Auditing Standards

advertisement
Auditing Standards
IFTA\IRP Audit Guidance
Government Auditing Standards (GAO)
Generally Accepted Auditing Standards (GAAS)
International Standards on Internal Auditing (ISIA)
1100- Independence & Objectivity
• Organizational
– Free from interference in scope of work,
performance and communication
• Individual
– Impartial, unbiased, no conflict of interest
• Impairments
– If impaired in fact or appearance = must
disclose
1100- Independence & Objectivity
in IFTA\IRP
• Is audit group within Motor Carrier
management group? May be impaired
• Does auditor know carrier? May be
impaired
• Has auditor or manager designed or
specified recordkeeping system for
carrier? May be impaired.
1200 Proficiency & Due
Professional Care
• Proficiency
– Possess knowledge, skills, and competencies
to perform the responsibilities
– Obtain competent advice or assistance
– Sufficient knowledge to identify fraud
indicators, but not expertise.
– Knowledge of key information technology
risks, controls and audit techniques to perform
work.
1200 Proficiency & Due
Professional Care
• Due professional care
– Reasonably prudent and competent
– Exercise due care by considering
• Extent of work needed to accomplish objective
• Complexity, materiality, significance of matters
• Adequacy & effectiveness of risk management,
control and processes
• Probability of significant errors, irregularities,
noncompliance
• Cost\benefit analysis of assurances
1200 Proficiency & Due
Professional Care
• Continuing professional development
– No minimum\maximum hours required as with
GAO or AICPA, but “should enhance
knowledge”
1200 Proficiency & Due
Professional Care in IFTA\IRP
Knowledge of record requirements, effects of
over\understating fuel\miles, equipment norms,
trends
1220 considerations
Reasonable adjustments
Not infallible
1300 Quality Assurance &
Improvement Program
• QA
– Continuously monitor effectiveness
• Internal Assessments
– Ongoing reviews of audit activity
– Periodic self assessment or others within
organization
• External Assessments
– At least every 5 years by qualified,
independent reviewer
1300 Quality Assurance &
Improvement Program
• Reporting on QA
– Results should be communicated to board
• Use of “Conducted…” statement
– Used only if program is in compliance with all
standards
• Noncompliance
– Disclosure of areas of non-compliance.
QA in IFTA\IRP
• Formal process of program compliance
reviews and peer review
• Informal process using formal guidelines
Annual or Biennial
Performance Standards
2000 Managing Audit Activity
• Planning
– Risk based planning determines priorities consistent
with goals
• Communication
– Audit activity plans and resource requirement should
be discussed & approved with management
• Resource Management
– Appropriate, sufficient, and effectively deployed
Performance Standards
• Policies\Procedures
– Established policies to guide audit activities
• Coordination
– Adequate coverage & no duplication of effort
• Reporting to Management
– Periodic report on purpose, authority,
responsibility, performance, risks,
control issues, etc.
Performance Standards in
IFTA\IRP
• Audit procedures manuals for both define
– Goals
– General audit procedures
– Several evaluation tools
2100 Nature of Work
• Risk Management
–
–
–
–
–
–
–
Evaluate effectiveness of risk management system
Reliability of data
Effectiveness of operations
Safeguarding assets
Compliance with laws, regulations, & contracts
Awareness of other significant risks
Use past experience to evaluate organizations risks
2100 Nature of Work
• Control
– Reliability & integrity of operational
information
– Effectiveness & efficiency of operations
– Safeguard assets
– Compliance with laws, regulations, &
contracts
2100 Nature of Work
• Governance
– Promote appropriate ethics & values
– Effective performance, management, &
accountability
– Communicate risk & control to appropriate
parties
– Coordinate activities & communication of
information
Nature of Work in IFTA\IRP
• Risk assessment in selection of carriers
for audit
• Required audits maintain controls over
programs
• Assure that objectives of the programs are
met
• Recommendations to carriers and
administrators support program goals
2200 Engagement Planning
• Planning considerations
– Objective\scope
• Engagement objectives
– Assess risks
– Potential for errors, noncompliance
• Engagement scope
– Consider ALL systems, records, & properties
• Engagement resource allocation
– Staffing based on objectives, complexity, time, resources
• Engagement work program
– Developed to achieve objective
– Specific procedures for analysis & recording of info
Engagement Planning in IFTA\IRP
Audit manuals provide basis of planning
Pre-audit notification
Internal control review
Records review
Analytical review of carrier reports
2300 Performing the Engagement
• Identifying information
– Sufficient, reliable, relevant, useful
• Analysis & Evaluation
– Support conclusions
• Recording Information
– Controlled access, retention
• Engagement Supervision
Performing the Engagement in
IFTA\IRP
•
•
•
•
•
•
•
Uniformity
Standard approach
Sampling
Flow of documents
Verification of records
Audit file documentation – generic,
Supervision- how much is enough
2400 Communicating Results
• Criteria for communicating
– Overall opinion, conclusions, limitations
• Quality of communications
– Accurate, concise, constructive, timely
• Errors & Omissions
– Corrected info to all ASAP
2400 Communicating Results
• Engagement disclosure of noncompliance with
standards
– Standard, reason, impact
• Disseminating results
– To appropriate parties
– Restricted use of results
Communicating Results in
IFTA\IRP
• Standard audit reports
– Standards followed
• Required information
– Inter-jurisdictional report
• Supplemental information
– Supporting schedules, conference notes, contact log
• Required conferences with carrier
2500 Monitoring Progress
• Follow-up process
•2600 Resolution of Management’s
Acceptance of Risks
Download