Audit Engagement Planning Flashcards
On what 4 things do minutes of board and committee meetings provide info?
- New developments
- Staff changes
- Diversification into new markets or products
- Major initiatives such as cost reduction programs
With respect to gathering information from the audit committee, what is the CAE’s responsibility?
To have regular meetings with chairman of audit committee
What are the 7 sources of external reports?
- External audit
- Specialists (e.g. I.T. consultants)
- Engineers
- H&S inspectors
- Insurance assessors
- Actuaries
- Occupational health practitioners
What information can be gathered from external reports?
- May indicate hi-level risks
- Evidence of fraud
- May warn of potentially serious situation
- May provide assurance
What information can be gathered from the organisation’s intranet?
- Policy information
- Structure charts
- Procedures
- Standards
What information can be gathered from the Internet when planning an audit engagement?
Key risks facing similar organisations
When gathering information, what should the organisation’s risk policy confirm?
- Management ethos
2. Policy for risk management
What is the purpose of policy documents?
To lay down a framework in which the organisation will achieve its objectives
How do policy documents help IA when gathering information?
They help IA to identify key processes
With respect to policy and procedure documents, for what does IA have authority?
To recommend and influence changes to policies and procedures
What information can be taken from the business plan?
- Most recent assessment of business area
- Strategy for next 12 months
- Forecast for next three to five years
Analytical reviews provide measures of d… and t… when compared to related facts
Deviation and trend
What are the two main questions asked in analytical review?
- Is variance within tolerance?
2. Are trends consistent with one another?
When due to conduct a fact-finding interview, it is important to undertake b… p…
Background preparation
When conducting a fact-finding interview, it is important never to enter the interview c…
Cold
When conducting a fact-finding interviewing, you should prepare a c… of areas to cover
Checklist
When preparing for a fact finding interview, you should list the t… of q… you will use
Types of questions
The two types of fact finding questions are…?
Open and closed
When conducting a fact finding interview, it is crucial to define the o… of the meeting
Objectives
During or after a fact finding interview, you should encourage the manager to what?
Walk through the processes and introduce you to key staff
What is the first stage in engagement planning?
Establish planned scope
When establishing the planned scope of an audit engagement, what information should you draw on?
- Conclusions on risk maturity
- The audit strategy
- Title of the assignment
- Info linking audit to responses requiring assurance
What is the second stage of audit engagement planning?
Assess the risk maturity of the unit being audited
When assessing risk maturity at the engagement level, the criteria used should be…
Consistent with those used at macro level
If actual risk maturity is greater than or equal to expected risk maturity, how should IA proceed?
Carry on as planned
If actual risk maturity is less than expected, how should IA proceed?
Report to management, with conclusion that responses in scope not working effectively
If risk maturity is less than expected, is it necessarily the end of the audit?
No. Can restrict scope to responses identified as effective
What are the six key organisational systems?
- Fixed assets
- Payroll
- Purchasing (creditors)
- Sales (debtors)
- Stock
- Cash (bank)
According to performance std 2200, “internal auditor must develop and d… a plan for each engagement, including scope, objectives, timing and resource allocations”
Document
According to performance std 2200, “internal auditors must develop and document a plan for each e…, including the scope, objectives, timing and resource allocations”
Engagement
According to performance std 2200, “internal auditors must develop and document a plan for each engagement, including the s…, objectives, timing and resource allocations”
Scope
According to performance std 2200, “internal auditors must develop and document a plan for each engagement, including the scope, o…, timing and resource allocations”
Objectives
According to performance std 2200, “internal auditors must develop and document a plan for each engagement, including the scope, objectives, t…, and resource allocations”
Timing
According to performance std 2200, “internal auditors must develop and document a plan for each engagement, including the scope, objectives, timing and r… allocations”
Resource
When planning an audit engagement, what are the four angles from which the audit area are appraised?
- Business objectives
- Key risks to business objectives
- Adequacy and effectiveness of risk management and control systems
- Opportunity for making significant improvements
What should provide the rationale for an audit engagement?
Prior risk based macro planning
What are the two main purposes of an audit engagement?
- Determine significant parts of audit
2. Undertake audit in premeditated and coordinated way
What are the five general objectives of an audit engagement?
- Seek evidence that controls and risks in scope exist
- That controls function as intended
- That they are fit for job (effective)
- That they are efficient
- That they are adequate to maintain the control environment
The “audit scope” is the e… of the audit and its limitations
Extent
The “audit scope” is the extent of the audit and its l…
Limitations
What determines the audit scope?
- Size of the business area
- Objectives of business area
- Risks of business area
- Nature of systems and procedures
The audit scope identifies the b… of the engagement
Boundaries
The audit scope pinpoints c… areas and risks to be examined
Control
The audit scope pinpoints control areas and r… to be examined
Risks
On what should be the whole focus of an audit engagement?
Management of risks
What is the justification for testing in an audit engagement?
To evaluate risk mitigation activities
The risk matrix includes detailed r…, causes and controls, plus IA’s test strategy and individual tests
Risks
The risk matrix includes detailed risks, c…, and controls, plus IA’s testing strategy and individual tests
Causes
The risk matrix includes detailed risks, causes, and c…, plus IA’s testing strategy and individual tests
Controls
The risk matrix includes detailed risks, causes, and controls, plus IA’s t… s…, and individual test
Testing strategy
The risk matrix includes detailed risks, causes, controls, plus IA’s testing strategy and individual t…
Tests
What three things should the testing strategy consider?
- Definition of the risk area and reason for testing
- Definition of risk management strategies in place
- Identification of how to test risk management strategies
What three questions should be asked once the testing strategy has been completed?
- What are root causes of risk?
- Have insurance or other transfer strategies already mitigated risk?
- Does risk impact on other risk areas?
The audit engagement will be looking for information that confirms: c… m… exist, function as intended, and function to an adequate level
Control mechanisms
The audit engagement will be looking for information that confirms: control mechanisms exist, f… as intended, and function to an adequate level
Function
The audit engagement will be looking for information that confirms: control mechanisms exist, function as intended, and function to an a… l…
Level
The audit engagement will be looking for evidence that controls are e… and e…
Efficient and effective
List the five main methods for gathering information during audit engagement planning.
- Walkthroughs
- Focus groups
- Surveys
- One-to-one interviews
- Audit testing
The purpose of analytical methods is to learn about the s… a… or activity being reviewed
Subject area
The purpose of analytical methods is the learn about the subject area or a… being reviewed
Activity
Analytical methods work by looking at r… within information and comparing to criteria
Relationships
Analytical methods work by looking at relationships within information, and comparing to c…
Criteria
What are the two main analytical methods?
Trend analysis and ratio analysis
CAATTs have the ability to improve the r… and q… of IA analysis
Range and quality
CAATTS can be used to a… and e… info from databases
Access and extract
CAATTs can be used for s… and s… analysis
Sampling and statistical
CAATTs can t…, check and perform calculations
Tabulate
CAATTs can tabulate, check and perform c…
Calculations