26-1 Explain the role of internal auditors in financial auditing.
26-2 Describe the auditing and reporting requirements under Government Auditing Standards and the Single Audit Act. 26-3 Distinguish operational auditing from financial auditing. 26-4 Provide an overview of operational audits. 26-5 Plan and perform an operational audit.
INTERNAL FINANCIAL AUDITING Institute of Internal Auditors: Professional guidance for internal auditors is provided by the Institute of Internal Auditors (IIA). The Institute of Internal Auditors provides the following definition of internal auditing:
Internal auditors are expected to provide value to the organization
through improved operational effectiveness, while also performing traditional responsibilities, such as: • Reviewing the reliability and integrity of information • Ensuring compliance with policies and regulations • Safeguarding assets The Institute of Internal Auditor’s Code of Ethics is shown in Figure 26-1 on page 828.
• Internal auditors are responsible to management and the board, whereas • External auditors are responsible to financial statement users. • External auditors rely on internal auditors when using the audit risk model to assess control risk. • If internal auditors are effective, the external auditors can significantly reduce control risk and thereby reduce substantive testing.
The primary source of authoritative literature for doing
governmental audits is Government Auditing Standards, which is issued by the Government Accountability Office (GAO). • These standards are often called generally accepted government auditing standards (GAGAS). • Because of the color of cover, it is usually referred to as the “Yellow Book” rather than its formal name. • The initial Yellow Book was similar to the GAAS standards, but it has been expanded to provide guidance standards for performance audits.
Financial Audit and Reporting Requirements—Yellow Book:
The financial auditing standards of the Yellow Book are consistent with the principles of the AICPA auditing standards, and also contain extensive additional guidance, including the following: • Materiality and significance • Quality control • Compliance auditing • Reporting
GOVERNMENTAL FINANCIAL AUDITING (CONT.) Audit and Reporting Requirements—Single Audit Act and OMB Circular A-133: The Single Audit Act of 1984 provides for a single coordinated audit to meet the audit requirements of all federal agencies. Entities that receive more than $750,000 in federal funds are subject to a single audit. Audit Requirements: • The audit should be in accordance with GAGAS. • The auditor must obtain an understanding of internal control over federal programs sufficient to support a low assessed level of control risk for major programs. • The auditor should determine whether the client has complied with laws, regulations, and the provisions of contracts or grant agreements that may have a direct and material effect on each of its major programs.
GOVERNMENTAL FINANCIAL AUDITING (CONT.) Single Audit Act and OMB Circular A-133 (cont.): Reporting Requirements: • An opinion on whether the financial statements are presented fairly in all material respects in accordance with GAAP • An opinion as to whether the schedule of federal awards is presented fairly in all material respects in relation to the financial statements as a whole • A report on internal control related to the financial statements and major programs • A report on compliance with laws, regulations, and the provisions of contracts or grant agreements, where noncompliance could have a material effect on the financial statements • A schedule of findings and questioned costs AICPA Guidance for Auditors: Two relevant sources are the AICPA audit guide, Government Auditing Standards and Single Audits, and the auditing standard, Compliance Audits.
OPERATIONAL AUDITING Major Differences Between Operational and Financial Auditing: • Purpose of the Audit: Operational auditing emphasizes effectiveness and efficiency. • Distribution of the Reports: Operational reports are intended primarily for management. • Inclusion of Nonfinancial Areas: Operational audits cover any aspect of efficiency and effectiveness.
EFFECTIVENESS VERSUS EFFICIENCY Effectiveness: Refers to meeting objectives. Efficiency: Defined as reducing cost without reducing effectiveness. Relationship Between Operational Auditing and Internal controls: Management establishes internal controls to help meet its goals. One goal of internal controls is to help achieve operational efficiency and effectiveness: • Purpose: The purpose of operational auditing of internal control is to evaluate efficiency and effectiveness. • Scope: The scope of operational auditing concerns any control affecting efficiency or effectiveness.
EFFECTIVENESS VERSUS EFFICIENCY (CONT.) Types of Operational Audits: • Functional Audits: Deal with one or more functions in an organization, concerning, for example, the efficiency or effectiveness of the payroll function. • Organizational Audits: Emphasize how efficiently or effectively functions within an organization interact. • Special Assignments: Arise at the request of management for a wide variety of reasons, such as determining the cause of an ineffective IT system.
• Internal Auditors • Government Auditors • CPA Firms Independence and Competence of Operational Auditors: • Independence: The auditor should report to the appropriate level of management to ensure that investigation and recommendations are made without bias. • Competence: Necessary to determine the cause of the operational problems and to make appropriate recommendations.
CRITERIA FOR EVALUATING EFFICIENCY AND EFFECTIVENESS A major challenge of operational auditing is in selecting specific criteria for evaluating whether efficiency and effectiveness have occurred. Specific Criteria: More specific criteria are desirable before starting an operational audit. Sources of Criteria: • Historical performance • Benchmarking • Engineered standards • Discussion and agreement
CRITERIA FOR EVALUATING EFFICIENCY AND EFFECTIVENESS (CONT.) Phases in Operational Auditing: • Planning: Similar to planning for financial audits, but the main difference is the diversity created by the breadth of operational audits. • Evidence Accumulation and Evaluation: Operational auditors must accumulate sufficient appropriate evidence to provide a basis for a conclusion about the objectives. • Reporting and Follow-Up: 1. In operational audits, the report is usually sent only to management. The lack of third-party users reduces the need for standardized wording. 2. The diversity of operational audits requires tailoring of each report to address the scope of the audit, findings, and recommendations.