Why IA reports on assignments
>COMMUNICATE RESLUT OF IA ACTIVITY
>PROVIDE OVERALL OPINION ON ADEQUENCY OF CONTROLS UNDER REVIEW
>GAIN MANAGMENTS ACCEPTANCE OF AUDIT RECOMMENDATION AND COMMITMENT TO ACTION WHERE IMPROVEMENTS HAVE BEEN RECOMMENDED
.PRESENT REQUIRED EVIDENCE TO SUPPORT OPINION - DELIVER FORMAL DOCUMENTED RECORD OF REVIEW
>SHARE LESSON AND GOOD PRACTICE
>ENSURE USEFUL BCKGROUND FOR FUTURE AUDIT
key tangible deliverable
> RELATIVE TO TORS
>CLEAR EVIDENCE OBJ MET WITHIN SCOPE
IPPF performance std
2400 Communicating Results - Internal auditors must communicate the results of engagement.
2410 Criteria for Communicating - Communications must include the engagement's objectives and scope as well as applicable conclusions, recommendations and action plans.
2410.A1 - Final communication of engagement results must, where appropriate, contain internal auditors overall opinion and/or conclusions. When issued, an opinion or conclusion must take account of the expectations of senior management, the board and other stakeholders and must be supported by sufficient, reliable, relevant and useful information.
2420 Quality of Communications - Communications must be accurate, objective, clear, concise, constructive, complete and timely.
2421 Errors and Omissions -
If a final communication contains a significant error or omission, the chief audit executive must communicate corrected information to all parties who received the original communication.
method used for reporting
4 main one:
>WRITTEN - report or letter format convey findings, conclusion and recommendation . give mgmt written assurance statement std rm, gov and control. can record mgmt response to audit - acceptance recommendation and agreed actions
>ORAL - face to face discussion with clidend end of audit. opt instance feedback on quality and misinterpretation aired prior to final report/letter. useful where complex or sensitive issues
>PRESENTATIONS - wider audience, usual a baord, a/c line management. useful went direct impact on recipient required. if well effective to get SM on side. tool can help get message across e.g. power point.
>Electronic and telecoms - email, phone, videoconfering for client verbal report on emerging findings and conclusion to date - ensure no suprises when final report issued. Useful for larger audits to keep client informed on issue requiring prompt attention
>Summaries - prepared to report only key findss and recommendation. Saving busy client/sm time and allow high on significant findings - perioic report to board consist summaries on each audit compleed to date highlight issue weakness and where magmt have addressed
Communicate to client overal status on rm, control and corporate goverannce in area under review.
2060-1: Reporting to senior management and the board
Primary Related Standard
2060 - Reporting to Senior Management and the Board
The chief audit executive must report periodically to senior management and the board on the internal audit activity's purpose, authority, responsibility, and performance relative to its plan. Reporting must also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the board.
CAE - introduce local system for audit opinion expression>VARIOUS CATEGORIES : GOOD -adequate system to address risk SATISFACTORY - SOME minor weakness in control, risk or govern, WEAK - considerable or unaccptable system faillures and immediate aciton required to address
attribute of effective report
Attributes of effective reporting include
1. Clear re purpose
2. Future orientated
3. Know audience
4. Structure logically
6. Get feedback
7. Key findings up front
8. Understand reader’s limitation
9. Get second opinion
10. Avoid failures/be accurate/use technology/ignore trivial issues/acknowledge client/include distribution list
Type of reporting to SM and board
Types of reports to senior management and board
1. Annual assurance report – delivering audit strategy in year – includes results of IA audit, major recommendation and results of follow up
2. AC received when inadequate performance to address action taken/ should provide high level of understanding on quality, control and performance unless significant control weakness
3. Report on the quantity and quality using CSQs, cost, time, training and follow up
4. Activity report should focus on issue of internal control and risk – avoid being defensive and less terminology
need for logging and monitoring audit and follow u
INFLUENCE of sm and ac ensure appropriate attention to audie work and implementation of agree actions
IMPORTANT develops and sustains mutual trust. IA communicate openly and fully to magm the follow up and escalation process. Esclation is two stage
1) - SM - deal at their level to not inundate audit committee e.g. lack of resouce in implementation of action thus SM may redirect to completed action
2) audit committee - have reference to escalation in charter, explain how work and what matter referred to them - invite SM to explain
2500 Monitoring Progress - The chief audit executive must establish and maintain a system to monitor the disposition of results communicated to management.
2500.A1 - The chief audit executive must establish a follow-up process to monitor and ensure that management actions have been effectively implemented or that senior management has accepted the risk of not taking action.
2500.C1 - The internal audit activity must monitor the disposition of results of consulting engagements to the extent agreed upon with the client.
need for logging and monitoring audit and follow u
manager responsible to implement action. IA have duty to monitor implementation and report non-implementation identified,
at audit conclusion:
>options for next round of audit planning
>seek written confirmation
>undertaking limted follow up and verification
IN ORDER TO:
>influence on selected follow up - id no. of f/U and risk of non-implementation
>overall quality of control - suggest lower level required
>quality of mgm resonse - recommendation not implemted
content of report tbc
Findings - balanced giving positive as well as area requiring attendion. Aim to get accpetace and secure committment to take action
Conclusion - sumarise outcome of review - as accurate, easy to read without jargon
Agreed Action plan - include sumarised recommendation - cross referenced to boby of report - which are clear, accurate and prioritised in order of importtnce and impact. these may include RAG rating with red critical and green all is well but can hae negative connotations
Key to drive improvments + added value
done thru making recommnedation
discussing findings and implications
ADDED VALUDE COME THROUGH -
- GOOD PRACTICE
- MAKING COMPLELLING CASE FOR ACTION AND PROACTIVE
- EFFECTIVE REPORTING: MEETING CLIENTS NEEDS, RECOMMENDATION RELEVANT, ISSUED PROMPTLY, ACCURATE AND BALANCE
COMPARISON BETWEEN WRITTEN & ORAL REPORT TBC
ADVANTAGE - FORMAL, PERMANCNET, RECENT FINDINGS AND CONCLUSION. HAS MGMT RESPONSE AND ACTION AGREED
DISADVANTAGE - TAKES TIME TO PRODUCED, DELAYS COMMS, TIME TO RESOLVE QUERIES OR MISUNDERSTANDINGS
ORAL - FREE DISCUSSIONG BUT IF PRESENTED BADLY LEADS TO MISUNDERSTANDINGS AND DAMAGE CREDIBLITY