Published on

SEATA PPT Presentation for FREE Download by TOMMY SEAH from CFE-In-Practice

Published in: Education, Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. <ul><li>Administrative Details </li></ul><ul><li>9.30 - 10.15 Introductory Lectures </li></ul><ul><li>10.15 - 10.30 Coffee Break </li></ul><ul><li>10.30 - 12.00 Product Lecture </li></ul><ul><li>12.00 - 2.00 Lunch </li></ul><ul><li>2.00 - 3.00 Case Study </li></ul><ul><li>3.00 - 3.15 Tea Break </li></ul><ul><li>3.15 - 4.00 Exercises and Q & A </li></ul><ul><li>4.00 - End of Day </li></ul>    CFE-In-Practice
  2. 2. <ul><li>AUDIT DOCUMENTATION </li></ul><ul><li>- </li></ul><ul><li>TOOLS & TECHNIQUES </li></ul><ul><li>for </li></ul><ul><li>THE </li></ul><ul><li>INTERNAL AUDITOR </li></ul>Tommy Seah CFE, Vice Chairman of the ACFE Board of Regents (Texas, USA) World Headquarters CFE-In-Practice
  3. 3.     Tools and Techniques for the Internal Auditor Objective Conduct an audit from beginning to end. Learn to understand risks and to identify, evaluate, and document internal controls. Use the preliminary survey to determine how and what to audit. Discover the best techniques for gathering audit evidence and preparing working papers. Enhance interpersonal and team-building skills throughout the audit. Understand the audit communication process
  4. 4. <ul><li>How do we achieve our objectives? </li></ul><ul><li>The Internal Auditor's Roles and Responsibilities </li></ul><ul><li>Audit responsibilities and general audit objectives </li></ul><ul><ul><li>Types of internal audits and factors impacting audit </li></ul></ul><ul><li>emphasis </li></ul><ul><ul><li>Attributes of the 21 st century internal auditor </li></ul></ul><ul><li>The Audit Model - Performance of Audit Work </li></ul><ul><ul><li>Overview of the audit process </li></ul></ul><ul><ul><li>Plan the audit - the preliminary survey, audit </li></ul></ul><ul><ul><li>objectives, scope, and audit program </li></ul></ul><ul><ul><li>Examine and evaluate information during fieldwork </li></ul></ul><ul><ul><li>Communicate results </li></ul></ul><ul><ul><li>Perform follow-up procedures </li></ul></ul>
  5. 5. <ul><li>How do we achieve our objectives? </li></ul><ul><li>Internal Control </li></ul><ul><ul><li>Establish management's responsibility for control </li></ul></ul><ul><ul><li>Identify internal audit's responsibility regarding </li></ul></ul><ul><ul><li>control </li></ul></ul><ul><ul><li>Introduce the SEATA control model </li></ul></ul><ul><li>Internal control components and factors </li></ul><ul><ul><li>Learn the various types of controls </li></ul></ul><ul><ul><li>Understand the difference between exception and </li></ul></ul><ul><ul><li>objective controls </li></ul></ul><ul><li>Review tools for documenting and evaluating internal controls </li></ul>
  6. 6. SEATA PHILOSOPHY SEATA is defined as being `an approach to auditing that is concerned with risks, determines specific audit objectives to meet those risks and utilizes a thorough evaluation of the system of internal control as a basis for determining the audit procedures necessary to accomplish the specific audit objectives.'
  7. 7. The SEATA approach is equally applicable in all types of audit - financial operating or IT related, as well as with manual and automated systems.
  8. 8. The consequence of undetected risk is a potential detriment to the any organization, ranging from loss of cash or income to dissatisfied customers or operational inefficiency .
  9. 9. Classified below are the general consequences of risks: 1. Loss of management control OVER ASSETS.
  10. 10. <ul><li>prescribed controls not being followed </li></ul><ul><li>AFFECTING CONTROL AND SECURITY </li></ul><ul><li>accuracy of accounts are reports are not ensured </li></ul><ul><li>RESULTING IN INACCURATE </li></ul><ul><li>PROFIT AND LOSS </li></ul>
  11. 11. <ul><li>Financial a ssets are not safeguarded DUE TO POOR FINANCIAL MANAGEMENT </li></ul><ul><li>Transactions are not properly authorized LEADINNG TO ABUSAGE OF POWER </li></ul>
  12. 12. 2. A potential cash loss
  13. 13. 3. A potential reduction in income DUE TO BAD FUNDING
  14. 14. 4. Inaccurate accounting data and reports INCURRING THE WRATH OF THE REGULATORY BODIES
  15. 15. 5. Fines or embarrassment to the organization.
  16. 16. 6. Poor customer relations
  17. 17. 7. Operational inefficiency
  18. 18. 8. Loss of business license
  19. 19. <ul><li>Risk </li></ul><ul><li>The threat that an event or action will adversely affect the organization's </li></ul><ul><li>Ability to achieve it's business objectives : </li></ul><ul><li>and </li></ul><ul><li>Execute it's strategies effectively </li></ul>
  20. 20. <ul><li>The Risk Spectrum for business in general. </li></ul><ul><li>CREDIT </li></ul><ul><li>LIQUIDITY </li></ul><ul><li>MARKET </li></ul><ul><li>OPERATIONAL </li></ul>
  21. 21. CREDIT RISK The potential earnings volatility caused by obligors defaulting on their obligations and the adequacy of collateral, if any.
  22. 22. LIQUIDITY RISK The potential earnings volatility arising from being unable to fund portfolio assets at reasonable rates over required maturities.
  23. 23. MARKET RISK The potential value and earnings volatility in the trading and structural books due to market price changes.
  24. 24. OPERATIONAL RISK The potential loss caused by breakdown in information technology, communication and transaction processing. Operational Risk includes inter alia, execution risk, information risk, relationship risk, legal/fiduciary risk and employee risk.
  25. 25. CFE-In-Practice offers a comprehensive range of business and technology consulting services for banking and capital markets. We offer Consultancy and Implementation for Third Party Independent SOX and or AML and or ISO 17799 Compliance Certification of your systems
  26. 26. CFE-In-Practice
  27. 27. CFE-In-Practice Banking Industry Technology IT Program Management <ul><li>AML Certification </li></ul><ul><li>Clearance Alternatives </li></ul><ul><li>Execution and Clearing </li></ul><ul><li>Infrastructure Re-alignment </li></ul><ul><li>Workflow Simplification </li></ul><ul><li>Application Evaluation </li></ul><ul><li>Multi-Currency System </li></ul><ul><li>Skills Assessment </li></ul><ul><li>System Conversion </li></ul><ul><li>Sarbanes-Oxley Compliance </li></ul><ul><li>Establish &quot;RFT” </li></ul><ul><li>Identify IT Security needs </li></ul><ul><li>Project Management </li></ul><ul><li>Project Staffing </li></ul><ul><li>Project Supervision </li></ul>
  28. 28. CFE-In-Practice Executive Coaching Corporate Governance Litigation Support <ul><li>Conflict Resolution </li></ul><ul><li>Leadership Skills </li></ul><ul><li>Managerial Skills </li></ul><ul><li>Motivational Strategies </li></ul><ul><li>Productivity Enhancements </li></ul><ul><li>Operations Infrastructure </li></ul><ul><li>Board of Directors </li></ul><ul><li>Performance Diagnosis </li></ul><ul><li>Technology Assessment </li></ul><ul><li>SOX Certification </li></ul><ul><li>Authoritative Opinion </li></ul><ul><li>Expert Testimony </li></ul><ul><li>Industry Best Practices </li></ul>
  29. 29. What is SEATA ? The Auditors Tool.    
  30. 30. <ul><li>General Function of Internal Audit </li></ul><ul><li>What is the role of the internal auditor ? </li></ul><ul><li>What really is internal audit? </li></ul><ul><li>What should be the expectation of the internal auditors? </li></ul><ul><li>Is there a way to check on the internal auditor? </li></ul><ul><li>How to protect yourselves when being audited? </li></ul>( S ystems E valuation A pproach T owards A uditing )
  31. 31. <ul><li>But first, the relationship between: </li></ul><ul><li>Internal Audit </li></ul><ul><li>Compliance </li></ul><ul><li>Risks Management </li></ul>
  32. 32. <ul><li>Systems Evaluation Approach Towards Auditing </li></ul><ul><li>Control Objectives and Key Controls </li></ul><ul><li>The Core of an Internal Audit Assignment </li></ul>
  33. 33. <ul><li>Internal auditors are of course in favor of controls. </li></ul><ul><li>There is really nothing profound or mysterious about auditing. </li></ul>
  34. 34. <ul><li>From the professional Auditors perspective : </li></ul><ul><li>Controls should be there for a purpose. </li></ul><ul><li>The purpose is to ensure that the system or process achieves its objectives. </li></ul>
  35. 35. <ul><li>Controls are only needed to reduce the risks to the achievement of these objectives to an acceptable level. </li></ul><ul><li>Thus, there may be circumstances when internal auditors suggest that certain controls should be removed, for example, if they do not contribute to the reduction of significant risks. </li></ul>
  36. 36. <ul><li>The systems audit approach revolves around the objectives of the system </li></ul><ul><ul><li>i.e. should existing controls provide sufficient assurance to the senior managers and directors of the organisation that the system will achieve its objectives? </li></ul></ul>
  37. 37. <ul><li>And does the internal control system currently reduce the chance of things going wrong (or not going right) to an acceptable level? </li></ul>
  38. 38. <ul><li>Before internal auditors start each audit assignment they need to be clear about the relevant organizational and management objectives . </li></ul><ul><li>Are the internal auditors clear about this ? </li></ul>
  39. 39. <ul><li>Control Objectives in SEATA </li></ul><ul><li>Control objectives should form the framework of each systems audit assignment. </li></ul><ul><li>They should detail the various aspects of a system’s objectives. </li></ul>
  40. 40. C ontrol Objectives in SEATA <ul><li>They identify specific objectives against which internal auditors can evaluate existing controls. </li></ul><ul><li>Control objectives should be specific enough to provide the basis for this evaluation. </li></ul><ul><li>Generalizations such as &quot;to ensure that support services are adequate&quot; should be avoided. </li></ul>
  41. 41. <ul><li>Comprehensive control objectives can be developed for any system by considering the following areas of control: </li></ul><ul><ul><li>Has the system been adequately planned? </li></ul></ul><ul><ul><li>Are the operations adequately supervised and controlled? </li></ul></ul>
  42. 42. <ul><li>Comprehensive control objectives can be developed for any system by considering the following areas of control: </li></ul><ul><li>Is the system periodically reviewed? </li></ul><ul><li>Is suitable management information produced? </li></ul>
  43. 43. <ul><li>Internal auditors need to determine that the manager who is responsible for the system to be audited agrees with objectives assigned to the system and the control objectives which audit have developed. </li></ul>
  44. 44. <ul><li>These should be agreed at the initial meeting with the EIC who should also be requested to formally sign up to the agreed scope and objectives for the audit assignment during the pre-audit meeting. </li></ul>
  45. 45. <ul><li>Key controls </li></ul><ul><li>Once the control objectives have been agreed, internal auditors need to identify the controls that they consider necessary to provide assurance that each of these objectives is being achieved. These are what may be termed the key controls. </li></ul>
  46. 46. <ul><li>Key controls </li></ul><ul><li>If the internal auditor is “lucky”, control schedules will have been developed for the relevant system. </li></ul><ul><li>These schedules should document the standard control objectives for such a system and the associated expected key controls. </li></ul>
  47. 47. <ul><li>SEATA </li></ul><ul><li>The purpose of the schedule of expected key controls is to assist in the evaluation of the actual controls identified during the audit. </li></ul><ul><li>It is imperative that the expected controls are reviewed critically to ensure that they are appropriate. HOW ? </li></ul>
  48. 48. <ul><li>SEATA </li></ul><ul><li>The standard key expected controls will not always be relevant and may have to be adapted to the particular system that is reviewed. </li></ul><ul><li>Do not jump to conclusion. There can always be compensating controls. </li></ul>
  49. 49. <ul><li>SEATA </li></ul><ul><li>If internal auditors do not identify the key expected controls, there is a danger that they will concentrate purely on the actual controls in place and fail to identify those that are missing. </li></ul><ul><li>Identification of key controls should ensure that audit time is spent efficiently by concentrating on the key control aspects of the system under review. </li></ul>
  50. 50. <ul><li>SEATA </li></ul><ul><li>There may be many other controls, however, the key controls are the more important controls and are the basic controls that are necessary to ensure that each control objective is achieved and all significant risks are adequately managed. </li></ul><ul><li>The audit should concentrate on assessing the adequacy and reliability of these key controls. </li></ul>
  51. 51. <ul><li>SEATA </li></ul><ul><li>Identification and documentation of existing controls. </li></ul><ul><li>Systems auditing should be a critical assessment of the controls currently in place against control objectives agreed for the system. </li></ul><ul><li>Thus, identifying existing controls is one of the central tasks of systems audit. </li></ul>
  52. 52. <ul><li>SEATA </li></ul><ul><li>Internal auditors cannot assess, test or suggest improvements to the internal control environment unless they have a clear and comprehensive view of all of the controls that currently operate. </li></ul><ul><li>Documenting the existing controls should help auditors understand these controls and form a basis for the evaluation of the controls and the development of their testing strategy. </li></ul>
  53. 53. <ul><li>SEATA </li></ul><ul><li>There may be a wide range of sources of information available to internal auditors about how a system operates. These may include: </li></ul><ul><ul><li>interviewing staff and their managers; </li></ul></ul><ul><ul><li>reviewing existing documentation; </li></ul></ul>
  54. 54. <ul><li>SEATA </li></ul><ul><li>There may be a wide range of sources of information available to internal auditors about how a system operates. These may include: </li></ul><ul><ul><li>observation of working practices; </li></ul></ul><ul><ul><li>reviewing previous audit reports. </li></ul></ul>
  55. 55. <ul><li>SEATA </li></ul><ul><li>The most important source of information will usually be the staff working with the system. </li></ul><ul><li>They know how the system actually operates and should have a reasonable idea of how practical any improvements may be. </li></ul>
  56. 56. <ul><li>SEATA </li></ul><ul><li>Thus interviewing skills are essential for all internal auditors . </li></ul><ul><li>They need to be able to understand what may be a complex system. </li></ul><ul><li>They also need to be able to critically assess each stage of the process; i.e. why is it performed? Could it be undertaken more efficiently? </li></ul>
  57. 57. <ul><li>SEATA </li></ul><ul><li>Staff who operate the system will know what they do, but not necessarily why they do it. </li></ul><ul><li>They may also try and explain the system in the most positive light. </li></ul><ul><li>The skill of internal audit is to enable all the staff they interview to open up and tell them what they actually do (not just what they think they should do) and to describe any aspects they think could be improved. </li></ul>
  58. 58. <ul><li>SEATA </li></ul><ul><li>Understanding why each task is undertaken may be more difficult. Staff may just do it ‘‘because we’ve always done it that way’’ or even worse ‘‘because the auditors told us to!’’ </li></ul>
  59. 59. <ul><li>SEATA - Other places to look </li></ul><ul><li>Auditors may review documentation such as statutes, circulars, committee reports, job descriptions, organisation charts, policy and procedure manuals and financial regulations. </li></ul>
  60. 60. <ul><li>SEATA- Other places to look </li></ul><ul><li>These may record how a system is supposed to work, but may not necessarily reflect actual practice. </li></ul><ul><li>Internal auditors may consider that the adequacy or otherwise of documentation is an indication of the attitude of management to internal control. </li></ul>
  61. 61. <ul><li>SEATA- Other places to look </li></ul><ul><li>Observation of the physical environment and working methods should provide internal auditors with further evidence of actual practice 。 </li></ul><ul><li>This is a particularly useful method of fact-finding where no physical evidence of an action may have taken place. </li></ul>
  62. 62. <ul><li>SEATA- Other places to look </li></ul><ul><li>Internal auditors should however be aware that their presence may influence the behavior and practices of staff under review. </li></ul>
  63. 63. <ul><li>SEATA- Other places to look </li></ul><ul><li>Reports of previous reviews of the system by other internal auditors, external auditors or other review agencies may also be a useful source of information. </li></ul><ul><li>However, these reports should be read with care. The authors may not have understood the system, they may not have covered all aspects or their reports may be unclear. </li></ul>
  64. 64. <ul><li>SEATA- Other places to look </li></ul><ul><li>This consideration may allow internal auditors to reflect on the quality of their own reports and system documentation. </li></ul>
  65. 65. <ul><li>SEATA- Other places to look </li></ul><ul><li>Would these allow other auditors to quickly grasp the most important aspects of the system and its internal controls? </li></ul>
  66. 66. Internal Controls <ul><li>Auditors need to understand how the system operates and the role of all the key procedures, but essentially they are only interested in controls. </li></ul><ul><li>There are a range of different types of control. The most important may be remembered by the mnemonic SOAP MAPS : </li></ul>
  67. 67. Internal Controls <ul><li>Segregation of duties: </li></ul><ul><li>the functions of authorizing transactions; recording the transactions; and custody of the associated assets should be undertaken by separate staff. </li></ul>
  68. 68. Internal Controls <ul><li>Organization : </li></ul><ul><li>there should be a clear organisation chart and all staff should have up to date job descriptions that clearly indicate their responsibilities. </li></ul>
  69. 69. Internal Controls <ul><li>Authorization and approval : </li></ul><ul><li>all transactions and decisions should be formally authorized by nominated staff. </li></ul>
  70. 70. Internal Controls <ul><li>Physical: </li></ul><ul><li>there should be suitable controls over access to offices { i.e. including RECORDS, DATA BASE and whatnots }, assets, controlled stationery and computer systems. </li></ul>
  71. 71. Internal Controls <ul><li>Management: </li></ul><ul><li>production of suitable financial and operational management information; use of exception reports; critical review and enquiry by management. </li></ul>
  72. 72. Internal Controls <ul><li>Arithmetical and accounting : </li></ul><ul><li>checking / re-performing tasks carried out by others; costing (adding up) orders, invoices, payroll etc; reconciliation between the bank and accounting records; control accounts. </li></ul>
  73. 73. Internal Controls <ul><li>Personnel: appointment of staff should be adequately controlled; all staff should be suitably trained for their post and appraised regularly. </li></ul><ul><li>Supervision : all staff and activities should be adequately supervised by someone who understands the process and will detect deviations from accepted practice. </li></ul>
  74. 74. Interim Opinion <ul><li>Recording the controls </li></ul><ul><li>All internal audit work should be documented and be sufficient to support the conclusions drawn on the adequacy and reliability of the internal controls. </li></ul>
  75. 75. Interim Opinion <ul><li>Recording the controls </li></ul><ul><li>The main procedures and key controls over significant risks should be clearly and concisely recorded. </li></ul>
  76. 76. Proper house keeping <ul><li>Audit working papers should include: </li></ul><ul><li>systems notes, either in text or graphics, whatever; </li></ul><ul><li>notes of interviews and meetings; </li></ul><ul><li>a record of the current key controls and their reliability; </li></ul><ul><li>an assessment of the extent that existing controls will ensure that each agreed control objective is achieved; and evidence of audit sampling and testing of controls.   </li></ul>
  77. 77. <ul><li>There are a number of methods of documenting procedures </li></ul><ul><li>and controls, for example : </li></ul><ul><li>flow charts, </li></ul><ul><li>key control schedules, </li></ul><ul><li>internal control questionnaires and </li></ul><ul><li>narrative notes. </li></ul>
  78. 78. <ul><li>Whatever method is adopted should be used consistently. </li></ul><ul><li>This should make it easier for the system notes to be used for future reviews of the same system. </li></ul><ul><li>Systems documentation should be: </li></ul><ul><ul><li>clear and easy to understand; </li></ul></ul><ul><ul><li>provide a standardized approach; </li></ul></ul><ul><ul><li>highlight risk points and key controls. </li></ul></ul>
  79. 79. <ul><li>The purpose of this documentation is to: </li></ul><ul><li>enable the internal auditors to review the information they have received and to organize their thoughts and knowledge so the internal controls can be systematically assessed and tested; </li></ul>
  80. 80. <ul><li>The purpose of this documentation is to: </li></ul><ul><li>provide details of problems encountered, evidence of work done and conclusions drawn for future reference and to assist the planning of future audits; </li></ul>
  81. 81. <ul><li>The purpose of this documentation is to: </li></ul><ul><li>demonstrate to interested parties that the audit work has been properly planned, controlled, executed and reported. </li></ul>
  82. 82. <ul><li>Once internal auditors have discovered the controls that actually exist and made notes of these they can go on to assess whether these controls should be adequate. </li></ul><ul><li>However, auditors do not usually look upon internal auditing as simply a series of stages that can be completed one after the other. (Those who do that are not real internal auditors – it is just an occupation, a job, paper pushers.) </li></ul>
  83. 83. <ul><li>The really professional auditors : </li></ul><ul><li>When they go on to test the controls that they have identified, they may discover further controls or that some controls are not actually operating as expected. </li></ul><ul><li>They will then have to go back and revise their system notes to ensure these reflect the actual controls that are operating in practice. </li></ul>
  84. 84. The Fraud Triangle Motive Opportunity Rationalization
  85. 85. SEATA <ul><li>Risk Definition </li></ul><ul><li>What is Risk ? </li></ul>
  86. 86. Understanding Risk in Internal Audit SML Curve Return Risk Deviation from Return is Risk
  87. 87. The Risk Spectrum for any organization in general. Operational Risk Credit Risk Market Risk Liquidity Risk Reputational Risk
  88. 88. How ACTIVE DATA can be used to achieve your risk management objectives
  89. 89. The Risk Spectrum for any organization in general . Operational Risk Credit Risk Market Risk Liquidity Risk Reputational Risk
  90. 90. Operational Risk and Challenges for Banks SML Curve Return Risk Deviation from Return is Risk
  91. 91. The SEATA AIG-Caat Approach Risk Definition Product Risk General Risk Business Risk Critical Product Controls Business Policy General Controls System Documentation
  92. 92. System Documentation Internal Control Questionnaire (ICQ) Narrative Notes (Interviewing Notes) Flow Charts Analytical Review Procedures (ARP) and Quantitative Testing i.e. MfV concepts and Economic Capital allocation test. Depth Tests Determine the Existence of Controls
  93. 93. System Documentation Internal Control Questionnaire (ICQ) Narrative Notes (Interviewing Notes) Flow Charts Analytical Review Procedures (ARP) and Quantitative Testing i.e. MfV concepts and Economic Capital allocation test. Evaluate (THEORETICAL) Adequacy Determine the Existence of Controls
  94. 94. Evaluate (THEORETICAL) Adequacy Determine the Existence of Controls System Appraisal Memorandum (Sam)
  95. 95. System Appraisal Memorandum (Sam) Part I SYSTEM APPRAISAL   ADEQUATE IF NOT ADEQUATE           W.P.'s REPORT   SYSTEM CONTROL OBJECTIVES YES NO N/A REF. SHEET NO. 1 Transaction or Event Recognition             Methods must exist to ensure that all transactions will be identified and recorded with control established close to the source of the transaction .          
  96. 96. System Appraisal Memorandum (Sam) 2 Transaction Authorisation             Methods of transaction approval must be defined with effective procedures to detect and clear errors with the responsibility for approval being at the right level.           3 Transaction Acceptance             There must be an effective control on converting data to the form used for accounting or record keeping which will ensure that errors will be detected and cleared and lost transactions will be identified.           4 Account of File Classification             Methods must exist to ensure consistency in making account allocations.          
  97. 97. System Appraisal Memorandum (Sam) 5 Integrity of Processing           Methods must exist to ensure there is control on accuracy of data during processing, that only valid files will be used and errors, lost transactions and transactions processed twice will be detected, ensuring that corrected transactions will be properly represented.                      
  98. 98. System Appraisal Memorandum (Sam)     ADEQUATE IF NOT ADEQUATE           W.P.'s REPORT     YES NO N/A REF. SHEET NO. 6 Interface Compatibility             Methods must exist to ensure that common data is used wherever possible and in interfacing systems that the information is consistent and compatible and is reconciled while the means to integrate interfacing systems should be thoroughly explored.           7 Accuracy of Reports             Methods must exist to ensure that output is reconciled to input, that reporting is complete, meets the requirements of management and is distributed correctly on a timely basis while ensuring management trails are adequate.          
  99. 99. System Appraisal Memorandum (Sam) 8 Verification of Reports and Files             Methods must exist to ensure that reports management are reconciled with underlying data files, that regular comparison of physical items where possible.           9 Error Correction             Methods must exist to ensure that all errors occurring at each state of the transaction process will be corrected and reprocessed on a timely basis.           10 Asset Access Restriction             Methods must exist to ensure that access to assets will be restricted and assets safeguarded.          
  100. 100. System Appraisal Memorandum (Sam)     ADEQUATE IF NOT ADEQUATE           W.P.'s REPORT     YES NO N/A REF. SHEET NO. 11 Organization             There must be proper segregation between functions of custody, authorisation and recording.          
  101. 101. System Appraisal Memorandum (Sam) PART II IMPACT OF WEAKNESS             WEAKNESS IMPACT OF THE WEAKNESS T.A.P REF.              
  102. 102. System Appraisal Memorandum (Sam) OVERALL CONCLUSION FOR Preliminary REPORT PART III <ul><li>The system of internal control is appraised to be </li></ul><ul><li>Satisfactory </li></ul><ul><li>Satisfactory however……… </li></ul><ul><li>Satisfactory except for……. </li></ul><ul><li>Unsatisfactory </li></ul><ul><li>We are unable to express an opinion because……….. </li></ul>
  103. 103. Evaluate (THEORETICAL) Adequacy Determine the Existence of Controls System Appraisal Memorandum (Sam) TAILORED AUDIT PROGRAM (TAP)
  104. 104. Execution of TAILORED AUDIT PROGRAM (TAP) Compliance Testing Substantive Testing Report Sheet AIG-Caat Effectiveness Accuracy
  105. 105. AIG-Caat Application of Benford Law for Discovery Sampling Techniques in Analytical Review Procedures Software Assurance Process
  107. 108. More Information <ul><li>CFE-In-Practice </li></ul><ul><ul><li> </li></ul></ul><ul><li>[Contact Person] </li></ul><ul><ul><li>[Tommy Seah], ACFE Vice Chairman, Regent </li></ul></ul><ul><ul><li>[(65) 9106 9872] </li></ul></ul><ul><ul><li>[] </li></ul></ul>