Effective Preliminary Surveys. Presented by: UCSF Audit Services

Similar documents
UNIVERSITY OF CALIFORNIA, SAN FRANCISCO AUDIT SERVICES. PROCUREMENT CARD Project # June 2011

Internal Auditor: Finance and Operations

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)

Quality Assurance in Internal Audit. Standard on Internal Audit (SIA) 7

Internal Audit Technician Training program Modules & Outcomes

Tools & Techniques II: Lead Auditor

Internal Audit Appendix: IIA Standards

UNIVERSITY OF CALIFORNIA, SAN FRANCISCO AUDIT AND ADVISORY SERVICES. School of Dentistry Health Sciences Compensation Plan Project #16-013

Internal Audit Charter

Quality Assurance and Improvement Program (QAIP)

Internal Audit Charter

Implementation Guide 1311

Internal Auditing 101

UNIVERSITY OF CALIFORNIA, SAN FRANCISCO AUDIT SERVICES. Outpatient Pharmacy Billing Project #11-018(A) December 2010

Audit Project Process Overview 1/18/ Compliance and Audit Symposium. Agenda. How to Kick-start your. Audit Planning and Risk Assessment

Quality Sign off for Internal Audit Engagement. Name of Audit

Financial CIA-I. Certified Internal Auditor (CIA) Download Full Version :

List of Key Performance Indicators

IT Audit Process. Michael Romeu-Lugo MBA, CISA March 27, IT Audit Process. Prof. Mike Romeu

Internal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP

S23 - Hallmarks of a Strong Audit Function Lilian Fong and Marta O'Shea

Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8 th Edition

Internal Audit and SOX Best Practices

Implementation Guide 2201

Kentucky State University Office of Internal Audit

Certified Internal Auditor - Part 1, The Internal Audit Activity's Role in Governance, Risk, and Control

Implementation Guide 2300

BCP Methodology Benefits realisation

External Quality Assurance Review of the Office of the Auditor General Proposed Statement of Work for the Audit Sub- Committee.

Mubarak for Accounting, Auditing & Financial Consultancy

Technical Services Document #: TS-0007 Internal Audit Procedure Version #: 01

Internal Audit Report. BOCC Community Development Code Enforcement

Audit committee performance evaluation

Implementation Guide 2130

Comprehensive Program Review (CPR)

Audit Planning and risk assessment. Presentation by Richard Maggs to the PEMPAL Seminar in St Petersburg September 2013

City of Markham. Report of the Auditor General Human Resources Information System ( HRIS ) Implementation Audit. Presented to:

NOT PROTECTIVELY MARKED. Item Number 5.10 Gary Devlin, Partner, Scott- Moncrieff Recommendation to Members Members are requested to note the report.

IPO Readiness. Sarbanes-Oxley Compliance & Other Considerations. Presented by:

The Red (Book) Rocks The Latest and Greatest Audit Standards

The following information is intended to provide clarity regarding the audit process and expected communication. While every audit can differ, it is

UNIVERSITY OF CALIFORNIA, SAN FRANCISCO AUDIT AND ADVISORY SERVICES

THE UNIVERSITY OF TOLEDO AUDIT COMMITTEE MEETING. October 19, 2009

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.

How to plan an audit engagement

COUNTYWIDE RISK ASSESSMENT AND AUDIT PLAN SUMMIT COUNTY, OHIO

EXTERNAL QUALITY ASSESSMENT OF ORANGE COUNTY S INTERNAL AUDIT DEPARTMENT

BUSINESS RISK MANAGEMENT LTD. Proposal for External Quality Assessment of the Internal Audit function against world class best practice

IT MANAGER - BUSINESS & TECHNOLOGY APPLICATIONS (12235) ( )

HSE Assurance Overview

PROJECT SUMMARY. Summary of Significant Results

BOARD OF REGENTS OF THE UNIVERSITY OF WISCONSIN SYSTEM

Certificate in Internal Audit IV

Review of Duke Energy Florida, LLC Internal Audit Function

August 14, Dear Ms. Gula:

IT MANAGER - BUSINESS & TECHNOLOGY APPLICATIONS (12235) ( )

Continuous Auditing. Human Action Metrics. By Santos Monroy April 2, 2009

SECTION C-3 PERFORMING THE ENGAGEMENT

Evaluenz Special Edition on Internal Controls Over Financial Reporting (ICFR) 2016

Audit Training-of-Trainers Workshop, November 2014, Vienna Components of internal control within organization

INTERNAL AUDIT POLICIES AND PROCEDURES OPERATING MANUAL

Advanced Audit Techniques

Office of Internal Auditing

OFFICE OF INTERNAL AUDIT AUDIT MANUAL

Continuous Auditing and Monitoring technology - the next generation

3/4/2019 INTRO TO HIGHER EDUCATION AUDITING PRACTICALLY PERFECT PLANNING

AGENDA ECU Board of Trustees Audit Committee Meeting ECHI Conference Room September 24, :30 am. I. Approval of April 16, 2009 Minutes Action

External Quality Assessment Of The University Of Florida s Office Of Audit & Compliance Review May 2012

Internal Audit Charter

ELK GROVE UNIFIED SCHOOL DISTRICT

The NYSE Internal Audit Requirement

Southern Oregon University Internal Audit Plan Fiscal Year 2017

Subcontractor and Vendor Kickbacks. Next Slide

The Blue Sage Group. Sarbanes-Oxley. 404 Compliance Program. The Blue Sage Group

INTERNAL AUDIT CHARTER (Revision No. 4)

INTERNAL AUDIT : THE ROAD AHEAD. CIVIL ACCOUNTS DAY 1 st MARCH 2012

Certificate in Internal Audit 3

AUDIT FIELD WORK Laws and Regulations. Presenter: Errol Gardner

GATU Webinar Part 1 March 2017 Presented by Carol Kraus, CPA

Internal Audit How the Internal Audit Function Facilitates Internal Controls. Office of the City Auditor City of Tallahassee

Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions

Internal Audit Standard Operational Procedure Manual

Periodic internal quality assessment Questions for discussion

Internal Audit Report. BOCC Utilities

Performance Auditing: What It Is, and Why It Is Important Presented by: Harriet Richardson, CPA, CIA, CGAP Audit Manager, City of Berkeley

Internal Controls Over Financial Reporting (ICoFR) Overview and Practical Aspects

PEOPLESOFT HUMAN RESOURCES AND PEOPLESOFT FINANCIALS SYSTEM CONTROLS REVIEW PROGRAM EVALUATION AND AUDIT

Master Document Audit Program. Version 9.6, dated November 2017 B-1 Planning Considerations. Purpose and Scope

Independent Validation of the Internal Auditing Self-Assessment

Internal Auditing For Medicare Part D. The Medicare Part D Prescription Drug Program

W207: How should you leverage internal audit? October 26, 2016

Position Description Auditor, Financial Audit

Internal Audit Quality Policy

July 30, (1) CHAPTER 5. Table of Contents

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

Preparing for the Financial Statement Audit

Presentation by: CPA Zachary Muthui

TERMS OF REFERENCE Public Financial Management Consultant

Washington State University Office of Internal Audit FY 2015 Audit Plan

HUD-US DEPT OF HOUSING & URBAN DEVELOPMENT: Understanding Internal Controls. Ladies and gentlemen, thank you for standing by and welcome to the

Transcription:

Effective Preliminary Surveys Presented by: UCSF Audit Services

Session Objectives IIA Professional Standards requirements for preliminary surveys Best practices followed by your colleagues at other UC campuses Walk through an approach to conducting a preliminary survey

Why is an effective Preliminary Survey so important? Determines the objectives and scope of the audit Helps focus audit resources to significant risks, thereby providing greater value to management Assures the quality and efficiency of the review Provides a better understanding of the activity being reviewed Determines what needs to be done, how and when Determines resources that needs to be allocated Compliance with Professional Standards

IIA International Standards Professional standards requires that in planning an audit engagement the internal auditor must consider: The significant risks of the activity, its objectives, resources and operations The adequacy and effectiveness of the activity s risk management and control processes

IIA International Standards (2) Objectives must be established for each engagement (Standard# 2210) Auditors must conduct a preliminary assessment of the risks relevant to the activity under review Engagement objectives must reflect the results of the assessment (Standard # 2201.A1)

Challenges in conducting a Preliminary Survey Most difficult and challenging part of the audit process Steep learning curve Business objectives and metrics Striking the right balance Identifying the right risks Spending too much time on PS Preliminary survey creep

Common Campus Practices All Campuses differ somewhat in their approach in conducting the Preliminary Surveys (PS) Most capture background information, financial data, regulatory and policy information, major functions, automated systems and risk evaluation

Best Practices Use of Internal Controls Questionnaire (ICQ) to identify high risk areas and controls

Sample ICQ

PS Best Practices Use of Internal Controls Questionnaire (ICQ) to identify high risk areas and controls Use of Separation of Duties Matrix (SOD) to identify proper internal controls

Sample SOD Matrix

Best Practices Use of Internal Controls Questionnaire (ICQ) to identify high risk areas and controls Use of Separation of Duties Matrix (SOD) to identify proper internal controls Use Computer Assisted Auditing Tools (CAATs) to perform financial and transactional data analysis to identify potential risk areas

Sample ACL Query

PS Best Practices Use of Internal Controls Questionnaire (ICQ) to identify high risk areas and controls Use of Separation of Duties Matrix (SOD) to identify proper internal controls Use Computer Assisted Auditing Tools (CAATs) to perform financial and transactional data analysis to identify potential risk areas Use of a risk matrix that details the risks identified, expected controls, risk rating and proposed test work

Sample Risk Matrix

Best Practices (2) Hold pre-planning discussions to brainstorm risks with audit staff/managers Research subject area(s) and probe with internal contacts for known problems and concerns previously raised Assignment of an initial project budget just for the PS work and allocating a permanent project budget after completion of the PS based on risk areas to be audited Meet with clients toward the end of the PS to validate information and obtain feedback on risk areas

Food Services A Preliminary Survey Case Study

Preliminary Survey Program Interview management on business objectives Organization chart(s) Review department procedure manuals Analyze financial and business Information Review regulatory and University requirements Assess information technology environment Review previous audit work papers and reports Conduct interviews with relevant department personnel Assess for fraud risks exposure Create risk matrix

Case Study: Background Why in the Plan Known Risks Importance

Case Study: Business Objectives Mission Statement Goals and Objectives Metrics

Case Study: Regulatory/Policies Federal and State Laws University Policies Department SOP

Case Study: Major Functions Meals to Patients Cafeteria Services Catering

Case Study: Data Analysis Organization structure Staffing, Financial, Payroll Business Volume and data

Case Study: Information Systems System Process Flows System Controls Mitigating Controls

Case Study: Risk Matrix Key Functions Controls and Weaknesses Risk Ranking

Food Services Risk Matrix

Clients Feedback Meet with client(s) after completion of the preliminary survey to solicit feedback on the audit objectives identified for the project. Additionally, this is the opportunity to confirm the timeline

Case Study: Resource Allocation Staffing and Hours IT Resources CAATs

Final Steps Complete documentation Supervisor sign-off Create and sign off audit program Begin fieldwork

Questions???

Contact Information Rick Catalano Audit Director Rick.Catalano@UCSF.edu (415) 502-2238 Zuleikha Shakoor Senior Associate Audit Director Zuleikha.Shakoor@UCSF.edu (415) 476-9543 Tom Poon Associate Audit Director Tom.Poon@UCSF.edu (415) 514-0435

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback