Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on Internal Auditing (ISIA) 1100- Independence & Objectivity • Organizational – Free from interference in scope of work, performance and communication • Individual – Impartial, unbiased, no conflict of interest • Impairments – If impaired in fact or appearance = must disclose 1100- Independence & Objectivity in IFTA\IRP • Is audit group within Motor Carrier management group? May be impaired • Does auditor know carrier? May be impaired • Has auditor or manager designed or specified recordkeeping system for carrier? May be impaired. 1200 Proficiency & Due Professional Care • Proficiency – Possess knowledge, skills, and competencies to perform the responsibilities – Obtain competent advice or assistance – Sufficient knowledge to identify fraud indicators, but not expertise. – Knowledge of key information technology risks, controls and audit techniques to perform work. 1200 Proficiency & Due Professional Care • Due professional care – Reasonably prudent and competent – Exercise due care by considering • Extent of work needed to accomplish objective • Complexity, materiality, significance of matters • Adequacy & effectiveness of risk management, control and processes • Probability of significant errors, irregularities, noncompliance • Cost\benefit analysis of assurances 1200 Proficiency & Due Professional Care • Continuing professional development – No minimum\maximum hours required as with GAO or AICPA, but “should enhance knowledge” 1200 Proficiency & Due Professional Care in IFTA\IRP Knowledge of record requirements, effects of over\understating fuel\miles, equipment norms, trends 1220 considerations Reasonable adjustments Not infallible 1300 Quality Assurance & Improvement Program • QA – Continuously monitor effectiveness • Internal Assessments – Ongoing reviews of audit activity – Periodic self assessment or others within organization • External Assessments – At least every 5 years by qualified, independent reviewer 1300 Quality Assurance & Improvement Program • Reporting on QA – Results should be communicated to board • Use of “Conducted…” statement – Used only if program is in compliance with all standards • Noncompliance – Disclosure of areas of non-compliance. QA in IFTA\IRP • Formal process of program compliance reviews and peer review • Informal process using formal guidelines Annual or Biennial Performance Standards 2000 Managing Audit Activity • Planning – Risk based planning determines priorities consistent with goals • Communication – Audit activity plans and resource requirement should be discussed & approved with management • Resource Management – Appropriate, sufficient, and effectively deployed Performance Standards • Policies\Procedures – Established policies to guide audit activities • Coordination – Adequate coverage & no duplication of effort • Reporting to Management – Periodic report on purpose, authority, responsibility, performance, risks, control issues, etc. Performance Standards in IFTA\IRP • Audit procedures manuals for both define – Goals – General audit procedures – Several evaluation tools 2100 Nature of Work • Risk Management – – – – – – – Evaluate effectiveness of risk management system Reliability of data Effectiveness of operations Safeguarding assets Compliance with laws, regulations, & contracts Awareness of other significant risks Use past experience to evaluate organizations risks 2100 Nature of Work • Control – Reliability & integrity of operational information – Effectiveness & efficiency of operations – Safeguard assets – Compliance with laws, regulations, & contracts 2100 Nature of Work • Governance – Promote appropriate ethics & values – Effective performance, management, & accountability – Communicate risk & control to appropriate parties – Coordinate activities & communication of information Nature of Work in IFTA\IRP • Risk assessment in selection of carriers for audit • Required audits maintain controls over programs • Assure that objectives of the programs are met • Recommendations to carriers and administrators support program goals 2200 Engagement Planning • Planning considerations – Objective\scope • Engagement objectives – Assess risks – Potential for errors, noncompliance • Engagement scope – Consider ALL systems, records, & properties • Engagement resource allocation – Staffing based on objectives, complexity, time, resources • Engagement work program – Developed to achieve objective – Specific procedures for analysis & recording of info Engagement Planning in IFTA\IRP Audit manuals provide basis of planning Pre-audit notification Internal control review Records review Analytical review of carrier reports 2300 Performing the Engagement • Identifying information – Sufficient, reliable, relevant, useful • Analysis & Evaluation – Support conclusions • Recording Information – Controlled access, retention • Engagement Supervision Performing the Engagement in IFTA\IRP • • • • • • • Uniformity Standard approach Sampling Flow of documents Verification of records Audit file documentation – generic, Supervision- how much is enough 2400 Communicating Results • Criteria for communicating – Overall opinion, conclusions, limitations • Quality of communications – Accurate, concise, constructive, timely • Errors & Omissions – Corrected info to all ASAP 2400 Communicating Results • Engagement disclosure of noncompliance with standards – Standard, reason, impact • Disseminating results – To appropriate parties – Restricted use of results Communicating Results in IFTA\IRP • Standard audit reports – Standards followed • Required information – Inter-jurisdictional report • Supplemental information – Supporting schedules, conference notes, contact log • Required conferences with carrier 2500 Monitoring Progress • Follow-up process •2600 Resolution of Management’s Acceptance of Risks