Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jean-Pierre Garitte Budapest 29 March 2017

Published byArleen Harper Modified over 6 years ago

Similar presentations

Presentation on theme: "Jean-Pierre Garitte Budapest 29 March 2017"— Presentation transcript:

1 Jean-Pierre Garitte Budapest 29 March 2017
PEM PAL IA COP Audit in Practice Working Group Introduction to the audit cycle Jean-Pierre Garitte Budapest 29 March 2017

2 Agenda Part 1: Introduction to audit cycle
Part 2: How does audit cycle connect to our IAM template? Part 3: Types of audit Part 4: ISPPIA 2210 on audit objectives

3 Agenda Part 1: Introduction to audit cycle
Part 2: How does audit cycle connect to our IAM template? Part 3: Types of audit Part 4: ISPPIA 2210 on audit objectives

4 1 2 3 4 5 6 Audit cycle is a rather generic process Planning Execution
Preliminary Survey Fieldwork Reporting Action Plan (includes quality satisfaction) Follow-Up Planning Execution Reporting Rule of thumb: 20% for planning and preliminary survey (1, 2) 60% for fieldwork (3) 20% for reporting (4)

5 1 2 3 4 5 6 Planning Scheduling of the engagement
Preliminary Survey Fieldwork Reporting Action Plan Follow-up Scheduling of the engagement Announcement of the engagement Opening meeting

6 Standard 2200 – Engagement Planning “Internal auditors must develop and document a plan for each engagement, including the engagement’s objectives, scope, timing, and resource allocations.”

7 Planning the engagement
When to do the audit? Who will do the audit? Resources: time budget Resources: auditors Competency and skills (align to subject to be audited) First draft of audit objectives and scope (this will be revised!) Announce the engagement to the auditee: Announcement letter (may include scope, logistics, contacts) Mutual expectations document Arrange a first meeting to gain an understanding of the area to be audited and its objectives and key risks; discuss broad/general audit objectives and scope; logistics

8 1 2 3 4 5 6 Preliminary Survey Desk review Risk (re-)assessment
Planning Preliminary Survey Fieldwork Reporting Action Plan Follow-Up Desk review Risk (re-)assessment Engagement planning memorandum Preparation of audit program Kick-off meeting with auditee

9 Standard 2310 – Identifying information
“Internal auditors must identify sufficient, reliable, relevant and useful information to achieve the engagement’s objectives.”

10 Preliminary survey Familiarisation Desk review
Interviews of main actors Risk (re-)assessment Engagement planning and scoping Audit objective(s) Key risks Audit scope Kick-off meeting 10

11 Key principles: audit work plan or programme
What? – A detailed list of “audit steps” (tasks) to be performed by the auditor in order to obtain sufficient evidence to be able to reach conclusions in respect of the audit objectives. “Audit steps”: Why? What are the objectives of this audit What? Audit procedures, tests and evidence gathering How? Sampling or full population Who? Auditor(s) When? Timing (interim or at year-end) Where? Location of audit

12 1 2 3 4 5 6 Fieldwork Detailed review of internal control system
Planning Preliminary Survey Fieldwork Reporting Action Plan Follow-Up Detailed review of internal control system Test of control design Test of operating effectiveness Formalising observations Validation meeting

13 Standard 2320 – Analysis and Evaluation
“Internal auditors must base conclusions and engagement results on appropriate analyses and evaluations.”

14 Activities Processes under review Management’s Objectives
Fieldwork Detailed review of the internal control system Reviewing the activities, processes, management's objectives, risks, and internal controls Are we responding to risk in the right way? Are these being achieved? Activities Processes under review Management’s Objectives Risks What is the internal control system? Risk Response Are these being managed? Effective? Mitigating Controls

15 What is the purpose of a working paper?
Key principles: working papers Attributes Five attributes of quality working papers' documentation Complete Clear Concise Neat Structured What is the purpose of a working paper? Automated audit workflow systems, e.g. TeamMate. 15 15

16 Key principles: working papers
Content of working papers Evidence Test Evidence Test Test Purpose/objectives/tests Scope Test results/findings Risk control matrix Risk control matrix Risk control matrix Conclusions /recommendations Source/references /evidence Cross references to Audit programme Supporting documents Working papers 16 16

17 Fieldwork Audit documentation = audit working papers
Audit working papers are organised in “audit files” Can be in paper form, maintained in computerised files or both. Working papers must always be cross-referenced (paper files as well as electronically) Audit documentation Audit documentation is the principal record of: Auditing procedures applied Evidence obtained and conclusions reached by the auditor in the engagement Main objective: To aid the auditor in providing reasonable assurance that an adequate audit was conducted in accordance with auditing standards

18 1 2 3 4 5 6 Reporting Draft audit report Contradictory process
Planning Preliminary Survey Fieldwork Reporting Action Plan Follow-Up Draft audit report Contradictory process Final audit report Assessment of auditee satisfaction

19 Standard 2400 – Communicating Results “Internal auditors must communicate the results of engagements.” Standard 2410 – Criteria for communicating “Communication must include the engagement’s objectives and scope as well as applicable conclusions, recommendations, and action plans.” Standard 2420 – Quality of Communications “Communication must be accurate, objective, clear, concise, constructive, complete, and timely.”

20 Reporting Types of opinion:
Standard 2410.A1 – Communicating Results “Final communication of engagement results must, where appropriate, contain the internal auditor’s overall opinion and/or conclusions.” Types of opinion: No opinion (consulting engagements, desk reviews, risk assessments) Disclaimer of opinion (scope limitation) Satisfactory Qualified (satisfactory except for …) Unsatisfactory/negative/adverse 20

21 The reasoning behind a recommendation
Criteria What should exist - The standards, measures, or expectations used in making an evaluation and/or verification Condition What does exist - The factual evidence that the auditor found in the course of the examination Cause (Root) Why the difference exists - The (real) reason for the difference between the expected and actual conditions Consequence (Effect) The impact of the difference - The risk or exposure the organisation and/or others encounter because the condition is not consistent with the criteria Recommendation What, Who and When ? - Action linked to responsible, date/timing, priority, and severity Management Response Yes, agree / Yes, but alternative / No, disagree Action Plan designed by Management Follow-Up by Internal Audit

22 1 2 3 4 5 6 Action plan Drafting the action plan
Planning Preliminary Survey Fieldwork Reporting Action Plan Follow-Up Drafting the action plan Establishing responsibilities and deadlines

23 Follow up 1 2 3 4 5 6 Performing follow-up audits Planning Preliminary
Survey Fieldwork Reporting Action Plan Follow-Up Performing follow-up audits

24 Standard 2500 – Monitoring Progress
“The chief audit executive must establish and maintain a system to monitor the disposition of results communicated to management.”

25 Agenda Part 1: Introduction to audit cycle
Part 2: How does audit cycle connect to our IAM template? Part 3: Types of audit Part 4: ISPPIA 2210 on audit objectives

26 Connection audit cycle to IAM template

27 Connection audit cycle to IAM template

28 Connection audit cycle to IAM template
Engagement planning Audit objectives and audit scope Audit program Audit field work Reporting on internal audit engagement

29 Agenda Part 1: Introduction to audit cycle
Part 2: How does audit cycle connect to our IAM template? Part 3: Types of audit Part 4: ISPPIA 2210 on audit objectives

30 Types of audit assurance engagements
• Financial auditing looks at the past to determine if financial information was properly recorded and whether financial statements present a fair, accurate and reliable view. They are based on the analysis of the economic activities of an entity as measured by accounting methods. • Compliance audits look at both financial (audits on financial management) and operating controls and transactions to assess if they conform to laws, regulations, standards and procedures. • Performance auditing is an independent and objective assessment of an entity's activities, processes and internal controls systems, with regard to one or more of the three aspects of economy, efficiency and effectiveness (the "3 E’s"), aiming to lead to improvements. 30

31 Types of audit assurance engagements
Other names sometimes used: IT audit Security audit Value-for-money audit Operational audit System based audit Comprehensive audit 31

32 Agenda Part 1: Introduction to audit cycle
Part 2: How does audit cycle connect to our IAM template? Part 3: Types of audit Part 4: ISPPIA 2210 on audit objectives

33 Performance Standards
ISPPIA 2210 Performance Standards 2000 – Managing the Internal Audit Activity 2100 – Nature of Work 2200 – Engagement Planning 2300 – Performing the Engagement 2400 – Communicating Results 2500 – Monitoring Progress 2600 – Communication and acceptance of risks

34 ISPPIA 2210 2240 – Engagement Work Program
2200 – Engagement Planning 2201 – Planning Considerations 2210 – Engagement Objectives 2220 – Engagement Scope 2230 – Engagement Resource Allocation 2240 – Engagement Work Program

35 2210 Engagement Objectives
Objectives must be established for each engagement.

36 2210 Engagement Objectives
2210.A1 Internal auditors must conduct a preliminary assessment of the risks relevant to the activity under review. Engagement objectives must reflect the results of this assessment. 2210.A2 The internal auditor must consider the probability of significant errors, fraud, noncompliance, and other exposures when developing the engagement objectives.

37 2210 Engagement Objectives
2210.A3 – Adequate criteria are needed to evaluate governance, risk management, and controls. Internal auditors must ascertain the extent to which management and/or the board has established adequate criteria to determine whether objectives and goals have been accomplished. If adequate, internal auditors must use such criteria in their evaluation. If inadequate, internal auditors must identify appropriate evaluation criteria through discussion with management and/or the board. Interpretation: Types of criteria may include: Internal (e.g., policies and procedures of the organization). External (e.g., laws and regulations imposed by statutory bodies). Leading practices (e.g., industry and professional guidance).

38 2210 Engagement Objectives
2210.C1 Consulting engagement objectives must address governance, risk management, and control processes to the extent agreed upon with the client. 2210.C2 Consulting engagement objectives must be consistent with the organization's values, strategies, and objectives.

39 Questions & Answers

Download ppt "Jean-Pierre Garitte Budapest 29 March 2017"

Similar presentations

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Internal Audit Documentation and Working Papers

Internal Audit Documentation and Working Papers
Learning Objectives LO1 Describe the current audit environment, including developments in regulatory oversight and provincial regulation of public accountants.

Learning Objectives LO1 Describe the current audit environment, including developments in regulatory oversight and provincial regulation of public accountants.
S17: Field work. Session Objectives  To explain the manner in which field audit is carried out.  To explain the nature of evidence and the different.

S17: Field work. Session Objectives  To explain the manner in which field audit is carried out.  To explain the nature of evidence and the different.
9.401 Auditing Chapter 1 Introduction. Definition of Auditing The accumulation and evaluation The accumulation and evaluation Of evidence about information.

9.401 Auditing Chapter 1 Introduction. Definition of Auditing The accumulation and evaluation The accumulation and evaluation Of evidence about information.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
Mª ANGELA JIMENEZ 1 UNIT 4. EXTERNAL AUDIT BASIS CONCEPTS.

Mª ANGELA JIMENEZ 1 UNIT 4. EXTERNAL AUDIT BASIS CONCEPTS.
Purpose of the Standards

Purpose of the Standards
Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.

Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.
Auditing & Assurance Services, 6e

Auditing & Assurance Services, 6e
Conducting the IT Audit

Conducting the IT Audit
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Auditing Internal Control over Financial Reporting

Auditing Internal Control over Financial Reporting
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.

D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
New Auditing Standards Laurie Ball, CPA Swenson Advisors, LLP (Murrieta) Audit Director Accounting Day May 12, 2008.

New Auditing Standards Laurie Ball, CPA Swenson Advisors, LLP (Murrieta) Audit Director Accounting Day May 12, 2008.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.

Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
Chapter 8: Client Risk Profile and Documentation

Chapter 8: Client Risk Profile and Documentation
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Audit Planning and Types of Audit Tests Chapter Five.

McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Audit Planning and Types of Audit Tests Chapter Five.
Chapter 21 Internal, Operational, and Compliance Auditing McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.

Chapter 21 Internal, Operational, and Compliance Auditing McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.

Similar presentations

Ads by Google