280 likes | 293 Views
Join Jean-Pierre Garitte in Skopje on April 8, 2019, for an informative session on the components and connections of field work in the audit process. Learn about planning, preliminary survey, and detailed review of internal control systems.
 
                
                E N D
PEM PAL IA COPAudit in Practice Working Group Introduction to the field work Jean-Pierre Garitte Skopje 8 April 2019
Agenda • Part 1: Review on where we are • Part 2: The components of the field work • Part 3: Reference to the ISPPIA • Part 4: How does field work connect to our planning?
Agenda • Part 1: Review on where we are • Part 2: The components of the field work • Part 3: Reference to the ISPPIA • Part 4: How does field work connect to our planning?
Audit cycle is a rather generic process 1 2 3 4 5 6 Planning Preliminary Survey Fieldwork Reporting Action Plan (includes quality satisfaction) Follow-Up Planning Execution Reporting Rule of thumb: 20% for planning and preliminary survey (1, 2) 60% for fieldwork (3) 20% for reporting (4)
Planning 1 2 3 4 5 6 Planning Preliminary Survey Fieldwork Reporting Action Plan Follow-up • Scheduling of the engagement • Announcement of the engagement • Opening meeting
Preliminary Survey 1 2 3 4 5 6 Planning Preliminary Survey Fieldwork Reporting Action Plan Follow-Up • Desk review • Risk (re-)assessment • Engagement planning memorandum • Preparation of audit program • Kick-off meeting with auditee
Agenda • Part 1: Review on where we are • Part 2: The components of the field work • Part 3: Reference to the ISPPIA • Part 4: How does field work connect to our planning?
Fieldwork 1 2 3 4 5 6 Planning Preliminary Survey Fieldwork Reporting Action Plan Follow-Up • Detailed review of internal control system • Test of control design • Test of operating effectiveness • Formalising observations • Validation meeting
Activities Processes under review Management’s Objectives Risks Fieldwork Detailed review of the internal control system Reviewing the activities, processes, management's objectives, risks, and internal controls Are we responding to risk in the right way? Are these being achieved? What is the internal control system? Risk Response Are these being managed? Effective? Mitigating Controls
Activities Processes under review Management’s Objectives Risks The Fieldwork – Step A A Detailed review of the Internal Control System Review of the activities, processes, objectives of management, risks and internal controls Risk Response Internal Controls Takeinto account the controlframework.
The Fieldwork – Step B B Test of Design adequacy • Are the internal controls adequate to mitigate the risks? Assessment ofInternal Controls Finding StrongControl ? No E E E Yes C C • Auditors will identify strengths to be tested (in D) • C = Analysis of strengths and weaknesses • E = Observation form
The Fieldwork – Step D D Tests of Implementation effectiveness • Do the internal controls work effectively as they are designed? Finding C E E Tests of Detail Confirmed StrongInternal Control Maybe recordedin Audit Report Applied in practice ? No Yes
The Fieldwork – Step F • F Validation meeting • A formal validation meeting with the auditee (normally at Management level for the process being audited) is organised no later than xxx days/weeks following the end of the fieldwork. • The aim is to reach, during the formal validation meeting, an agreement, at the appropriate hierarchical level, on the facts, which will not be reopened or questioned again in the reporting stages of the audit. It is not a conclusion but an opportunity and should allow for the necessary understanding in order to prepare the report and the final conclusions.
Agenda • Part 1: Review on where we are • Part 2: The components of the field work • Part 3: Reference to the ISPPIA • Part 4: How does field work connect to our planning?
Standard 2300 – Performing the engagement • “Internal auditors must identify, analyze, evaluate, and document sufficient information to achieve the engagement’s objectives.”
Standard 2310 – Identifying information “Internal auditors must identify sufficient, reliable, relevant and useful information to achieve the engagement’s objectives.” • Interpretation: • Sufficient information is factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions as the auditor. Reliable information is the best attainable information through the use of appropriate engagement techniques. Relevant information supports engagement observations and recommendations and is consistent with the objectives for the engagement. Useful information helps the organization meet its goals.
Standard 2320 – Analysis and Evaluation “Internal auditors must base conclusions and engagement results on appropriate analyses and evaluations.”
Standard 2330 – Documenting Information • “Internal auditors must document sufficient, reliable, relevant, and useful information to support the engagement results and conclusions.”
Standard 2340 – Engagement supervision • “Engagements must be properly supervised to ensure objectives are achieved, quality is assured, and staff is developed.” • Interpretation: • The extent of supervision required will depend on the proficiency and experience of internal auditors and the complexity of the engagement. The chief audit executive has overall responsibility for supervising the engagement, whether performed by or for the internal audit activity, but may designate appropriately experienced members of the internal audit activity to perform the review. Appropriate evidence of supervision is documented and retained.
Agenda • Part 1: Review on where we are • Part 2: The components of the field work • Part 3: Reference to the ISPPIA • Part 4: How does field work connect to our planning?
Risk / control matrix (2) Name of (sub)process Inherent risk(s) to (sub)process Risk rating Expected mitigating controls Tests of control design Conclusion on control adequacy Tests of control implementation Conclusion on control effectiveness Overall conclusion
Field work (1) Develop necessary steps to assess the design of controls Execute the steps to assess the design of controls Discuss the observations on the design of controls with auditees Conclude on the adequacy of controls Submit working papers for review
Field work (2) Develop tests to assess the effective implementation of controls Execute the tests to assess the effectiveness of controls Discuss the observations resulting from the tests of controls with auditees Conclude on the effectiveness of controls Submit working papers for review
Field work (3) Prepare overall conclusions with regard to adequacy and effectiveness of controls Submit working papers for review