Internal Audit & Accounting Systems Review Chapter 2 Internal Audit & Accounting Systems Review

The Internal Audit Function The internal audit function relates to the design, implementation, evaluation and testing of internal controls in an organisation. The internal audit function looks at all the sub systems within an organisation and also evaluates the risks facing an entity – in particular the control risk (ie. incorrect recording of transactions or loss of an asset)

The Internal Audit Function Internal Auditors should be an independent section of an organisation and report directly to management The internal audit function can be carried out by employees of an organisation or it can be outsourced to external consultants

Types of Engagements Compliance Audits – an examination of an accounting system to assess compliance with a set of conditions, policies or legislation Operational/Performance Audits – examination of a firm’s operations to assess its adequacy, efficiency and effectiveness

Internal Audit/External Audit Aspect External Audit Internal Audit Work Carried Out by: Professional Auditor As staff member in a firm/consultant Aim: Report to Shareholders Assist Management Timing of Audit: Near end of financial year Throughout year Objective of Audit: To review fair presentation and give an opinion of the financial statments To maintain internal control systems Independence Of Audit: Independent from client Independent within the organisation but still an employee or consultant Fraud Detection: Only concerned if put on guard in the audit Directly concerned with prevention and detection

Internal Audit/External Audit Methods used by both are the same, difference is external auditor’s objective is the give an opinion on the financial statements, internal auditor is told their objective by management. Internal auditor is more concerned with the maintenance and improvement of the system that will lead to improved effectiveness and efficiencies and guard against fraud and irregularities.

Compliance Audits Compliance audits involve the auditor assessing performance against set benchmarks. Examples include: Are procedures being followed? Tax Compliance Workplace Heath and Safety Review

Operational/Performance Audits Concerned with efficiency, effectiveness and making improvements. Examples include: Improve the debtor invoicing system Improve on-line supply management chain Review security and safeguards in relation to cash and inventory

Internal Audit and Accounting Systems Work Before commencing an audit an auditor, whether internal or external, needs to gain an understanding of the client and their system, then plan and perform the audit. Three steps involved in understanding and assessing internal controls: Obtain and document understanding of internal controls Assess risk of material misstatement and design further audit procedures Perform tests of controls and evaluate results

Stages of a Detailed Internal Control Review Gain knowledge of the client Clarify the brief of the client Divide the overall finance system into subsystems Look at inputs, the audit trial and timing of processing Consider reporting aspects for each subsystems Compile flowcharts and questionnaires for each subsystem Inspect, observe and inquire how subsystems and related controls work

Stages of a Detailed Internal Control Review Carry out preliminary evaluations of controls Compile an initial report to management on weaknesses List weaknesses of each subsystem Design control improvements and enhancements, bear in mind cost/benefit analysis Implement control improvements and enhancements Monitor controls Report to management on weaknesses found in the compliance testing stage

Documenting Subsystems and Internal Controls The documentation needed will depend on the size of the organisation. If a large complex entity may need flowcharts , questionnaires and decision tables, if a small simple entity may only need a memo.

System Flowcharts An internal control flowchart is a graphical representation of systems and shows things like document flows, links between subsystems, segregation of duties and outputs. They are prepared for subsystems or classes of transactions. Can vary from being simple to quite complex. Specific symbols are used in preparing these flowcharts.

Narrative Description of Controls These are written comments relating to the auditors analysis of the internal control system. They are often used to supplement other documentation such as flowcharting or questionnaires

Documentation Summary Documentation that is completed by an auditor will be determined by the size, nature and complexity of accounting systems of an organisations. There are advantages and disadvantages to the different methods used. A combination of methods may be used.

Walk-through tests Following the documentation phase an auditor may conduct a walk-through – this involves choosing several transactions from each subsystem and following it through their processing phase and the internal controls in that phase. This helps to confirm the auditors understanding of the system and gives them a chance to make changes to any documentation.

Estimating Control Risk The next step is to estimate the risk of whether or not an error will be detected by the controls. This estimate is done for each subsystem and can then be added together and averaged to get an overall control risk. For example, .50 or 50% is a medium control risk estimate – meaning that there is a 50% chance that an error will not be prevented or detected by the controls.

Work papers Work papers are accumulated during the audit and document planning, the work carried out and results including weaknesses and suggestions for improvement.

Work papers Work papers are prepared for the following stages: Client requirements summary Client profile Organisational structure List of subsystems Summary of each subsystem, including weaknesses found Improvements for each subsystem Final report summarising findings, recommendations, strategies and future work needed