scope of Engagement Part 1, Section 4, Topic 5

37 Discussion Question All of the following are examples of generally accepted criteria for assurance engagements EXCEPT control frameworks. management objectives. acts and regulations. industry best practices. Answer: B. Management objectives are not generally accepted as suitable criteria. A, C, and D are required by the Standards. Part 1, Section 4, Topic 6

38 Fraud Risk The probability that fraud will occur and the potential severity or consequences when it occurs Often based on: Ease of action Motivational factors leading to fraud The company’s fraud history Part 1, Section 4, Topic 7

39 Fraud Triangle Rationalization Motive Opportunity
Part 1, Section 4, Topic 7

40 Inadequacy of controls in place
Fraud Red Flags Signs indicating the: Inadequacy of controls in place Possibility that some perpetrator has committed fraud Only warning signs; not proof Part 1, Section 4, Topic 7

41 Discussion Question Which of the following exemplify fraud red flags? (Select all that apply.) Ignoring corporate policies for bid requirements High volume of manually prepared disbursement checks Accomplishment of established goals and objectives for a special program Missing or easy access to blank checks Answer: I, II, and IV. The specific nature of the engagement and the judgment skills of the internal auditor help to identify the relevant types of fraud and red flags for inquiry. Part 1, Section 4, Topic 7

42 Guidelines for Assessing Fraud Risk
Use the organization’s enterprise risk management model (if one exists). Otherwise: Understand fraud schemes that pose threats. Use a risk model (e.g., COSO) to map and assess vulnerability. Consider costs and benefits and whether fraud could be committed by an individual or requires collusion. Consider potential negative effects. Part 1, Section 4, Topic 7

43 Effective Fraud Risk Assessment
Is performed on a systematic and recurring basis Considers possible fraud schemes and scenarios Assesses risk across multiple levels Evaluates likelihood, significance, and pervasiveness Assesses exposure arising from each category of fraud risk Is performed with the involvement of appropriate personnel Considers management override of controls Is updated when special circumstances arise Part 1, Section 4, Topic 7

44 Reinforcing Activity 1-12
Part 1, Section 4, Topic 7 Consider the Potential for Fraud When Planning an Engagement Part 1, Section 4, Topic 7

45 Discussion Question Which of the following are factors shaping engagement procedures? (Select all that apply.) Internal auditor’s judgment Level of evaluation necessary Client’s reputation Training needs of new staff Answer: I and II. Engagement procedures are the means to attain engagement objectives. Part 1, Section 4, Topic 8

46 Types of Evidence Audit evidence Legal evidence
Facts used to support audit opinions, conclusions, and recommendations Can be: Physical Documentary Representations (testimonials) Analytical Major types include: Best evidence Secondary evidence Direct evidence Conclusive evidence Circumstantial evidence Corroborative evidence Opinions Hearsay Part 1, Section 4, Topic 8

47 Other Evidence Considerations
Availability of audit evidence Confidentiality of evidence Access to necessary evidence Part 1, Section 4, Topic 8

48 Resource Considerations
The number and experience level of the internal audit staff Knowledge, skills, and other competencies of the internal audit staff Availability of external resources where additional knowledge and competencies are required Training needs of internal auditors Practice Advisory , “Engagement Resource Allocation” Part 1, Section 4, Topic 9

49 Planning and Supervision Considerations
Achievement of engagement objectives Staff competency Travel arrangements On-site logistics Assignments Team communication and supervision Team development Part 1, Section 4, Topic 10

50 Engagement Work Program, Defined
“A document that lists the procedures to be followed during an engagement, designed to achieve the engagement plan” Also called audit program during assurance engagements Becomes guidance for Performance Standard 2300, “Performing the Engagement” Part 1, Section 4, Topic 11

51 Benefits of an Engagement Work Program
Provides documentation that can be used to secure management approval Provides an outline of work to be performed and facilitates an understanding of the audited unit Furnishes evidence that the work is adequately planned Provides a record for management review Provides assurances that all risks have received adequate consideration Assists in controlling work and assignment responsibilities Gives order and coherence to the audit Part 1, Section 4, Topic 11

52 End of Section 4 Questions? Part 1, Section 4

Download ppt "Section Topics Initiate preliminary communication with engagement client Conduct a preliminary survey of the area of engagement Complete a detailed risk."

Similar presentations

Internal Audit Documentation and Working Papers

Internal Audit Documentation and Working Papers
How to Document A Business Management System

How to Document A Business Management System
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Audit Planning and Analytical Procedures Chapter 8.

Audit Planning and Analytical Procedures Chapter 8.
Planning the Audit; Linking Audit Procedures to Risk

Planning the Audit; Linking Audit Procedures to Risk
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Chapter 9 The Study of Internal Control and Assessment of Control Risk

Chapter 9 The Study of Internal Control and Assessment of Control Risk
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
The Information Systems Audit Process

The Information Systems Audit Process
Purpose of the Standards

Purpose of the Standards
Auditing II Unit 1 : Audit Procedures Unit 2: Audit of Limited Companies Unit 3: Audit of Government Companies.

Auditing II Unit 1 : Audit Procedures Unit 2: Audit of Limited Companies Unit 3: Audit of Government Companies.
Lecture 8 Understanding entity and its environment

Lecture 8 Understanding entity and its environment
ISA 220 – Quality Control for Audits of Historical Financial Information

ISA 220 – Quality Control for Audits of Historical Financial Information
Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.

Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.
Planning an Internal Audit JM García Merced. Brainstorm.

Planning an Internal Audit JM García Merced. Brainstorm.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.

D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
Audit objectives, Planning The Audit

Audit objectives, Planning The Audit

Similar presentations

Ads by Google