Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
3.
Audit planning is necessary in order to ensure that the audit resources used produce the greatest benefit for the organization. Long-term audit planning involves identifying those the areas with the greatest potential risk to the organization in order to assess if managements efforts to keep the risks within acceptable levels are adequate and effective. Annual audit plans and engagement plans for specific audits carry through with maximizing the benefit to the organization of its internal audit activities.
9
apply
throughout
the
in the planning phase, you must incorporate the organizations ethical policies and ethical responsibilities; in the examination phase, you must use ethical ways of obtaining audit evidence; in the reporting phase, you must report with fairness and objectivity; in the monitoring phase, you must use ethical monitoring methods.
10
11
12
Gaining knowledge of the organization. Preparing the long-term audit plan. Preparing the annual audit plan.
13
Gaining knowledge of the organization. Preparing the long-term audit plan. Preparing the annual audit plan. Preparing plans for specific internal audit engagements, including developing audit programs.
14
15
Define the audit universe. Perform an overall risk assessment. Determine the frequency of audits. Prepare the long-term audit plan (and have it approved).
16
policies, procedures and practices cost centres, profit centres and investment centres general ledger account balances information systems major contracts
17
major programs organizational units such as product or service lines functions such as purchasing, marketing, treasury transaction systems such as sales or payroll compliance with laws and regulations geographical locations such as plants or sales offices
18
controllability (which measures the ability of those in the organization to control specific risks)
19
controllability (which measures the ability of those in the organization to control specific risks) likelihood that a weakness will occur (a combination of inherent risk and control risk)
2.
20
controllability (which measures the ability of those in the organization to control specific risks) likelihood that a weakness will occur (a combination of inherent risk and control risk) impact of that weakness, if it does occur
2.
3.
21
controllability (which measures the ability of those in the organization to control specific risks) likelihood that a weakness will occur (a combination of inherent risk and control risk) impact of that weakness, if it does occur
22
Assurance mapping can be performed to identify significant risks with inadequate coverage and areas of duplicated assurance coverage. The internal audit activity needs to consider areas of inadequate coverage when developing their audit plan.
23
Identification of the significant risk category who is responsible for managing the risk risk assessments (likelihood and impact) extent of external audit coverage of the risk extent of internal audit coverage of the risk extent of coverage by other assurance providers, both internal and external to the organization.
24
Current (or residual) risk is the product of likelihood and impact after taking into account the effectiveness of risk management activities (including internal controls). Risk ranking for purposes of audit planning uses a risk factor which is the product of likelihood, impact and controllability.
25
The complexity of the activity or function The nature of the function, activity or operations The frequency of changes in personnel procedures Staff and managements grasp of operations Environmental pressures Competency of personnel Expressed concerns of management
or
26
Previous audit results Managements response to prior audit recommendations Management and corporate values and attitudes Competitive market conditions Impact of government regulations Political risk (particularly of foreign operations)
27
28
29
30
10
reputation
31
The financial impact The impact on continuity of operations The impact on competitiveness The impact on customer service and reputation Legal consequences
32
11
Input can be obtained from managers throughout the organization. The final risk rankings must reflect the thinking of the internal audit group. Auditable entities are ranked from highest to lowest based on the three relevant factors (likelihood, impact and controllability). A risk-based audit plan is developed based on the risk rankings.
34
Review the case study (Topic 4.5 in your module notes). Outline the advantages of preparing a riskbased long-term audit plan. Outline the process used in preparing a riskbased long-term audit plan.
35
36
12
The short-term or annual audit plan is based on the long-term strategic internal audit plan.
37
The annual audit plan is based on the long-term strategic internal audit plan. The long-term plan should be up-dated to reflect the work done in the previous year.
2.
38
The annual audit plan is based on the long-term strategic internal audit plan. The long-term plan should be up-dated to reflect the work done in the previous year. Risk assessments should be reviewed annually to identify significant changes to the organization (and the risks that it faces) and/or its risk management, control and governance processes.
2.
3.
39
13
The annual audit plan is based on the long-term strategic internal audit plan. The long-term plan should be up-dated to reflect the work done in the previous year. Risk assessments should be reviewed annually to identify significant changes to the organization (and the risks that it faces) and/or its risk management, control and governance processes. Specific requests and concerns of management and the audit committee should be taken into account.
40
2.
3.
4.
The annual audit plan is based on the long-term strategic internal audit plan. The long-term plan should be up-dated to reflect the work done in the previous year. Risk assessments should be reviewed annually to identify significant changes to the organization (and the risks that it faces) and/or its risk management, control and governance processes. Specific requests and concerns of management and the audit committee should be taken into account. Scheduling must take into account the specific skill set required for each audit engagement.
41
2.
3.
4.
5.
The annual audit plan is based on the long-term strategic internal audit plan. The long-term plan should be up-dated to reflect the work done in the previous year. Risk assessments should be reviewed annually to identify significant changes to the organization (and the risks that it faces) and/or its risk management, control and governance processes. Specific requests and concerns of management and the audit committee should be taken into account. Scheduling must take into account the specific skill set required for each audit engagement. Allowance must be made for new issues that may arise during the year.
42
4. 5. 6.
14
43
2.
3. 4.
Obtain specific knowledge (background information) about the unit to be audited. Establish the audit objectives and scope for the engagement. Determine the audit methodology to be used. Set audit criteria.
44
5. 6. 7.
Prepare staffing plans and time budgets. Communicate with those to be audited. Draft the audit program for the engagement.
45
15
Organization charts Mission statements Policy and procedure documents Systems descriptions Earlier internal audit reports External auditors management letters
46
Consultants reports Management reports Minutes of boards and committees Corporate and operational plans Budgets and forecasts Discussions with management and other personnel
47
The audit objectives must address the risks, controls and governance processes associated with the activity under review and should be based on a preliminary assessment of risk.
48
16
The audit objectives must address the risks, controls and governance processes associated with the activity under review and should be based on a preliminary assessment of risk. The audit scope defines the function or organizational unit to be reviewed and the activities and time period to be covered by the audit. The scope must be wide enough to permit accomplishment of the audit objectives for the engagement.
49
The auditor will sometimes have a choice of approaches to the audit to be performed. Specific methodologies such as information systems audits, control self - assessment exercises, compliance audits, etc. may be appropriate for a specific audit. The methodology and approach must be designed taking into account the audit objectives and scope and the risk assessment which has preceded the audit. The methodology used will be designed to gather sufficient, appropriate evidence to allow the internal auditor to draw the necessary conclusions concerning the risk management, control and/or governance processes for the unit and activities being audited.
50
51
17
laws and regulations governing the organization policies, procedures and directives standards recommended by professional associations authoritative literature benchmarking studies
52
earlier internal audits interviews with management of the organization advice and counsel from subject matter experts common sense and experience
53
Preparation of staffing plans and time budgets. (These are based on the objectives, scope and methodology of the engagement, considered in the light of actual time taken in previous audits, the experience of the staff to be assigned to the engagement, etc.)
54
18
Preparation of staffing plans and time budgets. (These are based on the objectives, scope and methodology of the engagement, considered in the light of actual time taken in previous audits, the experience of the staff to be assigned to the engagement, etc.) Communication with those to be audited. (Matters discussed should include timing, objectives and scope, criteria, assistance needed from the units personnel and the process for on-going communication during the audit.)
2.
55
Preparation of staffing plans and time budgets. (These are based on the objectives, scope and methodology of the engagement, considered in the light of actual time taken in previous audits, the experience of the staff to be assigned to the engagement, etc.) Communication with those to be audited. (Matters discussed should include timing, objectives and scope, criteria, assistance needed from the units personnel and the process for on-going communication during the audit.) Preparing the audit program. (This will be considered in
detail in Module 5 of the course.)
2.
3.
56
Review the case study (Topic 4.8 in your module notes). Attempt to identify and assess the risks faced by Connon Chemicals when using outside toll manufacturers. Establish the objectives and scope of an audit of the companys toll manufacturing activities.
57
19
58
auditing process and explain their purposes; explain how to incorporate ethics into the process. (Level 1)
59
60
20
audit plan, including how an audit universe is defined and factors that may affect overall risk assessment. (Level 2)
61
62
63
21
64
(including determining the scope, objectives, and audit criteria), and list seven design areas that must be considered. (Level 1)
65
66
22
67
68
23