Presentation is loading. Please wait.

Presentation is loading. Please wait.

Audits are performed to ascertain the validity and reliability of information; also to provide an assessment of a system's internal control. The goal.

Published byArchibald Cross Modified over 8 years ago

Similar presentations

Presentation on theme: "Audits are performed to ascertain the validity and reliability of information; also to provide an assessment of a system's internal control. The goal."— Presentation transcript:

1

2

3 Audits are performed to ascertain the validity and reliability of information; also to provide an assessment of a system's internal control. The goal of an audit is to express an opinion of the person / organization / system (etc.) in question, under evaluation based on work done on a test basis.validityreliabilityassessmentinternal control

4 The general definition of an audit is an evaluation of a person, organization, system, process, enterprise, project or product. The term most commonly refers to audits in accounting, but similar concepts also exist in project management, quality management, water management, and energy conservation.evaluation

5 The role of auditor goes back many hundreds of years. These are records from ancient Egypt and Rome, showing that people were employed to review work done by taxes collector and estate managers. The emphasis was very much on the detection of fraud and other irregularities. Emphasis has changed and the role of the auditor becomes much more sophisticated.

6 Audits can be categorized in to two types:  Financial audit  Non financial audit

7  Financial audit: Address questions of accounting, recording, and reporting of financial transactions. Reviewing the adequacy of internal controls also falls within the scope of financial audits.  Non financial audit : It is non statutory one and serves two purposes  It checks company’s compliance to standards  It determines whether a product or service satisfy the customer’s demands in terms of quality and features.

8  Statutory Audit  Privates Audit  Internal Audit  Management Audit  IT Audit

9 A legally required review of the accuracy of a company's or government's financial records. The purpose of a statutory audit to determine whether an organization is providing a fair and accurate representation of its financial position by examining information such as bank balances, bookkeeping records and financial transactions For Example, a state law may require all municipalities to submit to an annual statutory audit examining all accounts and financial transactions and to make the results of the audit available to the public. The purpose of such an audit is to hold the government accountable for how it is spending taxpayers' money.

10 When the audit is not a statutory requirement, but is conducted at the desire of owners, such an audit is private audit. The audit is conducted primarily for their own interest. At times the private audit may become a requirement under tax laws, if the turnover exceeds a specified limit. Private Audit is following types 1 audit of sole proprietorship 2 audit of partnership firms 3 audit of individuals accounts 4 audit institutions not covered by statutory audit

11 The examination, monitoring and analysis of activities related to a company's operation, including its business structure, employee behavior and information systems. Internal audit found to play the following roles-  Check weather existing controls are effective and adequate.  Weather financial and other reports show the actual results of the company  Weather subunits are following the policies and procedures laid down by the company.

12 Analysis and assessment of competencies and capabilities of a company's management in order to evaluate their effectiveness, especially with regard to the strategic objectives and policies of the business. The objective of a management audit is not to appraise individual executive performance, but to evaluate the management team in relation to their competition.

13  Audit against provision of funds  Audit of sanction to expenditures  Audit against rules and orders  Audit against property/purchases  Audit of pay and allowances  Audit of receipts  Pursuance and clearance of objections

14  (a) When a wrong interpretation of a financial rule has been followed, the new interpretation should, in the absence of special instructions to the contrary, take effect from the date of issue, by competent authority, of the orders stating the correct interpretation.  (b) When erroneous payments have been left unchallenged through over-sight, the Accountant General should not of his own motion under-take a re-audit of bills paid more than one year, previously. He should report the facts of the case for orders to the Government and re-audit should not be made unless the Government so desires.

15 Address the internal control environment of automated information processing systems and how these systems are used. IS audits typically evaluate system input, output and processing controls, backup and recovery plans, and system security, as well as computer facility reviews. IA’s scope of work is comprehensive and considers all aspects of the organization - both financial and non-financial - with an emphasis on constructive improvement.

16  Staffing the audit team  Creating an audit project plan  Laying the groundwork for audit  Analyzing audit results  Sharing audit results  Writing audit results  Dealing with resistance to audit recommendations  Building an ongoing audit programs.

17  Companies Directors Assurance that statutory responsibilities concerning accounts have been carried out. Availability of expert advise. The letter of weakness.  To Shareholders Assurance that accounts show a true and fair view and comply with statutory requirements Other Organization with publish accounts Assurance that accounts are reliable  In addition they provide reliable accounts to regulatory bodies such as the companies Registry, the stock exchange etc.

18 Primary Objective: To produce a report by the auditor of his opinion of the truth and fairness of financial statements so that any person reading and using them can belief in them. Secondary Objective : To detect Error and Fraud To prevent Errors and fraud by the deterrent and moral effects of Audit

19  Completeness  Ownership  Accuracy  Valuation  Classification

20  An audit can neither help in prioritizing changes nor in allocating resources.  Audit cannot mobilize people to take actions. though audit identifies various problems that exist in the organizational system and processes  Audit can not generate better data than the measures used to gather those.

21 February 14, 200721

22  An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure.Information technologyinfrastructure  The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.data integrityfinancial statement auditinternal audit

23  IT audits are also known as "automated data processing (ADP) audits" and "computer audits". They were formerly called "electronic data processing (EDP) audits".electronic data processing

24  The concept of IT auditing was formed in the mid-1960s. Since that time, IT auditing has gone through numerous changes, largely due to advances in technology and the incorporation of technology into business.  Currently, there are many IT dependent companies that rely on the Information Technology in order to operate their business e.g. Telecommunication or Banking company.

25  An IT audit is different from a financial statement audit. While a financial audit's purpose is to evaluate whether an organization is adhering to standard accounting practices, the purposes of an IT audit are to evaluate the system's internal control design and effectiveness. This includes, but is not limited to, efficiency and security protocols, development processes, and IT governance or oversight.financial statement auditstandard accounting practices .

26  Integrated information technology audit compliance,  Quality assurance,  Business continuity,  Disaster recovery,  IT governance, Fraud, risk, and forensics resources for information technology auditors, internal auditors, application auditors, compliance, information security and forensics professionals.

27 The IT audit aims to evaluate the following:  Will the organization's computer systems be available for the business at all times when required? (known as availability)  Will the information in the systems be disclosed only to authorized users? (known as security and confidentiality)  Will the information provided by the system always be accurate, reliable, and timely? (measures the integrity)  In this way, the audit hopes to assess the risk to the company's valuable asset (its information) and establish methods of minimizing those risks.

28 The audit process is generally a ten-step procedure: 1. Notification & Request for Preliminary Information 2. Planning 3. Opening Meeting 4. Fieldwork 5. Communication 6. Draft Report 7. Management Responses 8. Closing Meeting 9. Report Distribution 10. Follow-up

29  Technological innovation process audit  Innovative comparison audit  Technological position audit five categories of audits: 1. Systems and Applications 2. Systems Development : 3. Management of IT and Enterprise Architecture : 4. Client/Server, Telecommunications, Intranets, and Extranets 5. Information Processing Facilities :

30  This audit constructs a risk profile for existing and new projects. The audit will assess the length and depth of the company's experience in its chosen technologies, as well as its presence in relevant markets, the organization of each project, and the structure of the portion of the industry that deals with this project or product, organization and industry structure.

31 This audit is an analysis of the innovative abilities of the company being audited, in comparison to its competitors. This requires examination of company's research and development facilities, as well as its track record in actually producing new products. Technological position audit : This audit reviews the technologies that the business currently has and that it needs to add. Technologies are characterized as being either "base", "key", "pacing" or "emerging".

32 Systems and Applications : An audit to verify that systems and applications are appropriate, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system's activity. Information Processing Facilities : An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions. Systems Development : An audit to verify that the systems under development meet the objectives of the organization, and to ensure that the systems are developed in accordance with generally accepted standards for systems development.systems development.

33  Management of IT and Enterprise Architecture : An audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing.information processing  Client/Server, Telecommunications, Intranets, and Extranets : An audit to verify that telecommunications controls are in place on the client (computer receiving services), server, and on the network connecting the clients and serverstelecommunicationsnetwork

34  The deep dive audit involves detailed study of the IT infrastructure deployed - hardware, software, connectivity, power, security, MIS, and usability by end users. Other areas of study include identifying process coverage, data integrity, productivity improvements, reporting frequency and adequacy, training adequacy, and system availability. The focal points of the IT audit are:  Business functionality  Ease of Use  Security The capstone of Technology Audit is the Audit Findings Report which includes gap analysis, recommendations pertaining to technology upgrade / downgrade, training requirements and plan of action. Technology Audit recommendation sets the direction for organizations to optimize Return of Investment on IT.

35 Advising the Audit Committee and senior management on IT internal control issues Performing IT Risk Assessments Performing:  Institutional Risk Area Audits  General Controls Audits  Application Controls Audits  Technical IT Controls Audits  Internal Controls advisors during systems development and analysis activities. February 14, 200735

36 February 14, 200736

37 IT Audit plays a major role in development of IT Governance framework Moving away from policing role into a specialist role in the areas of risks and control Adding value at strategic and operational levels through the provision of business risk-focused advice and assurance Legislation is having a profound impact on IT Auditing (SOx, GLBA, HIPAA, FERPA, Privacy Notification Regulations …) The continuously changing technology environment brings new risks (i.e. Cyber security, wireless …) February 14, 200737

38 Inadequate or Lack of Management Oversight Poor Segregation of Duties Inadequate or Lack of Supporting Documentation No Business Continuity/Disaster Recovery Plan Change Management Data Security Data Loss Incidents There are also new audits being imposed by various standard boards which are required to be performed, depending upon the audited organization, which will affect IT and ensure that IT departments are performing certain functions and controls appropriately to be considered compliant. An example of such an audit is the newly minted SSAE 16SSAE 16 February 14, 200738

39

Download ppt "Audits are performed to ascertain the validity and reliability of information; also to provide an assessment of a system's internal control. The goal."

Similar presentations

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems Advanced Auditing Lecture 1 Assurance and Attestation Services.

Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems Advanced Auditing Lecture 1 Assurance and Attestation Services.
Discussion on SA-500 – AUDIT EVIDENCE

Discussion on SA-500 – AUDIT EVIDENCE
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Auditing Computer Systems

Auditing Computer Systems
The Islamic University of Gaza

The Islamic University of Gaza
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 1 - 1 The Demand for Audit and Other Assurance Services Chapter 1.

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.
Audit Planning and Analytical Procedures Chapter 8.

Audit Planning and Analytical Procedures Chapter 8.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
The Demand for Audit and Other Assurance Services Chapter 1.

The Demand for Audit and Other Assurance Services Chapter 1.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Purpose of the Standards

Purpose of the Standards
Auditing II Unit 1 : Audit Procedures Unit 2: Audit of Limited Companies Unit 3: Audit of Government Companies.

Auditing II Unit 1 : Audit Procedures Unit 2: Audit of Limited Companies Unit 3: Audit of Government Companies.
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
© 2003 McGraw-Hill Australia Pty Ltd, PPTs t/a Accounting Information & Reporting Systems by A. Aseervatham & D. Anandarajah. Slides prepared by Kaye Watson.

© 2003 McGraw-Hill Australia Pty Ltd, PPTs t/a Accounting Information & Reporting Systems by A. Aseervatham & D. Anandarajah. Slides prepared by Kaye Watson.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing

Similar presentations

Ads by Google