chapter 14 communicating assurance engagement outcomes and performing follow up procedures n.
Skip this Video
Download Presentation
CHAPTER 14 – Communicating Assurance Engagement Outcomes and Performing Follow up Procedures

Loading in 2 Seconds...

play fullscreen
1 / 22

CHAPTER 14 – Communicating Assurance Engagement Outcomes and Performing Follow up Procedures - PowerPoint PPT Presentation

  • Uploaded on

CHAPTER 14 – Communicating Assurance Engagement Outcomes and Performing Follow up Procedures. Objectives. Understand why it is appropriate and necessary to communicate assurance engagement outcomes Identify the different forms of assurance engagement communications

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'CHAPTER 14 – Communicating Assurance Engagement Outcomes and Performing Follow up Procedures' - zytka

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
  • Understand why it is appropriate and necessary to communicate assurance engagement outcomes
  • Identify the different forms of assurance engagement communications
  • Identify the steps involved in creating an effective assurance engagement communications
  • Understand the distribution process for the effectively communicating assurance engagement outcomes
  • Understand what is involved in effective monitoring of, and follow-up on assurance engagement outcomes
perform observation e valuation and escalation p rocess

Perform Observation Evaluation and Escalation Process

Determine the COSO Objective Category


Financial reporting




Impact and Likelihood of the Observations





Observation assessment template

Assisting documentation

Observation summary

observation assessment template
Observation Assessment Template
  • Conditions(facts)- What is found through testing?
  • Criteria- What should exist?
  • Cause- What allowed the condition to exist?
  • Effect- What could go wrong?
  • Compensating Controls-Other controls in place to mitigate the observation.
  • Conclusion- Detailed analysis
  • Detailed Recommendation- What does the IA function recommend?
  • Managements Solution- What will management do to fix the existing condition or prevent the problem from occurring again?
  • Observation Evaluation- The assessment
  • Evaluation performed by: Who performed the Evaluation?
  • Working paper Reference
interim engagement communication
Interim Engagement Communication
  • Communication is key to assurance engagement
  • Usually between IA’s and members of audit subject area
  • Purpose is to discuss observations throughout engagement
  • Information from this communication is eventually used in management’s action plan
final engagement communication
Final Engagement Communication
  • Preliminary facts and conclusions must be confirmed before being finalized
  • An exit interview is usually conducted in a formal meeting to resolve any last issues
  • Final meeting involves feedback and a proposed course of action
  • Results much be communicated to appropriate parties
final communication should include
Final Communication Should Include:
  • Purpose and Scope of the Engagement
  • Time Frame Covered by the Engagement
  • Observations and Recommendations
  • Conclusions and Ratings (if applicable)
  • Management’s Action Plan (if applicable)
rating system
Rating System
  • Relatively common
  • Effective Controls = Positive Observation
  • Ineffective Controls = Negative Observation
  • Systems range from numerical to descriptive ratings
  • Disadvantage: relationship tension between IA’s and area audited
distribute f ormal communications
Distribute Formal Communications
  • After all observations have been identified and assessed through observation evaluation and escalation processes individually and in the aggregate they must be communicated according to the results of that process
  • Communications must be reviewed and approved by the CAE or designee before they can be distributed
  • Then the CAE distributes the final engagement communication to management of the audited activity and members who can ensure the results are given due consideration and take corrective action
  • Assurance engagement communications are FORMAL or INFORMAL depending n the outcome as determined by the observation evaluation and escalation process
formal communications
Formal Communications
  • Recipients of formal assurance engagement communications are senior management, the audit committee, the organizations independent outside auditor, and/or auditee management
  • Use when controls evaluated during an assurance engagement are:

- insignificantly compromised (although key controls are compromised)

- significantly compromised

- materially compromised

  • Format used to be communicated through hard copies and word documents but now are moving towards power point presentations– format is less important than covering all of the elements of a formal communication
  • Should Include

- The purpose and scope of the audit

- The time frame of the audit

- The observations and recommendations (results) of the audit, if any

- The conclusion (opinion/rating) of the internal audit function

- Managements response (action plan) to the recommendations

informal communications
Informal Communications
  • Considered appropriate only when, during the observation evaluation and escalation process, all observations were assessed to be insignificant with no key controls compromised
  • Will cover insignificant observations related to secondary controls that may be compromised and will only
  • Distributed only to management of the area that was the target of the engagement informally via e-mail, face-to-face, meetings, or conference calls
  • To satisfy the Standards relative to communicating assurance engagement outcomes must still communicate to senior management , audit committee, and independent outside auditor that NO observations were identified related to key controls
quality of communications
Quality of Communications
  • Standard 2420 states that communications must be:
  • Accurate- free from errors and distortions and faithful to the underlying facts
  • Objective- fair, impartial, and unbiased; are the result of a fair-minded and balanced assessment of all relevant facts and circumstances
  • Clear- easily understood and logical providing all significant and relevant information; avoid using unnecessary technical language
  • Concise- to the point- avoid unnecessary elaboration, superfluous detail redundancies and wordiness
  • Constructive- helpful to the engagement client and the organization and lead to improvements where needed
  • Complete- lack nothing essential to target audience; include all significant and relevant information and observations to support recommendations and conclusions
  • Timely- opportune and expedient, depending on significance of the issue, allowing management to take appropriate corrective action
practice advisory 2420 1 quality of communications additional guidance
Practice advisory 2420-1: Quality of Communications additional guidance
  • Internal Auditors should:
  • Gather, evaluate, and summarize data and evidence with care and precision
  • Derive and express observations, conclusions, and recommendations without prejudice, partisanship, personal interests, and undue influence of others
  • Improve clarity by avoiding unnecessary technical language and providing all significant and relevant information in context
  • Develop communications with the objective of making each element meaningful but succinct
  • Adopt a useful, positive, and well-meaning content and tone that focuses on the organizations objectives
  • Ensure communication is consistent with the organizations style and culture
  • Plan the timing of the presentation of engagement results to avoid undue delay
errors and omissions
Errors and Omissions
  • At times there will be an unintentional misstatement or omission of significant information in the final engagement communication
  • According to the Standards 2421: Errors and Omissions “If a final communication contains a significant error or omission, the CAE must communicate corrected information to all parties who received the original communication”
perform monitoring and follow up
Perform Monitoring and Follow-up
  • As stated in the Standards, the internal auditor is to “establish a follow-up process to monitor and ensure that management actions have been effectively implemented or that senior management has accepted the risk of not taking action”
perform monitoring and follow up1
Perform Monitoring and Follow-up
  • The internal auditor’s job isn’t done when the engagement results are communicated.
  • During the engagement, the internal auditor identifies observations and management must make the choice to:
    • Implement changes to remediate the observation
    • Accept the risk associated with making no changes to the control
  • Management’s decision determines the course of the monitoring and follow-up procedures.
  • Management
    • implements suggested changes
  • Internal auditor
    • monitors the progress of changes
    • Regularly follow-ups to assess efficiency and effectiveness of changes
    • Ensures that changes are made in accordance with the schedule defined in the final engagement communication
    • Document findings for working papers, and additional follow-up
  • Management
    • Accepts the risk
  • Chief Audit Executive
    • Evaluates management’s decision

If it is believed that management has accepted a risk beyond the tolerance, the CAE must:

    • Discuss with management
    • If not resolved, must report it to the Board of Directors for resolution
assurance engagement outcome
Assurance Engagement Outcome
  • Specific focus of Chapter 14
  • Consulting engagement communications are discussed in Chapter 15