An operational audit evaluates an organization's operations and processes to assess effectiveness and efficiency in meeting goals. It analyzes structure, controls, procedures, and performance. The audit provides recommendations to improve and a report to management. The 6-phase process includes risk assessment, control identification, testing, reporting, and issuing a final report to managers and oversight bodies. The objective is to understand responsibilities, risks, controls, and provide an understanding of reliability, efficiency, and compliance.
An internal audit is designed to review what a company is doing in order to identify potential threats to the organization's financial health and profitability and to make suggestions for mitigating the risk associated with those threats.
An internal audit is designed to review what a company is doing in order to identify potential threats to the organization's financial health and profitability and to make suggestions for mitigating the risk associated with those threats.
Presentation by Ian Ball, chief executive officer of the International Federation of Accountants, at the L'Institut des Réviseurs d'Entreprises’ European Study Day conference in Brussels, Belgium, which details the societal role of the audit, the need for adoption of accrual-based accounting by governments and public sector institutions, and IFAC’s commitment to global convergence of international standards.
This presentation is an overview of SA 220 (R). Prepared with Prof. S. Sircar.
Dr. Soheli Ghose ( Ph.D (University of Calcutta), M.Phil, M.Com, M.B.A., NET (JRF), B. Ed).
Assistant Professor, Department of Commerce,St. Xavier's College, Kolkata.
Guest Faculty, M.B.A. Finance, University of Calcutta, Kolkata
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
This presentation is my endeavor to bring to notice the new position that internal audit enjoys today in the corporate framework, expectations of the industry and emerging opportunities for the professionals.
What is the purpose of internal auditing? How important is it to the business? How are internal audits planned and carried out? These slides show the relevance of internal audit to the business, how internal audits relate to the objectives and risks of the business, how they are planned and the work involved in an internal audit. Further advice is available from www.internalaudit.biz
Presentation by Ian Ball, chief executive officer of the International Federation of Accountants, at the L'Institut des Réviseurs d'Entreprises’ European Study Day conference in Brussels, Belgium, which details the societal role of the audit, the need for adoption of accrual-based accounting by governments and public sector institutions, and IFAC’s commitment to global convergence of international standards.
This presentation is an overview of SA 220 (R). Prepared with Prof. S. Sircar.
Dr. Soheli Ghose ( Ph.D (University of Calcutta), M.Phil, M.Com, M.B.A., NET (JRF), B. Ed).
Assistant Professor, Department of Commerce,St. Xavier's College, Kolkata.
Guest Faculty, M.B.A. Finance, University of Calcutta, Kolkata
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
This presentation is my endeavor to bring to notice the new position that internal audit enjoys today in the corporate framework, expectations of the industry and emerging opportunities for the professionals.
What is the purpose of internal auditing? How important is it to the business? How are internal audits planned and carried out? These slides show the relevance of internal audit to the business, how internal audits relate to the objectives and risks of the business, how they are planned and the work involved in an internal audit. Further advice is available from www.internalaudit.biz
Chapter 9Audit Risk AssessmentPrepared by Dr Phil Saj1.docxmccormicknadine86
Chapter 9
Audit Risk Assessment
Prepared by Dr Phil Saj
1
Learning objectives
Appreciate the importance of audit risk assessment and why it is linked to financial statement assertions.
Explain the importance of business risks in audit planning.
Describe the procedures performed by an auditor to assess risk.
Appreciate the importance of internal control to an entity and to its independent auditors.
2
Learning objectives
Indicate the procedures for obtaining and documenting an understanding of the entity’s internal control.
Explain why and how a preliminary assessment of control risk is made.
Explain the importance of the concept of audit risk and its three components.
3
Management’s financial statement assertions
Existence or occurrence
Assets or liabilities of the entity exist at a given date and whether recorded transactions or events have occurred during the period.
Completeness
Transactions, events and accounts that should be presented in the financial statement are included.
Cut-off
All transactions, events and accounts have been recorded in the correct period.
4
Management’s financial statement assertions
Rights and obligations
Assets represent rights of the entity and liabilities
are the obligations of the entity at a given date.
Valuation and allocation
Asset, liability, components have been included in the
financial statements at the appropriate amounts.
Accuracy
Transactions have been appropriately recorded
in the proper accounts.
5
Management’s financial statement assertions
Presentation and disclosure
Particular components of the financial statements are
properly classified, described and disclosed.
Refer to the textbook Table 9.1, page 363, for illustrations of each of these assertions.
6
Business risk assessment
A business risk approach allows the auditor to:
Identify threats faced by the organisation.
Recognises that most business risks will eventually
have an effect on the financial statements.
Increase the chances of identifying risks of material
misstatements in the financial reports
Categories of business risk:
Financial risk
Operational risk
Compliance risk
7
Risk assessment procedures
Enquiries
Management, staff, internal auditors, company bankers,
legal advisors.
Analytical procedures
Provide a broad indication of the likelihood of possible
errors.
Observations and inspections
Inspection of manuals, visiting business premises,
observing procedures taking place.
8
Importance of internal control
The Committee of Sponsoring Organisations (COSO) of
the Treadway Commission defines internal control as:
a process, effected by an entity’s board of directors,
management and other personnel, designed to
provide reasonable assurance regarding the
achievement of objectives in the following categories:
Effectiveness and efficiency of ...
The most comprehensive definition of internal audit is given by the IIA, USA. It is,
"Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes."
The purpose of the presentation is to provide clarification for a better understanding of what internal audit definition, objectives, functions, stages and reporting are all about? What difference does it make in the presence of an external audit? How different is its scope from that of the external audit? How internal audit standards contribute to better performance of internal audit work and its reporting to the Board or Audit Committee?
This Slideshare presentation is a partial preview of the full business document. To view and download the full document, please go here:
http://flevy.com/browse/business-document/audit-report-model-and-sample-268
This document "Audit Report: Model and Sample" contains a model of an audit report and a real sample from an IT Audit assignment (data of client not disclosed for privacy and confidentiality issues).
This has been used effectively in various types of internal and external audit assignments as well as consulting assignments, especially in reviewing internal controls for all types of companies.
Internal auditing departments are led by a chief audit executive ("CAE") who generally reports to the audit committee of the board of directors, with administrative reporting to the chief executive officer (In the United States this reporting relationship is required by law for publicly traded companies).
1. AY
Abdoulaye M Yansane
Operational Audit: Evaluation made of management's performance and conformity with
policies and budgets. The organization and its operations are analyzed, including appraisal of structure, controls,
procedures, and processes. The objective is to appraise the effectiveness and efficiency of a division, activity, or operation
of the entity in meeting organizational goals. Recommendations to improve performance are also made. The primary user
of an operational audit is management. However, an operational audit is slightly different from a Management Audit since
it concentrates on the organization. Many companies maintain internal audit staffs for the sole purpose of performing
operational audits on a recurring basis. For each review, management receives a report from the audit team that will
indicate how well the activities are performed, suggest improvements, and offer other conclusions drawn from the work.
Operational Audits
An Operational Audit Process [.pdf] is designed to:
understand the responsibilities and risks faced by an auditable faculty, department, unit or process (Hierarchy of
Concerns for Audit [.pdf]) and (Risk Assessment Overview Chart [.pdf]);
assess the level of control exercised by management;
identify, with management participation, opportunities for improving control;
provide senior management of the University and the Audit Committee of the Board of Governors (and thus the
Board of Governors) with an understanding of the degree to which management has achieved its responsibilities
and mitigated the risks associated with the operation of the University. This includes:
o reliability and integrity of financial and operational information;
o effectiveness and efficiency of operations;
o safeguarding of assets;
o compliance with laws, regulations, and contracts.
Normally, this involves the following six phases:
1) Pre-audit process
The process normally begins with an introductory meeting to inform the unit's senior management that an audit will take
place, to explain the process, and to gather background information.
Following the introductory meeting, the auditor performs a preliminary gathering of information using various sources of
information (for example, the unit's web site) to identify the possible components and concerns. At the end of this stage,
a binder is prepared and is used in the risk assessment meeting with the auditees.
2) Risk assessment meeting with auditee
The risk assessment meeting involves the key managers of the department or faculty or unit to be audited. One objective
of the risk assessment meeting is to obtain confirmation of the components (i) and major concerns of the unit (ii).
The key managers also perform an assessment of the importance of each concern (low, medium or high) for each
component. They are also requested to perform a voting exercise to compare and rank the components and concerns.
This step is preferably completed during the meeting, but may be completed separately with each manager.
The result is a risk template. The high-risk areas identified by management will then provide the focus for the audit
project.
3) Control matrix
The auditor meets with the managers of the high-risk areas to identify the key management objectives and the key control
activities (iii) performed. After these meetings, the auditor documents the key management objectives and the key
controls.
The lack of key controls identified, referred to as control design issues, is also documented in the matrix.
Once the first draft of the control matrix is completed, it is sent back to the managers for confirmation and validation.
The lack of key controls (control design issues) is also discussed with management.
The key controls identified in the matrix represent the controls to be tested in the next phase.
4) Test design
Once the matrix has been agreed upon with management, the auditor designs the test procedures for the identified key
controls. The auditor prepares a test design for each key control activity identified in the matrix.
The testing plan is reviewed before the testing phase begins. The testing phase usually requires the auditor's presence in
the department to conduct interviews, examine documents, and obtain explanations.
The auditor documents the results of the tests, the conclusion, and any proposals. During testing, the auditor also
discusses preliminary findings with individual managers.
The test results become the basis for the first draft of the audit report.
2. 5) Report drafting
After the previous stages have been completed, the auditor can produce a draft report to be presented and discussed with
management. The draft report uses the following standard structure:
Memo
Conclusion
Background information
Scope
Objectives
Proposals
Risk template and key controls as an appendix
Other appendices
The report review and discussion process is designed to arrive at agreed action plans to resolve identified issues. Any
management-accepted risks and differences of opinion are also reported.
The report drafting process involves meetings with increasingly senior levels of the management hierarchy until the report
has both the moral and monetary (if needed) support for the issues raised.
6) Final audit report
The final report is distributed to all managers of an audited unit, the relevant members of senior management, the Vice-
Principal, (Administration and Finance), the Chair of the Audit Committee of the Board, and the external auditors.
(i) Components: Represent the principal deliverables of the unit (products, services or processes.
(ii) Concerns: Represent the events that could prevent the audited unit from achieving its objectives.
(iii) Controls: Any action taken by management, the board, and other parties to enhance risk management and increase
the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the
performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved.