1. Internal Audit & Accounting Systems Review
Chapter 2
Internal Audit & Accounting Systems Review

2. The Internal Audit Function
The internal audit function relates to the design, implementation, evaluation and testing of internal controls in an organisation. The internal audit function looks at all the sub systems within an organisation and also evaluates the risks facing an entity – in particular the control risk (ie. incorrect recording of transactions or loss of an asset)

3. The Internal Audit Function
Internal Auditors should be an independent section of an organisation and report directly to management The internal audit function can be carried out by employees of an organisation or it can be outsourced to external consultants

4. Types of Engagements
Compliance Audits – an examination of an accounting system to assess compliance with a set of conditions, policies or legislation
Operational/Performance Audits – examination of a firm’s operations to assess its adequacy, efficiency and effectiveness

5. Internal Audit/External Audit
Aspect
External Audit
Internal Audit
Work Carried Out by:
Professional Auditor
As staff member in a firm/consultant
Aim:
Report to Shareholders
Assist Management
Timing of Audit:
Near end of financial year
Throughout year
Objective of Audit:
To review fair presentation and give an opinion of the financial statments
To maintain internal control systems
Independence Of Audit:
Independent from client
Independent within the organisation but still an employee or consultant
Fraud Detection:
Only concerned if put on guard in the audit
Directly concerned with prevention and detection

6. Internal Audit/External Audit
Methods used by both are the same, difference is external auditor’s objective is the give an opinion on the financial statements, internal auditor is told their objective by management. Internal auditor is more concerned with the maintenance and improvement of the system that will lead to improved effectiveness and efficiencies and guard against fraud and irregularities.

7. Compliance Audits
Compliance audits involve the auditor assessing performance against set benchmarks.
Examples include:
Are procedures being followed?
Tax Compliance
Workplace Heath and Safety Review

8. Operational/Performance Audits
Concerned with efficiency, effectiveness and making improvements.
Examples include:
Improve the debtor invoicing system
Improve on-line supply management chain
Review security and safeguards in relation to cash and inventory

9. Internal Audit and Accounting Systems Work
Before commencing an audit an auditor, whether internal or external, needs to gain an understanding of the client and their system, then plan and perform the audit.
Three steps involved in understanding and assessing internal controls:
Obtain and document understanding of internal controls
Assess risk of material misstatement and design further audit procedures
Perform tests of controls and evaluate results

10. Stages of a Detailed Internal Control Review
Gain knowledge of the client
Clarify the brief of the client
Divide the overall finance system into subsystems
Look at inputs, the audit trial and timing of processing
Consider reporting aspects for each subsystems
Compile flowcharts and questionnaires for each subsystem
Inspect, observe and inquire how subsystems and related controls work

11. Stages of a Detailed Internal Control Review
Carry out preliminary evaluations of controls
Compile an initial report to management on weaknesses
List weaknesses of each subsystem
Design control improvements and enhancements, bear in mind cost/benefit analysis
Implement control improvements and enhancements
Monitor controls
Report to management on weaknesses found in the compliance testing stage

12. Documenting Subsystems and Internal Controls
The documentation needed will depend on the size of the organisation. If a large complex entity may need flowcharts , questionnaires and decision tables, if a small simple entity may only need a memo.

13. System Flowcharts
An internal control flowchart is a graphical representation of systems and shows things like document flows, links between subsystems, segregation of duties and outputs. They are prepared for subsystems or classes of transactions. Can vary from being simple to quite complex. Specific symbols are used in preparing these flowcharts.

14. Narrative Description of Controls
These are written comments relating to the auditors analysis of the internal control system. They are often used to supplement other documentation such as flowcharting or questionnaires

15. Documentation Summary
Documentation that is completed by an auditor will be determined by the size, nature and complexity of accounting systems of an organisations. There are advantages and disadvantages to the different methods used. A combination of methods may be used.

16. Walk-through tests
Following the documentation phase an auditor may conduct a walk-through – this involves choosing several transactions from each subsystem and following it through their processing phase and the internal controls in that phase. This helps to confirm the auditors understanding of the system and gives them a chance to make changes to any documentation.

17. Estimating Control Risk
The next step is to estimate the risk of whether or not an error will be detected by the controls. This estimate is done for each subsystem and can then be added together and averaged to get an overall control risk. For example, .50 or 50% is a medium control risk estimate – meaning that there is a 50% chance that an error will not be prevented or detected by the controls.

18. Work papers
Work papers are accumulated during the audit and document planning, the work carried out and results including weaknesses and suggestions for improvement.

19. Work papers Work papers are prepared for the following stages:
Client requirements summary
Client profile
Organisational structure
List of subsystems
Summary of each subsystem, including weaknesses found
Improvements for each subsystem
Final report summarising findings, recommendations, strategies and future work needed