Chapter 8: Preliminary Survey & Internal Control Review ACCT620: Internal Auditing Otto Chang Professor of Accounting Steps for Preliminary Survey • • • • • The opening conference On-site tour Study of documents on site. Written description of the auditee Analytical procedures The Opening Conference • Objectives of the opening conference: – – – – Elicit a spirit of cooperation Convey information that will help the audit Obtain information needed for the audit Promote a feeling of credibility Planning the Opening Conference • Preparing a written agenda: – – – – Introduction of those present at the conference An outline of the audit assignment Addressing any audit concerns Coordination of the audit with auditee operations – Discussion of the kind of information needed for the audit and the extent of assistance – Timing and form of the audit report Establishing an Appropriate Conference Climate • Foster a professional courtesy – – – – – – – Setting a specific time and place Conducting it in a quiet setting Distributing a written agenda before meeting Taking a confident but respectful manner Maintaining a relaxed tone of conversation Projecting an open and cooperative attitude Keeping the meeting within reasonable time Building a Feeling of Credibility • Auditor gains credibility from – being associated with the IA profession – their reporting line within the organization – their own demonstration of professionalism • Personal sources of credibility – appropriate dress and grooming, manners – composure, preparation, respect for auditee • Documenting the opening conference On-site Tour • The objective of the tour is to obtain an overview of operations • Scan operations for unusual activities, indication of inefficiency, unused facilities, idle workers, poor maintenance of machines • Observe the employees’ attitudes toward their jobs and how they relate to each other and to management Study of Documents • On-site perusal provides updated information that indicates changes in the organizational structure, responsibilities, and operations • Documents studied: description of current policies and procedures, organizational charts, operational flow-charts, job descriptions, performance reports Written Description of the Auditee • The descriptions should include: – Objectives of auditee operations – Environmental restrictions such as corporate policy imposed by top management – Functional components of the organization – Resources (# and classification of employees, cash flow, PPE, information systems etc..) – Management Analytical Procedures • • • • • • • Compare current totals with previous period Compare operating results with budgets Compare with industry average Relate financial information to operating data Compare with similar divisions or department Compare performance to economic data Scan for unusual items Review of Internal Control The review of internal control includes • A description and analysis • An evaluation • A risk assessment Description of Control System • Internal Control Questionnaire (ICQ) – Pros: less likely to omit important questions – Cons: tiring, lengthy, response bias toward “yes” answer, indirect evidence • Flow charts with narrative descriptions – Two types: horizontal and vertical flowcharts – Running narrative usually included in vertical flowcharts to describe the other related controls Procedural Walk-Through • An auditor “walks” through a process by – Listing the steps to be performed in the process – Providing a check-off column indicating whether each step has been performed – commenting on what’s observed • Advantage of walking through is to obtain firsthand, comprehensive knowledge of how a particular process is performed Documentation Walk-Through • An auditor follows particular operation or transaction from beginning to end through documentation • It is one form of vouching transactions to check whether specific controls are present in a system • usually limited to only one or two transactions Limited Testing of the System • Purpose: to understand how well the system is operating and if controls are functioning at various parts of the system • Select a few items (25-30) for examination • Maybe combined with a walk-through • The results are written up as a “Memo to the File” and included in the working paper Extended Testing of the Information System • If an auditor has any reason to suspect problems with the information system, extended testing is justified • Some auditors prefer to prove the integrity of the system before going further • Normally involves with statistical sampling so that a certain level of confidence (e.g.., 95%) can be achieved. Preliminary Evaluation of Internal Control System • Auditors use internal control matrices to organize audit results up to this point. It contains the following columns: – Specific audit objectives – Important results from preliminary survey and review of internal control – The risks associated with each result – Appropriate controls relevant to each result – Auditor’s evaluation Risk Assessment • After internal control evaluation, auditors reassess the level of risk associated with the auditee’s operation. Three things are likely: – The revised risk is low. Auditors should write a report and go on to higher-risk areas. – Little to gain from further audit. Wrap up and go to next audit project. – The risk remain high. Expand test of controls.