Chapter 14 communicating assurance engagement outcomes and performing follow up procedures
This presentation is the property of its rightful owner.
Sponsored Links
1 / 22

CHAPTER 14 – Communicating Assurance Engagement Outcomes and Performing Follow up Procedures PowerPoint PPT Presentation


  • 46 Views
  • Uploaded on
  • Presentation posted in: General

CHAPTER 14 – Communicating Assurance Engagement Outcomes and Performing Follow up Procedures. Objectives. Understand why it is appropriate and necessary to communicate assurance engagement outcomes Identify the different forms of assurance engagement communications

Download Presentation

CHAPTER 14 – Communicating Assurance Engagement Outcomes and Performing Follow up Procedures

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Chapter 14 communicating assurance engagement outcomes and performing follow up procedures

CHAPTER 14 – Communicating Assurance Engagement Outcomes and Performing Follow up Procedures


Objectives

Objectives

  • Understand why it is appropriate and necessary to communicate assurance engagement outcomes

  • Identify the different forms of assurance engagement communications

  • Identify the steps involved in creating an effective assurance engagement communications

  • Understand the distribution process for the effectively communicating assurance engagement outcomes

  • Understand what is involved in effective monitoring of, and follow-up on assurance engagement outcomes


Perform observation e valuation and escalation p rocess

Perform Observation Evaluation and Escalation Process

Determine the COSO Objective Category

Operations

Financial reporting

Compliance

Classification

Inadequately/Ineffectively

Impact and Likelihood of the Observations

Assessment

Insignificant

Significant

Material

Observation assessment template

Assisting documentation

Observation summary


Observation assessment template

Observation Assessment Template

  • Conditions(facts)- What is found through testing?

  • Criteria- What should exist?

  • Cause- What allowed the condition to exist?

  • Effect- What could go wrong?

  • Compensating Controls-Other controls in place to mitigate the observation.

  • Conclusion- Detailed analysis

  • Detailed Recommendation- What does the IA function recommend?

  • Managements Solution- What will management do to fix the existing condition or prevent the problem from occurring again?

  • Observation Evaluation- The assessment

  • Evaluation performed by: Who performed the Evaluation?

  • Working paper Reference


Conducting interim and preliminary communications

Conducting Interim and Preliminary Communications


Interim engagement communication

Interim Engagement Communication

  • Communication is key to assurance engagement

  • Usually between IA’s and members of audit subject area

  • Purpose is to discuss observations throughout engagement

  • Information from this communication is eventually used in management’s action plan


Final engagement communication

Final Engagement Communication

  • Preliminary facts and conclusions must be confirmed before being finalized

  • An exit interview is usually conducted in a formal meeting to resolve any last issues

  • Final meeting involves feedback and a proposed course of action

  • Results much be communicated to appropriate parties


Develop final engagement communications

Develop Final Engagement Communications


Final communication should include

Final Communication Should Include:

  • Purpose and Scope of the Engagement

  • Time Frame Covered by the Engagement

  • Observations and Recommendations

  • Conclusions and Ratings (if applicable)

  • Management’s Action Plan (if applicable)


Rating system

Rating System

  • Relatively common

  • Effective Controls = Positive Observation

  • Ineffective Controls = Negative Observation

  • Systems range from numerical to descriptive ratings

  • Disadvantage: relationship tension between IA’s and area audited


Distribute f ormal communications

Distribute Formal Communications

  • After all observations have been identified and assessed through observation evaluation and escalation processes individually and in the aggregate they must be communicated according to the results of that process

  • Communications must be reviewed and approved by the CAE or designee before they can be distributed

  • Then the CAE distributes the final engagement communication to management of the audited activity and members who can ensure the results are given due consideration and take corrective action

  • Assurance engagement communications are FORMAL or INFORMAL depending n the outcome as determined by the observation evaluation and escalation process


Formal communications

Formal Communications

  • Recipients of formal assurance engagement communications are senior management, the audit committee, the organizations independent outside auditor, and/or auditee management

  • Use when controls evaluated during an assurance engagement are:

    - insignificantly compromised (although key controls are compromised)

    - significantly compromised

    - materially compromised

  • Format used to be communicated through hard copies and word documents but now are moving towards power point presentations– format is less important than covering all of the elements of a formal communication

  • Should Include

    - The purpose and scope of the audit

    - The time frame of the audit

    - The observations and recommendations (results) of the audit, if any

    - The conclusion (opinion/rating) of the internal audit function

    - Managements response (action plan) to the recommendations


Informal communications

Informal Communications

  • Considered appropriate only when, during the observation evaluation and escalation process, all observations were assessed to be insignificant with no key controls compromised

  • Will cover insignificant observations related to secondary controls that may be compromised and will only

  • Distributed only to management of the area that was the target of the engagement informally via e-mail, face-to-face, meetings, or conference calls

  • To satisfy the Standards relative to communicating assurance engagement outcomes must still communicate to senior management , audit committee, and independent outside auditor that NO observations were identified related to key controls


Quality of communications

Quality of Communications

  • Standard 2420 states that communications must be:

  • Accurate- free from errors and distortions and faithful to the underlying facts

  • Objective- fair, impartial, and unbiased; are the result of a fair-minded and balanced assessment of all relevant facts and circumstances

  • Clear- easily understood and logical providing all significant and relevant information; avoid using unnecessary technical language

  • Concise- to the point- avoid unnecessary elaboration, superfluous detail redundancies and wordiness

  • Constructive- helpful to the engagement client and the organization and lead to improvements where needed

  • Complete- lack nothing essential to target audience; include all significant and relevant information and observations to support recommendations and conclusions

  • Timely- opportune and expedient, depending on significance of the issue, allowing management to take appropriate corrective action


Practice advisory 2420 1 quality of communications additional guidance

Practice advisory 2420-1: Quality of Communications additional guidance

  • Internal Auditors should:

  • Gather, evaluate, and summarize data and evidence with care and precision

  • Derive and express observations, conclusions, and recommendations without prejudice, partisanship, personal interests, and undue influence of others

  • Improve clarity by avoiding unnecessary technical language and providing all significant and relevant information in context

  • Develop communications with the objective of making each element meaningful but succinct

  • Adopt a useful, positive, and well-meaning content and tone that focuses on the organizations objectives

  • Ensure communication is consistent with the organizations style and culture

  • Plan the timing of the presentation of engagement results to avoid undue delay


Errors and omissions

Errors and Omissions

  • At times there will be an unintentional misstatement or omission of significant information in the final engagement communication

  • According to the Standards 2421: Errors and Omissions “If a final communication contains a significant error or omission, the CAE must communicate corrected information to all parties who received the original communication”


Perform monitoring and follow up

Perform Monitoring and Follow-up

  • As stated in the Standards, the internal auditor is to “establish a follow-up process to monitor and ensure that management actions have been effectively implemented or that senior management has accepted the risk of not taking action”


Perform monitoring and follow up1

Perform Monitoring and Follow-up

  • The internal auditor’s job isn’t done when the engagement results are communicated.

  • During the engagement, the internal auditor identifies observations and management must make the choice to:

    • Implement changes to remediate the observation

    • Accept the risk associated with making no changes to the control

  • Management’s decision determines the course of the monitoring and follow-up procedures.


Implementation

Implementation

  • Management

    • implements suggested changes

  • Internal auditor

    • monitors the progress of changes

    • Regularly follow-ups to assess efficiency and effectiveness of changes

    • Ensures that changes are made in accordance with the schedule defined in the final engagement communication

    • Document findings for working papers, and additional follow-up


Acceptance

Acceptance

  • Management

    • Accepts the risk

  • Chief Audit Executive

    • Evaluates management’s decision

      If it is believed that management has accepted a risk beyond the tolerance, the CAE must:

    • Discuss with management

    • If not resolved, must report it to the Board of Directors for resolution


Assurance engagement outcome

Assurance Engagement Outcome

  • Specific focus of Chapter 14

  • Consulting engagement communications are discussed in Chapter 15


Questions

Questions?


  • Login