SlideShare a Scribd company logo

PART II INTERNAL AUDITING in local government.ppt

•Download as PPT, PDF•
•
C
CamellaCandon

internal auditing in local government

Government & Nonprofit
1 of 104
PART II
DEFINITION AND SCOPE OF INTERNAL AUDITING
DEFINITION OF INTERNAL AUDITING1 “AN INDEPENDENT AND OBJECTIVE ASSURANCE AND CONSULTING ACTIVITY DESIGNED TO ADD VALUE AND IMPROVE AN ORGANIZATION’S OPERATIONS. IT HELPS AN ORGANIZATION ACCOMPLISH ITS OBJECTIVES BY BRINGING A SYSTEMATIC, DISCIPLINED APPROACH TO EVALUATE AND IMPROVE THE EFFECTIVENESS OF RISK MANAGEMENT, CONTROL AND GOVERNANCE PROCESSES”. 1 INTERNATIONAL PROFESSIONAL PRACTICES FRAMEWORK (1999)
DEFINITION OF INTERNAL AUDITING2 “THE EVALUATION OF MANAGEMENT CONTROL AND OPERATIONS PERFORMANCE AND THE DETERMINATION OF THE DEGREE OF COMPLIANCE WITH LAWS, REGULATIONS, MANAGERIAL POLICIES AND CONTRACTUAL OBLIGATIONS. IT IS THE APPRAISAL OF THE PLAN OF ORGANIZATION AND ALL THE COORDINATE METHODS AND MEASURES TO RECOMMEND COURSES OF ACTION ON ALL MATTERS RELATING TO MANAGEMENT CONTROL AND OPERATIONS AUDIT. 2 PHILIPPINE GOVERNMENT INTERNAL AUDIT MANUAL (PGIAM-2011), DEFINITION IN “THE ADMINISTRATIVE CODE OF 1987” AND P.D. 1445
SCOPE OF INTERNAL AUDITING The internal audit activity must evaluate the adequacy and effectiveness of controls in responding to risks within the organization’s governance, operations and information systems regarding the: • Achievement of the organization’s strategic objectives; • Effectiveness and efficiency of operations; • Reliability and integrity of financial and operational information; • Safeguarding of assets; and • Compliance with laws, rules, regulations, standards policies, procedures and contracts.
SCOPE INTERNAL AUDIT VIS-À-VIS EXTERNAL AUDIT (COMMISSION ON AUDIT)
ADMINISTRATIVE ORDER 278 SERIES OF 1992 SECTION 1 1.1 The Internal Audit Service (IAS) shall be an integral part of the office/organization and shall assist the institution management in the effective discharge of its responsibilities insofar as the same would not encroach on or be adversarial with those of the auditors of the Commission on Audit.
ADMINISTRATIVE ORDER 70 SERIES OF 2003 SECTION 1. Second Paragraph – The IAS shall be an integral part of the office and shall assist in the management and effective discharge of the responsibilities of the office, without intruding into the authority and mandate of the Commission on Audit (COA), granted under the Constitution.
DUTIES, FUNCTIONS AND RESPONSIBILITIES OF IAS As mandated by MalacaĂąang Administrative Order No. 278, Series of 1992
1. The IAS activities shall include the following: a. Ascertaining the reliability and integrity of financial and operational information and means used to identify measures, classify and report such information; b. Ascertaining the extent of compliance with established policies, and applicable laws and regulations, and reviewing the system established to ensure compliance with government policies, plans and procedures, laws and regulations which could have a significant impact on operations;
c. Ascertaining the extent to which the assets and other resources of the institutions are accounted for and safeguarded from losses of all kinds; e. Reviewing operations or programs to ascertain whether or not results are consistent with established objectives and goals and whether or not such programs are being carried out as planned; d. Reviewing and evaluating the soundness, adequacy and application of accounting, financial and other operating controls and promoting the most effective control at reasonable cost;
f. Evaluating the quality of performance of groups/individual in carrying out their assigned responsibilities; and g. Recommending corrective actions on operational deficiencies observed.
2. In addition to its above duties, the IAS may be called upon to perform special assignments by the Head of the Agency. However, it shall not be responsible for or required to participate in procedures which are essentially a part of a regular operating activities or in operations which are primarily responsibility of another unit in the organization. The IAS shall be detached from all functions of routine operating character, such as the following: a. Pre-audit of vouchers and counter- signature of checks;
d. Development and installation of systems and procedures; however, in exceptional cases, the internal auditor may assist by way of giving suggestions preferably during the development stage; b. Inspection of deliveries, although the internal auditor may, as part of his examination, observe inspection; C. Preparation of treasury and bank reconciliation statements;
e. Taking physical inventories; however, the internal auditor may review the plans in advance and observe the test- check the accuracy of counting, costing and summarizing; f. Maintaining property records; and g. All other activities related to operations.
AUDIT FUNCTIONS AND TOTAL QUALITY APPROACHES Today, more and more audit functions are implementing quality improvement programs which are a significant departure from the traditional approach. These total quality approaches are characterized by: • Focusing on the areas of highest risk to the organization.
• Working paper documentation that meets the evidence requirements of the IIA’s Standards but which are quickly prepared and are often computer-based. • Reporting methods and styles that better fit the needs of those for whom the reports are intended. • Audit team approach using facilitators, subject-matter-experts from the organization being audited, etc.
• Encouraging management to request internal audit reviews rather than have to impose them on an organization. • Self-assessment reviews where the organization being reviewed performs the review as a team facilitated by internal auditors.
Purpose, Authority and Responsibility The purpose, authority, and responsibility of the internal auditing activity must be defined in an internal audit charter, consistent with the Definition of Internal Auditing, the Code of Ethics and the Standards. The Chief Audit Executive should seek approval of the charter by senior management and final approval by the board. The internal audit charter establishes the internal audit activity’s position within the organization; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities.
Purpose, Authority …continued… Throughout the world internal auditing is performed in diverse environments and within organizations which vary in purpose, size and structure. In addition, the laws and customs within various countries differ from one another . These differences may affect the practice of internal auditing in each environment. The implementation of the Standards for the Professional Practice of Internal Auditing, {now in the International Professional Practices Framework (IPPF)} therefore, will be governed by the environment in which the internal auditing department carries out its assigned responsibilities.
Purpose, Authority and…continued… Compliance with the concepts enunciated by the International Standards for the Professional Practice of Internal Auditing is essential before the responsibilities of internal auditors can be met. As stated in the Code of Ethics, members of the Institute of Internal Auditors, Inc. and Certified Internal Auditors shall adopt suitable means to comply with the International Standards for the Professional Practice of Internal Auditing.
INTERNAL AUDIT SERVICES
INTERNAL AUDIT SERVICES  ASSURANCE SERVICES  CONSULTING SERVICES (IPPF) ADVISORY SERVICES (IASPPS)
Assurance Services involve the internal auditor’s objective assessment of evidence to provide an independent opinion or conclusions regarding an entity, operation, function, process, system, or other subject matter. The nature and scope of the assurance engagement are determined by the internal auditor.
There are generally three parties involved in assurance services; (1) the person or group directly involved with the entity, operation, function, process, system, or other subject matter – the process owner, (2) the person or group making the assessment – the internal auditor, and (3) the persons or group using the assessment – the user. Examples may include financial, performance, compliance, system security, and due diligence engagements.
Advisory (Consulting) Services are advisory in nature, and are generally performed at the specific request of an engagement client. The nature and scope of the advisory (consulting) engagement are subject to the agreement with the engagement client.
Advisory (Consulting) services generally involve two parties: (1) the person or group offering the advice – the internal auditor, and (2) the person or group seeking and receiving the advice – the engagement client. When performing consulting services the internal auditor should maintain objectivity and not assume management responsibility. Examples include counsel, advice, facilitation, and training.
INTERNAL AUDIT APPROACHES
AUDIT APPROACHES • TRADITIONALAUDIT APPROACH • RISK – BASED AUDIT APPROACH • CONTROL SELF ASSESSMENT (CSA)
TRADITIONAL AUDIT APPROACH Derived from the Report of the Special Advisory Committee on Internal Accounting Control (Minahan Committee) • System Documentation and Evaluation • Program Development • Testing • Report Development
ADVANTAGES • Obtaining detailed coverage of potentially risky areas every three to five years • Comprehensive coverage of financial and accounting functions • Because of the extensive nature of these audits, coverage is often completed on a three or five year cycle, not annually • Audit coverage is very detailed and very expensive. DISADVANTAGES ADVANTAGES AND DISADVANTAGES OF TRADITIONAL APPROACH
ADVANTAGES DISADVANTAGES • Professionally qualified audit staff • Independence from operating managers • Assurance that controls are in place at a given point in time for a given entity. • Coverage often only addresses accounting controls, not the higher risk and higher value-added operating controls • Audit staff skills are narrowly focused on acctg and finance issues • Audit staff is not only independent but isolated from the operating functions.
Internal Control System can help management manage or control the degree of business risk inherent in any business operation. Internal control is a risk management process. RISK-BASED AUDITING “Internal Control Systems” – “Risk Management Systems”
Fundamental to COSO Model and to risk management:  Objectives are established and communicated.  risk is dependent upon people, organization, climate, characteristics , situational pressures, and conditions of opportunity.
Primary Causes of Fraud (Study of KPMG Peat Marwick) 1. Poor internal control 2. Collusion between employees and a third party 3. Management override of internal controls 4. High-risk industry where there was a risk of decline or loss The system of internal control must address the “red flags” that might herald management or employee override of the internal controls.
NEW PARADIGM SHIFT: 1. New definition of control: Control is broadly defined and includes both formal and informal controls. 2. Total Quality: TQM demands participative team approaches to problem identification and solution development. 3. Management/Employee Expectations: Managers and employees expect tools that add value to their own arsenal of resources.
RISK-BASED AUDIT METHODOLOGY: 1. Determine the key risks or objectives which internal auditors should address 2. Identify limits of risk used by management or deemed appropriate to controlling the processes designed to achieve the objectives (reduce the risk of failure)
3. Conduct initial survey and form hypothesis regarding how well the risk appears to be controlled or how well controls appear to ensure achieving the objectives. 4. Verify through the most cost-effective means the validity of the hypothesis. 5. Report results
ADVANTAGES DISADVANTAGES • Extremely cost effective • Focuses on areas of highest risk, thus adds greatest value to the organization • Helps managers with problems of importance to them. • Requires significant auditor experience and judgment • Requires auditors to change their paradigm • Requires significant interface with management and employees RISK BASED AUDIT METHODOLOGY
ADVANTAGES DISADVANTAGES • Uses ideas and concepts understood by managers rather than by auditors only. • Provides opportunity to train management and employees on how controls work to achieve business objectives of importance to them. • May not provide an overall assessment of the organization’s system of internal control.
CONTROL SELF-ASSESSMENT (CSA) CSA is a relatively new method for examining and evaluating the organization’s system of internal control. It is an amalgam of traditional internal auditing concepts, risk analysis, and self assessment approaches. CSA has the following elements: 1. Front-end planning and preliminary audit work.
2. The gathering of a group of people into a same time/same place meeting, - study of relationships among elements of information (for example fluctuation in recorded interest expense compared to changes in related debt balances) typically involving a facilitation seating arrangement (U-shape table) and a meeting facilitator. The participants are “process owners” – management and staff who are involved with the particular issues under examination, who know them best, and who are critical to the implementation of appropriate process control.
3. Structured agenda which the facilitator uses to lead the group through an examination of the process’s risks and controls. Frequently, the agenda will be based on a well-defined framework or model so that participants can be sure to address all necessary issues framework for that project. 4. Optionally, the presence of a scribe to take an on-line transcription of the session and of electric voting technology to enable participants to anonymously voice their perceptions of the issues. 5. Reporting and the development of action plans
CSA’s BASIC PHILOSOPHY Is that the control is the responsibility of all employees in the organization. The people who work within the process, including employees as well as the managers of the process, are asked for their assessments of risks and controls in their process.
ADVANTAGES DISADVANTAGES • Uses ideas and concepts understood by managers rather than by auditors only. • Provides opportunity to train management and employees on how controls work to achieve business objectives of importance to them. • Requires significant planning and coordination • Provides only a high- level review of the organization’s internal controls. CONTROL SELF-ASSESSMENT
CONTROL SELF-ASSESSMENT • Very cost effective. • Provides overall, annual assessment of the organization’s system of internal control • Helps managers with problems of importance to them. • Requires significant facilitation skills and team leading ability. • Requires auditors to change their paradigm • Requires significant interface with management and employees. ADVANTAGES DISADVANTAGES
ADVANTAGES DISADVANTAGES • Fosters buy-in to recommendations and action plan since employees participated in their development CONTROL SELF-ASSESSMENT
INTERNAL AUDIT PRACTICE
INTERNAL AUDIT PRACTICE INTERNAL AUDITING ACTIVITIES • Internal Control Audits • Compliance Audits • Fraud Audits • Operational Audits • Other Internal Control Audits The objective of internal control audits is to apprise management of how adequately a particular system of internal control provides reasonable assurance that objectives are achieved.
Compliance Audits Compliance audits are largely focused on apprising management of the degree of compliance with established policies, laws, procedures, regulations, contractual provisions, etc. Fraud Audits (Forensic Auditing) Where fraudulent activity is present or suspected, specialized audit activities maybe performed to assist management in detecting or confirming the presence and extent of fraud and in providing necessary evidence for legal purpose. Also called forensic auditing or investigative auditing.
Operational Audits Stating the obvious, operational audits are audits of operations. They focus on the ability of an organization to achieve its business objectives in the areas of efficiency and effectiveness. Efficiency – is a measure of the ability of a process to function at a low cost in relation to similar or alternative processes Effectiveness - is a measure of the ability of a process to accomplish its functional objective.
OTHER AUDIT ACTIVITIES : Internal Auditors may be asked to participate in many other activities for their organization. These may include duties routinely expected of all employees such as participating in quality improvement teams or they may be unique activities such as performing studies for management for which the the auditor’s skills are considered helpful.
INTERNAL AUDIT PROCESS
INTERNALAUDIT PROCESS ENGAGEMENT PLANNING (PLANNING THE AUDIT) PERFORMING THE ENGAGEMENT (EXAMINATION AND EVALUATION OF INFORMATION) COMMUNICATING RESULTS MONITORING PROGRESS (FOLLOW-UP PROCESS)
1. Establishing audit objectives and scope of work. 2. Obtaining background information about the activities to be audited. 3. Determining the resources necessary to perform the audit. ENGAGEMENT PLANNING - (PLANNING THE AUDIT)
4. Communicating with all who need to know about the audit. 5. Performing, as appropriate, a survey to become familiar with activities, risks and controls; to identify areas for audit emphasis; and to invite auditee comments and suggestions. ENGAGEMENT PLANNING - (PLANNING THE AUDIT)
6. Writing the audit program. 7. Determining how, when and to whom audit results will be communicated. 8. Obtaining approval of the audit work plan. ENGAGEMENT PLANNING - (PLANNING THE AUDIT)
SETTING OF AUDIT OBJECTIVES AND SCOPE OF WORK Audit objectives are broad statements developed by internal auditors and define intended audit accomplishments Audit procedures are the means to attain audit objectives Audit objectives and audit procedures, taken together, define the scope of the internal auditors’ work. Audit objectives and audit procedures should address the risks associated with the activity under audit
THE PRELIMINARY SURVEY The preliminary or on-site survey allows for the gathering of information, without, detailed verification about the activities to be audited. The internal auditor learns about the auditee’s objectives, organization, operations, information systems, personnel and internal controls.
1. Understand the activity under review 2. Identify significant areas warranting special emphasis 3. Obtain information for use in performing the audit 4. Determine whether further auditing is necessary. MAIN PURPOSES OF THE SURVEY:
PERFORMING THE ENGAGEMENT: (EXAMINATION AND EVALUATION OF INFORMATION) Internal Auditors should collect, analyze interpret and document information to support audit results. Process of Examining and Evaluating Information 1. Extent of information collection -- audit objectives and scope of work. 2. Information – SUFFICIENT, COMPETENT, RELEVANT, USEFUL to provide sound basis for audit findings and recommendations
3. SELECTION IN ADVANCE of audit procedures, testing and sampling techniques 4. Supervision of the process of examination and evaluation of information to provide reasonable assurance - auditors objectives - audit goals are met 5. Workpapers should be prepared and reviewed by IAD management.
AUDIT REPORT PREPARATION 1. Purpose Statements 2. Scope Statements a) Identify audit activities and period covered b) Related activities not audited c) Nature and extent of auditing performed
3.Results a) Findings b) Conclusions (Opinions) c) Conclusions AUDIT REPORT PREPARATION
AUDIT FINDINGS: are pertinent statements of fact. Audit findings emerge by a process of comparing “what should be” “with what is”, whether or not there is difference, the internal auditor has a foundation on which to build the report. Findings should be based on the following attributes: a. Criteria: The standards, measures, or expectations used in making an evaluation and/or verification (what should exist/the correct state).
b. Condition: The factual evidence which the internal auditor found in the course of the examination (what does exist/the current state). c. Cause: The reason for the difference between the expected and actual conditions (why the difference exists).
d. Consequences: The risk or exposure the auditee organization and/or others encounter because the condition is not the same as the criteria (the impact of the difference). In determining the degree of risk or exposure, internal auditors should consider the effect their engagement observations and recommendations may have on the organization’s operations and financial statements. e. Observations and recommendations can include engagement client/auditee accomplishments, related issues, and supportive information.
COMMUNICATING RESULTS: Internal Auditors must communicate the engagement results. Criteria for Communicating Quality of Communications Use of “Conducted in Conformance with the International Standards for the Professional Practice of Internal Auditing Disseminating Results
Criteria for Communicating: Communications must include the engagement’s objectives and scope as well as applicable conclusions, recommendations and action plans.
Criteria for Communicating: 1. Final communication of engagement results must, where appropriate, contain internal auditors, overall opinion and/or conclusions. 2. Internal auditors are encouraged to acknowledge satisfactory performance in engagement communications.
Criteria for Communicating: 3. When releasing engagement results to parties outside of the organization, the communication must include limitations on distribution and use of the results. 4. Communication of the progress and results of consulting engagements will vary in form and content depending upon the nature of the engagement and the needs of the client.
Quality of Communications: Communications must be accurate, objective, clear, concise, constructive, complete and timely.
Quality of Communications: Accurate Communications are free from errors and distortions and are faithful to the underlying facts. Objective Communications are fair, impartial, and unbiased and are the result of a fair-minded and balanced assessment of all relevant facts and circumstances. Clear Communications are easily understood and logical, avoiding unnecessary technical language and providing all significant and relevant information.
Quality of Communications: Concise Communications are to the point and avoid unnecessary elaboration, superfluous detail, redundancy, and wordiness. Constructive Communications are helpful to the engagement client and the organization and lead to improvements where needed.
Quality of Communications: Complete Communications lack nothing that is essential to the target audience and include all significant and relevant information and observations to support recommendations and conclusions. Timely Communications are opportune and expedient, depending on the significance of the issue, allowing management to take appropriate corrective action.
Quality of Communications: 1. Gather, evaluate, and summarize data and evidence with care and precision. 2. Derive and express observations, conclusions, and recommendations without prejudice, partisanship, personal interests, and the undue influence of others. 3. Improve clarity by avoiding unnecessary technical language and providing all significant and relevant information in context.
Quality of Communications: 4. Develop communications with the objective of making each element meaningful and succinct. 5. Adopt a useful, positive, and well-meaning content and tone that focuses on the organization’s objectives.
Quality of Communications: 6. Ensure communication is consistent with the organization’s style and culture. 7. Plan the timing of the presentation of engagement results to avoid undue delay.
Use of “Conducted in Conformance with the International Standards for the Professional Practice of Internal Auditing” Internal auditors may report that their engagements are “conducted in conformance with the International Standards for the Professional Practice for Internal Auditing,” only if the results of the quality assurance and improvement program support the statement.
STANDARD 2430 Use of “Conducted in Conformance with the Internal Auditing Standards for the Philippine Public Sector” • Indicating that engagements are “conducted in conformance with the Internal Auditing Standards for the Philippine Public Sector (IASPPS)” is appropriate only if the results of the quality assurance and improvement program support the statement.
Philippine Application Guidelines 2430 • 1. The head of internal audit should understand the requirements related to developing and maintaining a quality assurance and improvement program (QAIP) (the 1300 series of standards) and be familiar with the results of the IAS’s current internal and external assessments. The head of internal audit may also consider the head of agency or governing body/audit committee’s expectations for using the statement “conducted in conformance with the IASPPS” in engagement reports.
Philippine Application Guidelines 2430 • 2. When an IAS reports on an engagement, there is no requirement to indicate whether the engagement was conducted in conformance with the IASPPS. However, using this statement builds the IAS’s credibility. This Standard prohibits using the statement unless the results of the IAS’s QAIP --- including current internal and external assessments --- support a conclusion that the IAS generally conforms with the IASPPS.
Philippine Application Guidelines 2430 • 3. When an IAS does not conform with the IASPPS, the IAS may choose to state that the engagement was not conducted in conformance with the IASPPS. However, such a statement is not required (see Standard 2431).
Disseminating Results: The chief audit executive must communicate results to the appropriate parties. The chief audit executive or designee reviews and approves the final engagement communication before the issuance and decides to whom and how it will be disseminated.
AUDIT REPORT REVIEW AND DISTRIBUTION: THE HEAD OF INTERNAL AUDITING OR DESIGNEE SHOULD REVIEW AND APPROVE THE FINAL AUDIT REPORT BEFORE ISSUANCE AND SHOULD DECIDE TO WHOM THE REPORT WILL BE DISTRIBUTED.
AUDIT REPORT REVIEW AND DISTRIBUTION: AUDIT REPORTS SHOULD BE DISTRIBUTED TO THOSE MEMBERS OF THE ORGANIZATION WHO ARE ABLE TO ENSURE THAT AUDIT RESULTS ARE GIVEN DUE CONSIDERATION. THIS MEANS THAT THE REPORT SHOULD GO TO THOSE WHO ARE IN A POSITION TO TAKE CORRECTIVE ACTION OR ENSURE THAT CORRECTIVE ACTION IS TAKEN.
AUDIT REPORT REVIEW AND DISTRIBUTION: CERTAIN INFORMATION MAY NOT BE APPROPRIATE FOR DISCLOSURE TO ALL REPORT RECIPIENTS BECAUSE IT IS PREVILEGED, PROPRIETARY, OR RELATED TO IMPROPER OR ILLEGAL ACTS. SUCH INFORMATION, HOWEVER, MAY BE DISCLOSED IN A SEPARATE REPORT.
MONITORING PROGRESS (FOLLOW-UP PROCESS)
MONITORING PROGRESS: To effectively monitor the disposition of results, the chief audit executive (CAE) establishes procedures to include: • The timeframe within which management’s response to the engagement observations and recommendations is required. • Evaluation of management’s response. • Verification of the response (if appropriate). • Performance of a follow-up engagement (if appropriate). • A communication process that escalates unsatisfactory responses/actions, including the assumption of risk, to the appropriate levels of senior management or the board.
Internal auditors determine whether management has taken action or implemented the recommendation. Internal auditor determines whether the desired results were achieved or if senior management or the board has assumed the risk of not taking action or implementing the recommendation. Follow-up Process:
Follow-up Process: Follow-up is a process by which internal auditors evaluate the adequate effectiveness, and timeliness of actions taken by management on reported observations and recommendations, including those made by external auditors and others. This process also includes determining whether senior management and/or board have assumed the risk of not taking corrective action on reported observations.
The internal audit activity’s charter should define the responsibility for follow-up. The chief audit executive (CAE) determines the nature, timing, and extent of follow- up, considering the following factors: a. Significance of the reported observation and recommendation. b. Degree of effort and cost needed to correct the reported condition. c. Impact that may result should the corrective action fail. d. Complexity of the corrective action. e. Time period involved. Follow-up Process:
The CAE is responsible for scheduling follow-up activities as part of developing engagement work schedules. Scheduling of follow-up should be based on the risk and exposure involved, as well as the degree of difficulty and the significance of timing in implementing corrective action. Follow-up Process:
Where the CAE judges that management’s oral or written response indicates that action taken is sufficient when weighed against the relative importance of the observation or recommendation, internal auditors may follow up as part of the next engagement. Follow-up Process:
Internal auditors ascertain whether actions taken on observations and recommendations remedy the underlying conditions. Follow-up activities should be appropriately documented. Follow-up Process:
CHARACTERISTIC OLD PARADIGM NEW PARADIGM INTERNAL AUDIT FOCUS INTERNAL AUDIT RESPONSE RISK ASSESSMENT INTERNAL AUDIT TESTS INTERNAL AUDIT METHODS INTERNAL CONTROL, REACTIVE, AFTER-THE-FACT DISCONTINUOUS OBSERVERS OF STRATEGIC PLANNING INITIATIVES RISK FACTORS IMPORTANT CONTROLS EMPHASIS ON THE COMPLETENESS OF DETAIL CONTROL TESTING BUSINESS RISK COACTIVE, REAL- TIME CONTINUOUS MONITORING PARTICIPANTS IN STRATEGIC PLANS SCENARIO PLANNING IMPORTANT RISKS EMPHASIS ON THE SIGNIFICANCE OF BROAD BUSINESS RISKS COVERED THE CHANGING INTERNAL AUDITOR’S PARADIGM
THE CHANGING INTERNAL AUDITOR’S PARADIGM CHARACTERISTIC OLD PARADIGM NEW PARADIGM INTERNAL AUDIT RECOMMENDATIONS INTERNAL AUDIT REPORTS INTERNAL AUDIT ROLE IN THE ORGANIZATION INTERNAL CONTROL: STRENGHTENED COST-BENEFIT EFFICIENT/EFFECTIVE ADDRESSING THE FUNCTIONAL CONTROLS INDEPENDENT APPRAISAL FUNCTION RISK MANAGEMENT: AVOID/DIVERSIFY RISK SHARE/TRANSFER RISK CONTROL/ACCEPT RISK ADDRESSING THE PROCESS RISKS INTEGRATED RISK MANAGEMENT AND CORPORATE GOVERNANCE
INTERNAL AUDITOR’S PROFICIENCY AND DUE PROFESSIONAL CARE
PROFICIENCY – Internal auditors must possess the knowledge, skills and other competencies needed to perform their individual responsibilities. The internal audit activity collectively must possess or obtain the knowledge, skills, and other competencies needed to perform its responsibilities. PROFICIENCY AND DUE PROFESSIONAL CARE
PROFICIENCY AND DUE PROFESSIONAL CARE DUE PROFESSIONAL CARE – Internal auditors must apply the care and the skill expected of a reasonably prudent and competent internal auditor. Due professional care does not imply infallibility.
Exercising due professional care means using reasonable audit skill and judgment in performing the audit. The internal auditor must exercise due professional care by considering the: 1. The extent of audit work needed to achieve audit objectives. 2. The relative complexity, materiality or significance of matters to which audit/assurance procedures are applied.
3. The adequacy and effectiveness of governance, risk management and control processes. 4. The probability of significant errors, fraud, or noncompliance; and 5. The cost of auditing in relation to potential benefits.
In exercising due professional care, internal auditors must consider the use of technology- based audit and other data analysis techniques. Internal auditors must be alert to the significant risks that might affect objectives, operations, or resources. However, assurance procedures alone, even when performed with due professional care, do not guarantee that all significant risks will be identified.
Internal Auditors Can Audit Anything – but Not Everything. By Richard Chambers Former Chairman, Institute of Internal Auditors (IIA) “ There are times when internal audit clients and others have unrealistic expectations about our profession. It’s not surprising, then, that there may be confusion about our role. After all, internal auditors wear many hats. We are analysts, control experts, consultants, teachers, business partners, watchdogs, financial advisers.”

Recommended

Internal manual audit denver
Internal manual audit denverInternal manual audit denver
Internal manual audit denverrobertomoncayo
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit FrameworkAhmad Tariq Bhatti
 
Internal controls
Internal controlsInternal controls
Internal controlsappan_k
 
Audit Framework presentation.pptx
Audit Framework presentation.pptxAudit Framework presentation.pptx
Audit Framework presentation.pptxOnwVinx
 
Internal audit
Internal auditInternal audit
Internal auditiPleaders - Re-engineering Legal education, New Delhi
 
2019_SOU_Internal_Audit.pptx
2019_SOU_Internal_Audit.pptx2019_SOU_Internal_Audit.pptx
2019_SOU_Internal_Audit.pptxBingkyAresiaLandaric2
 
Internal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraInternal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraJenard Wachira
 
auditing.pptx
auditing.pptxauditing.pptx
auditing.pptxDevarajuBn
 

Recommended

Internal manual audit denver
Internal manual audit denverInternal manual audit denver
Internal manual audit denverrobertomoncayo
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit FrameworkAhmad Tariq Bhatti
 
Internal controls
Internal controlsInternal controls
Internal controlsappan_k
 
Audit Framework presentation.pptx
Audit Framework presentation.pptxAudit Framework presentation.pptx
Audit Framework presentation.pptxOnwVinx
 
Internal audit
Internal auditInternal audit
Internal auditiPleaders - Re-engineering Legal education, New Delhi
 
2019_SOU_Internal_Audit.pptx
2019_SOU_Internal_Audit.pptx2019_SOU_Internal_Audit.pptx
2019_SOU_Internal_Audit.pptxBingkyAresiaLandaric2
 
Internal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraInternal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraJenard Wachira
 
auditing.pptx
auditing.pptxauditing.pptx
auditing.pptxDevarajuBn
 
Implementing Internal Audit Governance
Implementing Internal Audit GovernanceImplementing Internal Audit Governance
Implementing Internal Audit GovernanceAswin Kumar
 
AUDIT.pptx
AUDIT.pptxAUDIT.pptx
AUDIT.pptxbeminaja
 
Audits introduction presentation
Audits introduction presentationAudits introduction presentation
Audits introduction presentationJitendra Sonawane
 
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - Jordan
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - JordanAuditing Management systems based on ISO19011 By Eng. Karam Malkawi - Jordan
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - JordanEng. A.karam Al Malkawi
 
Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Mohammad Wahid Abdullah Khan
 
Frequently asked questions on auditing in dubai
Frequently asked questions on auditing in dubaiFrequently asked questions on auditing in dubai
Frequently asked questions on auditing in dubaiManeesha35
 
AT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINES
AT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINESAT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINES
AT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINESRenee Lewis
 
INTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxINTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxHeldaMaryA
 
Auditing procedure & internal control system
Auditing procedure & internal control systemAuditing procedure & internal control system
Auditing procedure & internal control systemRadhikaGupta215
 
Audits and Regulatory Compliance
Audits and Regulatory ComplianceAudits and Regulatory Compliance
Audits and Regulatory Compliancesomeshwar mankar
 
24201843 studdy-note-8
24201843 studdy-note-824201843 studdy-note-8
24201843 studdy-note-8Akash Saxena
 
8. internal control new
8. internal control new8. internal control new
8. internal control newSyed Osama Rizvi
 
AUDIT - AUDITING STRATEGIES.pptx
AUDIT - AUDITING STRATEGIES.pptxAUDIT - AUDITING STRATEGIES.pptx
AUDIT - AUDITING STRATEGIES.pptxMohamed Fazil M
 
How to plan an audit engagement
How to plan an audit engagementHow to plan an audit engagement
How to plan an audit engagementAditya Narayan Mishra
 
Applicability of internal audit capsule on ia program good
Applicability of internal audit capsule on ia program goodApplicability of internal audit capsule on ia program good
Applicability of internal audit capsule on ia program goodSARVJEET KAUSHAL
 
Internal Audit Project
Internal Audit ProjectInternal Audit Project
Internal Audit ProjectSoumeet Sarkar
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial Controlstarunmallappa
 
Auditing and assurance standards
Auditing and assurance standardsAuditing and assurance standards
Auditing and assurance standardsSri Ramakrishna College of Arts and Science
 
introduction on auditing
introduction on auditingintroduction on auditing
introduction on auditingnikhilkumar640177
 
International Professional Practices Framework Mandatory Guidance
International Professional Practices Framework Mandatory GuidanceInternational Professional Practices Framework Mandatory Guidance
International Professional Practices Framework Mandatory GuidanceAziz Fataliyev, Internal Audit Practitioner
 
Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...yalehistoricalreview
 
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...narwatsonia7
 

More Related Content

Similar to PART II INTERNAL AUDITING in local government.ppt

Implementing Internal Audit Governance
Implementing Internal Audit GovernanceImplementing Internal Audit Governance
Implementing Internal Audit GovernanceAswin Kumar
 
AUDIT.pptx
AUDIT.pptxAUDIT.pptx
AUDIT.pptxbeminaja
 
Audits introduction presentation
Audits introduction presentationAudits introduction presentation
Audits introduction presentationJitendra Sonawane
 
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - Jordan
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - JordanAuditing Management systems based on ISO19011 By Eng. Karam Malkawi - Jordan
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - JordanEng. A.karam Al Malkawi
 
Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Mohammad Wahid Abdullah Khan
 
Frequently asked questions on auditing in dubai
Frequently asked questions on auditing in dubaiFrequently asked questions on auditing in dubai
Frequently asked questions on auditing in dubaiManeesha35
 
AT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINES
AT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINESAT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINES
AT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINESRenee Lewis
 
INTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxINTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxHeldaMaryA
 
Auditing procedure & internal control system
Auditing procedure & internal control systemAuditing procedure & internal control system
Auditing procedure & internal control systemRadhikaGupta215
 
Audits and Regulatory Compliance
Audits and Regulatory ComplianceAudits and Regulatory Compliance
Audits and Regulatory Compliancesomeshwar mankar
 
24201843 studdy-note-8
24201843 studdy-note-824201843 studdy-note-8
24201843 studdy-note-8Akash Saxena
 
8. internal control new
8. internal control new8. internal control new
8. internal control newSyed Osama Rizvi
 
AUDIT - AUDITING STRATEGIES.pptx
AUDIT - AUDITING STRATEGIES.pptxAUDIT - AUDITING STRATEGIES.pptx
AUDIT - AUDITING STRATEGIES.pptxMohamed Fazil M
 
How to plan an audit engagement
How to plan an audit engagementHow to plan an audit engagement
How to plan an audit engagementAditya Narayan Mishra
 
Applicability of internal audit capsule on ia program good
Applicability of internal audit capsule on ia program goodApplicability of internal audit capsule on ia program good
Applicability of internal audit capsule on ia program goodSARVJEET KAUSHAL
 
Internal Audit Project
Internal Audit ProjectInternal Audit Project
Internal Audit ProjectSoumeet Sarkar
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial Controlstarunmallappa
 
introduction on auditing
introduction on auditingintroduction on auditing
introduction on auditingnikhilkumar640177
 

Similar to PART II INTERNAL AUDITING in local government.ppt (20)

Implementing Internal Audit Governance
Implementing Internal Audit GovernanceImplementing Internal Audit Governance
Implementing Internal Audit Governance
 
AUDIT.pptx
AUDIT.pptxAUDIT.pptx
AUDIT.pptx
 
Audits introduction presentation
Audits introduction presentationAudits introduction presentation
Audits introduction presentation
 
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - Jordan
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - JordanAuditing Management systems based on ISO19011 By Eng. Karam Malkawi - Jordan
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - Jordan
 
Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)
 
Frequently asked questions on auditing in dubai
Frequently asked questions on auditing in dubaiFrequently asked questions on auditing in dubai
Frequently asked questions on auditing in dubai
 
AT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINES
AT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINESAT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINES
AT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINES
 
INTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxINTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptx
 
Auditing procedure & internal control system
Auditing procedure & internal control systemAuditing procedure & internal control system
Auditing procedure & internal control system
 
Audits and Regulatory Compliance
Audits and Regulatory ComplianceAudits and Regulatory Compliance
Audits and Regulatory Compliance
 
24201843 studdy-note-8
24201843 studdy-note-824201843 studdy-note-8
24201843 studdy-note-8
 
8. internal control new
8. internal control new8. internal control new
8. internal control new
 
AUDIT - AUDITING STRATEGIES.pptx
AUDIT - AUDITING STRATEGIES.pptxAUDIT - AUDITING STRATEGIES.pptx
AUDIT - AUDITING STRATEGIES.pptx
 
How to plan an audit engagement
How to plan an audit engagementHow to plan an audit engagement
How to plan an audit engagement
 
Applicability of internal audit capsule on ia program good
Applicability of internal audit capsule on ia program goodApplicability of internal audit capsule on ia program good
Applicability of internal audit capsule on ia program good
 
Internal Audit Project
Internal Audit ProjectInternal Audit Project
Internal Audit Project
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial Controls
 
Auditing and assurance standards
Auditing and assurance standardsAuditing and assurance standards
Auditing and assurance standards
 
introduction on auditing
introduction on auditingintroduction on auditing
introduction on auditing
 
International Professional Practices Framework Mandatory Guidance
International Professional Practices Framework Mandatory GuidanceInternational Professional Practices Framework Mandatory Guidance
International Professional Practices Framework Mandatory Guidance
 

Recently uploaded

Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...yalehistoricalreview
 
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...narwatsonia7
 
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
How the Congressional Budget Office Assists Lawmakers
How the Congressional Budget Office Assists LawmakersHow the Congressional Budget Office Assists Lawmakers
How the Congressional Budget Office Assists LawmakersCongressional Budget Office
 
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…nishakur201
 
How to design healthy team dynamics to deliver successful digital projects.pptx
How to design healthy team dynamics to deliver successful digital projects.pptxHow to design healthy team dynamics to deliver successful digital projects.pptx
How to design healthy team dynamics to deliver successful digital projects.pptxTechSoupConnectLondo
 
Action Toolkit - Earth Day 2024 - April 22nd.
Action Toolkit - Earth Day 2024 - April 22nd.Action Toolkit - Earth Day 2024 - April 22nd.
Action Toolkit - Earth Day 2024 - April 22nd.Christina Parmionova
 
Call Girls In Le Meridien hotel New Delhi 9873777170
Call Girls In Le Meridien hotel New Delhi 9873777170Call Girls In Le Meridien hotel New Delhi 9873777170
Call Girls In Le Meridien hotel New Delhi 9873777170avaniranaescorts
 
High Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service Mumbai
High Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service MumbaiHigh Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service Mumbai
High Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service Mumbaisonalikaur4
 
call girls in Punjabi Bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Punjabi Bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Punjabi Bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Punjabi Bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdfYHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdfyalehistoricalreview
 
Panet vs.Plastics - Earth Day 2024 - 22 APRIL
Panet vs.Plastics - Earth Day 2024 - 22 APRILPanet vs.Plastics - Earth Day 2024 - 22 APRIL
Panet vs.Plastics - Earth Day 2024 - 22 APRILChristina Parmionova
 
13875446-Ballistic Missile Trajectories.ppt
13875446-Ballistic Missile Trajectories.ppt13875446-Ballistic Missile Trajectories.ppt
13875446-Ballistic Missile Trajectories.pptsilvialandin2
 
call girls in DLF Phase 1 gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...
call girls in DLF Phase 1 gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...call girls in DLF Phase 1 gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...
call girls in DLF Phase 1 gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...saminamagar
 
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...narwatsonia7
 
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesMadurai Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best Servicesnajka9823
 
Powering Britain: Can we decarbonise electricity without disadvantaging poore...
Powering Britain: Can we decarbonise electricity without disadvantaging poore...Powering Britain: Can we decarbonise electricity without disadvantaging poore...
Powering Britain: Can we decarbonise electricity without disadvantaging poore...ResolutionFoundation
 
history of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhistory of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhellokittymaearciaga
 
(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证mbetknu
 

Recently uploaded (20)

Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...
 
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
 
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
How the Congressional Budget Office Assists Lawmakers
How the Congressional Budget Office Assists LawmakersHow the Congressional Budget Office Assists Lawmakers
How the Congressional Budget Office Assists Lawmakers
 
Model Town (Delhi) 9953330565 Escorts, Call Girls Services
Model Town (Delhi) 9953330565 Escorts, Call Girls ServicesModel Town (Delhi) 9953330565 Escorts, Call Girls Services
Model Town (Delhi) 9953330565 Escorts, Call Girls Services
 
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
 
How to design healthy team dynamics to deliver successful digital projects.pptx
How to design healthy team dynamics to deliver successful digital projects.pptxHow to design healthy team dynamics to deliver successful digital projects.pptx
How to design healthy team dynamics to deliver successful digital projects.pptx
 
Action Toolkit - Earth Day 2024 - April 22nd.
Action Toolkit - Earth Day 2024 - April 22nd.Action Toolkit - Earth Day 2024 - April 22nd.
Action Toolkit - Earth Day 2024 - April 22nd.
 
Call Girls In Le Meridien hotel New Delhi 9873777170
Call Girls In Le Meridien hotel New Delhi 9873777170Call Girls In Le Meridien hotel New Delhi 9873777170
Call Girls In Le Meridien hotel New Delhi 9873777170
 
High Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service Mumbai
High Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service MumbaiHigh Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service Mumbai
High Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service Mumbai
 
call girls in Punjabi Bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Punjabi Bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Punjabi Bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Punjabi Bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdfYHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
 
Panet vs.Plastics - Earth Day 2024 - 22 APRIL
Panet vs.Plastics - Earth Day 2024 - 22 APRILPanet vs.Plastics - Earth Day 2024 - 22 APRIL
Panet vs.Plastics - Earth Day 2024 - 22 APRIL
 
13875446-Ballistic Missile Trajectories.ppt
13875446-Ballistic Missile Trajectories.ppt13875446-Ballistic Missile Trajectories.ppt
13875446-Ballistic Missile Trajectories.ppt
 
call girls in DLF Phase 1 gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...
call girls in DLF Phase 1 gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...call girls in DLF Phase 1 gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...
call girls in DLF Phase 1 gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...
 
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
 
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesMadurai Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best Services
 
Powering Britain: Can we decarbonise electricity without disadvantaging poore...
Powering Britain: Can we decarbonise electricity without disadvantaging poore...Powering Britain: Can we decarbonise electricity without disadvantaging poore...
Powering Britain: Can we decarbonise electricity without disadvantaging poore...
 
history of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhistory of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptx
 
(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证
 

PART II INTERNAL AUDITING in local government.ppt

  • 3. DEFINITION OF INTERNAL AUDITING1 “AN INDEPENDENT AND OBJECTIVE ASSURANCE AND CONSULTING ACTIVITY DESIGNED TO ADD VALUE AND IMPROVE AN ORGANIZATION’S OPERATIONS. IT HELPS AN ORGANIZATION ACCOMPLISH ITS OBJECTIVES BY BRINGING A SYSTEMATIC, DISCIPLINED APPROACH TO EVALUATE AND IMPROVE THE EFFECTIVENESS OF RISK MANAGEMENT, CONTROL AND GOVERNANCE PROCESSES”. 1 INTERNATIONAL PROFESSIONAL PRACTICES FRAMEWORK (1999)
  • 4. DEFINITION OF INTERNAL AUDITING2 “THE EVALUATION OF MANAGEMENT CONTROL AND OPERATIONS PERFORMANCE AND THE DETERMINATION OF THE DEGREE OF COMPLIANCE WITH LAWS, REGULATIONS, MANAGERIAL POLICIES AND CONTRACTUAL OBLIGATIONS. IT IS THE APPRAISAL OF THE PLAN OF ORGANIZATION AND ALL THE COORDINATE METHODS AND MEASURES TO RECOMMEND COURSES OF ACTION ON ALL MATTERS RELATING TO MANAGEMENT CONTROL AND OPERATIONS AUDIT. 2 PHILIPPINE GOVERNMENT INTERNAL AUDIT MANUAL (PGIAM-2011), DEFINITION IN “THE ADMINISTRATIVE CODE OF 1987” AND P.D. 1445
  • 5. SCOPE OF INTERNAL AUDITING The internal audit activity must evaluate the adequacy and effectiveness of controls in responding to risks within the organization’s governance, operations and information systems regarding the: • Achievement of the organization’s strategic objectives; • Effectiveness and efficiency of operations; • Reliability and integrity of financial and operational information; • Safeguarding of assets; and • Compliance with laws, rules, regulations, standards policies, procedures and contracts.
  • 7. ADMINISTRATIVE ORDER 278 SERIES OF 1992 SECTION 1 1.1 The Internal Audit Service (IAS) shall be an integral part of the office/organization and shall assist the institution management in the effective discharge of its responsibilities insofar as the same would not encroach on or be adversarial with those of the auditors of the Commission on Audit.
  • 8. ADMINISTRATIVE ORDER 70 SERIES OF 2003 SECTION 1. Second Paragraph – The IAS shall be an integral part of the office and shall assist in the management and effective discharge of the responsibilities of the office, without intruding into the authority and mandate of the Commission on Audit (COA), granted under the Constitution.
  • 9. DUTIES, FUNCTIONS AND RESPONSIBILITIES OF IAS As mandated by MalacaĂąang Administrative Order No. 278, Series of 1992
  • 10. 1. The IAS activities shall include the following: a. Ascertaining the reliability and integrity of financial and operational information and means used to identify measures, classify and report such information; b. Ascertaining the extent of compliance with established policies, and applicable laws and regulations, and reviewing the system established to ensure compliance with government policies, plans and procedures, laws and regulations which could have a significant impact on operations;
  • 11. c. Ascertaining the extent to which the assets and other resources of the institutions are accounted for and safeguarded from losses of all kinds; e. Reviewing operations or programs to ascertain whether or not results are consistent with established objectives and goals and whether or not such programs are being carried out as planned; d. Reviewing and evaluating the soundness, adequacy and application of accounting, financial and other operating controls and promoting the most effective control at reasonable cost;
  • 12. f. Evaluating the quality of performance of groups/individual in carrying out their assigned responsibilities; and g. Recommending corrective actions on operational deficiencies observed.
  • 13. 2. In addition to its above duties, the IAS may be called upon to perform special assignments by the Head of the Agency. However, it shall not be responsible for or required to participate in procedures which are essentially a part of a regular operating activities or in operations which are primarily responsibility of another unit in the organization. The IAS shall be detached from all functions of routine operating character, such as the following: a. Pre-audit of vouchers and counter- signature of checks;
  • 14. d. Development and installation of systems and procedures; however, in exceptional cases, the internal auditor may assist by way of giving suggestions preferably during the development stage; b. Inspection of deliveries, although the internal auditor may, as part of his examination, observe inspection; C. Preparation of treasury and bank reconciliation statements;
  • 15. e. Taking physical inventories; however, the internal auditor may review the plans in advance and observe the test- check the accuracy of counting, costing and summarizing; f. Maintaining property records; and g. All other activities related to operations.
  • 16. AUDIT FUNCTIONS AND TOTAL QUALITY APPROACHES Today, more and more audit functions are implementing quality improvement programs which are a significant departure from the traditional approach. These total quality approaches are characterized by: • Focusing on the areas of highest risk to the organization.
  • 17. • Working paper documentation that meets the evidence requirements of the IIA’s Standards but which are quickly prepared and are often computer-based. • Reporting methods and styles that better fit the needs of those for whom the reports are intended. • Audit team approach using facilitators, subject-matter-experts from the organization being audited, etc.
  • 18. • Encouraging management to request internal audit reviews rather than have to impose them on an organization. • Self-assessment reviews where the organization being reviewed performs the review as a team facilitated by internal auditors.
  • 19. Purpose, Authority and Responsibility The purpose, authority, and responsibility of the internal auditing activity must be defined in an internal audit charter, consistent with the Definition of Internal Auditing, the Code of Ethics and the Standards. The Chief Audit Executive should seek approval of the charter by senior management and final approval by the board. The internal audit charter establishes the internal audit activity’s position within the organization; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities.
  • 20. Purpose, Authority …continued… Throughout the world internal auditing is performed in diverse environments and within organizations which vary in purpose, size and structure. In addition, the laws and customs within various countries differ from one another . These differences may affect the practice of internal auditing in each environment. The implementation of the Standards for the Professional Practice of Internal Auditing, {now in the International Professional Practices Framework (IPPF)} therefore, will be governed by the environment in which the internal auditing department carries out its assigned responsibilities.
  • 21. Purpose, Authority and…continued… Compliance with the concepts enunciated by the International Standards for the Professional Practice of Internal Auditing is essential before the responsibilities of internal auditors can be met. As stated in the Code of Ethics, members of the Institute of Internal Auditors, Inc. and Certified Internal Auditors shall adopt suitable means to comply with the International Standards for the Professional Practice of Internal Auditing.
  • 23. INTERNAL AUDIT SERVICES  ASSURANCE SERVICES  CONSULTING SERVICES (IPPF) ADVISORY SERVICES (IASPPS)
  • 24. Assurance Services involve the internal auditor’s objective assessment of evidence to provide an independent opinion or conclusions regarding an entity, operation, function, process, system, or other subject matter. The nature and scope of the assurance engagement are determined by the internal auditor.
  • 25. There are generally three parties involved in assurance services; (1) the person or group directly involved with the entity, operation, function, process, system, or other subject matter – the process owner, (2) the person or group making the assessment – the internal auditor, and (3) the persons or group using the assessment – the user. Examples may include financial, performance, compliance, system security, and due diligence engagements.
  • 26. Advisory (Consulting) Services are advisory in nature, and are generally performed at the specific request of an engagement client. The nature and scope of the advisory (consulting) engagement are subject to the agreement with the engagement client.
  • 27. Advisory (Consulting) services generally involve two parties: (1) the person or group offering the advice – the internal auditor, and (2) the person or group seeking and receiving the advice – the engagement client. When performing consulting services the internal auditor should maintain objectivity and not assume management responsibility. Examples include counsel, advice, facilitation, and training.
  • 29. AUDIT APPROACHES • TRADITIONALAUDIT APPROACH • RISK – BASED AUDIT APPROACH • CONTROL SELF ASSESSMENT (CSA)
  • 30. TRADITIONAL AUDIT APPROACH Derived from the Report of the Special Advisory Committee on Internal Accounting Control (Minahan Committee) • System Documentation and Evaluation • Program Development • Testing • Report Development
  • 31. ADVANTAGES • Obtaining detailed coverage of potentially risky areas every three to five years • Comprehensive coverage of financial and accounting functions • Because of the extensive nature of these audits, coverage is often completed on a three or five year cycle, not annually • Audit coverage is very detailed and very expensive. DISADVANTAGES ADVANTAGES AND DISADVANTAGES OF TRADITIONAL APPROACH
  • 32. ADVANTAGES DISADVANTAGES • Professionally qualified audit staff • Independence from operating managers • Assurance that controls are in place at a given point in time for a given entity. • Coverage often only addresses accounting controls, not the higher risk and higher value-added operating controls • Audit staff skills are narrowly focused on acctg and finance issues • Audit staff is not only independent but isolated from the operating functions.
  • 33. Internal Control System can help management manage or control the degree of business risk inherent in any business operation. Internal control is a risk management process. RISK-BASED AUDITING “Internal Control Systems” – “Risk Management Systems”
  • 34. Fundamental to COSO Model and to risk management:  Objectives are established and communicated.  risk is dependent upon people, organization, climate, characteristics , situational pressures, and conditions of opportunity.
  • 35. Primary Causes of Fraud (Study of KPMG Peat Marwick) 1. Poor internal control 2. Collusion between employees and a third party 3. Management override of internal controls 4. High-risk industry where there was a risk of decline or loss The system of internal control must address the “red flags” that might herald management or employee override of the internal controls.
  • 36. NEW PARADIGM SHIFT: 1. New definition of control: Control is broadly defined and includes both formal and informal controls. 2. Total Quality: TQM demands participative team approaches to problem identification and solution development. 3. Management/Employee Expectations: Managers and employees expect tools that add value to their own arsenal of resources.
  • 37. RISK-BASED AUDIT METHODOLOGY: 1. Determine the key risks or objectives which internal auditors should address 2. Identify limits of risk used by management or deemed appropriate to controlling the processes designed to achieve the objectives (reduce the risk of failure)
  • 38. 3. Conduct initial survey and form hypothesis regarding how well the risk appears to be controlled or how well controls appear to ensure achieving the objectives. 4. Verify through the most cost-effective means the validity of the hypothesis. 5. Report results
  • 39. ADVANTAGES DISADVANTAGES • Extremely cost effective • Focuses on areas of highest risk, thus adds greatest value to the organization • Helps managers with problems of importance to them. • Requires significant auditor experience and judgment • Requires auditors to change their paradigm • Requires significant interface with management and employees RISK BASED AUDIT METHODOLOGY
  • 40. ADVANTAGES DISADVANTAGES • Uses ideas and concepts understood by managers rather than by auditors only. • Provides opportunity to train management and employees on how controls work to achieve business objectives of importance to them. • May not provide an overall assessment of the organization’s system of internal control.
  • 41. CONTROL SELF-ASSESSMENT (CSA) CSA is a relatively new method for examining and evaluating the organization’s system of internal control. It is an amalgam of traditional internal auditing concepts, risk analysis, and self assessment approaches. CSA has the following elements: 1. Front-end planning and preliminary audit work.
  • 42. 2. The gathering of a group of people into a same time/same place meeting, - study of relationships among elements of information (for example fluctuation in recorded interest expense compared to changes in related debt balances) typically involving a facilitation seating arrangement (U-shape table) and a meeting facilitator. The participants are “process owners” – management and staff who are involved with the particular issues under examination, who know them best, and who are critical to the implementation of appropriate process control.
  • 43. 3. Structured agenda which the facilitator uses to lead the group through an examination of the process’s risks and controls. Frequently, the agenda will be based on a well-defined framework or model so that participants can be sure to address all necessary issues framework for that project. 4. Optionally, the presence of a scribe to take an on-line transcription of the session and of electric voting technology to enable participants to anonymously voice their perceptions of the issues. 5. Reporting and the development of action plans
  • 44. CSA’s BASIC PHILOSOPHY Is that the control is the responsibility of all employees in the organization. The people who work within the process, including employees as well as the managers of the process, are asked for their assessments of risks and controls in their process.
  • 45. ADVANTAGES DISADVANTAGES • Uses ideas and concepts understood by managers rather than by auditors only. • Provides opportunity to train management and employees on how controls work to achieve business objectives of importance to them. • Requires significant planning and coordination • Provides only a high- level review of the organization’s internal controls. CONTROL SELF-ASSESSMENT
  • 46. CONTROL SELF-ASSESSMENT • Very cost effective. • Provides overall, annual assessment of the organization’s system of internal control • Helps managers with problems of importance to them. • Requires significant facilitation skills and team leading ability. • Requires auditors to change their paradigm • Requires significant interface with management and employees. ADVANTAGES DISADVANTAGES
  • 47. ADVANTAGES DISADVANTAGES • Fosters buy-in to recommendations and action plan since employees participated in their development CONTROL SELF-ASSESSMENT
  • 49. INTERNAL AUDIT PRACTICE INTERNAL AUDITING ACTIVITIES • Internal Control Audits • Compliance Audits • Fraud Audits • Operational Audits • Other Internal Control Audits The objective of internal control audits is to apprise management of how adequately a particular system of internal control provides reasonable assurance that objectives are achieved.
  • 50. Compliance Audits Compliance audits are largely focused on apprising management of the degree of compliance with established policies, laws, procedures, regulations, contractual provisions, etc. Fraud Audits (Forensic Auditing) Where fraudulent activity is present or suspected, specialized audit activities maybe performed to assist management in detecting or confirming the presence and extent of fraud and in providing necessary evidence for legal purpose. Also called forensic auditing or investigative auditing.
  • 51. Operational Audits Stating the obvious, operational audits are audits of operations. They focus on the ability of an organization to achieve its business objectives in the areas of efficiency and effectiveness. Efficiency – is a measure of the ability of a process to function at a low cost in relation to similar or alternative processes Effectiveness - is a measure of the ability of a process to accomplish its functional objective.
  • 52. OTHER AUDIT ACTIVITIES : Internal Auditors may be asked to participate in many other activities for their organization. These may include duties routinely expected of all employees such as participating in quality improvement teams or they may be unique activities such as performing studies for management for which the the auditor’s skills are considered helpful.
  • 54. INTERNALAUDIT PROCESS ENGAGEMENT PLANNING (PLANNING THE AUDIT) PERFORMING THE ENGAGEMENT (EXAMINATION AND EVALUATION OF INFORMATION) COMMUNICATING RESULTS MONITORING PROGRESS (FOLLOW-UP PROCESS)
  • 55. 1. Establishing audit objectives and scope of work. 2. Obtaining background information about the activities to be audited. 3. Determining the resources necessary to perform the audit. ENGAGEMENT PLANNING - (PLANNING THE AUDIT)
  • 56. 4. Communicating with all who need to know about the audit. 5. Performing, as appropriate, a survey to become familiar with activities, risks and controls; to identify areas for audit emphasis; and to invite auditee comments and suggestions. ENGAGEMENT PLANNING - (PLANNING THE AUDIT)
  • 57. 6. Writing the audit program. 7. Determining how, when and to whom audit results will be communicated. 8. Obtaining approval of the audit work plan. ENGAGEMENT PLANNING - (PLANNING THE AUDIT)
  • 58. SETTING OF AUDIT OBJECTIVES AND SCOPE OF WORK Audit objectives are broad statements developed by internal auditors and define intended audit accomplishments Audit procedures are the means to attain audit objectives Audit objectives and audit procedures, taken together, define the scope of the internal auditors’ work. Audit objectives and audit procedures should address the risks associated with the activity under audit
  • 59. THE PRELIMINARY SURVEY The preliminary or on-site survey allows for the gathering of information, without, detailed verification about the activities to be audited. The internal auditor learns about the auditee’s objectives, organization, operations, information systems, personnel and internal controls.
  • 60. 1. Understand the activity under review 2. Identify significant areas warranting special emphasis 3. Obtain information for use in performing the audit 4. Determine whether further auditing is necessary. MAIN PURPOSES OF THE SURVEY:
  • 61. PERFORMING THE ENGAGEMENT: (EXAMINATION AND EVALUATION OF INFORMATION) Internal Auditors should collect, analyze interpret and document information to support audit results. Process of Examining and Evaluating Information 1. Extent of information collection -- audit objectives and scope of work. 2. Information – SUFFICIENT, COMPETENT, RELEVANT, USEFUL to provide sound basis for audit findings and recommendations
  • 62. 3. SELECTION IN ADVANCE of audit procedures, testing and sampling techniques 4. Supervision of the process of examination and evaluation of information to provide reasonable assurance - auditors objectives - audit goals are met 5. Workpapers should be prepared and reviewed by IAD management.
  • 63. AUDIT REPORT PREPARATION 1. Purpose Statements 2. Scope Statements a) Identify audit activities and period covered b) Related activities not audited c) Nature and extent of auditing performed
  • 64. 3.Results a) Findings b) Conclusions (Opinions) c) Conclusions AUDIT REPORT PREPARATION
  • 65. AUDIT FINDINGS: are pertinent statements of fact. Audit findings emerge by a process of comparing “what should be” “with what is”, whether or not there is difference, the internal auditor has a foundation on which to build the report. Findings should be based on the following attributes: a. Criteria: The standards, measures, or expectations used in making an evaluation and/or verification (what should exist/the correct state).
  • 66. b. Condition: The factual evidence which the internal auditor found in the course of the examination (what does exist/the current state). c. Cause: The reason for the difference between the expected and actual conditions (why the difference exists).
  • 67. d. Consequences: The risk or exposure the auditee organization and/or others encounter because the condition is not the same as the criteria (the impact of the difference). In determining the degree of risk or exposure, internal auditors should consider the effect their engagement observations and recommendations may have on the organization’s operations and financial statements. e. Observations and recommendations can include engagement client/auditee accomplishments, related issues, and supportive information.
  • 68. COMMUNICATING RESULTS: Internal Auditors must communicate the engagement results. Criteria for Communicating Quality of Communications Use of “Conducted in Conformance with the International Standards for the Professional Practice of Internal Auditing Disseminating Results
  • 69. Criteria for Communicating: Communications must include the engagement’s objectives and scope as well as applicable conclusions, recommendations and action plans.
  • 70. Criteria for Communicating: 1. Final communication of engagement results must, where appropriate, contain internal auditors, overall opinion and/or conclusions. 2. Internal auditors are encouraged to acknowledge satisfactory performance in engagement communications.
  • 71. Criteria for Communicating: 3. When releasing engagement results to parties outside of the organization, the communication must include limitations on distribution and use of the results. 4. Communication of the progress and results of consulting engagements will vary in form and content depending upon the nature of the engagement and the needs of the client.
  • 72. Quality of Communications: Communications must be accurate, objective, clear, concise, constructive, complete and timely.
  • 73. Quality of Communications: Accurate Communications are free from errors and distortions and are faithful to the underlying facts. Objective Communications are fair, impartial, and unbiased and are the result of a fair-minded and balanced assessment of all relevant facts and circumstances. Clear Communications are easily understood and logical, avoiding unnecessary technical language and providing all significant and relevant information.
  • 74. Quality of Communications: Concise Communications are to the point and avoid unnecessary elaboration, superfluous detail, redundancy, and wordiness. Constructive Communications are helpful to the engagement client and the organization and lead to improvements where needed.
  • 75. Quality of Communications: Complete Communications lack nothing that is essential to the target audience and include all significant and relevant information and observations to support recommendations and conclusions. Timely Communications are opportune and expedient, depending on the significance of the issue, allowing management to take appropriate corrective action.
  • 76. Quality of Communications: 1. Gather, evaluate, and summarize data and evidence with care and precision. 2. Derive and express observations, conclusions, and recommendations without prejudice, partisanship, personal interests, and the undue influence of others. 3. Improve clarity by avoiding unnecessary technical language and providing all significant and relevant information in context.
  • 77. Quality of Communications: 4. Develop communications with the objective of making each element meaningful and succinct. 5. Adopt a useful, positive, and well-meaning content and tone that focuses on the organization’s objectives.
  • 78. Quality of Communications: 6. Ensure communication is consistent with the organization’s style and culture. 7. Plan the timing of the presentation of engagement results to avoid undue delay.
  • 79. Use of “Conducted in Conformance with the International Standards for the Professional Practice of Internal Auditing” Internal auditors may report that their engagements are “conducted in conformance with the International Standards for the Professional Practice for Internal Auditing,” only if the results of the quality assurance and improvement program support the statement.
  • 80. STANDARD 2430 Use of “Conducted in Conformance with the Internal Auditing Standards for the Philippine Public Sector” • Indicating that engagements are “conducted in conformance with the Internal Auditing Standards for the Philippine Public Sector (IASPPS)” is appropriate only if the results of the quality assurance and improvement program support the statement.
  • 81. Philippine Application Guidelines 2430 • 1. The head of internal audit should understand the requirements related to developing and maintaining a quality assurance and improvement program (QAIP) (the 1300 series of standards) and be familiar with the results of the IAS’s current internal and external assessments. The head of internal audit may also consider the head of agency or governing body/audit committee’s expectations for using the statement “conducted in conformance with the IASPPS” in engagement reports.
  • 82. Philippine Application Guidelines 2430 • 2. When an IAS reports on an engagement, there is no requirement to indicate whether the engagement was conducted in conformance with the IASPPS. However, using this statement builds the IAS’s credibility. This Standard prohibits using the statement unless the results of the IAS’s QAIP --- including current internal and external assessments --- support a conclusion that the IAS generally conforms with the IASPPS.
  • 83. Philippine Application Guidelines 2430 • 3. When an IAS does not conform with the IASPPS, the IAS may choose to state that the engagement was not conducted in conformance with the IASPPS. However, such a statement is not required (see Standard 2431).
  • 84. Disseminating Results: The chief audit executive must communicate results to the appropriate parties. The chief audit executive or designee reviews and approves the final engagement communication before the issuance and decides to whom and how it will be disseminated.
  • 85. AUDIT REPORT REVIEW AND DISTRIBUTION: THE HEAD OF INTERNAL AUDITING OR DESIGNEE SHOULD REVIEW AND APPROVE THE FINAL AUDIT REPORT BEFORE ISSUANCE AND SHOULD DECIDE TO WHOM THE REPORT WILL BE DISTRIBUTED.
  • 86. AUDIT REPORT REVIEW AND DISTRIBUTION: AUDIT REPORTS SHOULD BE DISTRIBUTED TO THOSE MEMBERS OF THE ORGANIZATION WHO ARE ABLE TO ENSURE THAT AUDIT RESULTS ARE GIVEN DUE CONSIDERATION. THIS MEANS THAT THE REPORT SHOULD GO TO THOSE WHO ARE IN A POSITION TO TAKE CORRECTIVE ACTION OR ENSURE THAT CORRECTIVE ACTION IS TAKEN.
  • 87. AUDIT REPORT REVIEW AND DISTRIBUTION: CERTAIN INFORMATION MAY NOT BE APPROPRIATE FOR DISCLOSURE TO ALL REPORT RECIPIENTS BECAUSE IT IS PREVILEGED, PROPRIETARY, OR RELATED TO IMPROPER OR ILLEGAL ACTS. SUCH INFORMATION, HOWEVER, MAY BE DISCLOSED IN A SEPARATE REPORT.
  • 89. MONITORING PROGRESS: To effectively monitor the disposition of results, the chief audit executive (CAE) establishes procedures to include: • The timeframe within which management’s response to the engagement observations and recommendations is required. • Evaluation of management’s response. • Verification of the response (if appropriate). • Performance of a follow-up engagement (if appropriate). • A communication process that escalates unsatisfactory responses/actions, including the assumption of risk, to the appropriate levels of senior management or the board.
  • 90. Internal auditors determine whether management has taken action or implemented the recommendation. Internal auditor determines whether the desired results were achieved or if senior management or the board has assumed the risk of not taking action or implementing the recommendation. Follow-up Process:
  • 91. Follow-up Process: Follow-up is a process by which internal auditors evaluate the adequate effectiveness, and timeliness of actions taken by management on reported observations and recommendations, including those made by external auditors and others. This process also includes determining whether senior management and/or board have assumed the risk of not taking corrective action on reported observations.
  • 92. The internal audit activity’s charter should define the responsibility for follow-up. The chief audit executive (CAE) determines the nature, timing, and extent of follow- up, considering the following factors: a. Significance of the reported observation and recommendation. b. Degree of effort and cost needed to correct the reported condition. c. Impact that may result should the corrective action fail. d. Complexity of the corrective action. e. Time period involved. Follow-up Process:
  • 93. The CAE is responsible for scheduling follow-up activities as part of developing engagement work schedules. Scheduling of follow-up should be based on the risk and exposure involved, as well as the degree of difficulty and the significance of timing in implementing corrective action. Follow-up Process:
  • 94. Where the CAE judges that management’s oral or written response indicates that action taken is sufficient when weighed against the relative importance of the observation or recommendation, internal auditors may follow up as part of the next engagement. Follow-up Process:
  • 95. Internal auditors ascertain whether actions taken on observations and recommendations remedy the underlying conditions. Follow-up activities should be appropriately documented. Follow-up Process:
  • 96. CHARACTERISTIC OLD PARADIGM NEW PARADIGM INTERNAL AUDIT FOCUS INTERNAL AUDIT RESPONSE RISK ASSESSMENT INTERNAL AUDIT TESTS INTERNAL AUDIT METHODS INTERNAL CONTROL, REACTIVE, AFTER-THE-FACT DISCONTINUOUS OBSERVERS OF STRATEGIC PLANNING INITIATIVES RISK FACTORS IMPORTANT CONTROLS EMPHASIS ON THE COMPLETENESS OF DETAIL CONTROL TESTING BUSINESS RISK COACTIVE, REAL- TIME CONTINUOUS MONITORING PARTICIPANTS IN STRATEGIC PLANS SCENARIO PLANNING IMPORTANT RISKS EMPHASIS ON THE SIGNIFICANCE OF BROAD BUSINESS RISKS COVERED THE CHANGING INTERNAL AUDITOR’S PARADIGM
  • 97. THE CHANGING INTERNAL AUDITOR’S PARADIGM CHARACTERISTIC OLD PARADIGM NEW PARADIGM INTERNAL AUDIT RECOMMENDATIONS INTERNAL AUDIT REPORTS INTERNAL AUDIT ROLE IN THE ORGANIZATION INTERNAL CONTROL: STRENGHTENED COST-BENEFIT EFFICIENT/EFFECTIVE ADDRESSING THE FUNCTIONAL CONTROLS INDEPENDENT APPRAISAL FUNCTION RISK MANAGEMENT: AVOID/DIVERSIFY RISK SHARE/TRANSFER RISK CONTROL/ACCEPT RISK ADDRESSING THE PROCESS RISKS INTEGRATED RISK MANAGEMENT AND CORPORATE GOVERNANCE
  • 99. PROFICIENCY – Internal auditors must possess the knowledge, skills and other competencies needed to perform their individual responsibilities. The internal audit activity collectively must possess or obtain the knowledge, skills, and other competencies needed to perform its responsibilities. PROFICIENCY AND DUE PROFESSIONAL CARE
  • 100. PROFICIENCY AND DUE PROFESSIONAL CARE DUE PROFESSIONAL CARE – Internal auditors must apply the care and the skill expected of a reasonably prudent and competent internal auditor. Due professional care does not imply infallibility.
  • 101. Exercising due professional care means using reasonable audit skill and judgment in performing the audit. The internal auditor must exercise due professional care by considering the: 1. The extent of audit work needed to achieve audit objectives. 2. The relative complexity, materiality or significance of matters to which audit/assurance procedures are applied.
  • 102. 3. The adequacy and effectiveness of governance, risk management and control processes. 4. The probability of significant errors, fraud, or noncompliance; and 5. The cost of auditing in relation to potential benefits.
  • 103. In exercising due professional care, internal auditors must consider the use of technology- based audit and other data analysis techniques. Internal auditors must be alert to the significant risks that might affect objectives, operations, or resources. However, assurance procedures alone, even when performed with due professional care, do not guarantee that all significant risks will be identified.
  • 104. Internal Auditors Can Audit Anything – but Not Everything. By Richard Chambers Former Chairman, Institute of Internal Auditors (IIA) “ There are times when internal audit clients and others have unrealistic expectations about our profession. It’s not surprising, then, that there may be confusion about our role. After all, internal auditors wear many hats. We are analysts, control experts, consultants, teachers, business partners, watchdogs, financial advisers.”