Narrative: You Will Need A Copy of The Book As Future Reference Material For This Presentation

Essentials Companion KHS Pickett 2011 Training Slides
Narrative
You will need a copy Essential Guide to Internal Auditing 2nd Edition
of the book as future
reference material
for this presentation. Chapter Seven
The Audit Approach

Narrative Training Aim

This presentation is To present a brief introduction to internal auditing that will
aimed at increasing give you an initial understanding of:
your level of
understanding of the 1.Risk based systems approach.
following topics.
2.Control self assessment.
3.Integrated audit approach.

Narrative YOUR CHOICE

There is an argument that the most efficient use of audit
Complete the resources occurs where one concentrates on reviewing
paragraph by risks to the proper functioning of .. as
selecting the missing opposed to the in-depth examination transactions that
words. result from these individual systems.
1.management and staff
2.Compliance routines
3.systems and processes

Narrative YOUR CHOICE ANSWERED

There is an argument that the most efficient use of audit
The answer is 3 resources occurs where one concentrates on reviewing
systems and risks to the proper functioning of .. as
processes. Which is opposed to the in-depth examination transactions that
about improving the result from these individual systems.
organizations risk 1.management and staff
management process.
2.Compliance routines
3.systems and processes

Narrative
We need to restate IIA
Scope of Audit Work
Performance Standard
2110.A1 on the scope of The internal audit activity must evaluate risk
audit work. Risk-based exposures relating to the organizations
systems auditing means the governance, operations, and information systems
risks are reviewed to fulfill regarding the:
the assurance role of
1.Reliability and integrity of financial and
internal auditing. The
means a move away from operational information.
error spotting with more 2.Effectiveness and efficiency of operations.
emphasis on getting the 3.Safeguarding of assets; and
system of risk management 4.Compliance with laws, regulations, and contracts.
right.
Narrative
An Exercise
What is a system and
why is it so
important to audit
work?
There is much talk about systems of internal

control in public and private sector
regulations. How would you describe the
concept of systems in this context?
Narrative
A Basic System
The controls
counterbalance the
risks that impact the
system to help
ensure inputs result
INPUTS PROCESS OUTPUTS
in the agreed output
that is objectives
are properly met.
CONTROLS
Narrative SYSTEMS IS KING

While systems need We can use the principles of systems
to be in place, the thinking to conduct risk based systems
concept of entropy auditing. We are concerned with
may lead to some reviewing and then advising
disorder, management on their systems of
disorganization, or internal controls that discharge these
randomness of four objectives.
organization of these
systems as controls
deteriorate over
time unless they are
reviewed.
Narrative RISK BASED SYSTEM AUDITING TO THE RESCUE

Systems thinking is
used in RBSA. We
will break down
operations as
systems,
components of a
system, subsystems,
parallel systems and
parent systems. We
will now look at this
in some detail.
Essentials Companion KHS Pickett 2011 Assignment Plan
Narrative Ascertain Risks to Business Objectives

This model is explained on page Evaluate Controls
205 onwards. The idea is to set the
assignment plan that has been Strong? Weak?
determined so that we have clear
terms of reference and an outline
of the system in question. The next
stage is to determine what risks
may prevent the business goals
from being achieved and ensure
these risks are understood,
classified and prioritized. Having
discovered the key risks, we can go
on to weighing up and evaluating
the specific controls that form the
main aspect of the risk
management strategy and assess
whether the controls are
adequate.

Adequate controls (Strong) Evaluate Controls
should be further considered
to judge whether they are Strong? Weak?
working properly through
Complied With? No Compensating Controls?
compliance tests. Weak Yes
controls mean there is an Limited Substantive Tests
(Report)?
unacceptable level of Extended Substantive Tests
residual risk and this may be
reported straight away.
Again, some auditors wish to
test the implications of these
weaknesses and seek out
actual error, and abuse to
demonstrate the
implications of poor controls.

The findings on the Evaluate Controls
state of the residual risk Strong? Weak?
lead into assurances
where all is well and Complied With? No Compensating Controls?
Yes
recommendations Limited Substantive Tests
(Report)?
where there are further Extended Substantive Tests
improvements needed Analyze Findings on
to mitigate aspects of Residual Risk
the residual risk that
need to be contained. Formulate Opinion Formulate Recommendations
The results are reported AUDIT REPORT

back to the client and
Follow-Up
then followed-up.
Narrative
An Exercise
Have a go at this
exercise. What needs
to be addressed at
each stage of the
audit?
At each stage of the risk based approach to
internal auditing, what considerations would
you have to ensure that stage of the audit
has been properly addressed?
Narrative
Considerations
In terms of the
stages of the risk- Define clear objectives for the stage
based systems audit Plan the work and approach to be adopted
there are a number Obtain a good understanding of the risks to the
of matters to be operation
considered at each Define any testing strategy
stage. Define the techniques that will be used
Brief staff working on the project
Ensure that the work is formally documented
Look for high levels of unmitigated risk
Agree the direction of work for the next stage
Narrative IIA Standards

There are several
Extent of work needed to achieve the engagements
important tasks that
the auditor needs to objectives;
perform to ensure the Relative complexity, materiality, or significance of
work is carried out matters to which assurance procedures are applied;
with due professional Adequacy and effectiveness of governance, risk
care. The IIA Attribute management, and control processes;
Standard 1220.A1 Probability of significant errors, fraud, or
addresses the
noncompliance; and
minimum that must
be considered during Cost of assurance in relation to potential benefits.
an audit.
The short cut to the

audit process is to
report on residual
risk and whether it is
acceptable or not.
What is missing is Analyze Findings on
integrating the audit Residual Risk
process with the risk
management process
that is already in
AUDIT REPORT
place. This is tackled
next.
Narrative
An Exercise
The modern internal
auditor does not
work in a vacuum.
Auditors now work
with and alongside
management to How can the internal audit work with
improve the way risk
management in promoting better risk
is managed. But how
can they best do management?
this?
Essentials Companion KHS Pickett 2011 THE BUSINESS
Narrative BUSINESS MODEL
We tackle this question by

Teams Proceses Projects
introducing an integrated
approach to auditing. For
simplicity we have broken
the organization down
into three types of
elements:
1. Teams.
2. Processes.
3. Projects.
Set up to deliver results
via the set business
model.
For all parts of the Teams Proceses Projects

organization there
would be set
OBJECTIVES
objectives, risk and a
risk management
strategy to address RISKS
these risks. Hence all

such systems Risk Management Strategy
INTERNAL CONTROLS
throughout the
organization may be
reviewed by internal
audit. OUTCOMES

SELF ASSESS
Control risk self- Teams Proceses Projects
assessment comes
next where risk is Agree objectives
OBJECTIVES ID risks
assessed in teams,
Assess Risks
projects, through
Risk Management
processes and RISKS
generally throughout
the organization. Each Risk Management Strategy
INTERNAL CONTROLS
part of the business
will use their risk
assessments to better
focus their controls. OUTCOMES

INTERNAL AUDIT SELF ASSESS
Now audit can fit into Teams Proceses Projects
the process by using
the risk based Agree objectives
Plan TOR
OBJECTIVES ID risks
approach to plan and Ascertain
Assess Risks
perform their work. Evaluate
RISKS Risk Management
Test
Assess findings
Risk Management Strategy
INTERNAL CONTROLS
OUTCOMES

This is the crucial part.
Internal audit where IIA Teams Proceses Projects
Practice Advisory 2120.1 INTEGRATED AUDIT APPROACH

Agree objectives
says that audit will: Plan TOR
OBJECTIVES ID risks
Determine the effectiveness Ascertain
Assess Risks
of managements self- Evaluate
assessment processes RISKS Risk Management
Test
through observations, Assess findings
direct tests of control and Risk Management Strategy
monitoring procedures, INTERNAL CONTROLS
testing the accuracy of
information used in
monitoring activities, and
other appropriate
OUTCOMES
techniques.

So the auditor will Teams Proceses Projects
assume an assurance INTEGRATED AUDIT APPROACH
role where the risk
management process
is sound and a
consulting role where
management have not
yet got to grips with
control risk self
assessment.

A mixture of audit
objectivity and testing
INTEGRATED AUDIT APPROACH
alongside the inside Agree objectives
Plan TOR
knowledge and OBJECTIVES ID risks
commitment from the Ascertain
Assess Risks
self-assessment process Evaluate
may create a useful Test
solution. This integrated Assess findings
approach mixes audit Risk Management Strategy
with the close INTERNAL CONTROLS
involvement of client staff
objective review understanding buy-in
in workshop format to assurances Statement on Internal action plans
identify risks and help recommendations Control responsibility
validation
define suitable solutions.
OUTCOMES

Two new boxes are added
to the model: reviewed
INTEGRATED AUDIT APPROACH
and agreed, that is the Agree objectives
Plan TOR
risk management process OBJECTIVES ID risks
will have been objectively Ascertain
Assess Risks
reviewed by internal audit Evaluate
and also agreed by the Test
people who actually Assess findings
operate the system, Risk Management Strategy
creating many benefits. INTERNAL CONTROLS
Integrated audits can
objective review understanding buy-in
provide an interesting assurances reviewed Statement on Internal agreed action plans
way of refining the audit recommendations Control responsibility
validation
process and adding more
OUTCOMES
value to the audit.
Essentials Companion KHS Pickett 2011
Narrative
What about the Rest?
These different
approaches to audit Fraud investigations
work are dealt with
in pages 211 to 227 Information systems auditing
of the book.
Compliance reviews
Value for money
Consulting work
Essentials Companion KHS Pickett 2011
Narrative
The modern approach to
internal auditing is about
using the audit process as
Internal
a way of helping an Control
organization work in
harmony to ensure there Framework
is good risk management,
control and governance
processes. Helping slackers
and pushing those on track
Risk Internal
even harder so that Management Controls
everyone is singing from
the same song sheet. Corporate
Strategies & Review
Narrative Training Aim

We hope that this To present a brief introduction to internal auditing that will
presentation has give you an initial understanding of:
increased your level
of understanding of 1.Risk based systems approach.
the following topics.
2.Control self assessment.
3.Integrated audit approach.

Narrative
You will need a copy Essential Guide to Internal Auditing 2nd Edition
of the book as future
reference material
for this presentation. Chapter Seven
The Audit Approach

Narrative: You Will Need A Copy of The Book As Future Reference Material For This Presentation

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Narrative: You Will Need A Copy of The Book As Future Reference Material For This Presentation

Încărcat de

Drepturi de autor:

Formate disponibile

Essentials Companion KHS Pickett 2011 Training Slides

The Audit Approach

Narrative Training Aim

3.Integrated audit approach.

Narrative YOUR CHOICE

3.systems and processes

Narrative YOUR CHOICE ANSWERED

3.systems and processes

There is much talk about systems of internal

Narrative SYSTEMS IS KING

Narrative RISK BASED SYSTEM AUDITING TO THE RESCUE

Narrative Ascertain Risks to Business Objectives

Narrative Ascertain Risks to Business Objectives

Narrative Ascertain Risks to Business Objectives

The results are reported AUDIT REPORT

Narrative IIA Standards

Narrative Ascertain Risks to Business Objectives

The short cut to the

Narrative BUSINESS MODEL

We tackle this question by

Narrative BUSINESS MODEL

For all parts of the Teams Proceses Projects

these risks. Hence all

Narrative BUSINESS MODEL

Narrative BUSINESS MODEL

Narrative BUSINESS MODEL

Practice Advisory 2120.1 INTEGRATED AUDIT APPROACH

Narrative BUSINESS MODEL

Narrative BUSINESS MODEL

Narrative BUSINESS MODEL

Value for money

Narrative Training Aim

3.Integrated audit approach.

The Audit Approach

S-ar putea să vă placă și