P3 Documenting information, testing and evidence

Recorded information ensure IA have all INFORMATION NEEDED to REVIEW, ANALYSE in detail later. Second it ensure quality assurance that CHECK CONCLUSION reached are SUPPORTED   2330 Documenting Information   Internal auditors must document relevant information to support the conclusions and engagement results.

PROCESS>ORDER PURCHASE>SET UP>INVOICE>PAYMENT>DELIVERY Information may include SYTEM NOTES from client>INTERVIEW NOTES, SPREADSHEETS, GOVERNANCE STRUTURE, RISK REGISTER, SUPPLIER REQUEST/CHANGE INVOICES

Different types INTERVIEWS (ANEDOTAL LESS RELIABLE) - INDICATE PROCESS AND PROCEDURES AND ADD TO INFORMATION ALEADY GATHERED - who, what, why, how, where>OBSERVATION - incorporated in internvews> INFORMATION - incl data gathered by IA own analytical process - SAMPLE OF TEST PROCEDURES- Important - DISTINGISH RAW, POST ANALYSIS & JUDGEMENT  Purpose -  TO DOCUMENT PROCESS AND CONTROL -  use control matrix/evaluation Why - TO ALLOW UNDERSTANDING THAT ADDRESSES RISKS - include control objectives, input, probability, mitigation, evaluatio of operation, compare risk impact expected conrl with actual control IMPORTANT - OF DOCUMENTING WORK THROUGH PROCESS  TO SHOW> PROCEDURES USED>INFO OBTAINED AND CONCLUSIONS REACH The creation of working papers has benefits: HELPS TEAM UTILISE, ANALYSE AND REVIEW EACH OTHERS WORK>SUPPORT QUALITY ASSURANCE PROCESS AS PROVIDES MEANS TO SUBSTANTIATE FINDING REACH AND RECORDS AUDIT TRAIL >once, info gathered on systems- there's an initial evaluation of undestanding, then discusion with contacts to test actual system  

Testing tecniques include: >INTERVIEW, FOCUS GROUP, QUESTIONING >CALCULATION & ANALYSIS >OBSERVATION >EXAMINE DOCUMENTATION  

Risk and control matrices - TO DOC KEY RISK AND STRATEGIES USED TO MANAGE narrative/system note - FOLLOWING MEETING INTERVIEW process flow diagramm - DURING PRELIMINARY SURVEY TO BETTER UNDERSTAND COMPLEXITIES AND INTERACTION OF SYSTEM, PROJECT WORK internal control questionnaire -  USED DURING PRELIMINARY SUREY TO FRAME QUESTIONS AT A MEETING OR TO COLLECT INFORMATION FROM CLIENT audit reports - KEY WORKING PAPER DOCUMENTING THE AUDIT FINDINGS AND CONCLUSIONS audit history database a- COLLECTION OF HISTORICAL AUDIT DAT SUCH AS AUDIT RECOMMENDATIONS AND ACTIONS TAKEN

These are stored on the audit databased and feed into audit report which goes to audit committee and managements to provide assuracne on effectivness of operations ENGAGEMENT PLAN>DISCUSSING & OBSERVATION OF MONITORING CONTROL>VERIFICATON OF EVIDENCE>ASSESS EVALUATION OF RESIDUAL RISK>CONCLUSION ON RESPONSES=FINAL REPORT

WALKTHROUGH - involves following a small sample of transactions to run though system end to end -  TO UNDERSTAND HOW SYSTEM WORKS following interview CHECK HOW SYSTEM WORKS IN PRACTICE COMPARED TO THEORY> ID KEY RISKS & THUS FOCUS OF FURTHER TESTING>KEY CONTROL TO EXAMINE FURTHER DURING COMPLIANCE AND SUBSTANTIVE TESTING

TEST OF CONTROL - TO EVALUATE RISK MITIGATION to see if control working as intended - e.g sample new entrant entered on payroll are authorise and whether overtime is authorised on time on payslips. TEST EFFECTIVENESS IN PREVENTING ERROR. CONFIRM NON-COMPLIANCE, INVESTIGATE INCIDENTS OF LOSS OR ERROR IN SPITE OF NON-COMPLIANCE   example  EXPENSE FORMS SIGNED BY AUTHORISED SIGNATORY NOT RECIPIENT >ORDERS ARE NOT REQUISITIONED BY SAME INDIVIDUAL WHO RECEIVED GOODS>CONTRACT ARE SUBJECT TO ADDITIONAL AUTHORISATION AND SCRUTINY ABOVE AGREED VALUE

test use when compliance test show controls not working to help: >establish whether desire outcome achieved due to activities e.g example staff records to see date of payment  - then interview staff to see verify timely receipt GAINS ASSURANCE OUTPUT IS CORRECTS - PAYMENT MADE FOR GOODS RECEIVED>OBTAIN EVIDENCE OF OUTCOME OF TRANSACTION EG ACCOUNT BALANCE >QUANTIFY EXTENT OF ERRO, IRREGULARITIS AND MISSTATMENT IN ACCOUNTING RECORDS>TEST REASONABLENESS OF RELAIONS AND ASSESS ANY SIGINIFICANT VARIATE (AKA ANALYTICAL REVIEW PROCEDURES) substantive test verify: COMPLETENESS VALIDY AND ACCURACY COMPLETENESS OF ASSETS & LIABILITIES EXISTENCE OF ASSESTS AND LIABILITIES VALUATION e.G CHECK THAT ASSETS IN REGISTER EXIST, VALUATION CORRECT - USE SPECIALIST

RATIO - compare size and amount TREND - compare data over time e.g. this year to last ANALYTICAL - compare relations

FACTORS INCLUDING >PERIOD TEST COVERS, QUANTITIY, TECHNIQUES AND SAMPLE TYPE WILL ALL DEPEND ON :     . level of assurance required time/experitise if tiem insufficient - reduction in levels of assurance

2240 Engagement Work Programme - Internal auditors must develop and document work programmes that achieve the engagement objectives.  2240.A1 Work programmes must include the procedures for identifying, analyzing, evaluating and documenting information during the engagement. The work programme must be approved prior to its implementation and any adjustments approved promptly.  2240.C1 Work programmes for consulting engagements may vary in form and content depending upon the nature of the engagement. 2300 Performing the Engagement-Internal auditors must identify, analyse, evaluate and document sufficient information to achieve the engagement's objectives. 2310 Identifying Information- Internal auditors must identify sufficient, reliable, relevant and useful information to achieve the engagement's objectives.

Judgemental - relys on knowledge and experience suitable when satisfy evidence requirements area known well includes eror items statistical is impractical technical expetise not available DISADVANTAGE relies on audi with knowledge/if unable to quantify error/open to criticism and bias Statistical - scientifiy same selected in unbiased way to anlayse and provide reasonable estimations - mathematically meaningful eg 95% conficen representative of population. evalation is quatified measured and controlled ADVANTAGE - objective, defensive, estimate of erro, combined and evaluated. all auditors performing can reach. DISADVANTAGE - misleading if misunderstood

allows test sample of transactions  rather than whole population and draw conclusions from results

This allow careful section of the best use of resouces  to reach conclusion based on estimation. 

However, it does not give 100% assurance.  audit can make mistake but computer programmes help.

Computerised auditor assited tools and techniques - comprise a range of software tool and techniques that auditors can use to INTEROGATE AND MANIPULATE DATA. Include tool to help:

MANAGE AN AUDIT FUNCTION - Team Mate - which is an automated audit management software used to record the schecule and allocation of audits, working papers and auditor time recording against  audit and non-audit activities

ARRANGE AND COMPLETE AUDITS - including LEADING STAGES AND PROCEDURES, SELECT SAMPLE QUANTITIES, REVIEW RESULTS, INSTANT WORKING PAPERS RESEARCH ISSUES AND MINE DATA E.G. POPULATIONS INSTANTLY ERROR, DUPLICATION OF RECORDS, IRREGULARITIES>MONITOR TRANSACTIONS AND ACTIVITIES>DETECT FRAUD>ENABLE INVESTIGATIONS

example - EXCEL - commontly used and bespoke IDEA (interactive data extraction and analysis)

CAATT - MAINLY USED TO EST THAT CONTROL ARE EFFECTIVE

TEAM MATE - ALLOW AUTOMATED TEMPLATE FOR AUDITOR TO FEED IN DRAFT REPORT AND CONCLUSION FROM TESTING

ALTERNATIVE TO CAATT - physical examinatio, calculation and analyis - re-performing calculations a, sample test e.g. interval 

Pro

CAATT - looks at whole populations with range of analys e.g file comparison + random sampling, testing limited using manual result

CAATT - if embeeded provides ongoing assurance 

Manual testing is quicker

Cons -

CAATT requires expertised, is resource intestive. subject to time wasting as experimenation with test facilities

High costs but can be recovered re added value to audit

Issues - how to be used e.g relation to work, objs and frequecy of use

>suficientcy of exist packages

>evaluation required of software available to see which fits

>cost - depent of extent use, maintenance, upgrade and additional support, training

>ease of use/clarifty of audit object

>data access and confidentiality and security req needed

RANGE OF TASK AUDIT CAN PERFORM 

- analysing large volumes/continous monitoring of transactions/ perform variety of test

- interrogating data files/ test how system error is handled

- accuracy of calculations/comparison different sources

Benefits - REDUCE FRAUD, IMPROVE AUDIT REACTION TO CHANGE SUPPORT RM PROMPTLY, INFLUENCE BIZ FOR PROFIT

USES INTERROGATION DATA EXRACTION ANALYSIS   - DATA MINING - process of extracting knowledged hidden in large volumes of data

Purpose - look for trends and anomolies to id errors and possible fraud

Issue - need to be carefully reviewed  TO STOP FALSE PICTURES EMERGING

data need to managed securly  TO AVOID HACKER WHO USE DATA MINING

USE AS AUDIT MANAGEMENT TOOL - TEAM MATE:

PROVIDES INCREASED EFFICIENCY IN PRODUCTIELITY  - RISK ASSESSMENT, SCHEDULING, PLANNING, EXECUTIVE, REVIEW, REPORT, ANALYSIS, AC REPORTING AND STORAGE

>EVIDENCE IS MEANS OF PROOF

>ENGAGEMENT OBJ DETERMINES EVIDENCE REQ - SCOPE - SIGNIFICANCE OF RISK AVAILABILITY COST ,TIME

EVIDENCE SHOULD BE Trusted, Reliable, Useful, Sufficient and Timely

CAREFUL ASSESSMENT  required to FORM OPINION that DEFENDIBLE WHEN CHALLENGED

>GOOD EVIDENCE:

- EXIST IN PHYSICAL FORM 

- OBTAINED FROM AUDITOR ANALYSIS AND 3RD PARTY HELD BY MGMT FROM NORMAL BIZ

- WRITTEN IS MORE RELIABLE THAN ANEDOCTAL

PROVIDEE IN PROPERLY EST, TESTED SYSTEM OF CONTROL

A

A