Internal audit ppt

1. INTERNAL AUDIT TRAINING
Internal Control System
Evaluating Internal Controls
Audit Approaches
Planning and Controlling Internal Audit
Performing The Audit
Documenting Internal Audit
Reporting Audit Findings
08/01/2021 1

2. Cont---
 the internal audit activity should assist the Public
Body in maintaining effective controls by evaluating
their effectiveness and efficiency and by promoting
continuous improvement
 To comply with this Standard and as an essential step
of determining the audit approach to be adopted the
internal auditor should understand the internal
control system and be able to evaluate the
effectiveness and adequacy of the internal control
system
08/01/2021 2

3. Definition of Internal Control System
 Control may be defined as “any action taken by
management to enhance the likelihood that
established objectives and goals will be achieved.”
 The International Organization of Supreme
Audit Institutions (INTOSAI) defines internal
control as “an integral process that is effected by
an entity’s management and personnel, designed to
address risks and to provide reasonable assurance
that in the pursuit of the entity’s mission,
08/01/2021 3

4. THE FOLLOWING GENERAL OBJECTIVES WILL BE
ACHIEVED:-
Executing orderly, ethical, economical, efficient
and Effective operations;
Fulfilling accountability obligations;
Complying with applicable laws and obligations;
Safeguarding resources against theft, misuse and
damage
08/01/2021 4

5. Cont---
Executing orderly, ethical, economical, efficient and
effective operation;
 Orderly means in a well-organized way, methodical;
 Ethical relates to moral principles. Ethical behavior
nowadays is emphasized in the prevention and detection
of fraud and corruption;
 Economical means being not wasteful or extravagant in
terms of getting the right amount of resources at the right
quantity and quality, delivered at the right time and
place, at the lowest cost
08/01/2021 5

6. Cont---
 Efficient refers to the relationship between the
resources used and the outputs produced to achieve the
objectives. It means the minimum resource
inputs to achieve a given quantity and quality of
outputs, or a maximum output with a given quality
quantity of resource inputs
 Effective refers to the accomplishment of objectives or
the extent to which the outcome of an activity matches
the objective or the intended effects of that activity.
08/01/2021 6

7. The key elements in the definition of internal control
 An integral process: internal control is not one
event or circumstance, but a series of actions
that reaches an entity’s activities which occur
throughout an entity’s operation on an ongoing
basis
 Effected by management and personnel:
people are what make internal control work. It
is accomplished by individuals within an
organization by what they do and say. In other
words, internal control is effected by people;
08/01/2021 7

8. • In pursuit of the entity’s mission: any
organization is primarily concerned with the
achievement of its mission;
 To address risks: whatever the mission maybe its
achievement will face all types of risks. The task of
management is to identify and respond to these
risks in order to maximize the likelihood of
achieving the entity’s mission;
 Provides reasonable assurance: no matter how
well designed and operated, internal control cannot
provide management absolute assurance regarding
the achievement of general objectives. Instead, a
“reasonable” level of assurance is attainable;
08/01/2021 8

9. Cont---
• Achievement of objectives: internal control is
geared to the achievement of a separate but
interrelated series of general objectives
• Fulfilling accountability obligations:
accountability is the process whereby public
service organization and individuals within them
are held responsible for their decisions and
actions.
• Complying with laws and regulations:
organizations particularly public organizations are
required to follow many laws and regulations.
08/01/2021 9

10. Cont---
• Safeguarding resources against loss, misuse
and damages: This is to stress the significance
of safeguarding of resources in the public sector
08/01/2021 10

11. Cont---
 In the Ethiopian context, internal control we can
define internal control system as all policies and
procedures adopted by the Head of a Public Body to
assist in the achievement of its objectives ensuring as
far as practicable the orderly, economical, efficient
and effective conduct of its operations including:
Adherence to internal policies, rules and regulations;
The safeguarding of assets;
The prevention and detection of fraud and errors;
The accuracy and completeness of the accounting
records;
The timely preparation of reliable financial and
management information
08/01/2021 11

12. Types and Classifications of Controls
 Two types of internal control within an
organization:
financial control and,
management control.
 Financial controls are primarily concerned with
budgetary controls and internal controls regarding
procedures to insure the accuracy and reliability of
accounting records/ data and to safeguard assets.
Management control, concerned with the plan of
organization and all of the coordinate methods and
measures adopted within a business to promote
operational efficiency and encourage adherence to
prescribed managerial policies.
08/01/2021 12

13. Organizational controls
Public Bodies should have a plan of their
organization, defining duties and responsibilities and
identifying lines of reporting for all operations.
 The delegation of authority should be clearly
defined.
 As part of the organizational controls emphasis
should be given to the separation of those
responsibilities or duties which would enable one
individual to record and process a complete
transaction.
08/01/2021 13

14. Cont---
 Such controls reduce the risk of intentional
manipulation and unintentional errors.
 Functions, which should be separated as a
minimum, include authorization, execution,
operation, custody and recording
08/01/2021 14

15. Accounting controls:
these are the controls within the accounting
function employed to ensure that transactions
are correctly recorded and processed after
proper authorization.
 Such controls include verifying the
arithmetical accuracy, checking totals,
reconciliations, maintenance of control
accounts, subsidiary ledgers and trial balances
and proper documentation of all transactions.
08/01/2021 15

16. Personnel control:
there should be procedures to ensure that personnel
have knowledge and skills commensurate with their
assigned responsibilities.
This is essential as proper functioning of any system
depends on the competence and integrity of those
operating it.
The qualifications, selection and training as well as
character assessment of staff to be recruited are
important aspects to be considered in setting
personnel control system.
08/01/2021 16

17. Basic controls:
These include controls regarding the system of
documentation, controls over original document
such as receipt vouchers, sales invoices, etc., in
terms of pre-numbering them serially and
supervisory control regarding the supervision by
responsible officials of the day to day operations
and related documentation.
08/01/2021 17

18. Cont---
Internal controls can be categorized in four areas
Directive controls which cause or encourage a
desirable event to occur (for example,
establishing a procedure for an operation);
Preventive controls which deter undesirable
event (for example segregation of duties and
requirements for authorization);
Detective controls which detect undesirable
events which have already occurred (for example,
supervision and reviews);
08/01/2021 18

19. Cont---
Corrective controls which correct errors that have
been detected (for example, collecting over
payment to vendors, dismissing incompetent
personnel, etc.)
08/01/2021 19

20. Cont---
Control activities occur throughout the organization, at all
levels and in all functions such as:-
1. Authorization and approval procedures:
2. Segregation of duties
3. Controls over access to records:
4. Verifications:
5. Reconciliation:
6. Review of operating performance:
08/01/2021 20

21. Cont----
• Information is needed at all levels of the
organization in order to have effective internal
control and achieve the organization's objectives.
• pertinent and relevant information should be
identified, captured and communicated in a form
and time frame that enables people to carry out
their internal control and other responsibilities.
• Management's ability to make appropriate
decisions is effected by the quality of information,
which implies that the information is appropriate,
timely, current, accurate and accessible.
08/01/2021 21

22. Monitoring
 monitoring of the internal control system is
necessary and help to ensure that internal control
remains turned to the changed objectives,
environment, resources and risks.
 Monitoring can be done on an ongoing basis or
through separate evaluations.
 On going monitoring of internal control occurs in
the course of normal, recurring operations of an
organization.
 It is performed constantly and is ingrained in the
organization's operations.
08/01/2021 22

23. Cont---
 As a result, it is more effective than separate
evaluation as corrective actions are taken
immediately while separate evaluations take
place after the fact.
 Monitoring should also include policies and
procedures aimed at ensuring the findings of
audits and other reviews are adequately and
promptly resolved.
08/01/2021 23

24. Evaluating Internal Controls
 Internal auditors should, evaluate the internal
control system of the Public Body under audit.
 The purpose here is not only to assist the Public
Body to maintain an effective internal control
system but also to determine the audit approach to
be adopted.
 The main responsibility of internal auditors is
Evaluating and reporting of internal controls in
order to recommend improvement and assess the
effectiveness of the internal control system before
they determine the audit approach of a particular
audit.
08/01/2021 24

25. Tools for Evaluating Internal Controls
• Tools for Evaluating Internal Control system
involves :-
Identifying existing controls, documenting
their characteristics and identifying areas
not covered by controls;
Understanding the purposes of existing
controls;
08/01/2021 25

26. Types of tests of controls
There are Two Types of tests of Controls
1. Substantive tests to check whether the output of a
system is correct, for example, to verify whether
the balances in the financial statements are
compiled from the accounting records.
2. Compliance tests to check whether the controls
have been effectively complied with in practice
throughout the period.
08/01/2021 26

27. Types of compliance test
Verification of Documents
• all purchase invoices.
• all purchases covering order, delivery, entry into
stores, payable amount and payment and issue
from stores.
• confirmation by third parties (for example
checking amounts payable to suppliers, or cash
book transactions against bank statements
08/01/2021 27

28. Observation
• Sometimes documentary evidence is missing or
actual procedures differ from official instructions.
• Observation supplements verification of
documents.
• It is necessary for example in counting physical
inventory and the payment of wages when
payment is made in notes and coins.
• It can also be used to see how safes and secure
areas are managed and how documents are kept.
08/01/2021 28

29. Enquiry/ interview
 Actual procedures may differ from designed
procedures.
 Enquiry may be necessary to find out how
staff members interpret and implement
controls and necessary actions.
 Enquiry and interview throw important light
on informal as well as formal procedures.
08/01/2021 29

30. Re-performance
• To test how transactions are in fact handled and
allows comparison between controls as designed
and controls in operation. Alternatively, a task that
has been verified as part of a system of internal
control may be re-verified by the auditor
08/01/2021 30

31. Audit sampling
• Audit sampling’ means the application of audit
procedures to less than 100% of the items within an
account balance or class of transactions to enable
auditors to obtain and evaluate audit evidence about
some characteristics of the items selected forming a
conclusion concerning the population which makes up
the account balance or class or transactions. In order to
arrive valid conclusion using audit sampling not 100%.
to be representative of the population, all items in the
population are required to have an equal chance or
probability of being selected
08/01/2021 31

32. The three methods commonly used in audit
sampling are
 Random selection, ensures that all items in the
population have an equal chance of selection,
(random number tables);
 Systematic selection, involves selecting items using a
constant interval between selections, the first interval
having a random start
 Haphazard selection, Involves disorganized selection
This method requires care to guard against making a
selection which is biased, for example selecting items
which are easily located, as they may not be
representative.
08/01/2021 32

33. Audit Approaches & types
• Audit approaches are the methods or techniques
that auditors use in their audit assignments.
• The main purpose of ascertaining and evaluating
internal controls is to determine the audit
approach to be adopted in the actual audit work.
08/01/2021 33

34. TYPES OF AUDIT APPROACHES
1. The vouching or Substantive audit approach;
2. The system based audit approach;
3. The risk based audit approach
08/01/2021 34

35. The vouching or Substantive audit approach
• Vouching approach involves checking of entries in
the accounting records with the appropriate
vouchers or checking in detail a substantial portion
of all documentary evidences before concluding the
audit because the auditor is not relying on the
client’s internal control over financial reporting so
They go vouching for all material transactions in
statements. this approach is generally used where
the financial reporting system or internal controls
over financial reporting are not reliable.
08/01/2021 35

36. System Based Approach
In the system based approach, the internal auditor
examines and tests the Public Body's internal
control systems to see whether they are perform
appropriate and effective for the Public Body to
achieve its objective from the entity’s management
team, before relying on the system or internal
control, auditors will need to perform a full
understanding of the client’s internal control over
financial reporting. If auditors concluded that the
internal control over financial reporting is strong,
they also need to perform substantive testing but
the volume of transactions is not that large as the
substantive approach
08/01/2021 36

37. The system components
• Systems is vary in nature and purpose
Systems are designed and their operations monitored in
order to enable the organization to meet its objectives.
Systems can be thought of as having five basic
components:
• Objectives
• Inputs
• Processes
• Outputs
• Controls
08/01/2021 37

38. Cont
• Resources (inputs) are processed to provide
results (outputs) in accordance with
predetermined purposes (objectives) and actions
taken or procedures established by management
to ensure that outputs meet the objectives of the
entity
08/01/2021 38

39. Risk based systematic approach
• requires the internal auditor to assess the relative
vulnerabilities of the systems and identify those
systems which are more risky than the others and
should, be audited sooner and more often.
• This approach includes identification of the system,
identification of relevant risk factors, and
assessment of their relative significance
• It’s the most effective of all the other approaches
and mostly used by auditors.
• Auditors need to assess the possible risks areas and
material misstatement that could possibly happen
08/01/2021 39

40. Risk
• Risk refers to the possibility of a system having
so poor internal control that cause the public
body does not achieve its objectives
effectively and efficiently
08/01/2021 40

41. The effect of risk can involve:
1. Failure to adhere to public body's policies, plans,
and procedures, or not complying with
government's laws and regulations;
• An erroneous decision from using incorrect,
untimely, incomplete, or otherwise misleading
information;
• Acquiring resources uneconomically or using them
inefficiently or ineffectively;
• Failure to adequately safeguard assets of the public
body;
• Failure to accomplish established objectives and
goals for operations or programs
08/01/2021 41

42. Risk factors
• Risk factors are the criteria used to identify
the relative significance and likelihood that
events may occur that could harmfully affect
the public body and May include:-
• Adequacy and effectiveness of the system of
internal control.
• Competence, adequacy, and integrity of
personnel.
• Asset size, liquidity, or transaction volume.
• Complexity or volatility of activities.
08/01/2021 42

43. Cont---
• Geographical dispersion of operations.
• Organizational, operational, or economic
changes.
• Acceptance of audit findings and corrective
action taken.
08/01/2021 43

44. Risk assessment
• Risk assessment is a systematic process for
assessing and integrating professional judgments of
the probable adverse conditions and/or events. Risk
assessment process is crucial to the development of
effective audit work schedule. The Head should
generally assign higher audit priorities to systems
with higher risks.
• The Head of Internal Audit can obtain information
from a variety of sources for the risk assessment
process .
08/01/2021 44

45. sources of risk assessment process :
sources of risk assessment process include:-
 Discussion with the management of public body;
 Discussion with external auditors;
 Consideration of applicable government laws and
regulations;
 Review of prior audits.
 Audit priorities determined through the risk
assessment process may be reviewed and
updated continuously.
08/01/2021 45

46. PLANNING AND CONTROLLING INTERNAL
AUDIT
• Planning involves in general establishing objectives,
understanding systems, prioritizing the audit works
including extent of work, determining resource
allocation and other issues and deciding on auditable
activity or area based on risk assessment
• Planning is an essential element in the audit process.
08/01/2021 46

47. Types of Audit Planning
• Types of audit planning Include:-
•Strategic plan
•Periodic plan – Annual plan
•Audit assignments
The first level of planning is the preparation of
the strategic plan, the duration is set to be 5
years. And differ from one audit approach to the
other
08/01/2021 47

48. Preparation of strategic plans
In Preparation Of Strategic Planning Following
steps Should be:-
 Identifying and understanding of the systems of
the public body, it’s operations and environments
in general;
 Assessing the risks and materiality issues
involved in those systems using risk factors and
ranking of those systems based on the
assessment
08/01/2021 48

49. Cont---
 determining audit and their scheduling over the
strategy period (5 years).
 determining which system to be audited, audit
objectives, their frequency, timing, type and nature of
audits and audit techniques to be followed .
 Determining the long term resources needed to
achieve the strategic plan with regard to adequacy of
staffing both in quantity and quality.
 Long term knowledge upgrading such as training
should be addressed to increase the quality of staff.
08/01/2021 49

50. Periodic plan or Annual plan
Preparation
• breaking the strategic plan into periods of audit usually
a year is Called Annual Plan or Periodic Plan
The annual plan is prepared by the Head of the Internal
Audit in consultation with the audit staff and put forward
to management of the public body or Audit Committee for
approval. This process allows the management or the
Audit Committee to review the plan to place emphasis
upon areas that may be have particular interest.
08/01/2021 50

51. Cont---
Audit work plans should be approved in writing by
the management or audit committee of internal
audit prior to the commencement of audit work.
The next step in the planning process, is the
planning of each individual audit assignment based
on the approved annual audit plan.
08/01/2021 51

52. Cont---
the work should be controlled at each level of the
audit to ensure that a continuously effective level
of performance that comply with standards is
being maintained. The overall management
supervision of audit assignments should be
continuously carried out to monitor progress and
assess quality of work and coach staff
these supervision should include:
 Ensuring compliance with internal auditing
standards, public body’s policies and audit plans
& programs.
 Reviewing the allocation of work tasks based on
the experience training and proficiency of staff.
08/01/2021 52

53. Cont---
 Ensuring adequate planning and providing suitable
instructions and briefings of audit staff at the outset
of an audit.
 Approving audit objectives and work plans.
 Ensuring that audits are conducted as planned or
that variations are approved.
 Ensuring that appropriate audit techniques are
used.
08/01/2021 53

54. Cont---
 Ensuring that full and adequate working papers
are maintained that properly document the work
carried out and the conclusions arrived at along
with recommendations are adequately supported
by relevant evidences.
 Maintaining a system of review along with
quality control procedures whereby the work of
each member of the assigned audit staff is
reviewed by a senior member.
 Ensuring that reports are accurate, objective,
clear, concise and timely.
08/01/2021 54

55. Cont---
 Ensuring that the work is achieved within
resource budgets or variations are approved.
•
 Using audit completion check lists to ensure
that important issues are not overlooked.
•
 Maintaining employee performance evaluations
based on predetermined performance measures
and criteria.
08/01/2021 55

56. PERFORMING THE AUDIT (XII)
• This involves the implementation of the audit
procedures, gathering audit evidence and
documenting audit findings, in order to achieve
the engagement or audit objectives in accordance
with the IIA Standard. Internal auditors should
identify, evaluate and record sufficient
information to achieve the engagement objectives
• Internal auditors Should collect Full information
before Producing Reports
08/01/2021 56

57. Audit evidence is information that forms the foundation,
which supports the audit findings and the audit opinion
contained in the audit report. It includes documents and
accounting records underlying the financial statements and
all other information, which is relevant to the auditor's
examination.
Generally audit evidence refers to the information
collected for reviewing the financial transactions of a
company in addition to its internal control practices and
other essential factors required for the certification of
financial statements
08/01/2021 57

58.  internal auditors should identify sufficient,
reliable, relevant and useful information to
achieve the audit objectives.
 Sufficient information is factual, adequate and
convincing so that a prudent, informed person
would reach the same conclusion as the auditor.
08/01/2021 58

59. Cont---
 Competent information is reliable and the best
attainable through the use of appropriate
auditing techniques.
 Relevant information supports audit observations
and recommendations and is consistent with the
objectives of the audit.
08/01/2021 59

60. Sources of Audit Evidence
 Auditor's direct knowledge.
 External Evidence.
 Internal Evidence.
 Corroborative Evidence
08/01/2021 60

61.  Auditor's direct evidence is the most reliable source
of evidence and when available, it should be
preferred to other sources.
 The auditor acquires direct knowledge through
physical inspection,
observation and re-performance.
 External evidence is less reliable than auditor's
direct evidence. And originates from sources
outside the organization being audited.
08/01/2021 61

62. Cont
The evidence gathered from such sources can be:
 Written testimonies/evidences or representations
such as confirmation of accounts receivable and
bank accounts.
 Representations or statements made by third
parties directly to the auditor.
 Externally prepared documentary evidence such
as invoices and bank statements.
08/01/2021 62

63. Cont--
 Internal Evidence is evidence obtained from
within the Client under audit.
This evidence may consist of documentary
evidence such as payment vouchers,
accounting records and reports, oral or written
representation of employees and
management.
 Internal Evidence is less reliable than external
evidence and the auditor's direct knowledge
08/01/2021 63

64. Cont---
 Corroborative/ Support evidence is represented by
consistency of the relationship between different
accounting figures, ratios, trends and the
correlation of information obtained through
analytical auditing techniques.
 the concurrence of physical taking with the
balance recorded in perpetual inventory records
gives of evidence of a far more believable
nature of total inventory than evidence
obtained from physical stock taking or
perpetual inventory records alone
08/01/2021 64

65. Quality of Audit Evidence
 To make sound judgments and conclusions about
the fairness of the accounting information
presented by the organization under audit,
sufficient, competent and relevant evidence must
be gathered.
 Sufficiency, competence and relevance are some
of the determinants of the persuasiveness of the
evidence collected.
 One other determinant of persuasiveness/influenc
that is also considered along with the three
aforementioned is timeliness
08/01/2021 65

66. Quality of Audit Evidence
Audit Evidence Must Be
1. Sufficiency refers to the quantity of evidence
obtained and involves not just how many items
(vouchers) to select but also what items to
select for examination.
2. Relevance must relate to the general audit
objectives for it to be relevant
and may be relevant to one objective but not to
another.
3. Reliability (Competence) is the trustworthiness of
evidence.
08/01/2021 66

67. Cont---
4. Degree of objectivity evidence that requires
considerable judgment to determine whether it is
correct is not as reliable as objective evidence.
Example confirmation of bank balances or physical
count of cash (objective evidence) is more reliable
than confirmation by the client's lawyers of the
likely outcome of outstanding lawsuits against the
client
08/01/2021 67

68. Cont---
5. Timeliness of audit evidence refers to when the
evidence is collected or the period covered by the
audit depending on whether evidence is being
gathered for the balance sheet @ beginning or
income statement @ end of the year
08/01/2021 68

69. Cont----
For balance sheet items, evidence should be
collected as near to the balance sheet date as
possible. For example, the auditor's count of
cash on the balance sheet date would be more
persuasive than if the count was made two
months earlier.
For income statements, the period covered is
important. For example, testing throughout
the year is better than testing a limited period
within the year.
08/01/2021 69

70. METHODS OF COLLECTING AUDIT EVIDENCE
• Methods of Collecting Audit Evidence are
08/01/2021 70

71. Cont---
Inspection is the most efficient method of obtaining
audit evidence and refers to checking all the
documents, records, and physical assets.
The reliability of these documents and records
depends upon the nature and effectiveness of
internal control.
 Observation involves the auditor to look at a
process of procedure being executed by others. This
method can be exemplified by the auditors’
presence at the clients’ physical stock count.
08/01/2021 71

72. Cont----
 Confirmation involves receipt of a written or oral
response from an independent third party, for example
confirmations of bank balances.
 Documentation or vouching involves agreeing amounts
of two or more different documents.
 Physical examination is counting by the auditor of
tangible assets. involves the examination of arithmetical
accuracy of source documents and accounting records.
also involve performing individual calculations.
 Inquiry refers responding to any inquiry to substantiate
information in the accounting records. These responses
might provide the auditor with info which is not
previously possessed by him or even with corroborative
08/01/2021 72

73. 08/01/2021 73

74. Materiality during Audit Execution
 During audit execution, it is important to
determine materiality levels of evidences.
 Material in general context is the determination of
materiality by considering the sum total of
individual errors which are not material may be
material.
 Materiality can be considered from three points of
view
materiality by amount,
materiality in general context and
08/01/2021 74

75. Cont---
 Material by nature is a situation whereby
although the amount may not be significant but
the nature of the finding for example,
misappropriating a small amount of fund for personal
use may be material.
 Materiality by amount is an arbitrary
determination where by more than for example,
5% in errors considered material.
08/01/2021 75

76. Audit Completion
 At the end of the field audit, a summary of the
results of the internal auditors work is made and
the achievement of the audit objective is
evaluated, Once the audit findings are
documented, the internal auditor needs to
evaluate the findings as a basis for reaching a
conclusion on the audit objectives
08/01/2021 76

77.  Audit Completion involves several steps:
Review of the updated permanent audit file.
Review of the current audit working papers.
Clearance of any remaining audit queries.
Review of the summary of audit findings.
Review of the actions taken on
recommendations contained in the previous
audit report.
Review of the Exit Conference notes.
Review of the draft audit report.
Compilation and review of audit check list
08/01/2021 77

78. REPORTING AUDIT WORK
 The most important aspect of any audit is
reporting as an audit not reported and actions
not taken on findings and recommendations is a
waste of resources utilized during the audit.
 Audit findings are much more than simple
opinions.
The audit process is a time taking careful
process for building up very specific
information, as it must result in reliable and
relevant information, sufficient to support
reasonable conclusions
08/01/2021 78

79. Cont---
A reasonable conclusion is one, which is
objective and fully supported by the evidence.
An auditor using the same audit methodology could
repeat the audit and arrive at the same conclusion
Findings should be based on the following attributes
Criteria:-The policies, procedures, directives,
regulations, laws, standards, measures, or
expectations in making an evaluation and/or
verification (what should exist).
08/01/2021 79

80. Condition: The factual evidence which the internal
auditor found in the course of the examination
(what does exist). If there is a difference between
the expected and actual conditions.
Cause: The reason for the difference between
the expected and actual conditions (why the
difference exists).
Effect: The risk or exposure the auditee
organization and/or others encounter because
the condition is not the same as the criteria (the
impact of the difference).
08/01/2021 80

81. Cont---
Auditors drafting their final conclusions at the
end of their audits.
Head of Internal Audit carrying out further
evaluation of the validity of conclusions,
Redrafting these conclusions as audit findings
08/01/2021 81

82.  Validity of the audit findings is an
important over-riding consideration
 Audit reports are intended to be read. So it is
important to consider the needs of readers.
The main readers are the Heads of the Public
Bodies and other stakeholders or users.
08/01/2021 82

83. Characteristics of effective audit reports
 An effective audit report is one, which is
objective, clear, concise, constructive and
timely.
Objective reports are factual, unbiased, and
free from distortion.
Findings, conclusions, and recommendations
should be included without prejudice.
08/01/2021 83

84. Cont---
Clarity can be improved by avoiding unnecessary technical
language and providing sufficient supportive information.
Concise reports are to the point and avoid unnecessary detail.
Auditors Should express findings completely in the fewest
possible words.
Constructive reports are those which, as a result of their
content and tone, help the organization to make the
necessary improvements where needed.
Timely reports are those, which are issued without
unnecessary delay and enable on time and effective action to
be taken
08/01/2021 84

85. Content and format of audit reports
Audit report formats contain the purpose,
scope, and results of the audit.
 Purpose statements should describe the audit
objectives and may, where necessary, inform the reader
why the audit was conducted and what it was expected
to achieve
 Scope statements should identify the audit activities.
 Results may include findings, conclusions (opinions),
and recommendations.
08/01/2021 85

86. Cont---
Findings are relevant statements of fact.
 Those findings, which are necessary to
support or prevent misunderstanding of the
internal auditor’s conclusions and
recommendations, should be included in the
final audit report.
 Less significant information or findings may be
communicated orally or through informal
correspondence.
08/01/2021 86

87. Cont---
Conclusions (opinions) are the internal auditor’s
evaluations of the effects of the findings on the
activities reviewed.
Conclusions may cover the entire scope of an
audit or specific aspects.
 They may cover whether the Public Body’s
objectives and goals are being met, and whether
the activity under review is functioning as
intended.
08/01/2021 87

88. Conti---
Recommendations are based on the internal
auditor’s findings and conclusion.
They call for action to correct existing conditions or
improve operations.
Recommendations may suggest approaches to
correcting or enhancing performance as a guide for
management in achieving desired result.
Recommendations may be general or specific.
08/01/2021 88

89. Steps in the preparation of audit report
 The preparation of audit reports requires considerable care and
through the following steps:-
• Knowing the purpose of the report;
• Planning the report (prepare an outline);
• Gathering data to be included in the report including evidences
supported by working papers.
• Sorting the date to fit in the outline;
• Writing the first draft;
• Discussion with the auditee so that issues considered not
important can be dropped and the report concentrates on
significant matters;
• Editing the final report
08/01/2021 89

90. Cont---
Internal auditors should bear in mind that
there is no report that cannot be improved;
however, it may have to be rewritten many
times.
It is the responsibility of the Head of Internal
audit to ensure that audit reports reach high
standards of relevance and readability
08/01/2021 90

91. Cont---
The Head should examine all draft audit
conclusions for relevance, robustness,
proficiency of language, clarity, tactfulness,
helpfulness and positive tone.
 The reader should be treated as a friend rather
than an enemy.
08/01/2021 91

92. Stages of audit reports
Writing audit reports entail
drafting,
redrafting,
discussing,
eliminating redundant information, and so on.
It requires patience and care.
 process is meaningful at the end of the day
as it guarantees that internal audit reports will
be read and understood.
08/01/2021 92

93. cont
The internal auditor should hold Exit
Conference to discuss conclusions and report
recommendations at appropriate level of
management before issuing the final report.
 The discussion will help to ensure that there
have been no misunderstandings of facts by
providing the opportunity for the auditee to
clarify specific items and to express views on
the findings, conclusions, and
recommendations.
08/01/2021 93

94. Cont---
 Draft report of audit findings submitted by the
Head of Internal Audit to the Head of the Public
Body for discussion (interim);
 Final report of audit findings formally submitted
to the Head of the Public Body and Bureau Of
Finance and Development in a timely manner.
08/01/2021 94

95. Follow-up
The responsibility of the Chief Internal Auditor in
particular and the internal auditors in general to
maintain a follow-up process to assure that
proper action has been taken on the
recommendations contained in the internal audit
report.
the Chief Audit Executive should establish a
follow-up process to monitor and ensure that
management actions have been effectively
implemented or that senior management has
accepted the risk of not taking action.
08/01/2021 95

96. Documentations
 Documentation is a process of
recording, assembling and organizing knowledge.
 In relation to auditing this knowledge is the
evidence compiled in working papers supporting
audit assertions.
 Working papers are the records kept by the
auditor of the audit procedures applied, the tests
performed, the information obtained and the
pertinent conclusions reached in the audit
engagement.
08/01/2021 96

97. Cont---
 Working papers should include all the
information necessary to conduct the
examination adequately and provide support
for the audit report.
08/01/2021 97

98. Objectives of Documentation
 Provides a historical record of the information
collected during the conduct of audits.
 Provides a record of the audit tasks performed.
 Identifies audit objectives and methods chosen
as a basis for planning future audits and for
review purposes.
08/01/2021 98

99. Cont--
 Allows an audit supervisor or manager to
make an interim review of what has been
done during the audit to date.
 Allows an audit supervisor or manager to
carry out final assessment of the validity of
draft audit conclusions before they are
expressed as audit findings.
 Provides support for audit findings and
evidence of compliance with the internal audit
standards.
08/01/2021 99

100. Cont--
 Establishes a record for the purposes of peer
review.
 Provides a framework for further review in cases
where management disagrees with audit findings
and the audit methods and conclusions have to
be reassessed.
 Provides a framework of control whereby
delegated work is monitored
08/01/2021 100

101. Principles of Documentation
A) Consistency and Standardization
When carrying out audits, internal auditors should
use consistent reporting methods.
 Consistency is achieved by using the standard
formats appearing in the Internal Audit Manual
Completing the recommended formats will make
documentation easier to understand and review
08/01/2021 101

102. b) Accuracy and Timeliness
 Documentation should accurately reflect the
tests planned, the tests carried out and the result
of these tests.
 There should also be documents that show the
timing of the work carried out.
08/01/2021 102

103. Cont---
c) Clarity and Conciseness
 The aim is to provide working papers that will
make it easy to understand the way the audit
was carried out.
 For this, the working papers should be well
organized and cross-referenced with clear and
concise language and structure.
 The information recorded should be sufficient
for the purposes of subsequent review by
someone other than the responsible auditor.
08/01/2021 103

104. d) Completeness
 The audit papers should be complete in the
sense of covering the whole audit, the tests
carried out, the meetings held, the queries
raised, management responses and the draft
conclusions reached.
e) Authorship and Review
 Audit papers should reveal who carried out each
piece of work.
 working papers should be reviewed.
 Information regarding the identity of reviewers
and their instructions/advice should be
documented.
08/01/2021 104

105. f) Confidentiality
 Audit working papers are in principle
confidential.
 The Head of the Internal Audit unit may decide
to share audit working papers, only if there is
good reason.
 If the external auditor or the Bureau of Finance
and Economic Development requests access, this
is good reason in itself. If, in the case of fraud,
the police or a court of law requests information,
the Head of Internal Audit will comply.
08/01/2021 105

106.  When access is requested, the circumstances,
reasons, persons with whom information was
shared and the information shared should be
recorded in permanent files.
 principle of confidentiality prevents the sharing
of audit information with third parties (e.g.
suppliers).
 As audit working papers are confidential,
measures should be taken to restrict access to
them.
08/01/2021 106

107. Content of Working Papers
working papers should contain the following
aspects of the audit process:
Planning;
Examination and evaluation of the adequacy
and effectiveness of the system of internal
control;
The auditing procedures performed, the
information obtained and the conclusions
reached;
08/01/2021 107

108. Cont---
Review;
 Reporting;
 Follow-up; and,
 Governance and organizational aspects.
These and other aspects of documentation
should be kept in an orderly and organized
manner in two files: Permanent File and
Current File.
08/01/2021 108

109. Permanent File
Permanent file is used for retaining key
information of continuing audit relevance, which
changes little from year to year. It contains data
of historical or continuing nature pertinent to the
audit
The permanent file typically includes:
• Extracts or copies of the Public Body’s documents
that deal with the organizational aspects. It
includes organization structure (chart);
organizational history detailing authority and duty;
08/01/2021 109

110. Conti---
• Proclamations dealing with establishment,
organizational authority and responsibility, job
descriptions and general organizational issues and
other documents showing how the Public Body is
organized, sub-divided, managed, staffed and directed
08/01/2021 110

111. Cont---
 Information related to the understanding of
the accounting system, internal control
structure and assessment of control risk. This
includes accounting policies, flow charts,
internal control questionnaires or internal
control/evaluation, manuals, organizational
chart, systems descriptions and notes along
with specimen of documents, and other
information on internal control and
accounting system;
08/01/2021 111

112. Cont---
 Information relating to understanding the rules
and regulations pertaining to activities within the
Public Body. This is with respect to directives,
statement of policies, rules, regulations,
proclamations, internal instructions and manuals;
 The results of previous years' audit. This includes
previous audit findings, management actions and
follow-up, weak areas, outstanding audit queries,
and matters deserving continuous follow-up;
08/01/2021 112

113. Conti---
• Other relevant information of continuing nature.
For instance, details of contracts, committee
members (e.g. tender committee), key personnel
who authorize various types of decisions, details of
projects being implemented along with
agreements, all bank accounts, signatories,
authority limits, safes, stores and other information
like plans, etc.
• Correspondence with the Head of the Public Body,
Audit Committee and outside parties concerning
various issues.
08/01/2021 113

114. Current Files
 The current files include all working papers
applicable to the year under audit.
 They contain relevant information of the audit
for the current year
 Contents of Current File include:-
 General information – This includes such items
as audit planning memos, abstracts or copies of
minutes or contracts or agreements not
included in permanent files, notes on discussion
with management,
08/01/2021 114

115. Cont---
 working paper review comments, check lists,
time summaries and comparison with budget,
financial statements, etc.
 Audit report – This is the final output of the
audit process. It includes the final and draft
version.
 Audit program, which is initialed when each
procedure is performed. It is reviewed and
approved. It is cross-referenced with each
section of the audit procedures.
08/01/2021 115

116. Conti---
 Financials Statements – This is relevant in financial
audit.
 Trial balance – list of accounts with their balance
supporting financial statements. This is relevant in
financial audit.
 Schedules and working papers prepared by the
internal auditor in performing certain audit
procedure.
08/01/2021 116

117. 117
08/01/2021