P3 Documenting information, testing and evidence

method, nature, purpose of method, test

HideShow resource information
  • Created by: mumuna
  • Created on: 24-05-13 15:05

method used to document info 6.1

Recorded information ensure IA have all INFORMATION NEEDED to REVIEW, ANALYSE in detail later. Second it ensure quality assurance that CHECK CONCLUSION reached are SUPPORTED   2330 Documenting Information   Internal auditors must document relevant information to support the conclusions and engagement results.

1 of 21

Type of information

PROCESS>ORDER PURCHASE>SET UP>INVOICE>PAYMENT>DELIVERY Information may include SYTEM NOTES from client>INTERVIEW NOTES, SPREADSHEETS, GOVERNANCE STRUTURE, RISK REGISTER, SUPPLIER REQUEST/CHANGE INVOICES

2 of 21

Nature & purpose of different test

Different types INTERVIEWS (ANEDOTAL LESS RELIABLE) - INDICATE PROCESS AND PROCEDURES AND ADD TO INFORMATION ALEADY GATHERED - who, what, why, how, where>OBSERVATION - incorporated in internvews> INFORMATION - incl data gathered by IA own analytical process - SAMPLE OF TEST PROCEDURES- Important - DISTINGISH RAW, POST ANALYSIS & JUDGEMENT  Purpose -  TO DOCUMENT PROCESS AND CONTROL -  use control matrix/evaluation Why - TO ALLOW UNDERSTANDING THAT ADDRESSES RISKS - include control objectives, input, probability, mitigation, evaluatio of operation, compare risk impact expected conrl with actual control IMPORTANT - OF DOCUMENTING WORK THROUGH PROCESS  TO SHOW> PROCEDURES USED>INFO OBTAINED AND CONCLUSIONS REACH The creation of working papers has benefits: HELPS TEAM UTILISE, ANALYSE AND REVIEW EACH OTHERS WORK>SUPPORT QUALITY ASSURANCE PROCESS AS PROVIDES MEANS TO SUBSTANTIATE FINDING REACH AND RECORDS AUDIT TRAIL >once, info gathered on systems- there's an initial evaluation of undestanding, then discusion with contacts to test actual system  

3 of 21

Methods of of test considered

Testing tecniques include: >INTERVIEW, FOCUS GROUP, QUESTIONING >CALCULATION & ANALYSIS >OBSERVATION >EXAMINE DOCUMENTATION  

4 of 21

Methods of documenting audit information

Risk and control matrices - TO DOC KEY RISK AND STRATEGIES USED TO MANAGE narrative/system note - FOLLOWING MEETING INTERVIEW process flow diagramm - DURING PRELIMINARY SURVEY TO BETTER UNDERSTAND COMPLEXITIES AND INTERACTION OF SYSTEM, PROJECT WORK internal control questionnaire -  USED DURING PRELIMINARY SUREY TO FRAME QUESTIONS AT A MEETING OR TO COLLECT INFORMATION FROM CLIENT audit reports - KEY WORKING PAPER DOCUMENTING THE AUDIT FINDINGS AND CONCLUSIONS audit history database a- COLLECTION OF HISTORICAL AUDIT DAT SUCH AS AUDIT RECOMMENDATIONS AND ACTIONS TAKEN

5 of 21

Fieldwork testing flow diagarm

These are stored on the audit databased and feed into audit report which goes to audit committee and managements to provide assuracne on effectivness of operations ENGAGEMENT PLAN>DISCUSSING & OBSERVATION OF MONITORING CONTROL>VERIFICATON OF EVIDENCE>ASSESS EVALUATION OF RESIDUAL RISK>CONCLUSION ON RESPONSES=FINAL REPORT

6 of 21

Different types of test must be considered - WALKT

WALKTHROUGH - involves following a small sample of transactions to run though system end to end -  TO UNDERSTAND HOW SYSTEM WORKS following interview CHECK HOW SYSTEM WORKS IN PRACTICE COMPARED TO THEORY> ID KEY RISKS & THUS FOCUS OF FURTHER TESTING>KEY CONTROL TO EXAMINE FURTHER DURING COMPLIANCE AND SUBSTANTIVE TESTING

7 of 21

Different types of test must be considered - COMPL

TEST OF CONTROL - TO EVALUATE RISK MITIGATION to see if control working as intended - e.g sample new entrant entered on payroll are authorise and whether overtime is authorised on time on payslips. TEST EFFECTIVENESS IN PREVENTING ERROR. CONFIRM NON-COMPLIANCE, INVESTIGATE INCIDENTS OF LOSS OR ERROR IN SPITE OF NON-COMPLIANCE   example  EXPENSE FORMS SIGNED BY AUTHORISED SIGNATORY NOT RECIPIENT >ORDERS ARE NOT REQUISITIONED BY SAME INDIVIDUAL WHO RECEIVED GOODS>CONTRACT ARE SUBJECT TO ADDITIONAL AUTHORISATION AND SCRUTINY ABOVE AGREED VALUE

8 of 21

Different types of test must be considered - SUBST

test use when compliance test show controls not working to help: >establish whether desire outcome achieved due to activities e.g example staff records to see date of payment  - then interview staff to see verify timely receipt GAINS ASSURANCE OUTPUT IS CORRECTS - PAYMENT MADE FOR GOODS RECEIVED>OBTAIN EVIDENCE OF OUTCOME OF TRANSACTION EG ACCOUNT BALANCE >QUANTIFY EXTENT OF ERRO, IRREGULARITIS AND MISSTATMENT IN ACCOUNTING RECORDS>TEST REASONABLENESS OF RELAIONS AND ASSESS ANY SIGINIFICANT VARIATE (AKA ANALYTICAL REVIEW PROCEDURES) substantive test verify: COMPLETENESS VALIDY AND ACCURACY COMPLETENESS OF ASSETS & LIABILITIES EXISTENCE OF ASSESTS AND LIABILITIES VALUATION e.G CHECK THAT ASSETS IN REGISTER EXIST, VALUATION CORRECT - USE SPECIALIST

9 of 21

Different types of test must be considered - ANALY

RATIO - compare size and amount TREND - compare data over time e.g. this year to last ANALYTICAL - compare relations

10 of 21

wHY Different types of test must be considered

FACTORS INCLUDING >PERIOD TEST COVERS, QUANTITIY, TECHNIQUES AND SAMPLE TYPE WILL ALL DEPEND ON :     . level of assurance required time/experitise if tiem insufficient - reduction in levels of assurance

11 of 21

IPPF performance std

2240 Engagement Work Programme - Internal auditors must develop and document work programmes that achieve the engagement objectives.  2240.A1 Work programmes must include the procedures for identifying, analyzing, evaluating and documenting information during the engagement. The work programme must be approved prior to its implementation and any adjustments approved promptly.  2240.C1 Work programmes for consulting engagements may vary in form and content depending upon the nature of the engagement. 2300 Performing the Engagement-Internal auditors must identify, analyse, evaluate and document sufficient information to achieve the engagement's objectives. 2310 Identifying Information- Internal auditors must identify sufficient, reliable, relevant and useful information to achieve the engagement's objectives.

12 of 21

2 method sample selection - statistcal & judgement

Judgemental - relys on knowledge and experience suitable when satisfy evidence requirements area known well includes eror items statistical is impractical technical expetise not available DISADVANTAGE relies on audi with knowledge/if unable to quantify error/open to criticism and bias Statistical - scientifiy same selected in unbiased way to anlayse and provide reasonable estimations - mathematically meaningful eg 95% conficen representative of population. evalation is quatified measured and controlled ADVANTAGE - objective, defensive, estimate of erro, combined and evaluated. all auditors performing can reach. DISADVANTAGE - misleading if misunderstood

13 of 21

non statistical sampling 6.3

allows test sample of transactions  rather than whole population and draw conclusions from results

This allow careful section of the best use of resouces  to reach conclusion based on estimation. 

However, it does not give 100% assurance.  audit can make mistake but computer programmes help.

14 of 21

What are CAATT 6.4

Computerised auditor assited tools and techniques - comprise a range of software tool and techniques that auditors can use to INTEROGATE AND MANIPULATE DATA. Include tool to help:

MANAGE AN AUDIT FUNCTION - Team Mate - which is an automated audit management software used to record the schecule and allocation of audits, working papers and auditor time recording against  audit and non-audit activities

ARRANGE AND COMPLETE AUDITS - including LEADING STAGES AND PROCEDURES, SELECT SAMPLE QUANTITIES, REVIEW RESULTS, INSTANT WORKING PAPERS RESEARCH ISSUES AND MINE DATA E.G. POPULATIONS INSTANTLY ERROR, DUPLICATION OF RECORDS, IRREGULARITIES>MONITOR TRANSACTIONS AND ACTIVITIES>DETECT FRAUD>ENABLE INVESTIGATIONS

example - EXCEL - commontly used and bespoke IDEA (interactive data extraction and analysis)

CAATT - MAINLY USED TO EST THAT CONTROL ARE EFFECTIVE

TEAM MATE - ALLOW AUTOMATED TEMPLATE FOR AUDITOR TO FEED IN DRAFT REPORT AND CONCLUSION FROM TESTING

15 of 21

Q6 JUN 11 CAATT SOFTWARE

ALTERNATIVE TO CAATT - physical examinatio, calculation and analyis - re-performing calculations a, sample test e.g. interval 

Pro

CAATT - looks at whole populations with range of analys e.g file comparison + random sampling, testing limited using manual result

CAATT - if embeeded provides ongoing assurance 

Manual testing is quicker

Cons -

CAATT requires expertised, is resource intestive. subject to time wasting as experimenation with test facilities

High costs but can be recovered re added value to audit

16 of 21

Q6 JUN 11 CAATT SOFTWARE

Issues - how to be used e.g relation to work, objs and frequecy of use

>suficientcy of exist packages

>evaluation required of software available to see which fits

>cost - depent of extent use, maintenance, upgrade and additional support, training

>ease of use/clarifty of audit object

>data access and confidentiality and security req needed

RANGE OF TASK AUDIT CAN PERFORM 

- analysing large volumes/continous monitoring of transactions/ perform variety of test

- interrogating data files/ test how system error is handled

- accuracy of calculations/comparison different sources

17 of 21

CAATT and datamining - summary

Benefits - REDUCE FRAUD, IMPROVE AUDIT REACTION TO CHANGE SUPPORT RM PROMPTLY, INFLUENCE BIZ FOR PROFIT

USES INTERROGATION DATA EXRACTION ANALYSIS   - DATA MINING - process of extracting knowledged hidden in large volumes of data

Purpose - look for trends and anomolies to id errors and possible fraud

Issue - need to be carefully reviewed  TO STOP FALSE PICTURES EMERGING

data need to managed securly  TO AVOID HACKER WHO USE DATA MINING

USE AS AUDIT MANAGEMENT TOOL - TEAM MATE:

PROVIDES INCREASED EFFICIENCY IN PRODUCTIELITY  - RISK ASSESSMENT, SCHEDULING, PLANNING, EXECUTIVE, REVIEW, REPORT, ANALYSIS, AC REPORTING AND STORAGE

18 of 21

Type of audit evidence, where appropriate

>EVIDENCE IS MEANS OF PROOF

>ENGAGEMENT OBJ DETERMINES EVIDENCE REQ - SCOPE - SIGNIFICANCE OF RISK AVAILABILITY COST ,TIME

EVIDENCE SHOULD BE Trusted, Reliable, Useful, Sufficient and Timely

CAREFUL ASSESSMENT  required to FORM OPINION that DEFENDIBLE WHEN CHALLENGED

>GOOD EVIDENCE:

- EXIST IN PHYSICAL FORM 

- OBTAINED FROM AUDITOR ANALYSIS AND 3RD PARTY HELD BY MGMT FROM NORMAL BIZ

- WRITTEN IS MORE RELIABLE THAN ANEDOCTAL

PROVIDEE IN PROPERLY EST, TESTED SYSTEM OF CONTROL

19 of 21

q4 2010 EXAM

A

20 of 21

Q2 NOV 07 EXAM TBC

A

21 of 21

Comments

No comments have yet been made

Similar Other resources:

See all Other resources »See all resources »