I composed this presentation as to prepare candidates for the Certified Internal Auditor's Part I examination. During the training we use other study aids as well.
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
CIA Part I review course 2017
1. CIA exam review course
Prepared by Jack Davidsz
www.mas-online.nl
1
2. 1. Mandatory Guidance
2. Independence, Objectivity and Due Care
3. Control Frameworks and Fraud
4. Control: Types and Techniques
5. Data Gathering and Data Analysis
6. Conducting the Engagement: Sampling
7. Procedures, Analysis, Conclusions and
Documentation.
2
4. Evolved from a function concerned with financial and
accounting matters to one that addresses the entire
range of operating activities.
4
5. Internal auditing is an independent, objective
assurance and consulting activity designed to add
value and improve an organization’s operations.
It helps an organization accomplish its objectives by
bringing a systematic and disciplined approach to
evaluate and improve the effectiveness of the
organization’s risk management, control, and
governance processes.
IIA Board of Directors, June 1999.
5
6. 1000 Purpose, Authority and Responsibility
1100 Independence and Objectivity
1200 Proficiency and Due Professional Care
1300 Quality Assurance and Improvement Program
6
7. 2000 Managing the Internal Audit Activity
2100 Nature of Work
2200 Engagement Planning
2300 Performing the Engagement
2400 Communicating Results
2500 Monitoring Progress
2600 Management’s Acceptance of Risk
7
12. Work with honesty, diligence and responsibility
Observe the law and make disclosures
Be not a party to any illegal activity
Respect the ethical objectives of the organization
12
13. Do not participate in any activity that may impair
unbiased assessment
Do not accept anything that may impair professional
judgment
Disclose all material facts
13
14. Be prudent in the use and protection of information
Do not use information for any personal gain
14
15. Knowledge, skills, and experience
Perform in accordance with the Standards
Continually improve services
15
17. To enhance and protect organizational value by
providing risk-based and objective assurance,
advice, and insight.
17
18. 1. Demonstrates integrity.
2. Demonstrates competence and due professional care.
3. Is objective and free from undue influence
4. Aligns with the strategies, objectives, and risks of the
organization.
5. Is appropriately positioned and adequately resourced.
6. Demonstrates quality and continuous improvement.
7. Communicates effectively.
8. Provides risk-based assurance.
9. Is insightful, proactive, and future-focused.
10.Promotes organizational improvement
18
22. Functional,
Directly to the Audit Committee or equivalent to ensure
independence and communication
Administrative,
To the CEO or an other executive to afford support to
accomplish day-to-day activities.
22
23. Any relationship that is, or appears to be, not in the best
interest of the organization
Internal Auditor’s Objectivity
?
23
24. Advisory and related client service activities, the nature
and scope of which are agreed upon with the client and
which are intended to add value and improve an
organization’s operations.
24
25. Assurance Services
> 1 year
Formal consulting engagement
Independence and objectivity are strengthened by
Assigning different auditors
Independent management and supervision
Separate accountability for the projects
Disclosing the presumed impairment
25
26. Due Professional care
Expected of a reasonably prudent and competent
internal auditor, who should be alert to the possibility
of intentional wrongdoing, errors and omissions,
inefficiency, waste, ineffectiveness, and conflicts of
interest
Due care implies
Reasonable care and competence not infallibility or
extraordinary performance.
26
27. Oversight and responsibility for the IAA must not be
outsourced
Services must be performed in accordance with the
standards and the guidance for obtaining external
service providers should be considered (PA 1210).
27
28. CAE should assess the competency, independence and
objectivity of the outside service provider.
When the outside service provider performs Internal
Auditing activities the CAE should specify and ensure
that the work complies with the SPPIA.
28
29. Quality Assurance and Improvement
Program covers all aspects of the IAA and continuously
monitors its effectiveness.
Should help the IAA add value and improve the
organization’s operations and provide assurance that
the IAA is in conformity with the Standards and Code
of Ethics.
29
31. Should be conducted at least once every five years by a
qualified independent reviewer from outside the
organization
Self assessment with independent, external validation is
an alternative to full external assessment
31
32. Be a competent certified audit professional, who
possesses current knowledge of the Standards
Be well versed in the best practices of the profession
Have at least three years of recent experience in the
practice of internal auditing
32
33. Nonconformance with the Definition of IA, Code of
Ethics or Standards should be disclosed by the CAE to
senior management and Board
33
36. Internal Control (COSO)
A process, effected by an entity’s Board of Directors,
management and other personnel, designed to provide
reasonable assurance regarding the achievement of
objectives in the following categories:
36
37. Internal Control
- continued
Effectiveness and efficiency of operations;
Reliability of financial reporting;
Compliance with applicable laws and regulations;
Safeguarding of assets against unauthorized
acquisition, use or disposition.
37
38. Components of the Internal
Control System
•Control Environment CE
•Risk Assessment RA
•Control Activities CA
•Information and Communication IC
•Monitoring MO
38
51. Process ..
Applied in strategy setting and across..
Designed to identify potential events..
Manage risks..
To provide reasonable assurance..
Achievement of entity objectives
51
54. A structured, consistent and continuous process across
the whole organization for identifiying, assessing,
deciding on responses to and reporting on opportunities
and threats that affect the achievements of objectives
54
55. CAE should obtain an understanding of management’s
and board’s expectations of the internal audit activity in
the organization’s risk management process.
55
56. Objectives support and align with the mission.
Significant risks are identified and assessed.
Appropriate risk responses are selected that align
risks with the organization´s risk appetite
Relevant risk information is captured and
communicated in a timely manner across the
organization, enabling staff, management and board
to carry out their responsibilties.
56
58. Internal auditors can facilitate or enable risk
management processes, but they should not “own” or
be responsible for the management of the risks
identified.
58
59. No role
Auditing the risk management process
Active, continuous support and involvement
Managing and coordinating
59
60. Setting the risk appetite
Imposing risk management processes
Management assurance on risks
Taking decisions on risk responses
Implementing risk responses on management’s behalf
Accountability for risk management.
60
62. 62
Any illegal act characterized by deceit, conceilment,
or violation of trust.
These acts are not dependent upon the threat or
violence or physical force.
Perpetrated by parties and organizations to obtain
money, property or services to avoid payment or loss
of services or to secure advantage.
62
64. Internal auditors are responsible for assisting in the
deterrence of fraud by examining and evaluating the
adequacy and the effectiveness of control,
commensurate with the extent of the potential
exposure/risk in the various segments of the entity’s
operations.
64
65. Responsibilities of the internal auditor
Have sufficient knowledge of fraud to be able to
identify indicators
Be alert to opportunities, such as control weaknesses
Evaluate the indicators that fraud might have been
committed
Notify the appropriate authorities within the
organization if there are sufficient indicators to
recommend an investigation.
65
66. 6666
Examples:
Lack of employee rotation in sensitive positions
Inappropriate combination of job duties
Unclear lines of responsibility and accountability
Unrealistic sales or production goals
Employee who refuses to take vacations
68. Any action taken by management to enhance the
likelihood that established objectives and goals will
be achieved
Preventive
Detective
Directive
Mitigating
68
72. 1. Authorization of transaction
2. Recording of transaction
3. Custody of the asset
72
73. Transaction trails
Uniform processing
Segregation of Functions
Potential for Errors and Fraud
Potential for Increased Management Supervision
Initiation or Subsequent Execution of Transactions by
Computer
Dependence of Controls in Other Areas on Controls
over Computer Processing
73
76. Sales – Receivables
Collection of Cash
Purchases – Payables
Payment of cash
Payment of employees – allocation of cost
76
77. The employment of all the means devised in an
enterprise to promote, direct, restrain, govern, and
check upon its various activities for the purpose of
seeing that enterprise objectives are met. These means
of control include, but are not limited to, form of
organization, policies, systems, procedures,
instructions, standards, committees, charts of accounts,
forecasts, budgets, schedules, reports, records,
checklists, methods, devices, and internal auditing.
77
86. 86
Learning a great deal by looking at a little.
Tasting a spoonful from the pot.
Taking blood tests.
87. 87
Population
Nothing precise in sampling
Confidence level – degree of assurance
Precision – the range
“Point estimates” vs. “range estimates”
Reliability
Variability and effect on sample size
Standard deviation – bell curve
Standard error
Sampling and non-sampling risks
89. 89
Discrete variables
1. Uniform distribution: All outcomes are equally likely
(coins).
2. Binomial distribution: Only 2 possible outcomes (quality
control)
Formula: n! x pr(1-p)n-r
r!(n-r)!
90. 90
3. Bernoulli distribution: only 1 trial ↔ binomial as many as
necessary.
4. Hypergeometric distribution: = binomial sampling without
replacement.
5. Poisson distribution: event may happen more than once with
random frequency during a given period.
Formula: f(k) = λke-λ λ = mean and variance
k! k = number of
occurences
93. 93
Regardless of the distribution of the population from
which random samples are drawn, the shape of the
sampling distribution of the mean approaches the
normal distribution as the sample size is increased.
94. 94
Probability of zero occurences in a time period T.
For the exponential distribution, M is used instead
of λ → P = e –m (k=0)
95. 95
3. T-distribution
Small samples, less than 30 with unknown variance.
4. Chi-square distribution: comparison of sample variance
and population variance. Is the sample likely to be from the
population.
96. 96
1. Judgment (non statistical sampling)
2. Statistical sampling
Test of controls
(attribute sampling)
Substantive testing
(variables sampling)
Sampling risk: probability that a properly
drawn sample may not represent the
population.
97. 97
A. Attribute Sampling B. Variables Sampling
Discovery sampling Mean per unit sampling
Stop or go sampling Difference estimation
Acceptance sampling Ratio estimation
Probability-proportional
To size (PPS) (or DUS)
98. 98
1. Mean per unit sampling
Audit values of the sample x N = population value estimated
n
-/- population value real
Precision
99. 99
2. Difference estimation
Audit -/- book values for items in the sample
Add the differences
Calculate mean difference
Multiply the mean by N → Population
Misstatement
100. 100
3. Ratio estimation
Book value of the population
x
∑Audit value of sample items
∑Book value of these sample item
→
Population misstatement
4. PPS = DUS
101. Amounts
Modified version of attribute sampling, relates error rates to
amounts.
Sampling unit
Dollar, Pound, Euro etc.
Stratification
Because the larger account balances have a greater chance of
being selected.
101
102. 102
Overstatements
It is good to test for overstatements, not effective for
estimating understatement errors. Testing of account balances:
inventory, receivables, loans.
Few errors
Useful if few errors are expected
As the number of expected misstatements increases, MUS
requires a larger sample size than classical variables sampling.
103. 103
1. Define audit objectives
2. Define population:
- Noting distributional or systematic patterns
- What type of items included
- Time period
- Population size
3. Determine sampling method
4. Determine the desired precision
= maximum acceptable error rate
104. 104
5. Determine the desired reliability
= confidence level
6. Calculate the sample size
7. Judge the significance of the discovered errors
Conclusions about the population
106. 106
Incorporates sample mean, population standard deviation
+ probability that the interval includes the true population
parameter
For the population mean this interval is
x ± z (6:√n)
Standard error of the mean
109. 109
The end result of sampling
More than just the numbers
Affected by various factors
- Nature of system of control
- Views on administration.
- Views on training and experience of people
- Effect of erroneous transactions
- Effect on other transactions
110. 110
Use scientific sampling when they best fit the audit
objectives
Base audit opinions only on the population sampled
Let every item have an equal chance of being selected
Do not let personal bias affect the sample
Do not permit population patterns affect the
randomness of the sample
111. 111
Do not draw conclusions about the entire population
from a directed sample
Base estimates of maximum error rates on what is
reasonable
Stratify wherever it would appear to reduce
variability in the sample
Do not set needlessly high confidence and precision
levels
Do not stop with statistical results, know why the
variances occurred.
114. These procedures may identify
Unexpected differences
Absence of expected differences
Potential errors, fraud, or illegal acts
Other unusual or nonrecurring transactions or events
114
115. Entails analysis and measurement of key output against
those of the best organizations.
Own process performance versus performance by the
best in the class.
115
117. Conclusion and opinions are the internal auditor’s
evaluations of the effects of the observations and
recommendations on the activities reviewed.
117
118. Input from client
Analytic Procedures
Prior Audit Reports
Process Mapping
Checklists
Documentation and Communication of Results
118
120. 120
be prepared by the Internal
Auditor and reviewed by
management of the IAA.
record the information obtained
and the analysis made.
support the bases for
observations and
recommendations to be reported.
121. 121
Members of the organization or outside parties may
request access to working papers.
Internal auditors are encouraged to consult legal
counsel in all matters involving legal issues.
122. 122
Property of the organization
Under control of the IAA
Access subject to approval of CAE or senior
management/legal counsel (outside the organization)