Basic Internal Auditing Presentation
47 likes90,068 views
The document discusses the purpose and role of internal auditing. It describes internal auditing as an independent function that examines and evaluates an organization's activities to help management discharge their responsibilities effectively. The objective is to promote control within the organization at a reasonable cost. The document outlines the audit process, including planning, performing, reporting, and following up on corrective actions. It provides best practices for tasks like risk assessment, test design, documentation, reporting findings, and building trust with auditees.
Basic Internal Auditing Presentation
- 2. The Purpose of Internal Auditing? ๏ โEyes and Earsโ ๏ โPolicemanโ ๏ โWatchdogโ ๏ โConsultantโ ๏ โCatalystโ 2
- 3. IIA Statement of Responsibilities Purpose: ๏ Internal auditing is an independent appraisal function established within an organization to examine and evaluate its activities as a service to the organization. ๏ The objective of internal auditing is to assist members of the organization in the effective discharge of their responsibilities. ๏ The audit objective includes promoting control at a reasonable cost. 3
- 4. The Audit Process Model INPUTS PROCESSES OUTPUTS OUTCOMES Internal Audit Knowledge and Skills Analyses, Appraisals, Computers, Recommendations, Software and Counsel and IIA Standards Information Supporting the Internal Audit Organization in Practices and the Discharge of Procedures their Responsibilities Time and Promote the Money Effective use of Internal Control Reputation for Integrity and Fairness 4
- 5. IIA Statement of Responsibilities Scope: ๏ The scope of internal auditing should encompass the examination of the adequacy and effectiveness of the organizationโs system of internal control and the quality of performance in carrying out assigned responsibilities. ๏ Assessment (adequacy and effectiveness). ๏ Enhancement (measuring performance quality improvement). 5
- 6. The Nature of Business Risk Risk is a concept used by auditors and managers to express concerns about the probable effects of an uncertain environment. 6
- 7. Control and Risk Control mitigates risk: Feedback Loop Preventive Control INPUT ? PROCESS OUTPUT Compare to Standard Criteria Detective Control Feedback Loop INPUT PROCESS ? OUTPUT Compare to Standard Criteria 7
- 8. AUDIT Phase I: Internal Audit ASSIGNMENT AND OBJECTIVE Planning the Audit Framework RESEARCH PRELIMINARY SURVEY ๏ Planning RISK ASSESSMENT ๏ Performing DEVELOP AUDIT PROGRAM ๏ Reporting FIELDWORK Phase II: (TESTING) Performing the Audit DISCUSS CONCLUSIONS DRAFT AUDIT Phase III: REPORT Documenting the Audit 8
- 9. Establishing Audit Objective and Scope ๏ Ensure a positive link between the audit objective and the entityโs goals. ๏ Ensure the audit program will produce the evidence as required. ๏ Ensure that each test will provide the evidence required by the audit program. Linking the Audit to the Business Plan Audit Unit Entity Objective Goals Purpose Serving Customer Needs 9
- 10. Planning the Audit ๏ Research ๏ Risk Assessment ๏ Audit Strategy ๏ Preliminary Survey ๏ Policies and Procedures ๏ Inputs and Outputs ๏ Control Steps ๏ People 10
- 11. Planning Step #1 Perform Research on Area under Audit Research is important for understanding, but we must be able to recognize when โenough is enoughโ Research tells us define the historical issues, current issues, marketing issues, pervasive risks, personnel issues, and future issues. 11
- 12. Planning Step #2 Prepare Your Hypothesis 1. The activity is operating normally What is = What should Be 2. The activity is not operating as it should in some significant way What is does not = What should be 3. Some value in between There are minor differences between What is and What should be 12
- 13. Planning Step #3 Send Engagement Memo 1. To executive management 2. Include the name of the audit effort and the initiation date 3. Request the name of a contact person 13
- 14. Designing Audit Tests ๏ Evidence is created from tests or questions. ๏ The creation of the right test or question to ask is a process of working backwards from the audit objective. A Logical Sequence: From Tests to Objective Tests: Evidence: Hypothesis: What creates the What proves the What do you Audit evidence (y/n)? hypothesis? want to prove? Objective 14
- 15. Documenting the Audit Automated Work Papers provide ๏ A framework to guide the audit process. ๏ Support for the conclusions reached by the audit. ๏ A record of the audit process and its conformance to standards. 15
- 16. Work Papers โ Good Practices ๏ Use electronic templates to capture data: * Background & Scope Document * Risk * Control * Test * Audit Point Sheet ๏ Structure your work paper documents as carefully as you would the final audit report. 16
- 17. A Framework for the Audit 1. Audit Strategy/ Audit Scope & Objective. 2. Creation of Risk Based Work Papers 3. Collection of basic reference materials (flow charts, etc.) 4. Determination of tests needed 5. Sample Design 6. Preparation of meeting agendas 7. Follow-up on information gleaned/re-direction 8. Documentation of test results and conclusions. 9. Creation of Audit Point Sheets. 10. Audit Report 17
- 18. Writing Up Conclusions Best practices include: ๏ Test description or question. ๏ Results (clearly stated). ๏ Conclusion reached as a result of that test. 18
- 19. Best Practices (cont) ๏ Discussion of the conclusion with management. ๏ To avoid misunderstandings. ๏ To give management a โheads-upโ about issues. ๏ To encourage corrective action as soon as possible. ๏ Cross-reference the audit point sheets to the conclusions in the audit work papers (and back- reference the conclusions to the report). 19
- 20. Summarizing and Evaluating Results ๏ The audit process creates evidence. The Logical Results: From Tests to Findings Test: Evidence: Conclusion: Creates the Provides factual Puts the facts in FINDING evidence. information. context (impact). ๏ Evidence is summarized into conclusions. ๏ Evidence (facts) + Context (impact) = Finding 20
- 21. The Audit Point Sheet ๏ Ensures all aspects of problems (findings) are captured. ๏ Useful as ready documentation. ๏ Serves as a basis for discussion. ๏ Aids the summarization and report writing. 21
- 22. Writing Effective Audit Reports Reports are important because they: ๏ Provide documented communication and assurance to senior management. ๏ Provide operating management with assessments of operations and corrective action. ๏ Provide the auditor with records for follow-up of audit results. ๏ Provide the audit group with marketing opportunities to demonstrate added value. 22
- 23. Following Up โ Corrective Actions The control aspect of auditing is not complete until corrective action is taken (or the risk formally assumed by senior management). Effective statements of corrective action include: ๏ The specific steps to be taken, ๏ The completion date and ๏ The person responsible for completion. 23
- 24. Audit Interaction with Auditee Competition Cooperation Collaboration Auditor Manager Auditor Manager Audit Team Auditor Manager Internal Audit Internal Audit Internal Audit 24
- 25. Building Trust with Auditee ๏ The slow way- Making and keeping commitments ๏ The faster way - Collaboration. 25