CHAPTER 14 – Communicating Assurance Engagement Outcomes and Performing Follow up Procedures - PowerPoint PPT Presentation

zytka
chapter 14 communicating assurance engagement outcomes and performing follow up procedures n.
Skip this Video
Loading SlideShow in 5 Seconds..
CHAPTER 14 – Communicating Assurance Engagement Outcomes and Performing Follow up Procedures PowerPoint Presentation
Download Presentation
CHAPTER 14 – Communicating Assurance Engagement Outcomes and Performing Follow up Procedures

play fullscreen
1 / 22
Download Presentation
CHAPTER 14 – Communicating Assurance Engagement Outcomes and Performing Follow up Procedures
214 Views
Download Presentation

CHAPTER 14 – Communicating Assurance Engagement Outcomes and Performing Follow up Procedures

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. CHAPTER 14 – Communicating Assurance Engagement Outcomes and Performing Follow up Procedures

  2. Objectives • Understand why it is appropriate and necessary to communicate assurance engagement outcomes • Identify the different forms of assurance engagement communications • Identify the steps involved in creating an effective assurance engagement communications • Understand the distribution process for the effectively communicating assurance engagement outcomes • Understand what is involved in effective monitoring of, and follow-up on assurance engagement outcomes

  3. Perform Observation Evaluation and Escalation Process Determine the COSO Objective Category Operations Financial reporting Compliance Classification Inadequately/Ineffectively Impact and Likelihood of the Observations Assessment Insignificant Significant Material Observation assessment template Assisting documentation Observation summary

  4. Observation Assessment Template • Conditions(facts)- What is found through testing? • Criteria- What should exist? • Cause- What allowed the condition to exist? • Effect- What could go wrong? • Compensating Controls-Other controls in place to mitigate the observation. • Conclusion- Detailed analysis • Detailed Recommendation- What does the IA function recommend? • Managements Solution- What will management do to fix the existing condition or prevent the problem from occurring again? • Observation Evaluation- The assessment • Evaluation performed by: Who performed the Evaluation? • Working paper Reference

  5. Conducting Interim and Preliminary Communications

  6. Interim Engagement Communication • Communication is key to assurance engagement • Usually between IA’s and members of audit subject area • Purpose is to discuss observations throughout engagement • Information from this communication is eventually used in management’s action plan

  7. Final Engagement Communication • Preliminary facts and conclusions must be confirmed before being finalized • An exit interview is usually conducted in a formal meeting to resolve any last issues • Final meeting involves feedback and a proposed course of action • Results much be communicated to appropriate parties

  8. Develop Final Engagement Communications

  9. Final Communication Should Include: • Purpose and Scope of the Engagement • Time Frame Covered by the Engagement • Observations and Recommendations • Conclusions and Ratings (if applicable) • Management’s Action Plan (if applicable)

  10. Rating System • Relatively common • Effective Controls = Positive Observation • Ineffective Controls = Negative Observation • Systems range from numerical to descriptive ratings • Disadvantage: relationship tension between IA’s and area audited

  11. Distribute Formal Communications • After all observations have been identified and assessed through observation evaluation and escalation processes individually and in the aggregate they must be communicated according to the results of that process • Communications must be reviewed and approved by the CAE or designee before they can be distributed • Then the CAE distributes the final engagement communication to management of the audited activity and members who can ensure the results are given due consideration and take corrective action • Assurance engagement communications are FORMAL or INFORMAL depending n the outcome as determined by the observation evaluation and escalation process

  12. Formal Communications • Recipients of formal assurance engagement communications are senior management, the audit committee, the organizations independent outside auditor, and/or auditee management • Use when controls evaluated during an assurance engagement are: - insignificantly compromised (although key controls are compromised) - significantly compromised - materially compromised • Format used to be communicated through hard copies and word documents but now are moving towards power point presentations– format is less important than covering all of the elements of a formal communication • Should Include - The purpose and scope of the audit - The time frame of the audit - The observations and recommendations (results) of the audit, if any - The conclusion (opinion/rating) of the internal audit function - Managements response (action plan) to the recommendations

  13. Informal Communications • Considered appropriate only when, during the observation evaluation and escalation process, all observations were assessed to be insignificant with no key controls compromised • Will cover insignificant observations related to secondary controls that may be compromised and will only • Distributed only to management of the area that was the target of the engagement informally via e-mail, face-to-face, meetings, or conference calls • To satisfy the Standards relative to communicating assurance engagement outcomes must still communicate to senior management , audit committee, and independent outside auditor that NO observations were identified related to key controls

  14. Quality of Communications • Standard 2420 states that communications must be: • Accurate- free from errors and distortions and faithful to the underlying facts • Objective- fair, impartial, and unbiased; are the result of a fair-minded and balanced assessment of all relevant facts and circumstances • Clear- easily understood and logical providing all significant and relevant information; avoid using unnecessary technical language • Concise- to the point- avoid unnecessary elaboration, superfluous detail redundancies and wordiness • Constructive- helpful to the engagement client and the organization and lead to improvements where needed • Complete- lack nothing essential to target audience; include all significant and relevant information and observations to support recommendations and conclusions • Timely- opportune and expedient, depending on significance of the issue, allowing management to take appropriate corrective action

  15. Practice advisory 2420-1: Quality of Communications additional guidance • Internal Auditors should: • Gather, evaluate, and summarize data and evidence with care and precision • Derive and express observations, conclusions, and recommendations without prejudice, partisanship, personal interests, and undue influence of others • Improve clarity by avoiding unnecessary technical language and providing all significant and relevant information in context • Develop communications with the objective of making each element meaningful but succinct • Adopt a useful, positive, and well-meaning content and tone that focuses on the organizations objectives • Ensure communication is consistent with the organizations style and culture • Plan the timing of the presentation of engagement results to avoid undue delay

  16. Errors and Omissions • At times there will be an unintentional misstatement or omission of significant information in the final engagement communication • According to the Standards 2421: Errors and Omissions “If a final communication contains a significant error or omission, the CAE must communicate corrected information to all parties who received the original communication”

  17. Perform Monitoring and Follow-up • As stated in the Standards, the internal auditor is to “establish a follow-up process to monitor and ensure that management actions have been effectively implemented or that senior management has accepted the risk of not taking action”

  18. Perform Monitoring and Follow-up • The internal auditor’s job isn’t done when the engagement results are communicated. • During the engagement, the internal auditor identifies observations and management must make the choice to: • Implement changes to remediate the observation • Accept the risk associated with making no changes to the control • Management’s decision determines the course of the monitoring and follow-up procedures.

  19. Implementation • Management • implements suggested changes • Internal auditor • monitors the progress of changes • Regularly follow-ups to assess efficiency and effectiveness of changes • Ensures that changes are made in accordance with the schedule defined in the final engagement communication • Document findings for working papers, and additional follow-up

  20. Acceptance • Management • Accepts the risk • Chief Audit Executive • Evaluates management’s decision If it is believed that management has accepted a risk beyond the tolerance, the CAE must: • Discuss with management • If not resolved, must report it to the Board of Directors for resolution

  21. Assurance Engagement Outcome • Specific focus of Chapter 14 • Consulting engagement communications are discussed in Chapter 15

  22. Questions?