Chapter 21 Internal, Operational, and Compliance Auditing McGraw-Hill/Irwin Copyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved. Internal Auditing Institute of Internal Auditors (IIA) Purpose of internal auditing: An independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Assist member of organization in performing their responsibilities by furnishing them analyses, appraisals, recommendations and counsel Part of organization’s internal control High level control that measures and evaluates effectiveness of other controls 21-2 Professional Standards of Internal Auditors— Attribute Standards (1 of 6) Purpose, Authority, and Responsibility • Recognition of the definition of internal auditing, the Code of Ethics, and the Standards in the Internal Audit Charter Independence and Objectivity • • • • Organizational independence Direct interaction with the board Individual objectivity Impairments to independence and objectivity Proficiency and Due Professional Care • Proficiency • Due professional care • Continuing Professional development 21-3 Professional Standards of Internal Auditors— Attribute Standards (2 of 6) Quality Assurance and Improvement Program • Requirements of the quality assurance and improvement program Internal assessments External assessments • Reporting on the Quality Program • Use of “Conducted in accordance with the Standards” • Disclosure of Noncompliance 21-4 Professional Standards of Internal Auditors— Attribute Standards (3 of 6) Manage the Internal Auditing Activity • Planning • Communication and approval • Resource management • Policies and procedures • Coordination • Reporting to the board and senior management • External Service Provider and Organizational Responsibility for Internal Auditing 21-5 Professional Standards of Internal Auditors— Attribute Standards (4 of 6) Nature of Work • Governance • Risk management • Control Engagement Planning • Planning considerations • Engagement objectives • Engagement scope • Engagement resources allocation • Engagement work program 21-6 Professional Standards of Internal Auditors— Attribute Standards (5 of 6) Performing the Engagement • Identifying information • Analysis and evaluation • Documenting information • Engagement supervision 21-7 Professional Standards of Internal Auditors— Attribute Standards (6 of 6) Communicating Results • Criteria for communicating • Quality of communications • Errors and omissions • Engagement disclosure of noncompliance with the Standards • Disseminating results Monitoring Progress Resolution of Senior Management’s Acceptance of Risks 21-8 Operational Audits Comprehensive examination of an operating unit or a complete organization to evaluate its systems, controls and performance as measured by management’s objectives Purchasing Data processing Receiving Shipping Office services Advertising Engineering 21-9 Auditing and Reporting on Compliance with Laws and Regulations 21-10 Audits in Accordance with GAAS (1 of 2) Design audits to obtain reasonable assurance of detecting material misstatements resulting from violations of laws and regulations with a direct and material effect on line-item amounts in the financial statements Laws and regulations often dictate way funds are spent Financial assistance subject to compliance provisions 21-11 Audits in Accordance with GAAS (2 of 2) Identify laws and regulations (1) discussing laws and regulations with management, program and grant administrators, and government auditors; (2) reviewing state and federal compliance requirement documents; (3) reviewing relevant grant and loan agreements; and (4) reviewing minutes of the legislative body of the governmental organization. Also obtain written representations from management about completeness of laws and regulations 21-12 Audits in Accordance with Government Auditing Standards (GAGAS) GAO issues Generally Accepted Government Auditing Standards (GAGAS) Use in auditing federal entities and organizations that received federal financial assistance Included in publication entitled Government Auditing Standards (Yellow Book) Standards apply only when required by law, regulation or agreement 21-13 Additional Requirements for GAGAS Audits Additional requirements Ethics Audit communications Considering the results of previous audits Noncompliance with provisions of contracts and grant agreements Audit documentation Reporting 21-14 Single Audit Act (1 of 2) Statutory requirement to test controls over compliance and compliance with program requirements Applies to states, local governments and nonprofit organizations that expend $500,000 or more within a fiscal year in federal financial assistance Audits are more extensive 21-15 Single Audit Act (2 of 2) Requirements include determining and reporting on: (1) the financial statements are presented fairly in all material respects in accordance with generally accepted accounting principles, (2) the schedule of expenditures of federal awards is fairly presented in all material respects in relation to the financial statements taken as a whole, and (3) the entity complied with the provisions of laws, regulations, and contracts or grants that may have a direct and material effect on each major federal financial assistance program. 21-16