CH. 12 Flashcards
Definitions of assurance and consulting engagements, and how they differ
Assurance services refer to an objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization.
- Nature and scope determined by IA.
- Parties involved:
- Auditee who is directly involved in the subject matter of interest,
- Internal auditor making the assessment and providing the conclusion.
- User relying on the internal auditor’s assessment of evidence and conclusion.
- Examples may include financial, performance, compliance, system security, and due diligence engagements.
Advisory services refers to advisory and related service activities, the nature and scope of which are agreed with the [customer], are intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility.
- Nature and scope is mutually agreed upon by customer and IA.
Parties involved:
- Customer who is seeking and receiving advice.
- Internal Auditor offering and providing the advice.
Examples include counsel, advice, facilitation, and training.
Differences in advisory and assurance engagements
Primary purpose of the engagement,
Who determines the nature and scope of the engagement
The parties involved.
Three phases of an engagement, whether they are discrete and sequential steps and how that is manifested
- Planning:
- typically continues throughout the engagement
—-> Adjustments need to be made as new evidence is uncovered. - Performing:
- begins during the planning stage
—-> Procedures are applied to gather information needed to plan the engagement. - Communicating:
-takes place throughout the engagement process.
—-> Important matters are communicated to the auditee on an interim basis and not just at the end of the process in the final engagement communication.
Planning
- Six P’s
Effective planning is key to the successful completion of any type of project.
There is an expression, sometimes referred to as the “six P’s,” that illustrates this principle: **“Proper Prior Planning Prevents Poor Performance.”
Another expression: “Failing to plan means planning to fail.” ***
Failure to invest an appropriate amount of time and effort in planning increases the likelihood that the engagement will fail to achieve the desired objectives or that it will achieve the objectives inefficiently.
Following a structured and disciplined planning approach helps ensure that the engagement is performed effectively and efficiently.
Plan Activities
I. Pre-Engagement Activities
Step 1: Determine engagement purpose, objectives and scope
II. Risk Assessment Procedures & Preliminary Audit Strategy
Step 2: Understand the auditee, including auditee objectives and assertions – test of controls
III. Understand & Evaluate Internal Controls
Step 3: Identify and assess risks – team discussion & fraud risk inquiries
Step 4: Identify key controls – preliminary analytical procedures, observations & inquiries
IV. Synthesize Information Gathered
Step 5: Evaluate adequacy of control design
V. Identify & Assess Risk of Material Misstatement
Step 6: Create a test plan
Step 7: Develop a work program
Step 8: Allocate resources to the engagement
Perform Activities
VI. Perform Audit Procedures
- Conduct tests to gather evidence
VII. Evaluate Audit Findings
- Evaluate evidence gathered and reach conclusions
- Develop observations and formulate recommendations
Communicate activities
VIII. Prepare Reports & Communications
- Perform observation evaluation and escalation process
- Conduct interim and preliminary engagement communications
- Develop final engagement communications
- Distribute formal and informal final communications
- Perform monitoring and follow-up procedures
