P3 Documenting information, testing and evidence
method, nature, purpose of method, test
- Created by: mumuna
- Created on: 24-05-13 15:05
method used to document info 6.1
Recorded information ensure IA have all INFORMATION NEEDED to REVIEW, ANALYSE in detail later. Second it ensure quality assurance that CHECK CONCLUSION reached are SUPPORTED 2330 Documenting Information Internal auditors must document relevant information to support the conclusions and engagement results.
Type of information
PROCESS>ORDER PURCHASE>SET UP>INVOICE>PAYMENT>DELIVERY Information may include SYTEM NOTES from client>INTERVIEW NOTES, SPREADSHEETS, GOVERNANCE STRUTURE, RISK REGISTER, SUPPLIER REQUEST/CHANGE INVOICES
Nature & purpose of different test
Different types INTERVIEWS (ANEDOTAL LESS RELIABLE) - INDICATE PROCESS AND PROCEDURES AND ADD TO INFORMATION ALEADY GATHERED - who, what, why, how, where>OBSERVATION - incorporated in internvews> INFORMATION - incl data gathered by IA own analytical process - SAMPLE OF TEST PROCEDURES- Important - DISTINGISH RAW, POST ANALYSIS & JUDGEMENT Purpose - TO DOCUMENT PROCESS AND CONTROL - use control matrix/evaluation Why - TO ALLOW UNDERSTANDING THAT ADDRESSES RISKS - include control objectives, input, probability, mitigation, evaluatio of operation, compare risk impact expected conrl with actual control IMPORTANT - OF DOCUMENTING WORK THROUGH PROCESS TO SHOW> PROCEDURES USED>INFO OBTAINED AND CONCLUSIONS REACH The creation of working papers has benefits: HELPS TEAM UTILISE, ANALYSE AND REVIEW EACH OTHERS WORK>SUPPORT QUALITY ASSURANCE PROCESS AS PROVIDES MEANS TO SUBSTANTIATE FINDING REACH AND RECORDS AUDIT TRAIL >once, info gathered on systems- there's an initial evaluation of undestanding, then discusion with contacts to test actual system
Methods of of test considered
Testing tecniques include: >INTERVIEW, FOCUS GROUP, QUESTIONING >CALCULATION & ANALYSIS >OBSERVATION >EXAMINE DOCUMENTATION
Methods of documenting audit information
Risk and control matrices - TO DOC KEY RISK AND STRATEGIES USED TO MANAGE narrative/system note - FOLLOWING MEETING INTERVIEW process flow diagramm - DURING PRELIMINARY SURVEY TO BETTER UNDERSTAND COMPLEXITIES AND INTERACTION OF SYSTEM, PROJECT WORK internal control questionnaire - USED DURING PRELIMINARY SUREY TO FRAME QUESTIONS AT A MEETING OR TO COLLECT INFORMATION FROM CLIENT audit reports - KEY WORKING PAPER DOCUMENTING THE AUDIT FINDINGS AND CONCLUSIONS audit history database a- COLLECTION OF HISTORICAL AUDIT DAT SUCH AS AUDIT RECOMMENDATIONS AND ACTIONS TAKEN
Fieldwork testing flow diagarm
These are stored on the audit databased and feed into audit report which goes to audit committee and managements to provide assuracne on effectivness of operations ENGAGEMENT PLAN>DISCUSSING & OBSERVATION OF MONITORING CONTROL>VERIFICATON OF EVIDENCE>ASSESS EVALUATION OF RESIDUAL RISK>CONCLUSION ON RESPONSES=FINAL REPORT
Different types of test must be considered - WALKT
WALKTHROUGH - involves following a small sample of transactions to run though system end to end - TO UNDERSTAND HOW SYSTEM WORKS following interview CHECK HOW SYSTEM WORKS IN PRACTICE COMPARED TO THEORY> ID KEY RISKS & THUS FOCUS OF FURTHER TESTING>KEY CONTROL TO EXAMINE FURTHER DURING COMPLIANCE AND SUBSTANTIVE TESTING
Different types of test must be considered - COMPL
TEST OF CONTROL - TO EVALUATE RISK MITIGATION to see if control working as intended - e.g sample new entrant entered on payroll are authorise and whether overtime is authorised on time on payslips. TEST EFFECTIVENESS IN PREVENTING ERROR. CONFIRM NON-COMPLIANCE, INVESTIGATE INCIDENTS OF LOSS OR ERROR IN SPITE OF NON-COMPLIANCE example EXPENSE FORMS SIGNED BY AUTHORISED SIGNATORY NOT RECIPIENT >ORDERS ARE NOT REQUISITIONED BY SAME INDIVIDUAL WHO RECEIVED GOODS>CONTRACT ARE SUBJECT TO ADDITIONAL AUTHORISATION AND SCRUTINY ABOVE AGREED VALUE
Different types of test must be considered - SUBST
test use when compliance test show controls not working to help: >establish whether desire outcome achieved due to activities e.g example staff records to see date of payment - then interview staff to see verify timely receipt GAINS ASSURANCE OUTPUT IS CORRECTS - PAYMENT MADE FOR GOODS RECEIVED>OBTAIN EVIDENCE OF OUTCOME OF TRANSACTION EG ACCOUNT BALANCE >QUANTIFY EXTENT OF ERRO, IRREGULARITIS AND MISSTATMENT IN ACCOUNTING RECORDS>TEST REASONABLENESS OF RELAIONS AND ASSESS ANY SIGINIFICANT VARIATE (AKA ANALYTICAL REVIEW PROCEDURES) substantive test verify: COMPLETENESS VALIDY AND ACCURACY COMPLETENESS OF ASSETS & LIABILITIES EXISTENCE OF ASSESTS AND LIABILITIES VALUATION e.G CHECK THAT ASSETS IN REGISTER EXIST, VALUATION CORRECT - USE SPECIALIST
Different types of test must be considered - ANALY
RATIO - compare size and amount TREND - compare data over time e.g. this year to last ANALYTICAL - compare relations
wHY Different types of test must be considered
FACTORS INCLUDING >PERIOD TEST COVERS, QUANTITIY, TECHNIQUES AND SAMPLE TYPE WILL ALL DEPEND ON : . level of assurance required time/experitise if tiem insufficient - reduction in levels of assurance
IPPF performance std
2240 Engagement Work Programme - Internal auditors must develop and document work programmes that achieve the engagement objectives. 2240.A1 Work programmes must include the procedures for identifying, analyzing, evaluating and documenting information during the engagement. The work programme must be approved prior to its implementation and any adjustments approved promptly. 2240.C1 Work programmes for consulting engagements may vary in form and content depending upon the nature of the engagement. 2300 Performing the Engagement-Internal auditors must identify, analyse, evaluate and document sufficient information to achieve the engagement's objectives. 2310 Identifying Information- Internal auditors must identify sufficient, reliable, relevant and useful information to achieve the engagement's objectives.
2 method sample selection - statistcal & judgement
Judgemental - relys on knowledge and experience suitable when satisfy evidence requirements area known well includes eror items statistical is impractical technical expetise not available DISADVANTAGE relies on audi with knowledge/if unable to quantify error/open to criticism and bias Statistical - scientifiy same selected in unbiased way to anlayse and provide reasonable estimations - mathematically meaningful eg 95% conficen representative of population. evalation is quatified measured and controlled ADVANTAGE - objective, defensive, estimate of erro, combined and evaluated. all auditors performing can reach. DISADVANTAGE - misleading if misunderstood
non statistical sampling 6.3
allows test sample of transactions rather than whole population and draw conclusions from results
This allow careful section of the best use of resouces to reach conclusion based on estimation.
However, it does not give 100% assurance. audit can make mistake but computer programmes help.
What are CAATT 6.4
Computerised auditor assited tools and techniques - comprise a range of software tool and techniques that auditors can use to INTEROGATE AND MANIPULATE DATA. Include tool to help:
MANAGE AN AUDIT FUNCTION - Team Mate - which is an automated audit management software used to record the schecule and allocation of audits, working papers and auditor time recording against audit and non-audit activities
ARRANGE AND COMPLETE AUDITS - including LEADING STAGES AND PROCEDURES, SELECT SAMPLE QUANTITIES, REVIEW RESULTS, INSTANT WORKING PAPERS RESEARCH ISSUES AND MINE DATA E.G. POPULATIONS INSTANTLY ERROR, DUPLICATION OF RECORDS, IRREGULARITIES>MONITOR TRANSACTIONS AND ACTIVITIES>DETECT FRAUD>ENABLE INVESTIGATIONS
example - EXCEL - commontly used and bespoke IDEA (interactive data extraction and analysis)
CAATT - MAINLY USED TO EST THAT CONTROL ARE EFFECTIVE
TEAM MATE - ALLOW AUTOMATED TEMPLATE FOR AUDITOR TO FEED IN DRAFT REPORT AND CONCLUSION FROM TESTING
Q6 JUN 11 CAATT SOFTWARE
ALTERNATIVE TO CAATT - physical examinatio, calculation and analyis - re-performing calculations a, sample test e.g. interval
Pro
CAATT - looks at whole populations with range of analys e.g file comparison + random sampling, testing limited using manual result
CAATT - if embeeded provides ongoing assurance
Manual testing is quicker
Cons -
CAATT requires expertised, is resource intestive. subject to time wasting as experimenation with test facilities
High costs but can be recovered re added value to audit
Q6 JUN 11 CAATT SOFTWARE
Issues - how to be used e.g relation to work, objs and frequecy of use
>suficientcy of exist packages
>evaluation required of software available to see which fits
>cost - depent of extent use, maintenance, upgrade and additional support, training
>ease of use/clarifty of audit object
>data access and confidentiality and security req needed
RANGE OF TASK AUDIT CAN PERFORM
- analysing large volumes/continous monitoring of transactions/ perform variety of test
- interrogating data files/ test how system error is handled
- accuracy of calculations/comparison different sources
CAATT and datamining - summary
Benefits - REDUCE FRAUD, IMPROVE AUDIT REACTION TO CHANGE SUPPORT RM PROMPTLY, INFLUENCE BIZ FOR PROFIT
USES INTERROGATION DATA EXRACTION ANALYSIS - DATA MINING - process of extracting knowledged hidden in large volumes of data
Purpose - look for trends and anomolies to id errors and possible fraud
Issue - need to be carefully reviewed TO STOP FALSE PICTURES EMERGING
data need to managed securly TO AVOID HACKER WHO USE DATA MINING
USE AS AUDIT MANAGEMENT TOOL - TEAM MATE:
PROVIDES INCREASED EFFICIENCY IN PRODUCTIELITY - RISK ASSESSMENT, SCHEDULING, PLANNING, EXECUTIVE, REVIEW, REPORT, ANALYSIS, AC REPORTING AND STORAGE
Type of audit evidence, where appropriate
>EVIDENCE IS MEANS OF PROOF
>ENGAGEMENT OBJ DETERMINES EVIDENCE REQ - SCOPE - SIGNIFICANCE OF RISK AVAILABILITY COST ,TIME
EVIDENCE SHOULD BE Trusted, Reliable, Useful, Sufficient and Timely
CAREFUL ASSESSMENT required to FORM OPINION that DEFENDIBLE WHEN CHALLENGED
>GOOD EVIDENCE:
- EXIST IN PHYSICAL FORM
- OBTAINED FROM AUDITOR ANALYSIS AND 3RD PARTY HELD BY MGMT FROM NORMAL BIZ
- WRITTEN IS MORE RELIABLE THAN ANEDOCTAL
PROVIDEE IN PROPERLY EST, TESTED SYSTEM OF CONTROL
q4 2010 EXAM
A
Q2 NOV 07 EXAM TBC
A
Comments
No comments have yet been made