Embed Size (px)
Citation preview
McGraw-Hill/Irwin
©2005 by the McGraw-Hill Companies, Inc. All rights reserved.
D-1
Module D
Internal, Governmental,
and Fraud Audits
“I predict that audit committees will look increasingly to internal audit departments to be their eyes and ears across the corporation.”
- Jacqueline K. Wagner, general auditor GM and past Chairman of the IIA
McGraw-Hill/Irwin
©2005 by the McGraw-Hill Companies, Inc. All rights reserved.
D-2
Module Topics
• Internal Audit
• Governmental Audit
• Fraud Audits
McGraw-Hill/Irwin
©2005 by the McGraw-Hill Companies, Inc. All rights reserved.
D-3
INTERNAL AUDITING DEFINED
• Independent and objective • Assurance and consulting activity • Adds value and improves an organization’s
operations.• It helps an organization accomplish its objectives• A systematic, disciplined approach to evaluate and
improve the effectiveness of – risk management, – control, and – the governance process.
McGraw-Hill/Irwin
©2005 by the McGraw-Hill Companies, Inc. All rights reserved.
D-4
Role of the Internal Auditor
• Ensure reliability and integrity of information• Safeguard assets• Ensure compliance with policies and regulations• Achieve organizational objectives and goals• Improve operational economy and efficiency• Identify areas of business risk• Prevent and detect fraud• Coordinate audit activities with external auditors
McGraw-Hill/Irwin
©2005 by the McGraw-Hill Companies, Inc. All rights reserved.
D-5
Standards for the Professional Practice of Internal Audit
• Attribute Standards– 1000 Purpose, Authority, and Responsibility– 1100 Independence and Objectivity– 1200 Due Professional Care– 1300 Quality Assurance and Improvement Program
• Performance Standards– 2000 Managing the Internal Audit Activity– 2100 Nature of Work– 2200 Engagement Planning– 2300 Performing the Engagement– 2400 Communicating Results– 2500 Monitoring Progress– 2600 Management’s Acceptance of Risk
McGraw-Hill/Irwin
©2005 by the McGraw-Hill Companies, Inc. All rights reserved.
D-6Principles of the
IIA Code of Ethics
Integrity- establishes trust that is the basis for reliance on their judgment.
Objectivity- highest level of professional objectivity in – gathering, evaluating, and communicating information– balanced assessment of all the relevant circumstances – not unduly influenced by self interests or by others
Confidentiality-respect the value and ownership of information
Competency-apply the knowledge, skills and experience needed in performance of internal auditing services.
D-7
Audit Applications
Financial Audits
Examine and evaluate
• Areas of management concern
• Financial information used by internal decision makers
• Financial information being sent to outside agencies (e.g. regulatory agencies)
D-8
Audit Applications
Operational Audits
Term is sometimes used synonymously with
internal audit.
Examine and evaluate• Current risks that need to be managed• Possible future risks• systems of internal control• quality of performance
McGraw-Hill/Irwin
©2005 by the McGraw-Hill Companies, Inc. All rights reserved.
D-9
Compliance Audits
The degree the organization conforms to certain specific requirements
• Policy and procedures• Professional standards• Laws, regulations. Or contracts
The audit focuses on the detailed testing of conditions.
McGraw-Hill/Irwin
©2005 by the McGraw-Hill Companies, Inc. All rights reserved.
D-10
Corporate Governance
The board of directors and senior management must have reliable and relevant information
• Management policies are in effect• Strategy decisions• Progress toward current goals• Operating performance• Risk assessment• Effectiveness of proactively managing risk
McGraw-Hill/Irwin
©2005 by the McGraw-Hill Companies, Inc. All rights reserved.
D-11
Audit Approach
• Fieldwork in internal (and governmental) audits– Problem identification
– Measurement criteria
– Evidence collection
– Evidence evaluation
• Risk-based auditing (RBA)• Emphasis on management and mitigation of
business risk
McGraw-Hill/Irwin
©2005 by the McGraw-Hill Companies, Inc. All rights reserved.
D-12
Audit Findings
• Include both favorable or unfavorable findings
• Unfavorable findings should include– Condition – what was found– Criteria – basis for determining that the condition was
improper– Cause – why did this happen?– Effect – why is this bad?– Recommendation – what do you think should be done
about this?
McGraw-Hill/Irwin
©2005 by the McGraw-Hill Companies, Inc. All rights reserved.
D-13
GAAS Audit of a Governmental Entity
• In accordance with GAAS and generally accepted Government Auditing Standards (GAGAS)
• Reporting responsibility is the same as a GAAS audit.• No reports other than the report on the financial
statements will be issued by the auditor.• Any deficiencies in internal control should be
communicated to the client.• Illegal Acts are communicated to entities providing
funding to the governmental entity being audited.
McGraw-Hill/Irwin
©2005 by the McGraw-Hill Companies, Inc. All rights reserved.
D-14
Governmental Reporting
• Usually three reports– Report on the financial statements
– Report on the auditee’s internal control
– Report on auditee’s compliance with applicable laws and regulations
• More reports required under Single Audit Act
McGraw-Hill/Irwin
©2005 by the McGraw-Hill Companies, Inc. All rights reserved.
D-15
Government Auditing Standards (The Yellow Book)
Auditor's reporting responsibility in an audit conducted under Government Auditing Standards is expanded.• As in a GAAS audit, a report on the fairness of the entity's
financial statements is issued.• A report on the entity's compliance with laws and
regulations• Illegal acts/ fraud
– Should be reported to the client unless they are clearly inconsequential.
– May need to be reported directly to external parties.
McGraw-Hill/Irwin
©2005 by the McGraw-Hill Companies, Inc. All rights reserved.
D-16
Government Auditing Standards (The Yellow Book)
In addition to the audit of the entity's financial statements,
an examination of a governmental entity introduces the
following considerations for the auditor's consideration:– Compliance with Laws and Regulation
– Effectiveness of the Entity’s Internal Control
– Compliance with the Specific Requirements of Individual Federal Financial Assistance Programs
– Compliance with Requirements Applicable to All Federal Financial Assistance Programs
McGraw-Hill/Irwin
©2005 by the McGraw-Hill Companies, Inc. All rights reserved.
D-17
Single Audit Act Audit
• Required for entities who receive specified levels of financial assistance from the federal government.
• Requires the auditor to issue the same reports as those issued in a Government Auditing Standards audit:– Opinion on financial statements
– Compliance with laws and regulations
– The auditor issues an opinion on Compliance with the Specific Requirements of nonmajor programs
– Auditor's report on Compliance with the General Requirements
McGraw-Hill/Irwin
©2005 by the McGraw-Hill Companies, Inc. All rights reserved.
D-18
Fraud Audits
Who performs a fraud audit• Internal audit• Independent auditors• Security• Certified Fraud Examiners• Combination
McGraw-Hill/Irwin
©2005 by the McGraw-Hill Companies, Inc. All rights reserved.
D-19
Fraud Audits
• Fraud is always material– It grows
– Indicates control weaknesses
– Indicates a lack of integrity
• The objective is to uncover fraud– Its presence
– Its scope
– The perpetrators
– The control weakness
McGraw-Hill/Irwin
©2005 by the McGraw-Hill Companies, Inc. All rights reserved.
D-20
Differences Audits and Fraud Audits
Audits• Audit program• Procedural approach• Look for misstatements• Assess controls related
to FS• Material misstatements• Accounting Theory• Evidence documented
in workpapers
Fraud Audits• No set program• Procedures defined during
investigation• Look for patterns• Evaluate how controls can
be circumvented• Fraud are always material• Theories of psychology
and human behavior• Safeguarding and chain of
custody for evidence
