Chapter 7 - Internal audit Flashcards

1
Q

Overall objectives of IA:

A
Safeguard assets
Compliance
Reduce overheads
Effective controls
Accounting records
Managing risks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is internal audit?

A
  • Provides independent assurance that an org’s risk management, governance and internal control processes are operating effectively
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a systems audit?

A

Tests and evaluates internal controls within any system

Determines:

  • How well system is functioning
  • What weaknesses there might be
  • What reliance can be placed on existing controls

Objectives audit will focus on:

  • Suitable and accurate management info
  • Compliance with procedures, laws an regulations
  • Safeguarding assets
  • Securing economies and efficiencies
  • Accomplishing objectives
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a compliance audit?

A

Form of systems audit which ensures performance conforms to a statutory, regulatory, policy or contractual requirement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Process of internal control:

A
  • Identify business objectives
  • Identify risks that will threaten each objective
  • Design internal controls to mitigate these risks
  • Implement internal controls in accordance with their design
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IA and fraud investigations:

A
  • Maintain systems of control for both prevention and detection
  • Acts as both investigator and detective (watchdog and bloodhound)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Cressey – fraud was likely to occur if three conditions were present:

A
  1. Pressure:
    * Motivation to commit fraud comes from financial problems that cannot be solved by legitimate means
    * Are staff likely to be affected by external factors?
  2. Rationalisation:
    * Fraudster must be able to justify decision to themselves, usually because they perceive themselves as having no other choice or have been wronged in some way
    * Are assets likely to be vulnerable and are any controls poor?
  3. Opportunity:
    * Fraud can be perpetrated because someone is able to due to low perceived risk of getting caught or fraud can be easily concealed
    * Are staff disenfranchised or desperate enough to commit fraud and does recruitment procedures always check employee references?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Value for money audit:

A
  • Best value audit = performance framework used by UK public service orgs to assess how well public money is being used to provide services
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Best value can be achieved by attempting to implement four C’s:

A
  • Challenge = How and why is a service provided?
  • Compare = Make comparisons with other local authorities and the private sector
  • Consult = Talk to local taxpayers, service users and the wider business community in setting performance targets
  • Compete = Embrace fair competition as a means of securing efficient and effective services
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Management audit:

A
  • Objective and independent appraisal of the effectiveness of managers and the corporate structure in achievement of entity objectives and policies
  • Aim to identify existing and potential management weaknesses and to recommend ways to rectify them
  • Non-routine investigation that attempts to look at all aspects of management performance
  • May cover: achievement of targets, decision making, competence, workloads, delegation, relationships
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Carrying out a management audit:

A

Deciding audit objectives and carry out an investigation, gathering evidence and reporting results

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Social audit:

A

Cover sustainable use of human resources, health and safety compliance, labour conditions and equal opportunities

Involve:

  • Establishing whether org has rationale for engaging in socially responsible activity and that rationale is aligned with its mission
  • Assessing objectives and priorities related to these programmes
  • Evaluating company involvement in such programmes past, present and future
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Environmental audit:

A

Ascertain whether org is complying with codes of best practice, internal guidelines or fulfilling wider requirement of being a good corporate citizen

Concerned with:
* Board and management having good understanding of environmental impact
* Assessment of whether environmental programmes are congruent with comp’s mission
* Adoption + communication of adequate policies and procedures to ensure compliance with relevant std’s and laws
* Adoption + review of progress against quantifiable targets
* Assessment of whether progress is being made economically and efficiently
• True, fair and complete reporting of environmental activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

External audit (Financial audit):

A
  • Examination of books and record of an org with a statutory goal of reporting on the truth and fairness of org’s financial statements
  • Audit committee is responsible for making annual assessment on independence and effectiveness of external auditors and making recommendation for reappointment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Internal vs. external audit:

A

Internal Audit:

  • Responsible to = management
  • Responsible for = any task required by management or directors
  • Activities undertaken = anything
  • Standards used = anything

External Audit:

  • Responsible to = Shareholders
  • Responsible for = opinion on truth, fairness and compliance with laws and regulations
  • Activities undertaken = testing via evidence gathering
  • Standards used = laws and regulations, auditing std’s and accounting std’s
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Comp without IA needs to review need for IA annually by considering:

A
  1. Scale, diversity and complexity of org’s activities
  2. No. of employees
  3. Cost-benefit considerations
  4. Changes in org structures
  5. Changes in key risks
  6. Problems with internal control systems
  7. An increased no of unexplained or unacceptable risks
17
Q

Aims of audit planning:

A
  • Prioritise activities for review (risk, changes, past history of problems and size)
  • Establish objectives of the audit
  • Ensure that IA resources are used efficiently and effectively
18
Q

Risks considered by internal auditors:

A
  1. Inherent risk:
    * Susceptibility of activity being subject to risk regardless of quality of control system or effectiveness of management
  2. Controls risk:
    * Risk that control systems fail, are absent or inadequate
  3. Residual risk:
    * Risk that remains after controls have been implemented and is therefore deemed acceptable by management
  4. Detection risk:
    * Risk that IA process does not detect errors or weaknesses and is balanced against residual risk
19
Q

Walkthrough testing:

A
  • Documenting subject of an audit and tracing events or examples from start to finish in order to confirm auditor’s understanding and any controls in place
  • Techniques include = narrative notes, flowcharts, questionnaires and checklists
20
Q

Tests of control:

A

Test whether controls are operating as they should

21
Q

Substantive testing:

A
  • Test whether individual events are valid
  • Auditors will increase level of substantive testing if controls are assessed as weak or area is considered high risk
May include:
Analytical review procedures
Confirmation
Observation
CompUtation
Recalculation
Inspection
Enquiry
Re-performance
22
Q

Analytical review:

A
  • Analysing data to identify trends, errors or issues (such as gross margin, gearing return on capital employed and revenue per square foot)
  • Involve comparing data with an expectation
23
Q

Benchmarking:

A
  • Used alongside analytical review
  • Benchmarking against org’s in same industry or of similar size or location or those org aspires to emulate or supersede
24
Q

Limitations of benchmarking:

A
  • Industry info is often commercially sensitive and may not be available
  • Limited to the accuracy of both the source data and any statistical analysis
  • Conclusions drawn may not be appropriate
25
Q

Key principles of auditing a computer system:

A
  • Understand the systems
  • Identify how the systems can be tested
  • Review security arrangements
  • Assess all transactions of processed data output
  • Consider data input
  • Ensure all transactions are authorised
  • Review the system back-up facilities and disaster recovery procedures
26
Q

Computer assisted audit techniques (CAATs):

A
  • Applications of auditing procedures using the computer as an audit tool
  • Used to review system controls and to review actual data
  • Big data enabled IA to analyse larger samples if suitable audit data analytics (ADA) technology is available
27
Q

Criteria to be used by org’s to assess their own IA function: (PAIR)

A
  1. Professionalism:
    * Does IA follow a systematic and organised approach when planning conduction and reporting its work? – if not there is a risk that vital info risks and controls may go unreported
  2. Authority:
    * Does IA reported findings get noticed? – If IA requests action and it is not taken, will this get followed up?
  3. Independence:
    * To whom does the IA function report – if it is the audit committee, it is good, but if it is the chief executive or finance director, there may be pressure for IA to be less critical of these individuals
  4. Resources:
    * Are there enough employees with the right levels of training and experience to adequately complete necessary IA work programme?
28
Q

IA Reports:

A
  • There is no formal requirement for IA reports

* Those charged with governance have responsibility to review IA reports and respond appropriately

29
Q

Presentation of observations and findings in individual areas can be made as follow:

A
  • Business objective that manager is aiming to achieve
  • Operational standard
  • Observations of actual performance against std including any control weaknesses
  • Cause of the weaknesses
  • Effect of the weaknesses
  • Recommendations to address weaknesses