Presentation is loading. Please wait.

Presentation is loading. Please wait.

Scope of the audit Reference Frameworks Tashkent, October 2017.

Published byAmbrose Walsh Modified over 6 years ago

Similar presentations

Presentation on theme: "Scope of the audit Reference Frameworks Tashkent, October 2017."— Presentation transcript:

1 Scope of the audit Reference Frameworks Tashkent, October 2017

2 Scope of the Audit Engagement
The audit scope defines the boundaries of the audit: the specific processes and/or areas, geographic locations, and time period (e.g., point in time, fiscal quarter, or calendar year) that will be covered by the engagement, given the available resources; When determining the scope of an engagement, it is helpful for internal auditors to review the engagement objectives to ensure that each objective can be accomplished under the established parameters; Internal auditors should also consider how legal factors may affect the engagement scope and approach as well. Think of nondisclosure agreements made by the organization that might hamper the work of audit. Tashkent, October 2017

3 Scope of the Audit Engagement
Example: a list of possible inclusions and exclusions for the scope of an accounts payable engagement: Expenses (operational, travel, supplies, personnel, and/or corporate, etc.); Personnel (executive, management, all, etc.); Locations (corporate office, operational locations, countries, etc.); Timeframe (current, previous, month, quarter, year, etc.); Materiality (any amount or only amounts over certain authorized limits, etc.); Systems (only systems that process expenses or also human resources systems, all systems, etc.). Tashkent, October 2017

4 Scope of the Audit Engagement
Example: engagement scope for the aforementioned accounts payable engagement. The assurance engagement will cover personnel and operating expenses submitted for the 12-month period ending August 20XX and the processes for submitting, approving, and paying expense reports (including a third-party software used to submit expense reports). The engagement scope includes all personnel that utilize the third-party software to submit personnel and operational expenses. The engagement will also include a compliance review with the organization’s expense policy. Tashkent, October 2017

5 Reference Frameworks For EVERY type of audit the following questions are relevant: About WHAT will the audit team come up with conclusions/opinions (and eventually) recommendations? What are the criteria that form the basis to formulate these conclusions/opinions? How do we gather these criteria? What are suitable references? (ingredients) Tashkent, October 2017

6 Tashkent, October 2017

7 What do the standards say?
Standard 2210.A3: Adequate criteria are needed to evaluate governance, risk management and controls. Internal auditors must ascertain the extent to which management and/or the board has established adequate criteria to determine whether objectives and goals have been accomplished. If adequate, internal auditors must use such criteria in their evaluation. If inadequate, internal auditors must work with management and/or the board to develop appropriate evaluation criteria. Clear audit criteria and a solid data-analysis are key to undisputable audit conclusions and/or opinions Tashkent, October 2017

8 The Reference framework
Reference framework (or normative framework): The total set of criteria/norms the auditor uses to reflect reality against; It forms the basis that leads to conclusions and opinions; The reference framework is used as a tool to make a description of the ideal governance and control framework. It’s the mirror the auditor uses. Tashkent, October 2017

9 Why do we need reference frameworks?
The auditor needs a measuring tool; They prevent to some extend disagreements with management about the audit conclusions/opinions; Clear definitions of the key concepts in the audit prevent misinterpretations. Tashkent, October 2017

10 Position of the reference framework in the audit process
Normative Framework (How it should be) Criteria source 1 Criteria source 2 Criteria source 3 Gap? Audit result: conclusions / opinions Analysis The auditmodel is a schematic view of the auditgoal and the auditview to reach this goal and the auditobject where upon the audit is performed. The auditmodel forms the framework for the auditor. The auditgoal is already treated in the intakephase. In the auditmodel the goal is repeated and put into a scheme. The auditobject is the subject or item of the audit. It can be a process, but it can also be a theme such as integrity or safety. It is the focuspoint of the auditor. This auditobject is already known in the intakephase, but in the phase of building the auditmodel, this auditobject is definitely determined. The basis of the framework is the auditview. This auditview are the glasses which clears the sight of the auditor. It determines the way the auditor will examine the auditobject. It forms the basis upon which the auditor draws his conclusions. The auditview is mostly stated in a few general audit questions who are derived from the central audit question or auditgoal. Most of the times the answers to the general audit questions lead to the fullfillment of the auditgoal. Sometimes not only the general audit questions are mentioned but also the aspects or themes to look for during the audit. A good and explicit auditview is neccesary for an audit. If the auditor has the idea that he cannot completely answer the central auditgoal, he has to work on his references. If needed he can enlarge his preliminary investigation or intake to build a gooed auditmodel. It is also important to mention that it is NOT the auditor who is responsible for the decisionmaking around the auditmodel. It is the auditclient who is responsible for that, but in practice the auditor builds the framework and the auditclient approves it. Let us now give some examples of references. Data-collection (Fieldwork) Audit- Object (How it is)

11 Reference frameworks and types of audits
Focus of Audit Characteristics of the reference frameworks Sources Compliance Audit Standardized (usually check lists) Laws/regulations/procedures Financial Audit More or less standardized Tolerance levels, accounting procedures, reporting requirements IT-audit Partly custom made / partly standardized but needs to be tailor made dependable on audit topic For example: COBIT, internal procedures, ISO27001 Performance Audit Partly custom made / partly standardized but needs to be tailor made in most cases Norms/criteria set by management, internal procedures, regulations/laws, theories, best practices Tashkent, October 2017

12 Reference framework in the audit assignment plan
In the assignment plan (as part of the objective) it is mentioned which references (in general) will be used to reach audit conclusions/opinions; Internal auditors should consider seeking input from subject matter experts to help develop relevant criteria; It is vital that references are agreed upon with management (this is usually mentioned in the assignment plan); The evaluation criteria, which in totally represent the reference framework, should be relevant, reliable, and documented; A more detailed outline of the reference model could be part of the annex and must be part of the audit dossier (in case of an assurance assignment)

13

Download ppt "Scope of the audit Reference Frameworks Tashkent, October 2017."

Similar presentations

Development of internal control: methodology and responsibility

Development of internal control: methodology and responsibility
IS Audit Function Knowledge

IS Audit Function Knowledge
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett Slides prepared by Roger Simnett.

Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett Slides prepared by Roger Simnett.
Purpose of the Standards

Purpose of the Standards
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
S/W Project Management

S/W Project Management
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.

D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
Basics of OHSAS Occupational Health & Safety Management System

Basics of OHSAS Occupational Health & Safety Management System
Harmonization project The long and winding road to level 3…

Harmonization project The long and winding road to level 3…
PwC Internal Control Reports: Facts, Myths and Best Practices FIRMA National Risk Management Training Conference – San Francisco, CA Wednesday March 31,

PwC Internal Control Reports: Facts, Myths and Best Practices FIRMA National Risk Management Training Conference – San Francisco, CA Wednesday March 31,
Chapter 5 Internal Control over Financial Reporting

Chapter 5 Internal Control over Financial Reporting
How does the ECA assess Member States’ internal control systems? Workshop on Audit/Evaluation of Public Internal Financial Control Systems (PIFC) Ankara,

How does the ECA assess Member States’ internal control systems? Workshop on Audit/Evaluation of Public Internal Financial Control Systems (PIFC) Ankara,
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.

Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.

1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Professional Certificate in Electoral Processes Understanding and Demonstrating Assessment Criteria Facilitator: Tony Cash.

Professional Certificate in Electoral Processes Understanding and Demonstrating Assessment Criteria Facilitator: Tony Cash.
Harmonization project CAS project group (Chair, Slovakia, European Court of Auditors) CAS meeting Batumi, Georgia 27th of September 2011.

Harmonization project CAS project group (Chair, Slovakia, European Court of Auditors) CAS meeting Batumi, Georgia 27th of September 2011.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.

Similar presentations

Ads by Google