Chapter 11: Follow-up Reviews and Audit Evaluation ACCT620 Internal Auditing Otto Chang Professor of Accounting

Standards for Follow-up Standards says: –Internal auditing should determine that corrective action was taken and is achieving the desired results, or –that management or the board has assumed the risk of not taking corrective action on reported findings. Achievement of control objectives and reassessment of risk are key concerns, not audit recommendations

Ideal Follow-Up Roles for Auditors Timely review to assure that appropriate action is taken in response to audit findings Inform the auditee, executive management, and the board of evaluations made during follow-up review. Respect the auditee’s stewardship. Do not force specific corrective measures upon auditee. Respect the auditee’s operations and time demands while conducting any on-site review.

Ideal Auditee Role Provide timely, complete responses Initiate lasting remedial action Cooperate with and assist auditor’s follow-up Inform auditors and executive management of corrective action progress Inform executive management and auditors of major disagreement with auditors about the adequacy of corrective measures Assess the cost-effectiveness of alternative corrective measures and select one for implementation

Ideal Executive Management Role Monitor the follow-up process, checking with and encouraging the auditee to assure an appropriate responses to the audit report Assess or approve the adequacy and cost- effectiveness of auditee’s corrective actions and take needed steps to rectify observed inadequacies Avoid interference with auditors’ follow-up reviews, thereby encouraging their objectivity and independence.

Basic Follow-Up Steps Carefully read the auditee’s written response Discuss with auditee any portion of the response that is unclear or not responded to. Conduct on-site review of corrective actions and the resultant conditions for important findings. Reassess risks based on corrected conditions Report follow-up findings to everyone who received a copy of the audit report.

Look for Causes, not Symptoms SYMPTOMS POSSIBLE CAUSES Loss of purchase discounts Slow review and processing of invoices. Training and monitoring shortcomings. Poor product quality Faulty inspection procedures, equipment, maintenance, problems, or QC defects High downtime for Inadequate maintenance or machinery worn out machinery

Nature and Extent of Follow-Up Auditors’ Probable Basic Probable Recommendation Exposure Loss Risk Follow-up Monthly aging of Medium Low Med/Low Limited accounts Re-negotiation of Medium High Med/Hi Extended payment schedules Classify service Low Low Low Limited districts by size Expand vehicle- Medium High Med/Hi Extended maintenance

Ways to Reduce Follow-up Time Follow-up as many items as feasible during the audit Encourage auditee supervisors and managers to regularly update the auditors by phone or fax Focus attention on the most critical problems. Limit minor items to inquiry and short discussions Review only the documentation of corrective actions for less critical findings Limit follow-up tests to the specific problems noted

Rejecting Auditee Responses and Inadequate Corrective Actions Do not force preferences on management. Focus attention on control objectives and control principles and allow management to choose among alternatives of corrective actions. Avoid assuming the responsibility for corrective actions. Decide which deficiencies are most critical and warrant taking a stand on. Never attack individuals in the reports. State specifically why response is deficient and which control objectives are in danger.

Documenting Follow-Up Work Copies of report transmittal letters regarding matters in the audit report Memo summarizing follow-up conferences, meetings, phone conversations, document reviews Auditee letters responding to the audit report Memo to auditee expressing the auditor’s opinion regarding anticipated corrective actions Letters to auditee containing the follow-up report and express approval or disapproval of measures taken

Final Follow-up Action If auditee feels the risk do mot justify any action, the auditor should –Send the auditee a memo confirming the auditor’s understanding that the auditee has assumed the risk of not correcting the situation –Ask the auditee to confirm to you that the entity has decided to assume the risk –Assure the high risk have the attention of higher-level management

Policy on Follow-Up The policy should be in writing. Clearly identified as coming from the highest level of authority within the organization. Follow-up is required for all audits with exceptions The roles for the auditors, the auditee, and executive management are outlined. Authority is given to auditors to evaluate and report on the effectiveness of corrective actions. States executive management’s commitment to the principle of follow-up reviews.

Policy on Follow-Up --continued Specifies that the auditee responds in writing to audit findings and recommendations within a specific period of time and says who is accountable for implementing corrective actions Specifies to whom auditee responses and follow-up reports are to be addressed and distributed Suggests the format of the response to be made The policy statement is addressed to all management- level executive, both operating and staff

Audit Evaluation A critique of the overall audit, helps to maintain quality control, completed before the follow-up. Usually performed during a meeting between the lead auditor, the audit manager or supervisor, and the audit director, some also include staff auditors A written summary of conclusions resulting from this meeting is prepared and filed An audit critique sheet is often used to write down comments for future improvement during audit.

Contents of Audit Critique Sheet The date of critique Who attended the meeting and name of team leader The identification of the auditee The date of the audit report or period covered. The purpose of the audit. Whether the audit met time schedule and budget Notes regarding the overall performance of the audit, with special attention to items that are important to future audit.