Internal Audits, Governmental Audits, and Fraud Examinations Module D Internal Audits, Governmental Audits, and Fraud Examinations ACCT-4080 Module D
Internal Auditing Defined Independent and objective obtained by reporting responsibilities Assurance and consulting activity Adds value and improves an organization’s operations Helps an organization accomplish its objectives A systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and the governance process ACCT-4080 Module D
Internal Audit Overview Over 185,000 Internal Audit Professionals in 190 countries 125,000 CIAs Service in all types of industries, governments, and not-for-profit organizations Outsourcing segments of CPA firms ACCT-4080 Module D
Opportunities in Internal Auditing? Career for those students not wishing to go for the 150 hours to sit for CPA Exam Profession without a busy season Opportunity to step into management Travel/no travel Can work for the corporation or a professional services firm Can work for local, state, and federal governments ACCT-4080 Module D
Salaries (Robert Half) ACCT-4080 Module D
What do Internal Auditors Do? Find out what’s working and what’s not Management’s eyes and ears Look at the organization with fresh eyes Look beyond the financial statements e.g., obsolete inventory Advocate for improvements Raise red flags ACCT-4080 Module D
Internal Audit vs. External Audit Basically- External auditors audit financial statements Internal Auditors audit business systems ACCT-4080 Module D
Internal Audit vs. External Audit Risk Focus Internal auditors focus on ALL business risks External auditors focus only on risks related to financial reporting Standards external: GAAS internal: International Standards for the Professional Practice of Internal Auditing (IIA standards) ACCT-4080 Module D
Internal Audit Perspective Internal auditors focus on value added being proactive being customer-focused being creative utilizing all business perspectives requires that the auditor understands the complete management process ACCT-4080 Module D
Internal Audit Skills Helpful Objective Focused and Determined Intellectual curiosity Decisive Balanced and fair Broad based business education Technical audit and accounting skills Technical skills related to the auditee Professional/interpersonal skills Communication skills Leadership skills Emphasis on continuing education Self-Motivation ACCT-4080 Module D
Types of Internal Audits Financial related audits internal auditors do not audit quarterly or year-end financial statements these audits usually focus on auditing a part of the financial reporting system that may be considered a potential problem area for the next external audit ACCT-4080 Module D
Types of Internal Audits Operational audits term is sometimes used synonymously with internal audit auditors’ study of business operations for the purpose of making recommendations about the effective and efficient use of resources, achievement of objectives, and compliance with company policies operational audits involve identifying current risks that need to be managed considering possible future risks evaluating systems of internal control measuring quality of performance and comparing to best practices ACCT-4080 Module D
Types of Internal Audits Performance audits little or no difference between operational and performance audits an examination of a program, function, operation, or management system to assess whether the entity is achieving economy, efficiency and effectiveness in the employment of available resources can measure efficiency, effectiveness, or achievement of program outcomes difficult to identify measurement criteria Accounting 408 Module D
Types of Internal Audits Compliance audits The degree the organization conforms to policies, procedures, laws, and regulations The audit focuses on the detailed testing of conditions requiring compliance ACCT-4080 Module D
Types of Internal Audits Environmental audits determining that the organization's environmental control systems are ensuring compliance with regulatory requirements and internal policies e.g., determining that hazardous materials are being handled and disposed of in accordance with environmental laws and regulations identifying areas of cost savings in handling hazardous materials using more environmentally friendly packaging materials (i.e., recyclable) Module D ACCT-4080
Types of Internal Audits Sustainability audits Growing area Corporate social responsibility pollution societal impact political impact Establishing a new program or expanding an existing program Identify risks e.g. regulation, changing social environment, technology Establish measurements Assist in improving sustainability ACCT-4080 Module D
Types of Internal Audits Quality audits determining whether the company’s products meet the standards created by management or outside standards usually for manufacturing companies relates to customer satisfaction of company’s products and services whether products are provided in a timely manner changing customer requirements, etc. Module D ACCT-4080
Types of Internal Audits Assistance for external audit External auditors may use the work of internal audit testing controls testing account balances preparation of workpapers (PBC schedules) ACCT-4080 Module D
Types of Internal Audits Consulting engagements internal auditors know more about the company than anyone else e.g., you visit multiple similar functions (i.e., distribution centers, manufacturing facilities, stores, etc.) apply their knowledge of the company and best practices to consulting with departments or divisions of the company ACCT-4080 Module D
CIA Exam CIA candidates must hold a degree Available through computer-based testing at more than 500 locations worldwide. Offered in Arabic, Chinese (simplified), Chinese, English, French, German, Hebrew, Indonesian, Italian, Japanese, Korean, Polish, Portuguese, Russian, Spanish, Turkish, and Thai. Can take the exam when 90% completion of bachelor’s degree has been reached To obtain certification experience requirement maintain CPE ACCT-4080 Module D
CIA Exam Part 1 – Internal Audit Basics 125 questions | 2.5 Hours mandatory guidance from the IPPF; internal control and risk concepts; as well as tools and techniques for conducting internal audit engagements. Part 2 – Internal Audit Practice 100 questions | 2.0 Hours managing the internal audit function; the strategic and operational role of internal audit and establishing a risk-based plan; the steps to manage individual engagements (planning, supervision, communicating results, and monitoring outcomes); fraud risks and controls. Part 3 – Internal Audit Knowledge Elements 100 questions | 2.0 Hours governance and business ethics; risk management; organizational structure, including business processes and risks; communication; management and leadership principles; information technology and business continuity; financial management; and the global business environment. ACCT-4080 Module D
Governmental Auditing Audits must be performed in accordance with GAAS and Generally Accepted Government Auditing Standards (GAGAS) Yellow Book Standards Audits conducted by governmental auditors and by CPA firms ACCT-4080 Module D
Governmental Auditing In addition to financial statement audit, auditor must also examine and report upon: Compliance with Laws and Regulations Effectiveness of the Entity’s Internal Control Compliance with the Specific Requirements of Individual Federal Financial Assistance Programs Compliance with Requirements Applicable to All Federal Financial Assistance Programs ACCT-4080 Module D
Governmental Auditing Usually three reports Report on the financial statements Report on the auditee’s internal control Report on auditee’s compliance with applicable laws and regulations More reports required under Single Audit Act ACCT-4080 Module D
Governmental Auditing Under Single Audit Act required for entities who receive specified levels of financial assistance from the federal government auditor must issue the same reports as those issued in a GAGAS audit (opinion on financial statements and internal control, report on compliance with laws and regulations) and in addition for compliance part of audit, OMB Circular A-133 identifies guidance to classify programs as high or low risk, and as type A or B then further rules identify which programs must be audited ACCT-4080 Module D
Review Questions for Discussion Module D D.1 D.2 D.3 D.4 D.5 D.6 D.8 D.9 ACCT-4080 Module D