Overview. Understand the concepts of Audit. Understand the need for Controls and internal controls. Understand and apply the principles of audit

Size: px
Start display at page:

Download "Overview. Understand the concepts of Audit. Understand the need for Controls and internal controls. Understand and apply the principles of audit"

Transcription

1 Audit Chapter 18

2 Overview Understand the concepts of Audit Understand the need for Controls and internal controls Understand and apply the principles of audit

3 IT Audit IT auditing is the evaluation of Information Systems, practices, and operations to assure the integrity of an entity s information. Such evaluation can include assessment of the efficiency, effectiveness, and economy of computer-based practices with computer as an audit tool

4 IT Audit IT auditing is a profession with conduct, aims, and qualities that are characterized by worldwide technical standards, an ethical set of rules (ISACA Code of Ethics), and a professional certification program (Certified Information Systems Auditor, CISA) is an integral part of the audit function because it supports the auditors judgment on the quality of the information processed by computer systems.

5 IT Audit IT auditing is a profession with conduct, aims, and qualities that are characterized by worldwide technical standards, an ethical set of rules (ISACA Code of Ethics), and a professional certification program (Certified Information Systems Auditor, CISA) is an integral part of the audit function because it supports the auditors judgment on the quality of the information processed by computer systems.

6 IT Audit Companies require systems, structures, and processes to operate globally. A system represents a set of dependent elements forming a single unitary entity. can be defined by the following elements: inputs, outputs, transformation process, system structure and its state. A process is nothing more than a structured set of activities and decisions to do a certain job.

7 Risks Risks associated with automated applications include: Weak security Unauthorized access to data Unauthorized remote access Inaccurate information Erroneous or falsified data input Misuse by authorized end users

8 Risks Risks associated with automated applications include: Incomplete processing Duplicate transactions Untimely processing Communications system failure Inadequate training Inadequate support

9 System Planners System planners must ensure that provisions are made for: An adequate audit trail so that transactions can be traced for- ward and backward through the system Ensuring technology provided by different vendors are compatible and controlled Adequately designed and controlled databases to ensure that common definitions of data are used throughout the organization, that redundancy is eliminated or controlled, and that data existing in multiple databases is updated concurrently

10 System Planners System planners must ensure that provisions are made for: Handling exceptions to, and rejections from, the computer system Unit and integrated testing, with controls in place to determine whether the systems perform as planned and meet the business objectives Controls over changes to the computer system to determine whether the proper authorization has been given and documented Adequate controls between interconnected computer systems

11 System Planners System planners must ensure that provisions are made for: Adequate security procedures to protect the data and availability of data on demand Authorization procedures for system overrides and documentation of those processes Determining whether organization and government policies and procedures are adhered to in system implementation Backup and recovery procedures for the operation of the system and subsystems with assurance of business continuity

12 Audit The audit is the process through which the competent and independent persons collects and evaluates proofs to validate an opinion regarding the correspondence degree among the observed events, things and with preestablished criteria.

13 Audit Auditing is defined as a systematic process of objectively obtaining and evaluating evidence regarding the current condition of an entity, area, process, financial account or control and comparing it to predetermined, accepted criteria and communicating the results to the intended users.

14 Audit - Types The various types of audits include A quality system audit measures an organization's capability to meet the quality requirements. Management audits are carried out to validate the business strategic plan reflects the business objectives. A process audit verifies the validity of process to deliver the expected output..

15 Audit - Types The various types of audits include System audits are carried out to ensure a business management system is sufficiently comprehensive to control all of the activities within that business. Procedural audits Verify the documented practices and its completeness to ensure the implementation of approved policies and are capable of controlling the organisations operations.

16 ISO 9001:2000 ISO9001:2000 defines audit to be of three types. First Party Audits of an organization, or parts of an organization, by personnel employed by that organization. These audits are usually referred to as Internal Audits. Members of a business evaluate their own processes with established criteria with respect to their organization.

17 ISO 9001:2000 ISO9001:2000 defines audit to be of three types. Second Party Audits carried out by customers upon their suppliers and are completed by an organization independent of the organization being audited. These audits are usually referred to as external audits or vendor audits.

18 ISO 9001:2000 ISO9001:2000 defines audit to be of three types. Third Party Audits are carried out by personnel who are not connected to the customer nor the supplier. They are usually employees of certification bodies or registrars such as BSI etc.

19 Computer based audit Computer-based auditing has traditionally been considered from two perspectives: a systems-based approach: can be used to test the applications controls to determine if the system is performing as intended. a data-based approach focuses on the data and is commonly called transaction- or data-based auditing.

20 IT Audit IT Audit is the process of collecting and evaluating evidence to determine whether a information system has been designed to maintain data integrity, safeguard assets, allows organizational goals to be achieved effectively, and uses resources efficiently. It analyzes the systems and the networks with the view of measuring the efficiency of technical and procedural control in order to minimize the risks.

21 IT Audit IT Audit It entails the systematic examination of the information resources, information use, information flows and the management of these in an organization. It is an important element in the process of feedback. It is an instrument of evaluation and provides information that can be used to plan and implement corrective actions.

22 Audit Team Two necessary components for an audit to be successful The first is an auditor with the right skills, education and experience. The second is the audit process itself. A group of auditors will form an audit team.

23 Audit Team Audit teams are composed with consideration to the type, content, and extent of the audit to be conducted. Audit team employees, one of whom has to act as audit lead. The audit lead should be nominated early.

24 Audit Team The audit manager is responsible for selecting the audit teams. When selecting the audit team members, consideration should be given to audit content, cultural group, and linguistic requirements, as well as personal aspects.

25 Audit Documentation Audit documentation is the written record that supports the auditors representations and conclusions. serves as a basis for review and is used to plan and perform the engagement. includes records of planning and performing the work, as well as a record of the procedures performed and evidence obtained.

26 Audit Schedule Audit Schedule departments create annual audit schedules to gain agreement from the board on audit areas, communicate the audit areas with the functional departments, and create a project/resource plan for the year. should be linked to current business objectives and risks based on their relative cost in terms of potential loss of goodwill, etc

27 Audit Plan Audit Plan Planning covers both administration of the audit office as well as administration of the audit assignment. For successful audits, we need to know what we want to achieve (audit objectives), determine what procedures we should follow (audit methodology), and assign qualified staff to the audit (resource allocation).

28 Audit Preparation Audit preparation is composed of all the work that is involved in initiating an audit. The functions include audit selection, definition of audit scope, initial contacts and communication with audites, and audit team selection. Audit scope should clearly state the process areas, controls, geographic or functional area, time period, and other speficics to delineate the area to be reviewed.

29 Audit Procedures Audit procedures are the activities that the auditor performs to obtain sufficient, competent evidence to ensure a reasonable basis for the audit opinion. Firstly, they are detective control mechanisms by which auditors identify and investigate variances or deviations from predetermined standards.

30 Audit Procedures Audit procedures Secondly, they are used as preventive control mechanisms because the expectation of an audit should deter individuals from engaging in fraudulent financial reporting or making careless errors.

31 Internal Audit The internal audit function is a control function with a company or organization. The primary purpose of the internal audit function is to assure that management authorized controls are being applied effectively. Internal Audit is part of the internal monitoring system of an organization.

32 Audit Findings Audit findings should be formally documented and include the process area audited, the objective of the process, the control objective, the results of the test of that control, and a recommendation in the case of a control deficiency. form serves the purpose of documenting both control strengths and weaknesses and can be used to review the control issue with the responsible IT manager to agree on corrective action.

33 Audit Reports Audit reports Formal communication issued by the audit department describing the results of the audit is called an audit report. Audit report should include the audit scope and objectives, a description of the audit subject, a narrative of the audit work activity performed, conclusions, findings, and recommendations.

34 Internal controls Internal control consists of ve interrelated components as follows: Control (or Operating) environment Risk assessment Control activities Information and communication Monitoring

35 IT controls IT controls General Controls Application Controls Management Controls Nature of controls Preventive controls Detective analytical controls Corrective controls

36 Summary The audit function, whether internal or external, is part of the corporate environment. It is a process to objectively validate, verify, and substantiate a process, activity, function, system, subsystem, or project within a company. Auditors have a unique set of skills and abilities that allows them to evaluate varied issues and environments.

Policy and Procedures Date: November 5, 2017

Policy and Procedures Date: November 5, 2017 Virginia Polytechnic Institute and State University No. 3350 Rev.: 8 Policy and Procedures Date: November 5, 2017 Subject: Charter for the Office of Audit, Risk, and Compliance 1. Purpose... 1 2. Policy...

More information

Chapter 7. Auditing Internal Control over Financial Reporting. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Chapter 7. Auditing Internal Control over Financial Reporting. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved. Management Responsibilities under Section 404 Management

More information

Internal Audit Appendix: IIA Standards

Internal Audit Appendix: IIA Standards Accountability Modules Internal Audit Appendix: IIA Standards Return to Table of ontents The following section provides additional detailed steps to examine when evaluating an internal audit function.

More information

Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining)

Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining) Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining) Topic AS No. 5 AS No. 2 Objective of ICFR Audit Planning the ICFR Audit Integration

More information

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015 In Control: Getting Familiar with the New COSO Guidelines CSMFO Monterey, California February 18, 2015 1 Background on COSO Part 1 2 Development of a comprehensive framework of internal control Internal

More information

PART 6 - INTERNAL CONTROL

PART 6 - INTERNAL CONTROL PART 6 - INTERNAL CONTROL INTRODUCTION The A-102 Common Rule and OMB Circular A-110 (2 CFR part 215) require that non-federal entities receiving Federal awards (i.e., auditee management) establish and

More information

Auditing Standards and Practices Council

Auditing Standards and Practices Council Auditing Standards and Practices Council PHILIPPINE STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT PHILIPPINE STANDARD ON AUDITING

More information

INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT CONTENTS

INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT CONTENTS INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT (Effective for audits of financial statements for periods beginning

More information

Internal Controls: Need Them, Have Them, Love Them

Internal Controls: Need Them, Have Them, Love Them Internal Controls: Need Them, Have Them, Love Them Tiffany R. Winters, Esquire twinters@bruman.com Brustein & Manasevit Fall Forum 2010 Why Do We Have Internal Controls? The Federal Managers Financial

More information

Internal controls over Financial Reporting Key concepts. Presentation by Jayesh Gandhi at WIRC

Internal controls over Financial Reporting Key concepts. Presentation by Jayesh Gandhi at WIRC Internal controls over Financial Reporting Key concepts Presentation by Jayesh Gandhi at WIRC Page 1 ICFR Key Concepts WIRC 28 May 2016 Agenda Scope and requirements Overview of internal controls as per

More information

GoldSRD Audit 101 Table of Contents & Resource Listing

GoldSRD Audit 101 Table of Contents & Resource Listing Au GoldSRD Audit 101 Table of Contents & Resource Listing I. IIA Standards II. GTAG I (Example Copy of the Contents of the GTAG Series) III. Example Audit Workprogram IV. Audit Test Workpaper Example V.

More information

Scope of this SA Effective Date Objective Definitions Sufficient Appropriate Audit Evidence... 6

Scope of this SA Effective Date Objective Definitions Sufficient Appropriate Audit Evidence... 6 SA 500* AUDIT EVIDENCE (Effective for audits of financial statements for periods beginning on or after April 1, 2009) Contents Introduction Paragraph(s) Scope of this SA...1-2 Effective Date... 3 Objective...

More information

(Effective for audits of financial statements for periods ending on or after December 15, 2013) CONTENTS

(Effective for audits of financial statements for periods ending on or after December 15, 2013) CONTENTS INTERNATIONAL STANDARD ON AUDITING 315 (REVISED) IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT THROUGH UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT Introduction (Effective for audits of

More information

Corporate Background and Experience: Financial Soundness: Project Staffing and Organization

Corporate Background and Experience: Financial Soundness: Project Staffing and Organization A motion by Kentucky, on behalf of the Certification Committee, to adopt changes to the Governing Board Rules, Appendix C, Criteria and Minimum Standards for CSP Certification: Appendix C (04/07/2015)

More information

1. INTERNAL AUDIT CHARTER (PDF)

1. INTERNAL AUDIT CHARTER (PDF) 1. INTERNAL AUDIT CHARTER (PDF) The Internal Audit Charter spells out the purpose, authority, and responsibility of the Internal Audit function at the University of Swaziland. The Charter also provides

More information

REPORT 2016/033 INTERNAL AUDIT DIVISION

REPORT 2016/033 INTERNAL AUDIT DIVISION INTERNAL AUDIT DIVISION REPORT 2016/033 Advisory engagement on the Statement on Internal Control project at the United Nations Joint Staff Pension Fund 25 April 2016 Assignment No. VS2015/800/01 CONTENTS

More information

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department. CORPORATE AUDIT DEPARTMENT CHARTER PURPOSE This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department. The Institute of Internal Auditors

More information

International Standard on Auditing (Ireland) 500 Audit Evidence

International Standard on Auditing (Ireland) 500 Audit Evidence International Standard on Auditing (Ireland) 500 Audit Evidence MISSION To contribute to Ireland having a strong regulatory environment in which to do business by supervising and promoting high quality

More information

Statement on Risk Management and Internal Control

Statement on Risk Management and Internal Control INTRODUCTION The Board affirms its overall responsibility for the Group s system of internal control and risk management and for reviewing the adequacy and effectiveness of the system. The Board is pleased

More information

Quality Assurance and Improvement Program (QAIP)

Quality Assurance and Improvement Program (QAIP) Quality Assurance and Improvement Program (QAIP) Presenters: Lori Carmichael, CPA Rafael Guijarro, CPA Florida Michigan North Carolina Texas Insight. Oversight. Foresight. Class Overview Overview- QAIP

More information

Corporate Governance Update. SOX 404 and Internal Controls

Corporate Governance Update. SOX 404 and Internal Controls Corporate Governance Update SOX 404 and Internal Controls Speakers Barbara Borden bborden@cooley.com 858.550.6243 Brad Peck bpeck@cooley.com 858.550.6012 Steven Spector (858) 453-7200 x229 sspector@arenapharm.com

More information

Types of Systems Audit & Relevance. Presented By: Prasad Pendse, CISA

Types of Systems Audit & Relevance. Presented By: Prasad Pendse, CISA Types of Systems Audit & Relevance Presented By: Prasad Pendse, CISA Agenda Systems Audit Categories & Types of Systems Audit, Relevance IT & Application Audits Security Audits Process Audits Advantages

More information

FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING

FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING Nature and Timing of the Reporting Requirement When must registrants begin to report on internal control over financial reporting?

More information

Fraud Risk Management

Fraud Risk Management Fraud Risk Management Introduction Bethmara Kessler, CFE, CISA Campbell Soup Company 2017 Association of Certified Fraud Examiners, Inc. CPE Information 2017 Association of Certified Fraud Examiners, Inc.

More information

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017) Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017) Assessor 1: Assessor 2: Date: Date: Legend: Generally

More information

Chapter 7 Internal Controls

Chapter 7 Internal Controls Chapter 7 Internal Controls Establishment of and adherence to internal controls is a major part of managing an organization. Internal controls serve as the first line of defense in safeguarding assets

More information

HSCIC Audit of Data Sharing Activities:

HSCIC Audit of Data Sharing Activities: Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 20/04/2016 HSCIC Audit of Data Sharing

More information

Business Context of ISO conform Internal Financial Control Assessment

Business Context of ISO conform Internal Financial Control Assessment Business Context of ISO 15504 conform Internal Financial Control Assessment By János Ivanyos, Memolux Ltd. (H), IIA Hungary Introduction In this paper the business context of the ISO/IEC 15504 [1] conformant

More information

An Overview of the 2013 COSO Framework. August 2013

An Overview of the 2013 COSO Framework. August 2013 An Overview of the 2013 COSO Framework August 2013 Introduction Dean Geesler, KPMG Senior Manager Course Objectives Summarize the key changes from the 1992 Framework to the 2013 Framework including the

More information

The Red (Book) Rocks The Latest and Greatest Audit Standards

The Red (Book) Rocks The Latest and Greatest Audit Standards The Red (Book) Rocks The Latest and Greatest Audit Standards Presenter Toni Stephens Chief Audit Executive The University of Texas at Dallas Insert Logo Here Course Objectives Explain the development of

More information

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements AUDITING STANDARD No. 2 An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements March 9, 2004 AUDITING AND RELATED PROFESSIONAL PRACTICE STANDARDS

More information

Strengthening Control and integrity: A Checklist for government Managers

Strengthening Control and integrity: A Checklist for government Managers Forum: Analytics and Risk Management Tools for Making Better Decisions Strengthening Control and integrity: A Checklist for government Managers By James A. Bailey The next contribution is based on a Center

More information

CITY OF CORPUS CHRISTI

CITY OF CORPUS CHRISTI CITY OF CORPUS CHRISTI CITY AUDITOR S OFFICE Audit of Purchasing Program Project No. AU12-004 September 20, 2012 City Auditor Celia Gaona, CIA CISA CFE Auditor Nora Lozano, CIA CISA Executive Summary In

More information

Audit Evidence This section is effective for audits of financial statements for periods ending on or after December 15, 2012.

Audit Evidence This section is effective for audits of financial statements for periods ending on or after December 15, 2012. Audit Evidence 395 AU-C Section 500 Audit Evidence Source: SAS No. 122; SAS No. 128. See section 9500 for interpretations of this section. Effective for audits of financial statements for periods ending

More information

The Internal Control Framework

The Internal Control Framework The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com www.caaa.in 9820061049/9323061049 To receive regular updates kindly send

More information

Financial Statements Framework

Financial Statements Framework The way companies depict their financial performance & health to investors Income statement: financial performance in terms of operational gains / losses over a period of time Balance sheet:financial health

More information

Thai Oil Public Company Limited. Internal Audit Charter

Thai Oil Public Company Limited. Internal Audit Charter Thai Oil Public Company Limited Internal Audit Charter (Translation) 1 Amendment Records Title: INTERNAL AUDIT CHARTER Issue No./ Revision No. Date Amended Sections Reasons for Amendment 01/00 23/09/09

More information

EFFICIENT USE OF AUDIT COMMITTEES

EFFICIENT USE OF AUDIT COMMITTEES AGENDA EFFICIENT USE OF AUDIT COMMITTEES BRENT YOUNG, CPA JERRY GAITHER, CPA Best practices related to: Audit Committee Process Internal Audit Risk Management 2 AUDIT COMMITTEE PROCESS AND PROCEDURES Audit

More information

INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS

INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS Introduction INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE (Effective for audits of financial statements for periods beginning on or after December 15, 2009) +

More information

Internal Financial Controls (IFC) - An Overview

Internal Financial Controls (IFC) - An Overview Internal Financial Controls (IFC) - An Overview Increased responsibilities of the Board: Companies Act 2013 Board s responsibility extended to ensure Legal compliances to all applicable statutes. The increasingly

More information

2012 IIA Standards Update

2012 IIA Standards Update 2012 IIA Standards Update International Internal Audit Standards Board (IIASB) October 2012 1 Session Overview Why the Standards matter Standards-setting due process The key changes in 2012 Best practices

More information

Internal Control and the Computerised Information System (CIS) Environment. CA A. Rafeq, FCA

Internal Control and the Computerised Information System (CIS) Environment. CA A. Rafeq, FCA Internal Control and the Computerised Information System (CIS) Environment CA A. Rafeq, FCA 1 Agenda 1. Internal Controls and CIS Environment 2. Planning audit of CIS environment 3. Design and procedural

More information

Internal Control and the IC System in Philippines

Internal Control and the IC System in Philippines BUKIDNON STATE UNIVERSITY GRADUATE EXTENTION STUDIES Surigao City Study Center Internal Control and the IC System in Philippines PA 208 Public Fiscal Administration and Budgeting Prepared by Johny Sauro

More information

Evaluating Internal Controls

Evaluating Internal Controls A SSURANCE AND A DVISORY BUSINESS S ERVICES Fourth in the Series!@# Evaluating Internal Controls Evaluating Overall Effectiveness, Identifying Matters for Improvement, and Ongoing Assessment of Controls

More information

BOM/BSD 2/November 1994 BANK OF MAURITIUS. Guideline on Maintenance of Accounting and other Records and Internal Control Systems

BOM/BSD 2/November 1994 BANK OF MAURITIUS. Guideline on Maintenance of Accounting and other Records and Internal Control Systems BOM/BSD 2/November 1994 BANK OF MAURITIUS Guideline on Maintenance of Accounting and other Records and Internal Control Systems November 1994 Revised November 2013 Revised December 2017 TABLE OF CONTENTS

More information

On the Revision of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal Control

On the Revision of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal Control (Provisional translation) On the Revision of the Standards and Practice Standards for Management Assessment and Audit concerning Internal Control Over Financial Reporting (Council Opinions) Released on

More information

and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment

and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment IFACIAAS Board IAASB Main Agenda (April 2013) Agenda Iten 5-D Final Pronouncement March 2012 International Standard on Auditing ISA 315 (Revised), Identifying and Assessing the Risks of Material Misstatement

More information

Practice Advisory : Quality Assurance and Improvement Program

Practice Advisory : Quality Assurance and Improvement Program Practice Advisory 1300-1: Quality Assurance and Improvement Program Primary Related Standard 1300: Quality Assurance and Improvement Program The chief audit executive must develop and maintain a quality

More information

The World Bank Audit Firm Assessment Questionnaire

The World Bank Audit Firm Assessment Questionnaire The World Bank Audit Firm Assessment Questionnaire Assessment of audit firms in the Africa Region Background The Bank s financial management Bank Procedures (BP) and Operations Policy (OP) (BP/OP 10.00)

More information

Changes To the Public Sector Internal Audit Standards April 2017

Changes To the Public Sector Internal Audit Standards April 2017 s To the Public Sector Internal Audit Standards April 2017 The Public Sector Internal Audit Standards (PSIAS) were updated in April 2017. The latest version of the document can be accessed on The Chartered

More information

Internal and Governmental Financial Auditing and Operational Auditing

Internal and Governmental Financial Auditing and Operational Auditing Internal and Governmental Financial Auditing and Operational Auditing Chapter 26 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 5-5 Learning Objective 1 Explain the role of

More information

Statement on February 2014 Auditing Standards 128. Using the Work of Internal Auditors

Statement on February 2014 Auditing Standards 128. Using the Work of Internal Auditors Statement on February 2014 Auditing Standards 128 Issued by the Auditing Standards Board Using the Work of Internal Auditors (Supersedes Statement on Auditing Standards [SAS] No. 65, The Auditor's Consideration

More information

STATEMENT OF AUDITING STANDARDS 500 AUDIT EVIDENCE

STATEMENT OF AUDITING STANDARDS 500 AUDIT EVIDENCE STATEMENT OF AUDITING STANDARDS 500 AUDIT EVIDENCE (Issued January 2004) Contents Paragraphs Introduction 1-2 Concept of Audit Evidence 3-6 Sufficient Appropriate Audit Evidence 7-14 The Use of Assertions

More information

Audit of Weighing Services. Audit and Evaluation Services Final Report Canadian Grain Commission

Audit of Weighing Services. Audit and Evaluation Services Final Report Canadian Grain Commission Audit and Evaluation Services Final Report Canadian Grain Commission November 2016 Table of Contents 1. EXECUTIVE SUMMARY... 2 Conclusion... 2 Statement of Assurance... 2 2. INTRODUCTION... 3 Authority

More information

Bank of Botswana Internal Audit Charter March 18, 2013 INTERNAL AUDIT CHARTER BANK OF BOTSWANA

Bank of Botswana Internal Audit Charter March 18, 2013 INTERNAL AUDIT CHARTER BANK OF BOTSWANA INTERNAL AUDIT CHARTER BANK OF BOTSWANA 1 CONTENTS PAGE 1. PURPOSE OF THE INTERNAL AUDIT CHARTER 3 2. PURPOSE OF THE INTERNAL AUDIT DIVISION 3 3. POLICY STATEMENTS 3 3.1 Establishment of the Internal Audit

More information

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES 1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org PRELIMINARY STAFF VIEWS AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL

More information

AUDITING. Auditing PAGE 1

AUDITING. Auditing PAGE 1 AUDITING Auditing 1. Professionalism The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance promulgated by The Institute of Internal

More information

INTERNATIONAL STANDARD ON AUDITING (NEW ZEALAND) 500

INTERNATIONAL STANDARD ON AUDITING (NEW ZEALAND) 500 Issued 07/11 Compiled 10/15 INTERNATIONAL STANDARD ON AUDITING (NEW ZEALAND) 500 Audit Evidence (ISA (NZ) 500) This compilation was prepared in October 2015 and incorporates amendments up to and including

More information

CPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a. AUDITING THEORY Risk Assessment and Response to Assessed Risks

CPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a. AUDITING THEORY Risk Assessment and Response to Assessed Risks Page 1 of 7 CPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a Related PSAs: PSA 400, 315 and 330 AUDITING THEORY Risk Assessment and Response to Assessed Risks 1. Which of the following is correct statement?

More information

TABLE OF CONTENTS WATER SERVICES ASSOCIATION OF AUSTRALIA PROCESS BENCHMARKING AUDIT PROTOCOLS COPYRIGHT:... 3

TABLE OF CONTENTS WATER SERVICES ASSOCIATION OF AUSTRALIA PROCESS BENCHMARKING AUDIT PROTOCOLS COPYRIGHT:... 3 WATER SERVICES ASSOCIATION OF AUSTRALIA AUDIT PROTOCOL FOR THE AQUAMARK ASSET MANAGEMENT PROCESS BENCHMARKING PROJECT DECEMBER 2007 TABLE OF CONTENTS COPYRIGHT:... 3 1.0 INTRODUCTION:... 4 1.1 OVERVIEW...

More information

ECQA Certified Profession. Governance SPICE Model. Internal Financial Control Assessor Training Programme

ECQA Certified Profession. Governance SPICE Model. Internal Financial Control Assessor Training Programme ECQA Certified Profession Governance SPICE Model used by the Internal Financial Control Assessor Training Programme Contact: János Ivanyos Memolux Ltd. +36 1 467403 ivanyos@memolux.hu www.training.ia-manager.org

More information

OVERVIEW 4/19/10. Internal Controls and the Audit Process May 4, 2010 OVERVIEW. Definition and historical perspective of internal auditing

OVERVIEW 4/19/10. Internal Controls and the Audit Process May 4, 2010 OVERVIEW. Definition and historical perspective of internal auditing and the Audit Process May 4, 2010 Presented by: Deborah A. Stevens CPA Wichita County Auditor 1 OVERVIEW Definition and historical perspective of internal auditing Role and responsibilities of the internal

More information

FEEDBACK TUTORIAL LETTER

FEEDBACK TUTORIAL LETTER FEEDBACK TUTORIAL LETTER 1 st SEMESTER 2017 ASSIGNMENT 2 ACCOUNTING INFORMATION SYTEMS AIS822S 1 COURSE: COURSE CODE: ACCOUNTING INFORMATION SYSTEMS AIS822S TUTORIAL LETTER: 02/2017 DATE: 04/ 2017 Dear

More information

Report. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report

Report. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report Report Quality Assessment of Internal Audit at Draft Report / Final Report Quality Self-Assessment by Independent Validation by Table of Contents 1.

More information

REPORT 2014/014. Audit of the implementation of the Murex system in the Investment Management Division of the United Nations Joint Staff Pension Fund

REPORT 2014/014. Audit of the implementation of the Murex system in the Investment Management Division of the United Nations Joint Staff Pension Fund INTERNAL AUDIT DIVISION REPORT 2014/014 Audit of the implementation of the Murex system in the Investment Management Division of the United Nations Joint Staff Pension Fund Overall results relating to

More information

[RELEASE NOS ; ; FR-77; File No. S ]

[RELEASE NOS ; ; FR-77; File No. S ] SECURITIES AND EXCHANGE COMMISSION 17 CFR PART 241 [RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06] Commission Guidance Regarding Management s Report on Internal Control Over Financial Reporting

More information

BUSINESS CPA EXAM REVIEW V 3.0. For Exams Scheduled After March 31, 2017

BUSINESS CPA EXAM REVIEW V 3.0. For Exams Scheduled After March 31, 2017 For Exams Scheduled After March 31, 2017 CPA EXAM REVIEW BUSINESS UPDATES AND ACADEMIC HELP Click on Community and Support at www.becker.com/cpa CUSTOMER SERVICE AND TECHNICAL SUPPORT Call 1-877-CPA-EXAM

More information

1. Definition & Mission

1. Definition & Mission 1. Definition & Mission 1.1 Internal Auditing is an independent, objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of. 1.2 Group Internal

More information

CHAPTER 5 INFORMATION TECHNOLOGY SERVICES CONTROLS

CHAPTER 5 INFORMATION TECHNOLOGY SERVICES CONTROLS 5-1 CHAPTER 5 INFORMATION TECHNOLOGY SERVICES CONTROLS INTRODUCTION In accordance with Statements on Auditing Standards Numbers 78 and 94, issued by the American Institute of Certified Public Accountants

More information

INTERNATIONAL STANDARD ON AUDITING 210 TERMS OF AUDIT ENGAGEMENTS CONTENTS

INTERNATIONAL STANDARD ON AUDITING 210 TERMS OF AUDIT ENGAGEMENTS CONTENTS INTERNATIONAL STANDARD ON AUDITING 210 TERMS OF AUDIT ENGAGEMENTS (Effective for audits of financial statements for periods beginning on or after December 15, 2006. Appendix 2 contains conforming amendments

More information

Basic Concepts of Information System Auditing

Basic Concepts of Information System Auditing Basic Concepts of Information System Auditing 1 Chapter I Basic Concepts of Information System Auditing Rafael Rodríguez de Cora INTRODUCTION The challenge of Information System Auditing, as it is known

More information

ISAE 3402 Type 2. Independent auditor s report on general IT controls regarding operating and hosting services for to

ISAE 3402 Type 2. Independent auditor s report on general IT controls regarding operating and hosting services for to Deloitte Statsautoriseret Revisionspartnerselskab CVR no. 33 96 35 56 Weidekampsgade 6 P.O. Box 1600 0900 Copenhagen C Denmark Phone +45 36 10 20 30 Fax +45 36 10 20 40 www.deloitte.dk IT Relation A/S

More information

SA 402(REVISED) AUDIT CONSIDERATIONS RELATING TO AN ENTITY USING

SA 402(REVISED) AUDIT CONSIDERATIONS RELATING TO AN ENTITY USING Part I : Engagement and Quality Control Standards I.271 SA 402(REVISED) AUDIT CONSIDERATIONS RELATING TO AN ENTITY USING A SERVICE ORGANISATION (EFFECTIVE FOR ALL AUDITS RELATING TO ACCOUNTING PERIODS

More information

Internal Control Questionnaire and Assessment

Internal Control Questionnaire and Assessment Bureau of Financial Monitoring and Accountability Florida Department of Economic Opportunity September 15, 2016 107 East Madison Street Caldwell Building Tallahassee, Florida 32399 www.floridajobs.org

More information

B S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013

B S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013 B S R & Co. LLP Reporting on Internal Controls over Financial Reporting An Overview Sarbanes Oxley Act (SOX) 28 December 2013 Agenda Sarbanes Oxley Key Sections COSO Framework Management Approach to ICOFR

More information

Audit Standards 6/23/2017. Outline. Let s Refresh. Changes to the IIA Standards

Audit Standards 6/23/2017. Outline. Let s Refresh. Changes to the IIA Standards Audit Standards Let s Refresh Outline Changes in the Standards Changes in the Yellowbook Standards Attribute/General Standards Performance/Fieldwork Standards Reporting Standards Key Differences Changes

More information

FRAUD RISK FACTORS CHECKLIST (Source: New AU Section 240, Appendix A)

FRAUD RISK FACTORS CHECKLIST (Source: New AU Section 240, Appendix A) Page 136 of 174 FRAUD RISK FACTORS CHECKLIST (Source: New AU Section 240, Appendix A) RECOGNIZING RISK FACTORS THAT SHOULD GET YOUR ATTENTION How to use the checklist: 1. Review this checklist towards

More information

REPORT WRITING & INDEPENDENT REVIEW

REPORT WRITING & INDEPENDENT REVIEW REPORT WRITING & INDEPENDENT REVIEW 1 PRESENTED BY FAITH NGWENYA TECHNICAL & STANDARDS SERVICES EXECUTIVE Professional Accountant 2 3 QUALITY CONTROL ISQC 1 Monitoring ISQC 1 Engagement performance Human

More information

Assessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive

Assessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive Assessment of the Design Effectiveness of Entity Level Controls Office of the Chief Audit Executive February 2017 Cette publication est également disponible en français. This publication is available in

More information

International Standard on Auditing (Ireland) 402 Audit Considerations Relating to an Entity using a Service Organisation

International Standard on Auditing (Ireland) 402 Audit Considerations Relating to an Entity using a Service Organisation International Standard on Auditing (Ireland) 402 Audit Considerations Relating to an Entity using a Service Organisation MISSION To contribute to Ireland having a strong regulatory environment in which

More information

How to plan an audit engagement

How to plan an audit engagement 01 November 2017 How to plan an audit engagement Chartered Institute of Internal Auditors Planning audit projects, or engagements, well will ensure you deliver a quality assurance and consulting service

More information

Audit & Risk Committee Charter

Audit & Risk Committee Charter Audit & Risk Committee Charter Status: Approved Custodian: Executive Office Date approved: 2014-03-14 Implementation date: 2014-03-17 Decision number: SAQA 04103/14 Due for review: 2015-03-13 File Number:

More information

Sheena Tran, CPA May 19, 2014

Sheena Tran, CPA May 19, 2014 Internal Controls Review 2012/13 Sheena Tran, CPA May 19, 2014 TO: ACCCA BOARD OF DIRECTORS This is considered to be a financial review and recommendations for the Association of California Community College

More information

PUBLIC SECTOR FINANCIAL MANAGEMENT: CONTROL. Andrew Graham Queens University School of Policy Studies

PUBLIC SECTOR FINANCIAL MANAGEMENT: CONTROL. Andrew Graham Queens University School of Policy Studies PUBLIC SECTOR FINANCIAL MANAGEMENT: CONTROL Andrew Graham Queens University School of Policy Studies www.andrewbgraham.ca 2 Just to Recap! Auditor-General's Report identifies lapses in Gardens By The Bay

More information

ISO The International Energy Management Standard. esta.org.uk

ISO The International Energy Management Standard. esta.org.uk ISO 50001 The International Energy Management Standard Background to Standard UK led development with British Standards Institute Based on committee member s experience and that of other advisors Based

More information

GRANITE CONSTRUCTION INCORPORATED AUDIT/COMPLIANCE COMMITTEE CHARTER

GRANITE CONSTRUCTION INCORPORATED AUDIT/COMPLIANCE COMMITTEE CHARTER GRANITE CONSTRUCTION INCORPORATED AUDIT/COMPLIANCE COMMITTEE CHARTER Purpose The Audit/Compliance Committee ( Committee ) is appointed by the Board of Directors and its purpose is to assist the Board in

More information

INTERNATIONAL STANDARD ON AUDITING 620 USING THE WORK OF AN AUDITOR S EXPERT CONTENTS

INTERNATIONAL STANDARD ON AUDITING 620 USING THE WORK OF AN AUDITOR S EXPERT CONTENTS INTERNATIONAL STANDARD ON 620 USING THE WORK OF AN AUDITOR S EXPERT (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph Introduction Scope

More information

Internal Audit Report

Internal Audit Report Internal Audit Report Key Financial Controls Accounts Payable and Accounts Receivable December 2017 To: Deputy Chief Executive Director of Finance Head of Finance Finance Manager Copied to: Operations

More information

INTERNATIONAL STANDARD ON AUDITING (IRELAND) 210 AGREEING THE TERMS OF AUDIT ENGAGEMENTS

INTERNATIONAL STANDARD ON AUDITING (IRELAND) 210 AGREEING THE TERMS OF AUDIT ENGAGEMENTS INTERNATIONAL STANDARD ON AUDITING (IRELAND) 210 AGREEING THE TERMS OF AUDIT ENGAGEMENTS MISSION To contribute to Ireland having a strong regulatory environment in which to do business by supervising and

More information

INTERNAL AUDIT CHARTER SECURE TRUST BANK PLC

INTERNAL AUDIT CHARTER SECURE TRUST BANK PLC INTERNAL AUDIT CHARTER SECURE TRUST BANK PLC 1 Internal Audit Charter 1. This Charter is based on the standard template for an Internal Audit Function Charter issued by the Chartered Institute of Internal

More information

Using Data Analytics to Detect Fraud

Using Data Analytics to Detect Fraud Using Data Analytics to Detect Fraud Other Data Analysis Techniques 2017 Association of Certified Fraud Examiners, Inc. Qualitative Data Analysis Most data analysis techniques require the use of data in

More information

Office of the Utah Legislative Auditor General. Fraud Prevention. Utah Government Finance Officers Association. Spring 2017 Conference

Office of the Utah Legislative Auditor General. Fraud Prevention. Utah Government Finance Officers Association. Spring 2017 Conference Office of the Utah Legislative Auditor General Fraud Prevention Utah Government Finance Officers Association Spring 2017 Conference Utah Legislative Auditor General Constitutional Charge and Authority

More information

Sarbanes-Oxley Compliance: Managing Technology Controls

Sarbanes-Oxley Compliance: Managing Technology Controls Sarbanes-Oxley Compliance: Managing Technology Controls WATCHIT PROGRAMS WatchIT delivers experience to the desktop. Our programs feature industry executives and experts who share insight and understanding

More information

Audit Committee Charter for XL Group Ltd

Audit Committee Charter for XL Group Ltd Audit Committee Charter for XL Group Ltd Audit Committee Charter for XL Group Ltd Purpose The Audit Committee is appointed by the Board to assist the Board in overseeing (1) the quality and integrity of

More information

Introductions. An Overview of the COSO 2013 Framework. Christian Peo Sharon Todd. An Overview of the 2013 COSO Framework.

Introductions. An Overview of the COSO 2013 Framework. Christian Peo Sharon Todd. An Overview of the 2013 COSO Framework. An Overview of the 2013 COSO Framework An Overview of the COSO 2013 Framework August 8, 2013 Introductions Christian Peo Sharon Todd Marc Wittenberg Module Name/SL/1 firms Course Objectives By the end

More information

This Internal Audit Charter is intended to define the role, responsibility and accountability of the Society s Internal Audit function.

This Internal Audit Charter is intended to define the role, responsibility and accountability of the Society s Internal Audit function. Internal Audit Charter and Terms of Reference Introduction The Chartered Institute of Internal Auditors ( CIIA ) defines internal auditing as an independent, objective assurance and consulting activity

More information

Quality Sign off for Internal Audit Engagement. Name of Audit

Quality Sign off for Internal Audit Engagement. Name of Audit This is a sample of a quality sign off form for an internal audit engagement and is intended as a practical example. It should be reviewed and modified to suit the operations of your Internal Audit function.

More information

Internal Controls: Facts and Fiction. Colin Wallace, Partner Advisory Services

Internal Controls: Facts and Fiction. Colin Wallace, Partner Advisory Services Internal Controls: Facts and Fiction Colin Wallace, Partner Advisory Services 2 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any

More information

Chapter 1 The Demand for an Auditing and Assurance Profession

Chapter 1 The Demand for an Auditing and Assurance Profession Chapter 1: The Demand for an Auditing and Assurance Profession Chapter 1 The Demand for an Auditing and Assurance Profession Audit Challenge 1-1: Assessing Privacy Practices 1. Hospital data could be obtained

More information