WIXLIB

11/18/2018Performing the EngagementEmphasize the Basics Elevate the StandardsNovember 27-28, 2018Sarah Beth HallInspector GeneralFlorida Office of Early LearningTALLAHASSEE CHAPTERPerforming the Engagement(IPPF 2300) Identifying Information (IPPF 2310) Analysis and Evaluation (IPPF 2320) Documenting Information (IPPF 2330)TALLAHASSEE CHAPTERPerforming the EngagementIPPF Standard 2300: Internal auditorsmust identify, analyze, evaluate, anddocument sufficient information to achievethe engagement’s objectives.TALLAHASSEE CHAPTER1

11/18/2018Performing the Engagement Review Planning Documentation– Engagement objectives & scope– Identified criteria– Risk and Control Matrix– Process maps, flowcharts, and/ornarratives– Results of control design evaluations– Plan & approach for testing key controlsTALLAHASSEE CHAPTERPerforming the Engagement Conduct audit procedures/ tests to gatherevidence. Key or primary controls must be tested. Secondary controls do not usually have to betested. If there is a significant design weakness, there isusually no need to test the control.– Determine losses– Quantify or clarify the riskTALLAHASSEE CHAPTERIdentifying InformationIPPF Standard 2310: Internal auditorsmust identify sufficient, reliable, relevant,and useful information* to achieve theengagement’s objectives.*includes audit evidenceTALLAHASSEE CHAPTER2

11/18/2018Identifying Information Sufficient information is factual,adequate, and convincing so that aprudent, informed person would reachthe same conclusions as the auditor. Reliable information is the bestattainable information through the useof appropriate engagement techniques.TALLAHASSEE CHAPTERIdentifying Information Relevant information supportsengagement observations andrecommendations and is consistent withthe objectives for the engagement. Useful information helps theorganization meet its goals.TALLAHASSEE CHAPTERIdentifying Information How do you identify the information/evidence?– Review engagement objectives, the engagementwork program, and the criteria.– Facilitate open and collaborative communication.– Establish effective communication channels.– Utilize a variety of testing methods to find theevidence that leads to conclusions oneffectiveness.TALLAHASSEE CHAPTER3

11/18/2018Identifying Information Persuasive Audit Evidence– Relevant– Reliable– Sufficient Relying on audit evidence that has littleor no pertinence to a specific auditobjectives greatly increases audit risk.TALLAHASSEE CHAPTERTypes of Audit Evidence Testimonial Evidence – what is said Documentary Evidence – what iscontained in documents Physical Evidence – what is seen Analytical – obtained by comparing,computing or analyzing dataTALLAHASSEE CHAPTERExercise 1 – Persuasive AuditEvidenceAssume that an internal auditor wants todetermine whether a particular vehicleincluded in the company’s fixed assetledger exists and is owned by thecompany. The internal auditor locates thevehicle in the company’s parking lot.TALLAHASSEE CHAPTER4

11/18/2018Audit Evidence Guidelines Evidence is more reliable when– Obtained from independent third parties vs. fromauditee personnel.– Produced by a process or system with effectivecontrols vs one with ineffective controls;– Obtained directly by the internal auditor vs. indirectly;– Documented vs. undocumented; and– Timely vs. untimely.TALLAHASSEE CHAPTERAudit Evidence Guidelines Evidence is more sufficient when– Corroborated vs. uncorroborated orcontradictory; and– Produced from larger samples vs.smaller samples.TALLAHASSEE CHAPTERDocumentary Evidence - High Documents prepared by the internal auditor– Inventory test counts– Process maps– Risk and control matrices Documents sent directly from a third party tothe internal auditor– Confirmations– Cutoff bank statements– Letters from outside attorneysTALLAHASSEE CHAPTER5

11/18/2018Documentary Evidence Medium Documents created by a third party, sent to the organization,and requested from the organization by the internal auditor– Vendor invoices– Customer purchase orders– Bank statements Documents created by the organization, sent to a third party,returned to the organization, and requested from theorganization by the internal auditor– Remittance advices– Cancelled checks– Deposit slipsTALLAHASSEE CHAPTERDocumentary Evidence - Low Documents created by the organizationand requested from the organization bythe internal auditor– Written policy statements– Receiving reports– Time cardsTALLAHASSEE CHAPTERAnalysis and EvaluationIPPF Standard 2320: Internal auditorsmust base conclusions and engagementresults on appropriate analyses andevaluations.TALLAHASSEE CHAPTER6

11/18/2018Analysis Manual Audit Procedures – Inquiry,Observation, Inspection, Vouching,Tracing, Reperformance, Confirmation,Analytical Procedures Computer-Assisted Audit Techniques(CAATs)TALLAHASSEE CHAPTERManual Audit Procedures Inquiry – entails asking questions, produces indirectevidence, can be in the form of interviews, surveys,and questionnaires. Practical Examples:– Circulate a questionnaire among senior executivesasking them to identify the “top 10” risksthreatening the organization.– Interview managers and employees involved inthe cash disbursements process to identify keyprocess controls.TALLAHASSEE CHAPTERManual Audit Procedures Observation – entails watching people, processes, orprocedures; direct evidence; only provides evidenceat a point in time Practical Examples:– Tour the auditee’s facility to gain a general understanding of day-today operations.– Observe the care with which employees count the year-endphysical inventory.– Watch employees involved in executing and recording cashdisbursement transactions to determine whether the y areperforming their assigned responsibilities and only their assignedresponsibilities.TALLAHASSEE CHAPTER7

11/18/2018Manual Audit Procedures Inspection – entails studying documents and recordsand physically examining tangible resources;provides direct evidence and direct knowledge Practical Examples –– Review the minutes of board of directors’ meetings lookingfor authorization of significant events.– Inspect selected inventory items to determine their conditionand salability.– Read the cash disbursements policies and procedures toobtain an understanding of key elements of the process.TALLAHASSEE CHAPTERManual Audit Procedures Vouching – entails tracking information backward from onedocument or record to a previously prepared document, record,or a tangible resource; tests validity Practical Examples:– Vouch a sample of inventory items from the accountingrecords to the warehouse to see that the inventory itemsexist.– Vouch a sample of sales invoices to corresponding shippingdocuments to verify that the shipments occurred.– Vouch a sample of check copies to supporting voucherpackages to test the validity of the checks.TALLAHASSEE CHAPTERManual Audit Procedures Tracing – entails tracking information forward fromone document, record, or tangible resource to asubsequently prepared document or record; tests forcompleteness Practical Examples:– Trace internal auditor test counts of inventory to theauditee’s inventory compilation records to verify that thecounts are properly included in the compilation.– Trace checks dated within a period of several days beforeand after year-end to the accounting recording to ensurethe checks were recorded in the proper year.TALLAHASSEE CHAPTER8

11/18/2018Manual Audit Procedures Reperformance – entails redoing controls or otherprocedures; provides direct evidence regarding operatingeffectiveness Practical Examples:– Recalculate accumulated depreciation and depreciationexpense to verify that they were calculated correctly.– Independently estimate the allowance for doubtfulaccounts to test the reasonableness of the accountdepartment’s estimate.– Reperform auditee-prepared bank reconciliations to testwhether they were completed correctly.TALLAHASSEE CHAPTERManual Audit Procedures Confirmation – entails obtaining direct writtenverification of the accuracy of information fromindependent third parties; positive or negativeconfirmations; considered very reliable evidence Practical Examples:– Confirm a sample of accounts receivablesubsidiary ledger balances with customers.– Confirm the principal balance of a notes-payableand interest rate with the lender.– Confirm cash account bank balances with banks.TALLAHASSEE CHAPTERManual Audit Procedures Analytical Procedures – entail assessing informationobtained during an engagement by comparing theinformation with expectations identified or developed by theinternal auditor. Common analytical procedures include:– Ratio, trend, and regression analysis.– Reasonableness tests.– Period-to-period comparisons.– Forecasts.– Benchmarking information against similar industries ororganizational units.TALLAHASSEE CHAPTER9

11/18/2018Manual Audit Procedures Analytical Procedures Practical Examples:– Prepare common-size financial statements for thecurrent year and preceding two years; lookspecifically for variances or unexpected trends.– Compare the organization’s common-size financialstatement with published industry common-sizeinformation looking for unexpected inconsistences.– Calculate accounts payable turnover for thecurrent year and preceding two years as evidenceof vendor payment periods.TALLAHASSEE CHAPTERExercise 2 – Testing a ManualProcurement Process1. Pick a sample of purchase requisitionsand trace each purchase forward to thepurchase order, receiving document,invoice, and payment. OR2. Pick a sample of payments, then voucheach payment back to the otherdocuments.TALLAHASSEE CHAPTERComputer-Assisted AuditTechniques (CAATs) Generalized Audit Software (GAS) –multipurpose software that can be used foraudit purposes such as record selection,matching, recalculation, and reporting.– ACL– IDEATALLAHASSEE CHAPTER10

11/18/2018Computer-Assisted AuditTechniques (CAATs) Utility Software – computer programsprovided by a computer hardwaremanufacturer or software vendor and used inrunning the system. Test Data – simulated transactions that canbe used to test processing logic,computations and controls actuallyprogrammed in computer applications.TALLAHASSEE CHAPTERComputer-Assisted AuditTechniques (CAATs) Application Software Tracing and Mapping –specialized tools that can be used to analyze the flowof data through the processing logic of the applicationsoftware and document the logic, paths, controlconditions and processing sequences. Audit Expert Systems – expert or decision supportsystem that can be used to assist auditors in thedecision-making process by automating theknowledge of experts in the field.TALLAHASSEE CHAPTERComputer-Assisted AuditTechniques (CAATs) Continuous Auditing – Uses computerizedtechniques to perpetually audit theprocessing business transactions. GTAG 16: Data Analysis Technologies of theIIA’s Global Technology Audit Guide SeriesTALLAHASSEE CHAPTER11

11/18/2018Evaluations Logic Professional Experience Professional SkepticismTALLAHASSEE CHAPTERExercise 3 – Test for DuplicatePayments An auditor uses generalized audit software todirectly test whether any duplicate paymentsof invoices exist in the entity’s cashdisbursements transaction file. The auditoruncovers several duplicate payments madethroughout the year. What can the auditor correctly concluderegarding the controls that prevent and/ordetect such payments on a timely basis?TALLAHASSEE CHAPTEREvaluations Root Cause Analysis– Ask a series of Why questions– Include input from internal and externalstakeholdersTALLAHASSEE CHAPTER12