Scope of the audit Reference Frameworks Tashkent, October 2017.

Slides:



Advertisements
Similar presentations
Development of internal control: methodology and responsibility
Advertisements

IS Audit Function Knowledge
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Office of Inspector General (OIG) Internal Audit
Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett Slides prepared by Roger Simnett.
Purpose of the Standards
Internal Auditing and Outsourcing
S/W Project Management
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
Basics of OHSAS Occupational Health & Safety Management System
Harmonization project The long and winding road to level 3…
PwC Internal Control Reports: Facts, Myths and Best Practices FIRMA National Risk Management Training Conference – San Francisco, CA Wednesday March 31,
Chapter 5 Internal Control over Financial Reporting
How does the ECA assess Member States’ internal control systems? Workshop on Audit/Evaluation of Public Internal Financial Control Systems (PIFC) Ankara,
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Professional Certificate in Electoral Processes Understanding and Demonstrating Assessment Criteria Facilitator: Tony Cash.
Harmonization project CAS project group (Chair, Slovakia, European Court of Auditors) CAS meeting Batumi, Georgia 27th of September 2011.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
 Definition of a quality Audit  Types of audit  Qualifications of quality auditors  The audit process.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-1 Chapter Seven Auditing Internal Control over Financial Reporting.
Ombudsman Western Australia Serving Parliament – Serving Western Australians Evaluation in the Western Australian Ombudsman’s Office Kim Lazenby & Jane.
Pertemuan 14 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Company LOGO. Company LOGO PE, PMP, PgMP, PME, MCT, PRINCE2 Practitioner.
Page 1 Portfolio Committee on Water and Environmental Affairs 14 July 2009.
Incorporating Road Safety Audit into Development Control Kevin Nicholson Principal Consultant.
ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.
Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.
Improving Compliance with ISAs Presenters: Al Johnson & Pat Hayle.
AUDIT STAFF TRAINING WORKSHOP 13 TH – 14 TH NOVEMBER 2014, HILTON HOTEL NAIROBI AUDIT PLANNING 1.
EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.
Module 6: Business Application Software Audit Chapter 1: Business Application Software Audit 1.
AUDIT EVIDENCE AND FINANCIAL STATEMENT ASSERTIONS 1.
Overview of Standards on Cost Auditing By: CMA Pradip H.Desai.
Islamic Republic of IRAN’s Training Course: Waste Management Auditing Based on INTOSAI Working Group on Environmental Auditing Handbook: Towards Auditing.
Jean-Pierre Garitte Budapest 29 March 2017
Hans Nieuwlands CIA CGAP CCSA CEO IIA Netherlands
Dutchess Community College Middle States Self-Study 2015
An Overview on Risk Management
CPA Gilberto Rivera, VP Compliance and Operational Risk
Audit of predetermined objectives
Project Quality Management
Auditing & Investigations II
PLANNING, MATERIALITY AND ASSESSING THE RISK OF MISSTATEMENT
14th CAS meeting Performance reporting Presentation by SAI-SA
Auditing the Implementation of Multilateral Environmental Agreements (MEAs) (4) Narges Rezapour Tehran- May 2016.
How to Survive an External Quality Assessment
Assurance, Related Services and Internal Auditing
Auditor Training Module 1 – Audit Concepts and Definitions
How to Communicate Assurance?
The Project Management Framework
Service Organization Control (SOC)
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
Steering Policy and Steering Systems
Fundamentals of ISO.
INTRODUCTION TO Compliance audit METHODOLGY and CAM
Planning the Audit Engagement: key ingredients
Internal control - the IA perspective
WHAT TO EXPECT: A CROWN CORPORATION’S GUIDE TO A SPECIAL EXAMINATION
Safety Management System Implementation
application of ISPPIA 2210 in the Netherlands
How to conduct Effective Stage-1 Audit
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
TECHNOLOGY ASSESSMENT
What is IT audit? An examination of how IT systems where implemented to ensure that they meet the organization’s business needs without compromising.
AUDIT TESTS.
Internal Audit’s Role in Preventing Fraud and Corruption
Tools and Techniques for the Auditor: Fieldwork
Presentation transcript:

Scope of the audit Reference Frameworks Tashkent, October 2017

Scope of the Audit Engagement The audit scope defines the boundaries of the audit: the specific processes and/or areas, geographic locations, and time period (e.g., point in time, fiscal quarter, or calendar year) that will be covered by the engagement, given the available resources; When determining the scope of an engagement, it is helpful for internal auditors to review the engagement objectives to ensure that each objective can be accomplished under the established parameters; Internal auditors should also consider how legal factors may affect the engagement scope and approach as well. Think of nondisclosure agreements made by the organization that might hamper the work of audit. Tashkent, October 2017

Scope of the Audit Engagement Example: a list of possible inclusions and exclusions for the scope of an accounts payable engagement: Expenses (operational, travel, supplies, personnel, and/or corporate, etc.); Personnel (executive, management, all, etc.); Locations (corporate office, operational locations, countries, etc.); Timeframe (current, previous, month, quarter, year, etc.); Materiality (any amount or only amounts over certain authorized limits, etc.); Systems (only systems that process expenses or also human resources systems, all systems, etc.). Tashkent, October 2017

Scope of the Audit Engagement Example: engagement scope for the aforementioned accounts payable engagement. The assurance engagement will cover personnel and operating expenses submitted for the 12-month period ending August 20XX and the processes for submitting, approving, and paying expense reports (including a third-party software used to submit expense reports). The engagement scope includes all personnel that utilize the third-party software to submit personnel and operational expenses. The engagement will also include a compliance review with the organization’s expense policy. Tashkent, October 2017

Reference Frameworks For EVERY type of audit the following questions are relevant: About WHAT will the audit team come up with conclusions/opinions (and eventually) recommendations? What are the criteria that form the basis to formulate these conclusions/opinions? How do we gather these criteria? What are suitable references? (ingredients) Tashkent, October 2017

Tashkent, October 2017

What do the standards say? Standard 2210.A3: Adequate criteria are needed to evaluate governance, risk management and controls. Internal auditors must ascertain the extent to which management and/or the board has established adequate criteria to determine whether objectives and goals have been accomplished. If adequate, internal auditors must use such criteria in their evaluation. If inadequate, internal auditors must work with management and/or the board to develop appropriate evaluation criteria. Clear audit criteria and a solid data-analysis are key to undisputable audit conclusions and/or opinions Tashkent, October 2017

The Reference framework Reference framework (or normative framework): The total set of criteria/norms the auditor uses to reflect reality against; It forms the basis that leads to conclusions and opinions; The reference framework is used as a tool to make a description of the ideal governance and control framework. It’s the mirror the auditor uses. Tashkent, October 2017

Why do we need reference frameworks? The auditor needs a measuring tool; They prevent to some extend disagreements with management about the audit conclusions/opinions; Clear definitions of the key concepts in the audit prevent misinterpretations. Tashkent, October 2017

Position of the reference framework in the audit process Normative Framework (How it should be) Criteria source 1 Criteria source 2 Criteria source 3 Gap? Audit result: conclusions / opinions Analysis The auditmodel is a schematic view of the auditgoal and the auditview to reach this goal and the auditobject where upon the audit is performed. The auditmodel forms the framework for the auditor. The auditgoal is already treated in the intakephase. In the auditmodel the goal is repeated and put into a scheme. The auditobject is the subject or item of the audit. It can be a process, but it can also be a theme such as integrity or safety. It is the focuspoint of the auditor. This auditobject is already known in the intakephase, but in the phase of building the auditmodel, this auditobject is definitely determined. The basis of the framework is the auditview. This auditview are the glasses which clears the sight of the auditor. It determines the way the auditor will examine the auditobject. It forms the basis upon which the auditor draws his conclusions. The auditview is mostly stated in a few general audit questions who are derived from the central audit question or auditgoal. Most of the times the answers to the general audit questions lead to the fullfillment of the auditgoal. Sometimes not only the general audit questions are mentioned but also the aspects or themes to look for during the audit. A good and explicit auditview is neccesary for an audit. If the auditor has the idea that he cannot completely answer the central auditgoal, he has to work on his references. If needed he can enlarge his preliminary investigation or intake to build a gooed auditmodel. It is also important to mention that it is NOT the auditor who is responsible for the decisionmaking around the auditmodel. It is the auditclient who is responsible for that, but in practice the auditor builds the framework and the auditclient approves it. Let us now give some examples of references. Data-collection (Fieldwork) Audit- Object (How it is)

Reference frameworks and types of audits Focus of Audit Characteristics of the reference frameworks Sources Compliance Audit Standardized (usually check lists) Laws/regulations/procedures Financial Audit More or less standardized Tolerance levels, accounting procedures, reporting requirements IT-audit Partly custom made / partly standardized but needs to be tailor made dependable on audit topic For example: COBIT, internal procedures, ISO27001 Performance Audit Partly custom made / partly standardized but needs to be tailor made in most cases Norms/criteria set by management, internal procedures, regulations/laws, theories, best practices Tashkent, October 2017

Reference framework in the audit assignment plan In the assignment plan (as part of the objective) it is mentioned which references (in general) will be used to reach audit conclusions/opinions; Internal auditors should consider seeking input from subject matter experts to help develop relevant criteria; It is vital that references are agreed upon with management (this is usually mentioned in the assignment plan); The evaluation criteria, which in totally represent the reference framework, should be relevant, reliable, and documented; A more detailed outline of the reference model could be part of the annex and must be part of the audit dossier (in case of an assurance assignment)