Upload
pearl-alia
View
23
Download
0
Embed Size (px)
DESCRIPTION
scribs
Citation preview
INTERNAL AUDIT PROCESS
INTERNAL AUDITING
(According to IIA)
-Azleen Ilias-
1 IPPF_AI
The learning objectives
Understand the types of engagements
internal auditors perform
Understand the key activities involved in
planning and performing an assurance
engagement and reporting the
engagement outcomes
2 IPPF_AI
Relevant standards
1200 Proficiency and Due
Professional Care
1210 Proficiency
1220 Due Professional Care
1230 Continuing Professional
Development
3 IPPF_AI
Relevant standards
2000 Managing the Internal Audit Activity
2010 Planning
2020 Communication and Approval
2030 Resource Management
2040 Policies and Procedures
2050 Coordination
2060 Reporting to Senior Management and the Board
2070 External Service Provider and Organizational Responsibility for Internal Auditing
2200 Engagement Planning
2201 Planning Considerations
2210 Engagement Objectives
2220 Engagement Scope
2230 Engagement Resource Allocation
4 IPPF_AI
Relevant standards 2240 Engagement Work Program
2300 Performing the Engagement
2310 Identifying Information
2320 Analysis and Evaluation
2330 Documenting Information
2340 Engagement Supervision
2400 Communicating Results
2410 Criteria for Communicating
2420 Quality of Communications
2421 Errors and Omissions
2430 Use of Conducted in Conformance with the International Standards for the
Professional Practice of Internal Auditing
2431 Engagement Disclosure of Nonconformance
2440 Disseminating Results
2450 Overall Opinions
2500 Monitoring Progress
2600 Communicating the Acceptance of Risks 5 IPPF_AI
Types of IA engagements
Assurance Services- An objective examination of
evidence for the purpose of providing an independent
assessment on governance, risk management and
control processes for the organization. For examples:
Include financial, performance, compliance, system
security and due diligence enagagements.
Consulting Services- Advisory and related service
activities, the nature an scope of which are agreed with
the customer, are intended to add value and improve an
organizations governance, risk management and
control processes without the internal auditor assuming
management responsibility. For examples: counsel,
advice, facilitation and training.
6 IPPF_AI
IA assurance engagements
Comprises three fundamental phases
1. Planning
2. Performing
3. Communicating
7 IPPF_AI
IA assurance engagements
Plan - Determine engagement objectives and scope.
- Understand the auditee, including auditee objectives and
assertions
- Indentify and assess risks
- Identify key control activities
- Evaluate adequacy of control designs
- Create a test plan
- Develop a work program
- Allocate resources to engagement
8 IPPF_AI
IA assurance engagements
Perform
- Conduct tests to gather evidence
- Evaluate evidence gathered and reach
conclusions
- Develop observations and formulate
recommendations
9 IPPF_AI
IA assurance engagements
Communicate - Perform observation evaluation and escalation process
- Conduct interim and preliminary engagement
communications
- Develop final engagement communications
- Distribute formal and informal final communications
- Performing monitoring and follow-up procedures
10 IPPF_AI
IA consulting engagement
Engagement Planning
2201 Planning Considerations
In planning the engagement, internal auditors must consider:
The objectives of the activity being reviewed and the means by
which the activity controls its performance;
The significant risks to the activity, its objectives, resources, and
operations and the means by which the potential impact of risk is kept
to an acceptable level;
The adequacy and effectiveness of the activitys governance, risk
management, and control processes compared to a relevant
framework or model; and
The opportunities for making significant improvements to the
activitys governance, risk management, and control processes.
11 IPPF_AI
IA consulting engagement
2201.C1 Internal auditors must establish an understanding
with consulting engagement clients about objectives, scope,
respective responsibilities, and other client expectations. For
significant engagements, this understanding must be
documented.
12 IPPF_AI
IA consulting engagement
Performing the engagement
2300 Performing the Engagement
Internal auditors must identify, analyze,
evaluate, and document sufficient
information to achieve the engagements
objectives.
13 IPPF_AI
IA consulting engagement
Communicating the engagement
2400 Communicating Results
Internal auditors must communicate the results of engagements.
2410.C1 Communication of the progress and results of
consulting engagements will vary in form and content depending
upon the nature of the engagement and the needs of the client.
2440.C1 The chief audit executive is responsible for
communicating the final results of consulting engagements to
clients.
2440.C2 During consulting engagements, governance, risk
management, and control issues may be identified. Whenever these
issues are significant to the organization, they must be
communicated to senior management and the board.
14 IPPF_AI
Risk Based Auditing Process
2200 Engagement Planning
Internal auditors must develop and document a plan for each
engagement, including the engagements
1. Objectives
2. Scope
3. Timing
4. Resource allocations.
15 IPPF_AI
Risk Based Auditing Process
Objectives, Examples : Evaluate the design adequacy of..,
Determine the operating effectiveness of., Assess
compliance with.
Scope, Examples : Boundaries of the process, In scope, Sub
process, Component, Time frame
1. Timing
2. Resource allocations.
16 IPPF_AI
Risk Based Auditing Process
2300 Performing the Engagement
Internal auditors must identify, analyze, evaluate, and document
sufficient information to achieve the engagements objectives.
1. Identifying Information - sufficient, reliable, relevant, and useful
information
2. Analysis and Evaluation - conclusions and engagement results
3. Documenting Information - Internal auditors must document
relevant information to support the conclusions and engagement
results.
4. Engagement Supervision - Engagements must be properly supervised
to ensure objectives are achieved, quality is assured, and staff is
developed.
17 IPPF_AI
Audit Plans and Schedules
Based on Sawyers (2012), effective audit planning and
scheduling are key components of successful internal
auditing. Based on comprehensive risk assessment, audit
plans and schedules are developed, formalized, reviewed
with management and the audit committee or board.
Benefits and Uses of Audit Schedules:
1. The long range schedules gives evidence that, barring
the emergence of risk oriented situations
2. Key business units are covered at appropriate intervals
Long range schedules based on Standard 2010:
Planning
18 IPPF_AI
Risk Based Auditing Process
2400 Communicating Results
Criteria for Communicating
1. The Engagement's objectives
2. Scope
3. Conclusions
4. Recommendations
5. Action plans.
Quality of Communications
1. Accurate
2. Objective
3. Clear
4. Concise
5. Constructive
6. Complete
7. Timely 19 IPPF_AI
Risk Based Auditing Process Engagement Disclosure - Internal auditors may report that their
engagements are conducted in conformance with the International
Standards for the Professional Practice of Internal Auditing, only if the
results of the quality assurance and improvement program support the
statement.
Disseminating Results - The chief audit executive is responsible for
reviewing and approving the final engagement communication before
issuance and for deciding to whom and how it will be disseminated.
When the chief audit executive delegates these duties, he or she
retains overall responsibility.
20 IPPF_AI
Risk Based Auditing Process
2500 Monitoring Progress
The chief audit executive must establish and
maintain a system to monitor the disposition of
results communicated to management.
21 IPPF_AI
References
Kurt F.R., Paul., J.S., Urton., L.A., Michael., J.H., Sridhar., R., Mark., S., & Cris., R. (2009). Internal Auditing: Assurance & Consulting Services. ISBN-13: 978-0894136436. The Institute of Internal Auditors Research Foundation.
International Standards for the Professional Practice of Internal Auditing (Standards). (2012). Issued: October 2008. Revised: October 2012. The Institute of Internal Auditors
Adams,P., Cutler,S., McCuaig,B., Rai,S., & Roth,J. (June 30, 2012). Sawyer s Guide for Internal Auditors, 6th Edition, ISBN-13: 978-0894137211, The Institute of Internal Auditors Research Foundation.
Main references from The Institute of Internal Auditors Research Foundation.
22 IPPF_AI
Thank you and please refer to references
and articles for further reading
-Azleen Ilias, AM (M), AIIA-
IPPF_AI 23