audit engagement overview
DESCRIPTION
Audit Engagement Overview. Plan. Perform. Communicate. Monitor. Research and apply Standards. Maintain fraud awareness. Assess risk. Collect, evaluate, analyze, interpret data. Report findings, conclusions, recommendations. Monitor engagement outcomes. Develop workpapers. - PowerPoint PPT PresentationTRANSCRIPT
Part 2 A – 1V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Audit Engagement Overview
Monitor
Develop workpapers.
CommunicatePerform
Research and apply StandardsMaintain fraud awareness
Plan
Collect, evaluate, analyze, interpret data.
Report findings, conclusions,
recommendations.
Monitor engagement outcomes.
Part 2, Section A, Overview
Assess risk
Part 2 A – 2V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
1. Research and apply appropriate international standards
2. Maintain an awareness of the potential for fraud when conducting an engagement
3. Collect data 4. Evaluate the relevance,
sufficiency, and competence of evidence
5. Analyze and interpret data 6. Develop working papers 7. Review working papers
8. Communicate interim progress
9. Draw conclusions 10. Develop recommendations
when appropriate 11. Report engagement results 12. Conduct client satisfaction
survey 13. Complete performance
appraisals of engagement staff
Section Topics
Part 2, Section A
Part 2 A – 3V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
I. Definition of internal auditingII. Code of EthicsIII. StandardsIV. Practice AdvisoriesV. Practice Guides and Position Papers
Answer: I, II, and III
Discussion QuestionWhich parts of the International Professional Practices Framework are mandatory for IIA members? (Select all that apply.)
Part 2, Section A, Topic 1
Part 2 A – 4V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
Internal Auditing: IIA Definition
Part 2, Section A, Topic 1
Part 2 A – 5V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Confidentiality
IntegrityObjectivity
Competency
Which of the four principles underlying The IIA Code of Ethics is missing from the following list?
Discussion Question
Part 2, Section A, Topic 1
Part 2 A – 6V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Integrity Objectivity Confidentiality Competency1.1. Perform work with honesty, diligence, and responsibility.1.2. Observe the law and make disclosures expected by the law and the profession.1.3. Avoid illegal activity or acts that are discreditable to the IA profession or to the organization.1.4. Respect and contribute to legitimate and ethical objectives of the organization.
2.1. Avoid acts or relationships that impair unbiased assessment, including those that conflict with the organization’s interests.2.2. Accept nothing that might impair professional judgment.2.3. Disclose all material facts known that, if undisclosed, may distort reporting.
3.1. Be prudent in use and protection of information acquired in the course of duties.3.2. Do not use information for personal gain, contrary to the law, or to the detriment of legitimate and ethical objectives of the organization.
4.1. Engage only in services for which you have the knowledge, skills, and experience.4.2. Perform internal auditing services in accordance with the Standards.4.3. Continually improve proficiency and effectiveness and quality of services.
IIA Code of Ethics
Part 2, Section A, Topic 1
Part 2 A – 7V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Answer: Apply the four principles to determine an ethical course of action.
What should you do when confronted by an ethical dilemma that can’t be resolved by reference to any of the specific Rules of Conduct?
Discussion Question
Part 2, Section A, Topic 1
Part 2 A – 8V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
The IIA’s Standards: 3 Types
Characteristics of organizations and parties performing internal audit services
Descriptions of the nature of internal audit services and quality criteria for service performance measurement
Attribute Standards
Performance Standards
Implementation Standards
Mandatory instructions for implementing Attribute and Performance Standards for assurance and consulting engagements
Part 2, Section A, Topic 1
Part 2 A – 9V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
• Objective assessment of evidence.
• Independent opinion or conclusions about a process, system, etc.
• Internal auditor determines nature and scope.
• Three parties generally involved.
Assurance Consulting
Which list describes assurance audit services and which describes consulting audit services?
• Advisory engagement.• Requested by client.• Nature and scope
subject to client-auditor agreement.
• Two parties generally involved.
Discussion Question
Part 2, Section A, Topic 1
Answer:
Part 2 A – 10V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
• Financial assurance• Controls assurance• Information technology (IT)• Compliance• Operations• Integrated
• Management requests• Due diligence assignments
in mergers and acquisitions
Engagement Examples
Assurance Engagements Consulting Engagements
Part 2, Section A, Topic 1
Part 2 A – 11V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
IIA Nonmandatory Guidance: Three Types
Practice Advisories
Detailed guidance for internal audit activities (e.g., processes and procedures—tools and techniques, programs, andapproaches)
• IIA-sanctioned best practices• Address approach,
methodology, and considerations
Practice Guides
Position PapersStatements to assist a wide range of interested parties
Part 2, Section A, Topic 1
Part 2 A – 12V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Other Relevant Standards
US Racketeer Influenced and Corrupt Practices Act (RICO)
20041970
1977
COSO Enterprise Risk Management—Integrated Framework
Sarbanes-Oxley Act
1992
Treadway Commission Report (COSO)
1987
US Foreign Corrupt Practices Act (FCPA)
2002
COSO Internal Control—Integrated Framework (revised 1994)
2007
COSO for small business
2006
• Revised Yellow Book standards
• Auditing Standard Number 5 (AS5)
Part 2, Section A, Topic 1
Part 2 A – 13V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Sarbanes-Oxley Act’s Impact• Outside auditor may not also do internal audits; co-
sourcing is acceptable.
• Audit committee shall:– Appoint, compensate, etc., the outside auditor.– Contain only independent members (no consulting fees
accepted).– Contain at least one financial expert (or disclose as to why not).– Establish procedures for monitoring controls, handling
complaints, etc.
• All SEC filings must contain an internal control report.
Part 2, Section A, Topic 1
Part 2 A – 14V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Auditing Standard Number 5 (AS5)
“Top-down, risk-based approach”• Clarifies how entity level controls should be used in performing
an integrated audit• Broadens the expected use of the work of other external
auditors beyond internal auditors• Allows increased use of work of others by external auditors as
the level of risk decreases • Requires that an understanding of the flow of transactions be
obtained • Excuses walkthroughs if external auditors can rely on the work
performed by internal audit in this area
Part 2, Section A, Topic 1
Part 2 A – 15V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Committee of Sponsoring Organizations (COSO)
Control environmentRisk assessmentControl activitiesInformation and communicationMonitoring
Enterprise Risk Management—Integrated Framework
Internal Control—Integrated Framework*
Internal environmentObjective settingEvent identificationRisk assessmentRisk responseControl activitiesInformation and communicationMonitoring
1123
2
43
7
4
5
8
5
*Same components for 2006 “Internal Control Over Financial Reporting” for smaller public companies
6
Part 2, Section A, Topic 1
Part 2 A – 16V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
The COSO Challenge:Take a Broader View of Control Environment
Financial statements +
“Tone at the top”EthicsCompetencyHuman resource policiesCorporate culture
Part 2, Section A, Topic 1
Part 2 A – 17V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Are there sets of standards similar to COSO that apply outside the US?
Sample answer: Yes, for example, CoCo in Canada and the Cadbury Commission’s model in the UK.
Discussion Question
Part 2, Section A, Topic 1
Part 2 A – 18V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Name at least four specific actions every internal auditor should be able to accomplish regarding fraud.
Answer:• Notice indicators of fraud.• Design appropriate steps to address
significant risk of fraud.• Employ audit tests to detect fraud.• Determine if any suspected fraud merits
investigation.
Discussion Question
Part 2, Section A, Topic 2
Part 2 A – 19V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
IPPF Glossary Definition of Fraud
“Any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the application of threat of violence or of physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.”
Part 2, Section A, Topic 2
Part 2 A – 20V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Discussion Question
Fraud perpetrated to the detriment of the organization
Fraud perpetrated on behalf of the organization
What are some examples of the two major types of fraud listed below?
Sample answer:• Improper payments to
government officials• Intentional, improper
valuations• Intentional, improper
transfer pricing• Sale or assignment of
fictitious assets
Sample answer:• Bribes and kickbacks• Diverting profitable transactions• Embezzlement• Intentional concealment of
events, etc.• Submitting claims for goods or
services not provided
Part 2, Section A, Topic 2
Part 2 A – 21V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
What are some examples of red flags indicating the potential for fraud?
Sample answer: Loose internal controls, poor management philosophy, poor financial position, low employee morale, confusion about ethics, lack of background checks in hiring, lack of employee support programs.
Discussion Question
Part 2, Section A, Topic 2
Part 2 A – 22V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
What three conditions suggest the possibility of fraud?
Answer:• Opportunity (e.g., poor control design)• Motive (e.g., desire for power, greed,
pressure)• Rationalization (“I’m entitled.”)
Discussion Question
Part 2, Section A, Topic 2
Part 2 A – 23V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Design Appropriate Engagement Steps
What would tempt employees here?
How about managers?
What controls pass a cost-
benefit analysis?
What are the e-commerce
implications?
Part 2, Section A, Topic 2
Part 2 A – 24V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
The internal auditor needs authority to take necessary engagement steps. What are some specific powers the internal auditor should seek from management?
Sample answer: Authority to review annual reports, audit consulting contracts, review executive-approved transactions, have access to the board’s actions, review transactions with subsidiaries and associated organizations, test documentation supporting financial reports, monitor compliance of record-retention policies, ask about political contributions, review expense accounts, monitor conflicts of interest.
Discussion Question
Part 2, Section A, Topic 2
Part 2 A – 25V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Analytical Tools for Fraud Tests
What’s the ratio of A to B? (proportional analysis)
Does this change in a trend have a reasonable explanation? (trend analysis)
Will computer analysis make testing more efficient and effective? (verifying transactions with computers)
Outcome B
Condition A
Part 2, Section A, Topic 2
Part 2 A – 26V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
A. Research to identify a root causeB. Software that runs on an ongoing basisC. Ratio analysis of high risksD. Comparative transactions
Answer: B. Continuous auditing (or continuous monitoring) uses computerized techniques to perpetually audit the processing of business transactions.
Discussion QuestionWhich of the following statements best describes continuous auditing?
Part 2, Section A, Topic 2
Part 2 A – 27V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Name several major types of audit evidence and give examples of each.Sample answer:
Physical evidence (e.g., stored media, security system in operation)Documentary evidence (e.g., letters, e-mails, memos,invoices)Representations or testimonial evidence (responses to inquiries supported by documentation)Analytical evidence (e.g., computations, reasoning,analytical audit tests)
Discussion Question
Part 2, Section A, Topic 3
Part 2 A – 28V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Persuasive EvidenceRelevant Reliable Sufficient
Must be pertinent to audit objective and logically support internal auditor’s conclusion or advice
Must come from credible source
Should be enough evidence; different but related pieces of evidence should corroborate each other
Part 2, Section A, Topic 3
Part 2 A – 29V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Match the type of legal evidence on the left with its description on the right.
A. Generally documentaryB. Copy of a document or oral evidence of contentsC. Eyewitness testimony, for exampleD. Leads to only one conclusionE. Proves an intermediate factF. Supplemental supporting evidenceG. Usually admissible only when
provided by expertsH. Secondhand; generally ruled inadmissible in
court
Best
Hearsay
Opinion
Corroborative
Circumstantial
Conclusive
Direct
Secondary
C
FADH
GE
B
Discussion Question
Part 2, Section A, Topic 3
Part 2 A – 30V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Other Concerns About Evidence
Can I use the evidence without violating confidentiality (Code of Ethics)?
Will I have access to the evidence without interference?
Will the evidence be available when I need it for testing?
Part 2, Section A, Topic 3
Part 2 A – 31V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Define sufficiency, competence (reliability), and relevance in regard to audit evidence.Sample answer: Sufficient evidence—Factual, adequate, and convincing so that a prudent, informed person would reach the same conclusion as the auditor.Competent (called “reliable” in Standards) evidence—Reliable and best obtainable through the use of appropriate techniques.Relevant evidence—Supports engagement observations and recommendations and is consistent with engagement objectives.
Discussion Question
Part 2, Section A, Topic 4
Part 2 A – 32V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Evidence-Gathering Techniques
What are appropriate times to use:• Inquiry?• Observation?• Inspection?• Vouching?• Tracing?• Re-performance?• Analytical procedures?• Confirmation?
Part 2, Section A, Topic 4
Part 2 A – 33V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Reinforcing Activity 2-1Part 2, Section A, Topic 4
Evaluate the Relevance, Sufficiency, and Competence of Evidence
Part 2, Section A, Topic 4
Part 2 A – 34V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Assumed: Variety of techniques for gathering data; solid basis for determining conclusions.
Question: What are some conditions the internal auditor discovers by using analytical procedures?Sample answer:• Unexpected differences• Absence of expected differences• Potential errors• Potential irregularities or illegal acts• Other unusual or nonrecurring transactions and
events
Discussion Question
Part 2, Section A, Topic 5
Part 2 A – 35V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
The heart of analysis is comparison. What are some types of comparisons used to analyze and interpret audit evidence?Sample answer:• Comparison of current to prior period• Comparison of current period to budget or forecast• Comparison of financial data to nonfinancial data• Study of relationships among elements of information (e.g.,
interest expense to debt balance)• Comparison of one organizational unit’s performance to
another unit’s• Comparison of organization to industry benchmark
Discussion Question
Part 2, Section A, Topic 5
Part 2 A – 36V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Define and provide examples of two types of ratio analysis.
Sample answer: Two commonly used types of ratio analysis are 1) common-size statements, with all statement items formulated as ratios with a common denominator, and 2) financial ratios used to evaluate organizational structure and performance (debt/equity, price/earnings, etc.).
Discussion Question
Part 2, Section A, Topic 5
Part 2 A – 37V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Provide a definition and some examples of trend analysis.
Sample answer: Trend analysis traces relationships over time and is the analytical technique most commonly used by internal auditors. Some trends analyzed includerevenues, expenses, same-store sales,store openings; trends in ratios are also subject to analysis.
Discussion Question
Part 2, Section A, Topic 5
Part 2 A – 38V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Give a brief definition of regression analysis.
Sample answer: Statistical technique used to measure the amount of change in one value caused by change in another.
Discussion Question
4020 60 80 100 120
Sales Revenues
(USD)
140
70,00060,000
50,000
40,000
30,000
20,000
10,000
0
Marketing Expenditures (USD)
Part 2, Section A, Topic 5
Part 2 A – 39V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
What are some common types of analytical comparisons?
Sample answer:Period-to-period comparisons of performance—quarter to quarter, etc. Comparisons of actual revenues, profits, etc.to budgets and forecastsComparisons with other causal factors such as benchmarks or best practices
Discussion Question
Part 2, Section A, Topic 5
Part 2 A – 40V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Other Analytical Considerations• Significance of the area under examination• Degree of risk in the area under examination• Availability and reliability of information• Prediction of analytical results• Availability and comparability of information
regarding the industry in which the organization operates
• Extent to which engagement procedures support results
Part 2, Section A, Topic 5
Part 2 A – 41V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
“Internal auditors must document relevant information to support the conclusions and engagement results.”
Standard 2330
2330.A1—CAE controls access to engagement records and obtains approval of senior management and/or legal counsel prior to releasing records.
2330.A2—CAE must develop retention requirements consistent with organization and regulatory requirements.
2330.C1—CAE must develop policies for retention and release of records (internal and external).
Part 2, Section A, Topic 6
Part 2 A – 42V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
What are the purposes of working papers?
Engagem
ent
working
papers
Support engagement communications.
Aid engagement planning, performance, and review.
Document achievement of engagement objectives.
Facilitate third-party reviews.
Provide basis for quality assurance and improvement program.
Demonstrate compliance with Standards.
Discussion Question
Part 2, Section A, Topic 6
Part 2 A – 43V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Engagem
ent
working
papers
The organization, design, and content of engagement working papers depend on the engagement’s nature and objectives and the organization’s needs.
Working papers document all aspects of the engagement process from planning to communicating results.
Documenting the Engagement (PA 2330-1)
Internal audit activity determines the media used.
Part 2, Section A, Topic 6
Part 2 A – 44V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Necessary Working Paper Contents
Engagem
ent
working pap
ers
• Should contain all the work done during the engagement
• Should document the audit’s objectives and methods so thoroughly that a new auditor, added to the project at any point, could fully comprehend the engagement from the working papers and bring the audit to a successful conclusion
Part 2, Section A, Topic 6
Part 2 A – 45V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Working Paper Format
Engagem
ent
working
papers
Magnetic
disk
Engagement identification; description of contents or purpose
Signature or initials of IA performer and date
Index or reference number of the working paper
Explanation of verification (tick marks, etc.)
Clear identification of datasourcesSummaries
Part 2, Section A, Topic 6
Part 2 A – 46V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Who is responsible for control of working papers, and why is control a significant concern?
Answer: CAE is responsible for retention policies (2330.A1).
Issues: Crucial to engagement success or survival and may contain confidential information.
Discussion Question
Part 2, Section A, Topic 6
Part 2 A – 47V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Engagement Supervision
Assures that engagement has been carried out according to high quality standards, objectives achieved, staff evaluated for professional development.
Span of CAE Engagement Supervisory Responsibility
Planning
preparation
Data
analy
sisFraud
aware
ness
Data
gatheri
ng
Findings
Communicatio
n
Follow-up
Staff
develo
ped
CAE
dd/mm/yy
yy
Part 2, Section A, Topic 7
Part 2 A – 48V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Elements of Proper Engagement Supervision
• Trained auditor—knowledge, skills, and competencies to perform.
• Proper instructions during the planning and approval of engagement program.
• Program is completed and modified using accepted practices.
• Working papers support observations, conclusions, and recommendations.
• Communications are accurate, objective, clear, concise, constructive, and timely.
• Engagement objectives are met.
• Opportunities for developing auditors’ knowledge, skills, and competence.
Part 2, Section A, Topic 7
Part 2 A – 49V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
What are some reasons for filing an interim report?
Sample answer: To alert management to information too important to put on hold, including information that requires immediate attention, a change in scope, and strong suspicion of fraud. (See PA 2410-1.)
Discussion Question
Part 2, Section A, Topic 8
Part 2 A – 50V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Discussion QuestionFindings should be based on solid facts. What are the five parts of a finding?
Fact
s
Fact
s
Fact
s
Fact
s
Fact
s
Fact
s
Criteria Condition Cause Effect Recommendation
Internal Audit Finding
Answer:
Part 2, Section A, Topic 9
Part 2 A – 51V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
The course of action that is most practical and economical in correction of the disparityThe objectives that should be kept in mind when recommending corrective actionThe considerations for management in setting forth an improved course of actionThe open choices and how they measure up when compared with the objectivesThe best choice with the least unsatisfactory side effectsThe mechanism that should be suggested to control the corrective action after it is taken
Recommendation Considerations
Part 2, Section A, Topic 9
Part 2 A – 52V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
The Nature of Audit Opinions (PA 2410-1)
The activity reviewed in this internal audit is/is not functioning as intended.
Your program objectives do/do not conform to organizational objectives.
Your organizational objectives are/are not being met.
Audit Opinion
Audit Opinion
Audit Opinion
Part 2, Section A, Topic 9
Part 2 A – 53V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Reinforcing Activity 2-2Part 2, Section A, Topic 9
Draw Conclusions
Part 2, Section A, Topic 9
Part 2 A – 54V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Recommendation Do’s & Don’ts
Tell management how to manage.
Incorporate audit conclusions and opinions.Call for action.Suggest options to achieve desired results.Make either general or specific suggestions.Consult with management.Obtain agreement on results and action plan to improve operations.Document disagreement.
Do Don’t
Do
Do
Do
Do
Do
Do
Part 2, Section A, Topic 10
Part 2 A – 55V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
SMART Model for Composing Recommendations
SMART
Specific Measureable Action-oriented
Relevant Time-based
Part 2, Section A, Topic 10
Part 2 A – 56V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Reinforcing Activity 2-3Part 2, Section A, Topic 10
Develop Recommendations When Appropriate
Part 2, Section A, Topic 10
Part 2 A – 57V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
The Engagement’s Finale
Final reportDiscuss conclusions and
recommendations.
Resolve misunderstandings or misinterpretations.
Agree on possible solutions to identified problems.
Express appreciation to client for cooperation in the audit.
Exit conferenceRough draft
Part 2, Section A, Topic 11
Part 2 A – 58V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Ensure the right people attend.Provide the necessary documents in advance.Set the agenda and manage the meeting.Explore and resolve as many issues as possible.Provide clear messages, even about difficult issues.Thank the audit customer for cooperation.Hold a post-meeting debriefing with the audit team.
Exit Conference Best Practices
Part 2, Section A, Topic 11
Part 2 A – 59V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
According to PA 2440-1, you should obtain management response before issuing final communications. What are some reasons for doing so?
Sample answer: Improves chances ofserious discussion, resolving misunderstandings, and ultimately gaining positive action onrecommendations.
Discussion Question
Part 2, Section A, Topic 11
Part 2 A – 60V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
What are some suggestions for making delivery of the final report successful?
Sample answer:• Assume partnership with the client.• Move from general to specific.• Start and end on a positive note.• Present opportunities—but be realistic.• Emphasize the “effects” aspect of findings.
Discussion Question
Part 2, Section A, Topic 11
Part 2 A – 61V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Final Report Format (PA 2410-1)
Background
Engagement purposeEngagement scope
Results
SummariesClient accomplishments
Client views
May include
Must include
M
ust i
nclu
de
May
incl
ude
Part 2, Section A, Topic 11
Part 2 A – 62V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Who should approve the final report and to whom should it be distributed?
Answer:• CAE should approve and sign report and be
responsible for distribution.• Recipients should include those who can
take corrective action. Higher-ups may receive summaries, and communications can go to external auditors, the board, and appropriate others.
Discussion Question
Part 2, Section A, Topic 11
Part 2 A – 63V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
What are some questions the internal auditor should ask the engagement client?Sample answer:• Were your expectations positive or negative?• Did we confirm, exceed, or fail to meet expectations?• Was the audit conducted professionally? • Was the audit disruptive? Did we honor your schedule requests?• Was the audit performed in a timely manner?• Did your staff and management have good relations with audit staff?• Did you request assistance? Was it provided?• Did the audit findings help you improve in desired areas?• How could we improve our engagement performance?
Discussion Question
Part 2, Section A, Topic 12
Part 2 A – 64V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Dual Track for Performance Appraisals (Standard 1300—Quality Assurance)
Annual performance appraisal (CAE)
Annual performance appraisal (CAE)
Post-audit appraisal (auditor-in-charge)
Post-audit appraisal (auditor-in-charge)
Post-audit appraisal (auditor-in-charge)
Part 2, Section A, Topic 13
Part 2 A – 65V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Internal Audit Designated Competencies
Part 2, Section A, Topic 13
Part 2 A – 66V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
What are some strong and weak points of post-engagement performance reviews?
Discussion Question
StrongImmediate, based on fresh impressions
WeakWide variation for different audits, different reviewers
Sample answer:
Part 2, Section A, Topic 13
Part 2 A – 67V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
What are some issues that should be discussed in the post-engagement performance review?
Discussion Question
Sample answer:• Quantity of work• Quality of work:
— Accurate computations— Appropriate tests— Thorough fieldwork— Useful final working papers— Written and oral
presentations
• Grasp of procedures• People skills• Technical skills• Business knowledge
Part 2, Section A, Topic 13
Part 2 A – 68V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Begin with an outline.
Face-to-Face Meeting Guidelines
Schedule in advance.
End with a summary.
Give honest appraisal.
Ask for self-assessment.
“How’s Thursday at 4:00 p.m.?”
“You did a very professional job, for the most part…”
“What do you think were your strong points and what are your areas for development?”
“Can we talk about a few more effective techniques you can use in the future?”
“Let’s review main points and commitments for development.”
Part 2, Section A, Topic 13
Part 2 A – 69V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
End of Section A
Questions?
Part 2, Section A