D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit committees will look increasingly to internal audit departments to be their eyes and ears across the corporation.” - Jacqueline K. Wagner, general auditor GM and past Chairman of the IIA

D-2 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module Topics Internal Audit Governmental Audit Fraud Audits

D-3 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. INTERNAL AUDITING DEFINED Independent and objective Assurance and consulting activity Adds value and improves an organization’s operations. It helps an organization accomplish its objectives A systematic, disciplined approach to evaluate and improve the effectiveness of –risk management, –control, and –the governance process.

D-4 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Role of the Internal Auditor Ensure reliability and integrity of information Safeguard assets Ensure compliance with policies and regulations Achieve organizational objectives and goals Improve operational economy and efficiency Identify areas of business risk Prevent and detect fraud Coordinate audit activities with external auditors

D-5 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Standards for the Professional Practice of Internal Audit Attribute Standards –1000 Purpose, Authority, and Responsibility –1100 Independence and Objectivity –1200 Due Professional Care –1300 Quality Assurance and Improvement Program Performance Standards –2000 Managing the Internal Audit Activity –2100 Nature of Work –2200 Engagement Planning –2300 Performing the Engagement –2400 Communicating Results –2500 Monitoring Progress –2600 Management’s Acceptance of Risk

D-6 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Principles of the IIA Code of Ethics Integrity- establishes trust that is the basis for reliance on their judgment. Objectivity- highest level of professional objectivity in –gathering, evaluating, and communicating information –balanced assessment of all the relevant circumstances –not unduly influenced by self interests or by others Confidentiality-respect the value and ownership of information Competency-apply the knowledge, skills and experience needed in performance of internal auditing services.

D-7 Audit Applications Financial Audits Examine and evaluate Areas of management concern Financial information used by internal decision makers Financial information being sent to outside agencies (e.g. regulatory agencies)

D-8 Audit Applications Operational Audits Term is sometimes used synonymously with internal audit. Examine and evaluate Current risks that need to be managed Possible future risks systems of internal control quality of performance

D-9 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Compliance Audits The degree the organization conforms to certain specific requirements Policy and procedures Professional standards Laws, regulations. Or contracts The audit focuses on the detailed testing of conditions.

D-10 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Corporate Governance The board of directors and senior management must have reliable and relevant information Management policies are in effect Strategy decisions Progress toward current goals Operating performance Risk assessment Effectiveness of proactively managing risk

D-11 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Audit Approach Fieldwork in internal (and governmental) audits –Problem identification –Measurement criteria –Evidence collection –Evidence evaluation Risk-based auditing (RBA) Emphasis on management and mitigation of business risk

D-12 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Audit Findings Include both favorable or unfavorable findings Unfavorable findings should include –Condition – what was found –Criteria – basis for determining that the condition was improper –Cause – why did this happen? –Effect – why is this bad? –Recommendation – what do you think should be done about this?

D-13 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. GAAS Audit of a Governmental Entity In accordance with GAAS and generally accepted Government Auditing Standards (GAGAS) Reporting responsibility is the same as a GAAS audit. No reports other than the report on the financial statements will be issued by the auditor. Any deficiencies in internal control should be communicated to the client. Illegal Acts are communicated to entities providing funding to the governmental entity being audited.

D-14 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Governmental Reporting Usually three reports –Report on the financial statements –Report on the auditee’s internal control –Report on auditee’s compliance with applicable laws and regulations More reports required under Single Audit Act

D-15 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Government Auditing Standards (The Yellow Book) Auditor's reporting responsibility in an audit conducted under Government Auditing Standards is expanded. As in a GAAS audit, a report on the fairness of the entity's financial statements is issued. A report on the entity's compliance with laws and regulations Illegal acts/ fraud –Should be reported to the client unless they are clearly inconsequential. –May need to be reported directly to external parties.

D-16 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Government Auditing Standards (The Yellow Book) In addition to the audit of the entity's financial statements, an examination of a governmental entity introduces the following considerations for the auditor's consideration: –Compliance with Laws and Regulation –Effectiveness of the Entity’s Internal Control –Compliance with the Specific Requirements of Individual Federal Financial Assistance Programs –Compliance with Requirements Applicable to All Federal Financial Assistance Programs

D-17 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Single Audit Act Audit Required for entities who receive specified levels of financial assistance from the federal government. Requires the auditor to issue the same reports as those issued in a Government Auditing Standards audit: –Opinion on financial statements –Compliance with laws and regulations –The auditor issues an opinion on Compliance with the Specific Requirements of nonmajor programs –Auditor's report on Compliance with the General Requirements

D-18 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Fraud Audits Who performs a fraud audit Internal audit Independent auditors Security Certified Fraud Examiners Combination

D-19 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Fraud Audits Fraud is always material –It grows –Indicates control weaknesses –Indicates a lack of integrity The objective is to uncover fraud –Its presence –Its scope –The perpetrators –The control weakness

D-20 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Differences Audits and Fraud Audits Audits Audit program Procedural approach Look for misstatements Assess controls related to FS Material misstatements Accounting Theory Evidence documented in workpapers Fraud Audits No set program Procedures defined during investigation Look for patterns Evaluate how controls can be circumvented Fraud are always material Theories of psychology and human behavior Safeguarding and chain of custody for evidence