Professional Skepticism and Assurance in Auditing PDF
Document Details
Uploaded by HumorousAlliteration
Tags
Related
Summary
This document discusses various aspects of internal auditing, including professional skepticism, reasonable assurance, and the different phases involved in an operations audit. It emphasizes the importance of gathering sufficient and appropriate evidence using various testing procedures.
Full Transcript
Professional Skepticism - An attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of evidence (ACCA) - The state of mind in which internal auditors take nothing for granted; they continuously qu...
Professional Skepticism - An attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of evidence (ACCA) - The state of mind in which internal auditors take nothing for granted; they continuously question what they hear and see, and critically assess audit evidence (IIA) Professional Skepticism - The state of being sufficiently suspicious of data received and reasonably verify that the information is free from manipulation or modification in ways that can compromise its quality - In so doing, internal auditors should approach interviews and meetings with sufficient skepticism, always attempting to verify the information provided, corroborate the testimony received, and observing behavioural changes that could indicate deceit Reasonable Assurance Assurance relates to the auditor’s ability to give confidence and make statements regarding the condition of matters within the organization. Reasonable Assurance - A level of assurance that is supported by generally accepted auditing procedures and judgments. It can apply to judgments surrounding the effectiveness of internal controls, the mitigation of risks, the achievement of objectives, or other engagement- related conclusions (IIA) Phases of Operations Audit 1. Planning 2. Fieldwork 3. Reporting Planning - Includes scoping, budgeting, defining the population of interest, how testing will be performed, and announcing the audit. - The most important part of an audit. Planning - The internal auditor must determine the scope of the engagement and communicate it to the organizational unit. - Staff the engagement properly. - Obtain background information about the organizational unit. - Understand internal control. - Decide on the appropriate evidence to accumulate. Planning - Remember, proper prior planning prevents poor performance Planning Considerations 1. Determine engagements objectives and scope Establish the objectives of the engagement and outline the scope to articulate the time, geographical, and procedural boundaries During planning meetings, internal auditors should involve process owners to identify relevant activities, systems, people, and performance standards Planning Considerations 2. Understand the auditee Understand the auditee’s objectives, the tasks undertaken within the area under review to achieve those objectives, and the ways in which performance is monitored and success is measured. Planning Considerations 3. Identify and assess risks Determine specific events or scenarios that could prevent the achievement of the auditee’s objectives, as to impact and likelihood of the risk scenarios. Examples: employee’s competence updating of documented procedures Planning Considerations 4. Identify key controls Key controls are those that mitigate the auditee’s risk to an acceptable level. Planning Considerations 5. Evaluate the adequacy of control design Internal auditors must evaluate whether the controls, if they operate effectively, will mitigate the risks that could prevent the achievement of objectives. Planning Considerations 6. Create a test plan The test plan outlines how each of the key control will be tested to help the internal auditor evaluate how effectively those controls are operating Planning Considerations 7. Develop a work program A formal work program outlines the key tasks in the engagement process. It covers key administrative tasks to be undertaken by internal auditors, key meetings, planning tasks, fieldwork tasks, wrap-up steps and reporting tasks Planning Considerations 8. Allocate resources to the engagement Based on the tasks to be performed during an engagement, personnel with the appropriate level of experience and skills must be identified and assigned to ensure the engagement is completed timely and effectively. Fieldwork - Performing tests that were outlined in the planning phase and evaluating the results. - Performed by using documentation, client inquiry, analytical procedures, and observation. Fieldwork 1. Conduct test to gather evidence 2. Evaluate evidence gathered and reach conclusions 3. Develop observations and formulate recommendations Fieldwork The quality of the internal auditor’s conclusions and advice depends on their ability to gather and evaluate sufficient appropriate evidence to support their conclusions and advice Persuasiveness of Audit Evidence Audit evidence is persuasive if it enables the internal auditor to formulate well-founded conclusions and advice confidently Persuasiveness of Audit Evidence To be persuasive, evidence must be: 1. Relevant 2. Reliable 3. Sufficient Persuasiveness of Audit Evidence Guidelines 1. Evidence obtained from independent third parties is more reliable than evidence obtained from auditee personnel 2. Evidence produced by a process or system with effective controls is more reliable than that produced with ineffective controls 3. Evidence obtained directly by the internal auditor is more reliable than evidence obtained indirectly 4. Documented evidence is more reliable than undocumented evidence Persuasiveness of Audit Evidence Guidelines 5. Timely evidence is more reliable than untimely evidence 6. Corroborated evidence is more sufficient than uncorroborated evidence 7. Larger samples produce more sufficient evidence than smaller samples Types of Audit Evidence 1. Testimonial - verbal or written 2. Physical - observe or inspect 3. Documentary - accounting records, contracts 4. Analytical - recalculation or reperformance Audit Procedures Specific tasks performed by the internal auditor to gather evidence required to achieve the prescribed audit objectives Depending on the nature of the engagement, an internal auditor may use manual audit procedures, CAATS, or combination of the two to gather sufficient appropriate evidence Internal Auditor must gather and evaluate enough evidence to support well-founded conclusions and advice Timing when test will be done and period covered of the audit, as planned, must be observed. Audit Working Papers Documents created by auditors to record the work done. Collection of evidentiary material showing the planning done, fieldwork activities performed, and the support for all information mentioned in the audit report. Evidence that the audit was done according to the standards. Facilitate supervision of the engagement and review of the work done Indicate whether engagement objectives were achieved. Examples of Working Papers Audit work program Engagement time budgets and resource allocation worksheet Audit questionnaire Process maps or flowcharts used to document processes Minutes of meeting with process owners Written testimonies of process owners Organizational chart, job description Operating and financial policies Evidence obtained from third parties Fieldwork Reminders Carry out fieldwork as indicated in audit plan/work program Obtain cooperation from the management and the staff as necessary to identify, obtain documentation and do interviews Remember that if it is not documented, it did not happen! Do fieldwork with minimal disruption to operations Build friendly environment with management Avoid any friction in relationship with the management Be tactful Reporting Consist of communicating findings, observations, and best practices noted during the review, and developing recommendations for corrective action. Attribute of Effective Audit Findings 1. Criteria – What was expected? It consists of what should exist or occur. 2. Condition – What actually exists? What the auditor discovered as a result of the performance of audit procedures. 3. Cause – Root cause of the problem 4. Effect – Impact 5. Recommendations – action plan to correct the condition so performance if consistent with the criteria Follow-up The internal auditor must conduct a follow-up review to verify the completion of agreed-upon management actions and ascertain the status of open recommendations. Recurring findings may indicate that the reported finding was a symptom of something else, the corrective action was only temporary, or there was no commitment to correct the issue and management failed to act on the observation. 7 Es of Operations Audit Can help the auditor add value to the engagement and show auditees that auditors are genuinely interested in helping the organization succeed. 7 Es of Operations Audit The 7 Es can be incorporated in the planning process, making sure that interview questions, document reviews, goals and objectives, flowcharts, and other activities during the audit are considered when making recommendations 7 Es of Operations Audit 1. Effectiveness 2. Efficiency 3. Economy 4. Excellence 5. Ethics 6. Equity 7. Ecology