mu1 module 6 powerpoint

7/27/2019 MU1 Module 6 Powerpoint

1/29

1

Course Name: Internal Auditing and Controls

Module: 6

Module Title: Internal Audit Communications

and Reporting

Lectures and handouts by:

Chuck Campbell

Copyright The Certified General Accountants Association of British Columbia. All rights reserved.

1

Internal audit communications and reporting

Module 6

This module begins by demonstrating the necessity and

importance of interviewing skills in internal auditing. Themodule goes on to consider audit reporting and follow-up.

The purpose of internal auditing is to improve theorganizations effectiveness and efficiency and its risk

management, control and governance processes.Communicating audit results to management is thebridge between the audit and managements

implementation of recommendations for improvement.

2

Internal Auditing & ControlsModule 6

Part 1 Topic 6.1 Interviewing skills

Part 2 Topic 6.2 Purpose and objectives of internal audit reporting

Topic 6.3 Standards for internal audit reports

Part 3 Topic 6.4 Contents of the internal audit report

Topic 6.5 Presentation of the internal audit report

Part 4 Topic 6.6 Monitoring recommendations

Topic 6.7 Internal audit reporting case study

Part 5 Module summary Learning objectives

Recent examination questions

Assignment hints Assignment 3

3


2/292

Internal Auditing & Controls

Module 6

Part 1

Topic 6.1 Interviewing skills

4

Interviewing in internal auditing

In most internal audits, interviews with operating

personnel and others play an important role as a

major source of audit evidence. In many audits,

the audit interview will be the prime source of

facts, opinions and ideas.

5

Interviewing in internal auditing

In most internal audits, interviews with operatingpersonnel and others play an important role as aprime source of audit evidence. In many audits,the audit interview will be the prime source offacts, opinions and ideas.

While evidence obtained through audit interviewswill usually require substantiation from othersources, interviews remain a valuable source ofaudit evidence and often determine the directionthat the audit will take.

6


3/293

Timing of audit interviewing

Interviewing can be carried out at any time during the

audit, but is primarily performed at four stages:

1. at the planning stage, to gather backgroundinformation to assist in planning the nature, extent

and timing of the testing to be performed;

7

Timing of audit interviewing (contd)

Interviewing can be carried out at any time during the audit,

but is primarily performed at four stages:

1. at the planning stage, to gather backgroundinformation to assist in planning the nature, extent and

timing of the testing to be performed;

2. during the main part of the evidence-gathering stage,to provide evidence as to the actual conditions in

existence;

8


Interviewing can be carried out at any time during the audit,but is primarily performed at four stages:

1. at the planning stage, to gather backgroundinformation to assist in planning the nature, extent andtiming of the testing to be performed;

2. during the main part of the evidence-gathering stage,to provide evidence as to the actual conditions inexistence;

3. at the end of the evidence-gathering phase, to confirmthe auditors understanding of the situation and obtainclarification of issues; and

9


4/294


Interviewing can be carried out at any time during the audit,but is primarily performed at four stages:

1. at the planning stage, to gather background information to

assist in planning the nature, extent and timing of the testingto be performed;

2. during the main part of the evidence-gathering stage, toprovide evidence as to the actual conditions in existence;

3. at the end of the evidence-gathering phase, to confirm theauditors understanding of the situation and obtainclarification of issues; and

4. at the end of the audit (during the exit conference) todiscuss issues, recommendations, and the audit report withthe manager of the unit that was audited.

10

The seven step approach to internal

audit interviews

1. Plan and prepare for the interview.

11


audit interviews (contd)

1. Plan and prepare for the interview.2. Schedule the interview.

12


5/295




2. Schedule the interview.

3. Open or begin the interview, setting the

stage for a free flow of information.

13







4. Conduct the interview; gather facts.

14



1. Plan and prepare for the interview.2. Schedule the interview.




5. Close the interview by bringing it to an

effective and positive conclusion.

15


6/296





3. Open or begin the interview, setting thestage for a free flow of information.


5. Close the interview by bringing it to aneffective and positive conclusion.

6. Document the interview as audit evidence.

16





3. Open or begin the interview, setting the stage for afree flow of information.


5. Close the interview by bringing it to an effectiveand positive conclusion.

6. Document the interview as audit evidence.

7. Evaluate the evidence from the interview bycollaboration from other sources.

17

Important considerations in the

interview process

1. Plan thoroughly for interviews.

2. Ask open-ended questions.

3. Listen effectively to ensure that you understandthe information.

4. End by telling the interviewee that theircooperation is appreciated and that theinformation provided is very useful.

18


7/297

Managing Conflict

1. Understand the conflict

2. Negotiate a solution

managing people issues

identifying interests

developing alternative options

establishing objective criteria

19


Module 6

Part 2

Topic 6.2 Purpose and objectives of internal audit

reporting

Topic 6.3 Standards for internal audit reports

20

Importance of the audit report

The purpose of internal auditing is to effectconstructive change in the organization.This can only be achieved if the report andrecommendations are sufficientlypersuasive that the management of the unitaudited will be motivated to address theconcerns raised by the auditor andimplement the recommendations containedin the report.

21


8/298

Objectives of the internal audit

report

The audit report should accomplish five

objectives:1. document the results of the audit work;

22


report


objectives:

1. document the results of the audit work;

2. provide a framework for management action;

23


report


objectives:



3. present the views of the management of the

unit that was audited;

24


9/299


report


objectives:1. document the results of the audit work;


3. present the views of the management of the

unit that was audited;

4. provide a basis for follow-up work by the

internal auditor.

25


report

The audit report should accomplish five objectives:



3. present the views of the management of the unit

that was audited;

4. provide a basis for follow-up work by the internal

auditor;

5. express an opinion on the adequacy of

governance, risk management and control within

the organization.

26


report

Increasingly, internal auditors are being asked to

express an opinion on the overall governance,

risk management, and control within their

organizations.

This is also achieved through the internal audit

report.

27


10/2910

IIA guidelines for audit reports

1. A signed, written report should be issued when theaudit examination is complete.

28

IIA guidelines for audit reports (contd)

1. A signed, written report should be issued when the

audit examination is complete.

2. The internal auditor should discuss conclusions andrecommendations with appropriate levels of

management before issuing the final report.

29


1. A signed, written report should be issued when the

audit examination is complete.

2. The internal auditor should discuss conclusions andrecommendations with appropriate levels of

management before issuing the final report.

3. Reports should be accurate, objective, clear, concise,constructive, complete, and timely.

30


11/2911


1. A signed, written report should be issued when theaudit examination is complete.

2. The internal auditor should discuss conclusions andrecommendations with appropriate levels ofmanagement before issuing the final report.

3. Reports should be accurate, objective, clear, concise,constructive, complete and timely.

4. Reports should present the purpose, scope, and resultsof the audit and, where appropriate, an expression ofthe auditors opinion.

31


5. Reports may include recommendations for potentialimprovements and acknowledge satisfactoryperformance and corrective action.

32



6. The auditees views about audit conclusions andrecommendations may be included in the report todemonstrate fairness and respect for the auditee.

33


12/2912




7. The chief audit executive or a nominee should reviewand approve the final report before it is issued anddecide to whom it will be distributed.

34




7. The chief audit executive or a nominee should reviewand approve the final report before it is issued anddecide to whom it will be distributed.

8. Auditors may issue an opinion on risks and controls forthe overall organization.

35


The IIA recently issued a Practice Guide on Formulatingand Expressing Internal Audit Opinions (OnlineReading 6.3-1). It was written in the context ofincreasing requirements that internal auditors provideopinions as to the state of governance, riskmanagement, and control within their organizations.

This reading contains useful information concerning the useof grades or rankings when expressing an opinion.

36


13/2913

Internal Auditing & ControlsModule 6

Part 3

Topic 6.4 Contents of the internal audit report

Topic 6.5 Presentation of the internal audit report

37

Contents of the internal audit report

The audit report usually contains the following information:

1. background information;

38

Contents of the internal audit report(contd)



2. the purpose and scope of the engagement (includingthe audit objectives);

39


14/2914

Contents of the internal audit report(contd)


1. background information;2. the purpose and scope of the engagement (including

the audit objectives);

3. the results of the audit, including

a) observations

b) conclusions (opinions)

c) recommendations

d) action plans (agreed with management).

40

Contents of the internal audit report(contd)The audit report usually contains the following information:


2. the purpose and scope of the engagement (includingthe audit objectives);

3. the results of the audit, includinga) observations

b) conclusions (opinions)c) recommendations

d) action plans (agreed with management).

The report may also contain the engagement clients(auditees) views about the conclusions and/orrecommendations.

41

Elements of an audit finding

There are five elements to an audit finding:

1. Nature of the observation (also referred to as thecondition or finding). This states the actual situation as

observed by the auditor.

42


15/2915

Elements of an audit finding (contd)


1. Nature of the observation (also referred to as the

condition or finding). This states the actual situation asobserved by the auditor.

2. Criteria used to assess performance. This provides the

standard against which the observation is compared.

43



1. Nature of the observation (also referred to as the

condition or finding). This states the actual situation asobserved by the auditor.

2. Criteria used to assess performance. This provides the

standard against which the observation is compared.

3. Cause of the variance between the observation and thecriteria. This provides the reason why performance is

not in line with the standard.

44



1. Nature of the observation (also referred to as thecondition or finding). This states the actual situation asobserved by the auditor.

2. Criteria used to assess performance. This provides thestandard against which the observation is compared.

3. Cause of the variance between the observation andthe criteria. This provides the reason why performanceis not in line with the standard.

4. Effect of the variance. This sets out the continued riskto the organizations achievement of its objectives if theweakness is not addressed.

45


16/2916



1. Nature of the observation (condition or finding). Thisstates the actual situation as observed by the auditor.

2. Criteria used to assess performance. This provides thestandard against which the observation is compared.

3. Cause of the variance between the observation and thecriteria. This provides the reason why performance is notin line with the standard.

4. Effect of the variance. This sets out the continued risk tothe organizations achievement of its objectives if theweakness is not addressed.

5. Recommendations provided by the auditor as to how toaddress the cause and mitigate the risk in the future.

46

Factors considered in developing

audit findings

1. the significance of the weakness;

47


audit findings


2. the controllability of the situation;

48


17/2917


audit findings



3. the alternative courses of action that are

available;

49


audit findings




available;

4. the secondary effects of any corrective

action;

50


audit findings




available;

4. the secondary effects of any corrective

action;

5. the feasibility and cost-effectiveness of

potential corrective action.

51


18/2918

Review of the report with

management before release

The main reason why the report should be reviewed

with management before its release is to ensure thatit contains no errors or misrepresentations. Errors

of fact in audit reports do a great deal of damage to

the credibility of the auditor and the audit

department.

52



Reviewing the report also provides an opportunity to

determine if there are any differences of opinion with

management concerning the significance of any of

the findings so that an effort can be made to come

to a mutual agreement before the report is issued.

53



It also creates goodwill because the auditee

manager will be aware of the audit findings and be

able to prepare a response before higher

management has received the report.

54


19/2919

Characteristics of a good audit report

The characteristics of a good audit report include:

1. accuracy

55



1. accuracy

2. relevance

56



1. accuracy

2. relevance

3. clarity

57


20/2920



1. accuracy

2. relevance

3. clarity

4. conciseness

58



1. accuracy

2. relevance

3. clarity

4. conciseness

5. timeliness

59



1. accuracy

2. relevance

3. clarity

4. conciseness

5. timeliness

6. neutrality of tone

60


21/2921



1. accuracy

2. relevance

3. clarity

4. conciseness

5. timeliness


7. objectivity

61



1. accuracy

2. relevance

3. clarity

4. conciseness

5. timeliness


7. objectivity

8. constructiveness

62



1. accuracy

2. relevance

3. clarity

4. conciseness

5. timeliness


7. objectivity

8. constructiveness

9. persuasiveness

63


22/2922



1. accuracy

2. relevance

3. clarity4. conciseness

5. timeliness


7. objectivity

8. constructiveness

9. persuasiveness

10. good English.

64


Module 6

Part 4

Topic 6.6 Monitoring recommendations

Topic 6.7 Internal audit reporting case study

65

Importance of monitoring or follow-up

of audit recommendations

The purpose of the audit is to identify risks andweaknesses in order to make management awareof the need to take action to mitigate the risks andcorrect the weaknesses. If the internal auditordoes not monitor managements actions, seniormanagement and the board will not know whethermanagement has carefully considered the auditobservations and recommendations and, whereappropriate, taken corrective action to reduce thelevel of residual risk to which the organization isexposed.

66


23/2923

Follow-up process

The chief audit executive should establish a

follow-up process to monitor and ensure that:

management actions have been effectively

implemented or

senior management has accepted the risk of not

taking action

67

Timing of follow-up

The timing of internal audits follow-up

depends upon:

the significance of the observation or

recommendation

the effort and cost needed to implement the

recommendation

the impacts that might result should the corrective

action fail the complexity of the corrective action

68

Steps in the follow-up process

1. The auditor should review to determine if observations

and recommendations are still relevant.

69


24/2924

Steps in the follow-up process(contd)

1. The auditor should review to determine if observations

and recommendations are still relevant.

2. The auditor should inquire of management what actionhas been taken in response to the audit findings.

70


1. The auditor should review to determine if observationsand recommendations are still relevant.


3. The auditor should decide whether follow-up isrequired and the appropriate timing (i.e., a specialassignment or part of the next scheduled audit of theactivity).

71

Timing of follow-up

Follow-up may be scheduled: to be continuous from the date of the

recommendation (for very high risk matters)

a separate engagement to monitor the

implementation of recommendations, allowing

appropriate time for the recommendations to be

implemented and the benefits realized

as part of the next regularly scheduled audit of the

unit or activity

72


25/2925





4. If a follow-up audit is appropriate, the auditor shouldverify the extent of corrective action and the progressmade in mitigating the risk or exposure.

73





4. If a follow-up audit is appropriate, the auditor shouldverify the extent of corrective action and the progressmade in mitigating the risk or exposure.

5. The results of the follow-up review should be reportedto management.

74

Connon Chemicals Inc. case study

Internal audit reporting

1. You are given a number of audit observations

and asked to prepare draft f indings for the

audit report. Some of the items listed would

not be reported because they are not

weaknesses or because they are either not

controllable or the risk is not significant.

2. You should attempt to draft the findings for this

case study as drafting such findings is

frequently required on the course examination.

75


26/2926


Module 6

Part 5

Lesson summary -- Learning objectives

Review of recent past examination questions


76

Module 6 Learning Objectives

1. Explain the importance of effective

interviewing skills in internal auditing, and

describe the recommended approach to

managing conflict during an audit. (Level 2)

77


2. Identify the purpose and the objectives of

internal audit reporting. (Level 1)

78


27/29


28/2928


6. Explain why it is important for internal auditors

to monitor the implementation of theirrecommendations, and determine the steps in

a monitoring program. (Level 1)

82


7. Report audit findings from the information

provided in a case study. (Level 2)

83


Module 6 is an important module asbetween 10% and 18% of the examination

marks come from material in this module.

Typical examination questions:

Multiple choice questions

84


29/29



Essay question 1

85



Essay question 2

86


Question 3: Ensure that your answer fully addresseseach of the matters included in the requirements for thequestion. Be sure to relate your answer to the specific

situation in SERI. Some creativity will be required indrafting up a fraud policy statement for the company.

Question 4: Be sure to address each concern raised bythe CEO. Positive actions to address the concerns are

required.

87

mu1 module 6 powerpoint

Documents