MU1 Module 6 Powerpoint

Course Name: Internal Auditing and Controls Module: 6 Module Title: Internal Audit Communications and Reporting
Lectures and handouts by: Chuck Campbell

Copyright The Certified General Accountants Association of British Columbia. All rights reserved.
1
Internal audit communications and reporting Module 6

This module begins by demonstrating the necessity and importance of interviewing skills in internal auditing. The module goes on to consider audit reporting and follow-up. The purpose of internal auditing is to improve the organizations effectiveness and efficiency and its risk management, control and governance processes. Communicating audit results to management is the bridge between the audit and managements implementation of recommendations for improvement.
Internal Auditing & Controls

Module 6 Part 1 Topic 6.1 Interviewing skills Part 2 Topic 6.2 Purpose and objectives of internal audit reporting Topic 6.3 Standards for internal audit reports Part 3 Topic 6.4 Contents of the internal audit report Topic 6.5 Presentation of the internal audit report Part 4 Topic 6.6 Monitoring recommendations Topic 6.7 Internal audit reporting case study Part 5 Module summary Learning objectives Recent examination questions Assignment hints Assignment 3
Internal Auditing & Controls Module 6

Part 1
Topic 6.1 Interviewing skills
Interviewing in internal auditing
In most internal audits, interviews with operating personnel and others play an important role as a major source of audit evidence. In many audits, the audit interview will be the prime source of facts, opinions and ideas.
Interviewing in internal auditing
In most internal audits, interviews with operating personnel and others play an important role as a prime source of audit evidence. In many audits, the audit interview will be the prime source of facts, opinions and ideas. While evidence obtained through audit interviews will usually require substantiation from other sources, interviews remain a valuable source of audit evidence and often determine the direction that the audit will take.
Timing of audit interviewing

Interviewing can be carried out at any time during the audit, but is primarily performed at four stages:
1.
at the planning stage, to gather background information to assist in planning the nature, extent and timing of the testing to be performed;
(contd)
1.
2.
at the planning stage, to gather background information to assist in planning the nature, extent and timing of the testing to be performed; during the main part of the evidence-gathering stage, to provide evidence as to the actual conditions in existence;
(contd)
1.
2.
3.
at the planning stage, to gather background information to assist in planning the nature, extent and timing of the testing to be performed; during the main part of the evidence-gathering stage, to provide evidence as to the actual conditions in existence; at the end of the evidence-gathering phase, to confirm the auditors understanding of the situation and obtain clarification of issues; and

1.
(contd)
at the planning stage, to gather background information to assist in planning the nature, extent and timing of the testing to be performed; during the main part of the evidence-gathering stage, to provide evidence as to the actual conditions in existence; at the end of the evidence-gathering phase, to confirm the auditors understanding of the situation and obtain clarification of issues; and at the end of the audit (during the exit conference) to discuss issues, recommendations, and the audit report with the manager of the unit that was audited.
2. 3.
4.
10
The seven step approach to internal audit interviews

1. Plan and prepare for the interview.
11
The seven step approach to internal audit interviews (contd)

1. Plan and prepare for the interview. 2. Schedule the interview.
12

1. Plan and prepare for the interview. 2. Schedule the interview. 3. Open or begin the interview, setting the
stage for a free flow of information.
13


4. Conduct the interview; gather facts.
14


4. Conduct the interview; gather facts. 5. Close the interview by bringing it to an
effective and positive conclusion.
15


4. Conduct the interview; gather facts. 5. Close the interview by bringing it to an
effective and positive conclusion.

6. Document the interview as audit evidence.
16

1. 2. 3. 4. 5. 6. 7.
Plan and prepare for the interview. Schedule the interview. Open or begin the interview, setting the stage for a free flow of information. Conduct the interview; gather facts. Close the interview by bringing it to an effective and positive conclusion. Document the interview as audit evidence. Evaluate the evidence from the interview by collaboration from other sources.
17
Important considerations in the interview process

1. Plan thoroughly for interviews. 2. Ask open-ended questions. 3. Listen effectively to ensure that you understand
the information.
4. End by telling the interviewee that their
cooperation is appreciated and that the information provided is very useful.
18
Managing Conflict
1. 2.

Understand the conflict Negotiate a solution

managing people issues identifying interests developing alternative options establishing objective criteria
19

Part 2
Topic 6.2 Purpose and objectives of internal audit reporting Standards for internal audit reports
Topic 6.3
20
Importance of the audit report

The purpose of internal auditing is to effect constructive change in the organization. This can only be achieved if the report and recommendations are sufficiently persuasive that the management of the unit audited will be motivated to address the concerns raised by the auditor and implement the recommendations contained in the report.
21
Objectives of the internal audit report

The audit report should accomplish five objectives:
1.
document the results of the audit work;
22

1. 2.
document the results of the audit work; provide a framework for management action;
23

document the results of the audit work; provide a framework for management action; 3. present the views of the management of the unit that was audited;
1. 2.
24

document the results of the audit work; provide a framework for management action; 3. present the views of the management of the unit that was audited; 4. provide a basis for follow-up work by the internal auditor.
1. 2.
25

1. 2. 3. 4. 5.
document the results of the audit work; provide a framework for management action; present the views of the management of the unit that was audited; provide a basis for follow-up work by the internal auditor; express an opinion on the adequacy of governance, risk management and control within the organization.
26

Increasingly, internal auditors are being asked to express an opinion on the overall governance, risk management, and control within their organizations. This is also achieved through the internal audit report.
27
IIA guidelines for audit reports

1.
A signed, written report should be issued when the audit examination is complete.
28

1. 2.
(contd)
A signed, written report should be issued when the audit examination is complete. The internal auditor should discuss conclusions and recommendations with appropriate levels of management before issuing the final report.
29

1. 2.
(contd)
3.
A signed, written report should be issued when the audit examination is complete. The internal auditor should discuss conclusions and recommendations with appropriate levels of management before issuing the final report. Reports should be accurate, objective, clear, concise, constructive, complete, and timely.
30
10

1. 2.
(contd)
3. 4.
A signed, written report should be issued when the audit examination is complete. The internal auditor should discuss conclusions and recommendations with appropriate levels of management before issuing the final report. Reports should be accurate, objective, clear, concise, constructive, complete and timely. Reports should present the purpose, scope, and results of the audit and, where appropriate, an expression of the auditors opinion.
31

5.
(contd)
Reports may include recommendations for potential improvements and acknowledge satisfactory performance and corrective action.
32

5.
(contd)
6.
Reports may include recommendations for potential improvements and acknowledge satisfactory performance and corrective action. The auditees views about audit conclusions and recommendations may be included in the report to demonstrate fairness and respect for the auditee.
33
11

5.
(contd)
6.
7.
Reports may include recommendations for potential improvements and acknowledge satisfactory performance and corrective action. The auditees views about audit conclusions and recommendations may be included in the report to demonstrate fairness and respect for the auditee. The chief audit executive or a nominee should review and approve the final report before it is issued and decide to whom it will be distributed.
34

5.
(contd)
6.
7.
8.
Reports may include recommendations for potential improvements and acknowledge satisfactory performance and corrective action. The auditees views about audit conclusions and recommendations may be included in the report to demonstrate fairness and respect for the auditee. The chief audit executive or a nominee should review and approve the final report before it is issued and decide to whom it will be distributed. Auditors may issue an opinion on risks and controls for the overall organization.
35
(contd)
The IIA recently issued a Practice Guide on Formulating and Expressing Internal Audit Opinions (Online Reading 6.3-1). It was written in the context of increasing requirements that internal auditors provide opinions as to the state of governance, risk management, and control within their organizations. This reading contains useful information concerning the use of grades or rankings when expressing an opinion.
36
12

Part 3
Topic 6.4 Topic 6.5 Contents of the internal audit report Presentation of the internal audit report
37
Contents of the internal audit report
The audit report usually contains the following information:

1.
background information;
38

(contd)
1. 2.
background information; the purpose and scope of the engagement (including the audit objectives);
39
13

(contd)
1. 2. 3.
background information; the purpose and scope of the engagement (including the audit objectives); the results of the audit, including a) observations b) conclusions (opinions) c) recommendations d) action plans (agreed with management).
40

(contd)
The audit report usually contains the following information: background information; the purpose and scope of the engagement (including the audit objectives); 3. the results of the audit, including a) observations b) conclusions (opinions) c) recommendations d) action plans (agreed with management). The report may also contain the engagement clients (auditees) views about the conclusions and/or recommendations.
1. 2.
41
Elements of an audit finding

There are five elements to an audit finding:
1.
Nature of the observation (also referred to as the condition or finding). This states the actual situation as observed by the auditor.
42
14

1.
(contd)
2.
Nature of the observation (also referred to as the condition or finding). This states the actual situation as observed by the auditor. Criteria used to assess performance. This provides the standard against which the observation is compared.
43

1.
(contd)
2. 3.
Nature of the observation (also referred to as the condition or finding). This states the actual situation as observed by the auditor. Criteria used to assess performance. This provides the standard against which the observation is compared. Cause of the variance between the observation and the criteria. This provides the reason why performance is not in line with the standard.
44

1.
(contd)
2. 3.
4.
Nature of the observation (also referred to as the condition or finding). This states the actual situation as observed by the auditor. Criteria used to assess performance. This provides the standard against which the observation is compared. Cause of the variance between the observation and the criteria. This provides the reason why performance is not in line with the standard. Effect of the variance. This sets out the continued risk to the organizations achievement of its objectives if the weakness is not addressed.
45
15

1. 2. 3.
(contd)
4.
5.
Nature of the observation (condition or finding). This states the actual situation as observed by the auditor. Criteria used to assess performance. This provides the standard against which the observation is compared. Cause of the variance between the observation and the criteria. This provides the reason why performance is not in line with the standard. Effect of the variance. This sets out the continued risk to the organizations achievement of its objectives if the weakness is not addressed. Recommendations provided by the auditor as to how to address the cause and mitigate the risk in the future.
46
Factors considered in developing audit findings

1. the significance of the weakness;
47

1. the significance of the weakness; 2. the controllability of the situation;
48
16

1. the significance of the weakness; 2. the controllability of the situation; 3. the alternative courses of action that are
available;
49

available;
4. the secondary effects of any corrective
action;
50

available;
4. the secondary effects of any corrective
action; 5. the feasibility and cost-effectiveness of potential corrective action.

51
17
Review of the report with management before release
The main reason why the report should be reviewed with management before its release is to ensure that it contains no errors or misrepresentations. Errors of fact in audit reports do a great deal of damage to the credibility of the auditor and the audit department.
52
Reviewing the report also provides an opportunity to determine if there are any differences of opinion with management concerning the significance of any of the findings so that an effort can be made to come to a mutual agreement before the report is issued.
53
It also creates goodwill because the auditee manager will be aware of the audit findings and be able to prepare a response before higher management has received the report.
54
18
Characteristics of a good audit report

The characteristics of a good audit report include:
1.
accuracy
55

1.
2.
accuracy relevance
56

1.
2. 3.
accuracy relevance clarity
57
19

1.
2. 3. 4.
accuracy relevance clarity conciseness
58

1.
2. 3. 4. 5.
accuracy relevance clarity conciseness timeliness
59

1.
2. 3. 4. 5. 6.
accuracy relevance clarity conciseness timeliness neutrality of tone
60
20

1.
2. 3. 4. 5. 6. 7.
accuracy relevance clarity conciseness timeliness neutrality of tone objectivity
61

1.
2. 3. 4. 5. 6. 7. 8.
accuracy relevance clarity conciseness timeliness neutrality of tone objectivity constructiveness
62

1.
2. 3. 4. 5. 6. 7. 8. 9.
accuracy relevance clarity conciseness timeliness neutrality of tone objectivity constructiveness persuasiveness
63
21

accuracy relevance 3. clarity 4. conciseness 5. timeliness 6. neutrality of tone 7. objectivity 8. constructiveness 9. persuasiveness 10. good English.
1.
2.
64

Part 4
Topic 6.6 Topic 6.7 Monitoring recommendations Internal audit reporting case study
65
Importance of monitoring or follow-up of audit recommendations

The purpose of the audit is to identify risks and weaknesses in order to make management aware of the need to take action to mitigate the risks and correct the weaknesses. If the internal auditor does not monitor managements actions, senior management and the board will not know whether management has carefully considered the audit observations and recommendations and, where appropriate, taken corrective action to reduce the level of residual risk to which the organization is exposed.
66
22
Follow-up process
The chief audit executive should establish a follow-up process to monitor and ensure that:
management actions have been effectively implemented or senior management has accepted the risk of not taking action
67
Timing of follow-up
The timing of internal audits follow-up depends upon:
the significance of the observation or recommendation the effort and cost needed to implement the recommendation the impacts that might result should the corrective action fail the complexity of the corrective action
68
Steps in the follow-up process

1.
The auditor should review to determine if observations and recommendations are still relevant.
69
23

1.
(contd)
The auditor should review to determine if observations and recommendations are still relevant. The auditor should inquire of management what action has been taken in response to the audit findings.
2.
70

1. 2. 3.
(contd)
The auditor should review to determine if observations and recommendations are still relevant. The auditor should inquire of management what action has been taken in response to the audit findings. The auditor should decide whether follow-up is required and the appropriate timing (i.e., a special assignment or part of the next scheduled audit of the activity).
71
Timing of follow-up
Follow-up may be scheduled:
to be continuous from the date of the recommendation (for very high risk matters) a separate engagement to monitor the implementation of recommendations, allowing appropriate time for the recommendations to be implemented and the benefits realized as part of the next regularly scheduled audit of the unit or activity
72
24

1. 2. 3.
(contd)
4.
The auditor should review to determine if observations and recommendations are still relevant. The auditor should inquire of management what action has been taken in response to the audit findings. The auditor should decide whether follow-up is required and the appropriate timing (i.e., a special assignment or part of the next scheduled audit of the activity). If a follow-up audit is appropriate, the auditor should verify the extent of corrective action and the progress made in mitigating the risk or exposure.
73

1. 2. 3.
(contd)
4.
5.
The auditor should review to determine if observations and recommendations are still relevant. The auditor should inquire of management what action has been taken in response to the audit findings. The auditor should decide whether follow-up is required and the appropriate timing (i.e., a special assignment or part of the next scheduled audit of the activity). If a follow-up audit is appropriate, the auditor should verify the extent of corrective action and the progress made in mitigating the risk or exposure. The results of the follow-up review should be reported to management.
74
Connon Chemicals Inc. case study Internal audit reporting

1. You are given a number of audit observations
and asked to prepare draft findings for the audit report. Some of the items listed would not be reported because they are not weaknesses or because they are either not controllable or the risk is not significant.
2. You should attempt to draft the findings for this
case study as drafting such findings is frequently required on the course examination.
75
25

Part 5
Lesson summary -- Learning objectives Review of recent past examination questions Assignment hints Assignment 3
76
Module 6 Learning Objectives

1. Explain the importance of effective
interviewing skills in internal auditing, and describe the recommended approach to managing conflict during an audit. (Level 2)
77

2. Identify the purpose and the objectives of
internal audit reporting. (Level 1)
78
26

3. State the IIA Standards and guidelines for
internal audit reports. (Level 1)
79

4. Develop the information that should be
included in an internal audit report, including the main factors the internal auditor considers in developing recommendations and explain why the report (including recommendations) should be reviewed with management before its release. (Level 1)
80

5. Draft an internal audit report. (Levels 1 and 2)
81
27

6. Explain why it is important for internal auditors
to monitor the implementation of their recommendations, and determine the steps in a monitoring program. (Level 1)
82

7. Report audit findings from the information
provided in a case study. (Level 2)
83
Recent examination questions

Module 6 is an important module as between 10% and 18% of the examination marks come from material in this module.
Typical examination questions:

Multiple choice questions
84
28

Essay question 1
85

Essay question 2
86
Assignment hints Assignment 3

Question 3: Ensure that your answer fully addresses
each of the matters included in the requirements for the question. Be sure to relate your answer to the specific situation in SERI. Some creativity will be required in drafting up a fraud policy statement for the company.
Question 4: Be sure to address each concern raised by

the CEO. Positive actions to address the concerns are required.
87
29

MU1 Module 6 Powerpoint

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

MU1 Module 6 Powerpoint

Transféré par

Droits d'auteur :

Formats disponibles

Course Name: Internal Auditing and Controls Module: 6 Module Title: Internal Audit Communications and Reporting

Lectures and handouts by: Chuck Campbell

Internal audit communications and reporting Module 6

Internal Auditing & Controls

Internal Auditing & Controls Module 6

Interviewing in internal auditing

Interviewing in internal auditing

Timing of audit interviewing

Timing of audit interviewing

Timing of audit interviewing

Timing of audit interviewing

The seven step approach to internal audit interviews

The seven step approach to internal audit interviews (contd)

The seven step approach to internal audit interviews (contd)

stage for a free flow of information.

The seven step approach to internal audit interviews (contd)

stage for a free flow of information.

The seven step approach to internal audit interviews (contd)

stage for a free flow of information.

effective and positive conclusion.

The seven step approach to internal audit interviews (contd)

stage for a free flow of information.

effective and positive conclusion.

The seven step approach to internal audit interviews (contd)

Important considerations in the interview process

cooperation is appreciated and that the information provided is very useful.

Understand the conflict Negotiate a solution

Internal Auditing & Controls Module 6

Importance of the audit report

Objectives of the internal audit report

document the results of the audit work;

Objectives of the internal audit report

Objectives of the internal audit report

Objectives of the internal audit report

Objectives of the internal audit report

Objectives of the internal audit report

IIA guidelines for audit reports

IIA guidelines for audit reports

IIA guidelines for audit reports

IIA guidelines for audit reports

IIA guidelines for audit reports

IIA guidelines for audit reports

IIA guidelines for audit reports

IIA guidelines for audit reports

IIA guidelines for audit reports

Internal Auditing & Controls Module 6

Contents of the internal audit report

The audit report usually contains the following information:

Contents of the internal audit report

Contents of the internal audit report

Contents of the internal audit report

Elements of an audit finding

Elements of an audit finding

Elements of an audit finding

Elements of an audit finding

Elements of an audit finding

Factors considered in developing audit findings

Factors considered in developing audit findings

Factors considered in developing audit findings

Factors considered in developing audit findings

Factors considered in developing audit findings

action; 5. the feasibility and cost-effectiveness of potential corrective action.

Review of the report with management before release