Internal, Operational, and Compliance Auditing

Chapter 21
Internal,
Operational, and
Compliance
Auditing
McGraw-Hill/Irwin
Copyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Internal Auditing

Institute of Internal Auditors (IIA)
 Purpose of internal auditing:

An independent, objective assurance and consulting activity designed to
add value and improve an organization’s operations. It helps an
organization accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the effectiveness of risk
management, control, and governance processes.

Assist member of organization in performing their
responsibilities by furnishing them analyses, appraisals,
recommendations and counsel
 Part of organization’s internal control

High level control that measures and evaluates effectiveness of other
controls
21-2
Professional Standards of Internal Auditors—
Attribute Standards (1 of 6)

Purpose, Authority, and Responsibility
• Recognition of the definition of internal
auditing, the Code of Ethics, and the
Standards in the Internal Audit Charter

Independence and Objectivity
•
•
•
•

Organizational independence
Direct interaction with the board
Individual objectivity
Impairments to independence and objectivity
Proficiency and Due Professional Care
• Proficiency
• Due professional care
• Continuing Professional development
21-3
Professional Standards of Internal Auditors—
Attribute Standards (2 of 6)

Quality Assurance and Improvement
Program
• Requirements of the quality assurance and
improvement program
 Internal assessments
 External assessments
• Reporting on the Quality Program
• Use of “Conducted in accordance with the
Standards”
• Disclosure of Noncompliance
21-4
Professional Standards of Internal Auditors—
Attribute Standards (3 of 6)

Manage the Internal Auditing
Activity
• Planning
• Communication and approval
• Resource management
• Policies and procedures
• Coordination
• Reporting to the board and senior
management
• External Service Provider and
Organizational Responsibility for
Internal Auditing
21-5
Professional Standards of Internal Auditors—
Attribute Standards (4 of 6)


Nature of Work
• Governance
• Risk management
• Control
Engagement Planning
• Planning considerations
• Engagement objectives
• Engagement scope
• Engagement resources allocation
• Engagement work program
21-6
Professional Standards of Internal Auditors—
Attribute Standards (5 of 6)

Performing the Engagement
• Identifying information
• Analysis and evaluation
• Documenting information
• Engagement supervision
21-7
Professional Standards of Internal Auditors—
Attribute Standards (6 of 6)



Communicating Results
• Criteria for communicating
• Quality of communications
• Errors and omissions
• Engagement disclosure of
noncompliance with the Standards
• Disseminating results
Monitoring Progress
Resolution of Senior Management’s
Acceptance of Risks
21-8
Operational Audits

Comprehensive examination of an operating unit or a
complete organization to evaluate its systems, controls
and performance as measured by management’s
objectives
 Purchasing
 Data processing
 Receiving
 Shipping
 Office services
 Advertising
 Engineering
21-9
Auditing and Reporting on Compliance
with Laws and Regulations
21-10
Audits in Accordance with
GAAS (1 of 2)

Design audits to obtain reasonable assurance of
detecting material misstatements resulting from
violations of laws and regulations with a direct
and material effect on line-item amounts in the
financial statements
 Laws and regulations often dictate way funds
are spent
 Financial assistance subject to compliance
provisions
21-11
Audits in Accordance with
GAAS (2 of 2)
Identify laws and regulations
(1) discussing laws and regulations with management,
program and grant administrators, and government
auditors;
(2) reviewing state and federal compliance requirement
documents;
(3) reviewing relevant grant and loan agreements; and
(4) reviewing minutes of the legislative body of the
governmental organization.
 Also obtain written representations from management
about completeness of laws and regulations
21-12
Audits in Accordance with Government
Auditing Standards (GAGAS)
 GAO
issues Generally Accepted
Government Auditing Standards (GAGAS)



Use in auditing federal entities and
organizations that received federal financial
assistance
Included in publication entitled Government
Auditing Standards (Yellow Book)
Standards apply only when required by law,
regulation or agreement
21-13
Additional Requirements for GAGAS
Audits
 Additional






requirements
Ethics
Audit communications
Considering the results of previous audits
Noncompliance with provisions of contracts
and grant agreements
Audit documentation
Reporting
21-14
Single Audit Act (1 of 2)
 Statutory
requirement to test controls over
compliance and compliance with program
requirements
 Applies to states, local governments and
nonprofit organizations that expend
$500,000 or more within a fiscal year in
federal financial assistance
 Audits are more extensive
21-15
Single Audit Act (2 of 2)

Requirements include determining and reporting on:
(1) the financial statements are presented fairly in all
material respects in accordance with generally accepted
accounting principles,
(2) the schedule of expenditures of federal awards is
fairly presented in all material respects in relation to the
financial statements taken as a whole, and
(3) the entity complied with the provisions
of laws, regulations, and contracts or grants that may
have a direct and material effect on each major federal
financial assistance program.
21-16