Internal Audits, Governmental Audits, and Fraud Examinations

Internal Audit, Governmental Audit, Module D Internal Audit, Governmental Audit, and Fraud Examination “You have a chance to really learn and improve the business. You build relationships with the board and major business leaders. You can move internal audit to more value-added processes. And it builds your ability to manage people and work with cross-functional teams. - Michael Fung, CFO Wal-Mart North America, on his years spent in internal audit Mod D-2

Module Objectives Define internal auditing; describe internal audit institutions (e.g. IIA); describe how internal auditors interact with independent auditors; explain internal auditors’ independence problems; and list features of internal reports. Define governmental auditing; describe governmental audit institutions (e.g. GAO); describe how governmental auditors interact with independent auditors; explain governmental auditors’ independence problems; and list features of governmental audit reports. Explain the function of standards and measurements in economy, efficiency and program audits. Mod D-3

Module Objectives Describe the Single Audit Act of 1984 in relation to audits of governmental fund recipients. Define fraud examination; describe various engagements performed by fraud examiners. Describe the elements necessary for a successful fraud examination and explain the differences between how fraud examination and external auditors handle evidence. Describe the ways CPAs can assist in prosecuting fraud perpetrators. Mod D-4

INTERNAL AUDITING DEFINED Independent and objective Assurance and consulting activity Adds value and improves an organization’s operations. It helps an organization accomplish its objectives A systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and the governance process. Mod D-5

Internal Audit vs. External Audit Basically- External auditors audit financial statements Internal Auditors audit business systems Mod D-6

Internal Audit Key elements to successful internal audits: Value Added Proactive – look for future problems and opportunities Creative – find new ways to do things Customer-focused Talk to departments and managers about their issues Utilizes all business perspectives understand the business Understand the management process. Where are decisions made Mod D-7

Role of the Internal Auditor Ensure reliability and integrity of information Safeguard assets Ensure compliance with policies and regulations Foster the achievement of organizational objectives and goals Improve operational economy and efficiency Identify areas of business risk Help prevent and detect fraud Coordinate audit activities with external auditors Mod D-8

Standards for the Professional Practice of Internal Audit Attribute Standards 1000 Purpose, Authority, and Responsibility 1100 Independence and Objectivity 1200 Due Professional Care 1300 Quality Assurance and Improvement Program Performance Standards 2000 Managing the Internal Audit Activity 2100 Nature of Work 2200 Engagement Planning 2300 Performing the Engagement 2400 Communicating Results 2500 Monitoring Progress 2600 Management’s Acceptance of Risk Mod D-9

Principles of the IIA Code of Ethics Integrity establishes trust that is the basis for reliance on auditor’s judgment. Objectivity- highest level of professional objectivity in gathering, evaluating, and communicating information balanced assessment of all the relevant circumstances not unduly influenced by self interests or by others Confidentiality respect the value and ownership of information Competency apply the knowledge, skills and experience needed in the performance of internal auditing services. Mod D-10

Audit Applications Financial Audits Examine and evaluate Areas of management concern (e.g. new payment process) Financial information used by internal decision makers (e.g. monthly sales reports) Financial information being sent to outside agencies (e.g. regulatory agencies) Mod D-11

Audit Applications Operational Audits Term is sometimes used synonymously with internal audit. Examine and evaluate Current risks that need to be managed Possible future risks Internal control Quality, effectiveness and efficiency of performance Mod D-12

Audit Applications Compliance Audits The degree the organization conforms to specific requirements Policy and procedures Professional standards Laws, regulations or contracts The audit focuses on the detailed testing of existing conditions and compares them to requirements. Mod D-13

Audit Applications Corporate Governance The board of directors and senior management must have reliable and relevant information to meet their responsibilities Management policies are in effect Strategy decisions are made with the best information Adequate progress toward goals Operating performance is measured and communicated Risk assessment is performed and communicated Effectiveness of proactive risk management. Mod D-14

Audit Applications Performance Auditing Evaluating 1) the efficient and effective use of recourses; 2) progress towards goals or objectives; and/or 3) results of a program are acceptable Identification of performance criteria is critical and may be difficult Mod D-15

Audit Applications Sustainability Audits Corporate social responsibility Auditors may assist Governance Ethics Environmental issues Health, safety and security Human rights and work conditions Mod D-16

Audit Applications Sustainability Audits Auditors may assist management in Establishing a sustainability program Establishing measurement criteria Establishing reporting processes monitoring the sustainability reporting process Mod D-17

Audit Approach Risk-based auditing (RBA) Placing audit resources where the greatest risks exist Fieldwork in internal (and governmental) audits Problem identification Measurement criteria Evidence collection Evidence evaluation Emphasis on management and mitigation of business risk Mod D-18

Audit Findings Include both favorable or unfavorable findings Unfavorable findings should include Condition – what was found Criteria – basis for determining that the condition was improper Cause – why did this happen? Effect – why is this bad? Recommendation – what do you think should be done about this? Mod D-19

Government Auditing Standards (The Yellow Book) Audits must be performed in accordance with GAAS and Generally Accepted Government Auditing Standards (GAGAS) As in a GAAS audit, a report on the fairness of the entity's financial statements is issued. In a GAGAS audit, a report on the entity's compliance with laws and regulations is also issued Illegal acts/ fraud Should be reported to the client unless they are clearly inconsequential. May need to be reported directly to external parties. Mod D-20

Government Auditing Standards (The Yellow Book) In addition to the audit of the entity's financial statements, an examination of a governmental entity introduces the following considerations for the auditor's consideration: Compliance with Laws and Regulation Effectiveness of the Entity’s Internal Control Compliance with the Specific Requirements of Individual Federal Financial Assistance Programs Compliance with Requirements Applicable to All Federal Financial Assistance Programs Mod D-21

Governmental Reporting Usually three reports Report on the financial statements Report on the auditee’s internal control Report on auditee’s compliance with applicable laws and regulations More reports required under Single Audit Act Mod D-22

Single Audit Act Audit Required for entities who receive specified levels of financial assistance from the federal government. Requires the auditor to issue the same reports as those issued in a Government Auditing Standards audit: Opinion on financial statements Compliance with laws and regulations The auditor issues an opinion on Compliance with the Specific Requirements of nonmajor programs Auditor's report on Compliance with the General Requirements Mod D-23

Fraud Examinations Who performs a fraud examinations (sometimes called a fraud audit)? Internal audit Independent auditors Security Certified Fraud Examiners Combination working as a team Mod D-24

Fraud Audits To a fraud examiner fraud is always material It grows Indicates control weaknesses Indicates a lack of integrity by the perpetrator The objective is to uncover fraud when individuals bring forth evidence that indicates that a fraud might exist. Is fraud present? What is the scope of the fraud? Who are the perpetrators? What control weakness allowed this to occur? Mod D-25

Differences Between Audits and Fraud examinations Audit program Procedural approach 3. Look for misstatements 4. Assess controls related to FS 5. Material misstatements Accounting Theory 7. Evidence documented in audit documentation Fraud Audits No set program Procedures defined during investigation Look for patterns Evaluate how controls may be circumvented Fraud is always material Theories of psychology and human behavior Safeguarding assets, recovering assets, and chain of custody for evidence Mod D-26