Chapter 8: Preliminary Survey &
Internal Control Review
ACCT620: Internal Auditing
Otto Chang
Professor of Accounting
Steps for Preliminary Survey
•
•
•
•
•
The opening conference
On-site tour
Study of documents on site.
Written description of the auditee
Analytical procedures
The Opening Conference
• Objectives of the opening conference:
–
–
–
–
Elicit a spirit of cooperation
Convey information that will help the audit
Obtain information needed for the audit
Promote a feeling of credibility
Planning the Opening Conference
• Preparing a written agenda:
–
–
–
–
Introduction of those present at the conference
An outline of the audit assignment
Addressing any audit concerns
Coordination of the audit with auditee
operations
– Discussion of the kind of information needed
for the audit and the extent of assistance
– Timing and form of the audit report
Establishing an Appropriate
Conference Climate
• Foster a professional courtesy
–
–
–
–
–
–
–
Setting a specific time and place
Conducting it in a quiet setting
Distributing a written agenda before meeting
Taking a confident but respectful manner
Maintaining a relaxed tone of conversation
Projecting an open and cooperative attitude
Keeping the meeting within reasonable time
Building a Feeling of Credibility
• Auditor gains credibility from
– being associated with the IA profession
– their reporting line within the organization
– their own demonstration of professionalism
• Personal sources of credibility
– appropriate dress and grooming, manners
– composure, preparation, respect for auditee
• Documenting the opening conference
On-site Tour
• The objective of the tour is to obtain an
overview of operations
• Scan operations for unusual activities,
indication of inefficiency, unused facilities,
idle workers, poor maintenance of machines
• Observe the employees’ attitudes toward
their jobs and how they relate to each other
and to management
Study of Documents
• On-site perusal provides updated
information that indicates changes in the
organizational structure, responsibilities,
and operations
• Documents studied: description of current
policies and procedures, organizational
charts, operational flow-charts, job
descriptions, performance reports
Written Description of the
Auditee
• The descriptions should include:
– Objectives of auditee operations
– Environmental restrictions such as corporate
policy imposed by top management
– Functional components of the organization
– Resources (# and classification of employees,
cash flow, PPE, information systems etc..)
– Management
Analytical Procedures
•
•
•
•
•
•
•
Compare current totals with previous period
Compare operating results with budgets
Compare with industry average
Relate financial information to operating data
Compare with similar divisions or department
Compare performance to economic data
Scan for unusual items
Review of Internal Control
The review of internal control includes
• A description and analysis
• An evaluation
• A risk assessment
Description of Control System
• Internal Control Questionnaire (ICQ)
– Pros: less likely to omit important questions
– Cons: tiring, lengthy, response bias toward
“yes” answer, indirect evidence
• Flow charts with narrative descriptions
– Two types: horizontal and vertical flowcharts
– Running narrative usually included in vertical
flowcharts to describe the other related controls
Procedural Walk-Through
• An auditor “walks” through a process by
– Listing the steps to be performed in the process
– Providing a check-off column indicating
whether each step has been performed
– commenting on what’s observed
• Advantage of walking through is to obtain
firsthand, comprehensive knowledge of how
a particular process is performed
Documentation Walk-Through
• An auditor follows particular operation or
transaction from beginning to end through
documentation
• It is one form of vouching transactions to
check whether specific controls are present
in a system
• usually limited to only one or two
transactions
Limited Testing of the System
• Purpose: to understand how well the system
is operating and if controls are functioning
at various parts of the system
• Select a few items (25-30) for examination
• Maybe combined with a walk-through
• The results are written up as a “Memo to the
File” and included in the working paper
Extended Testing of the
Information System
• If an auditor has any reason to suspect
problems with the information system,
extended testing is justified
• Some auditors prefer to prove the integrity
of the system before going further
• Normally involves with statistical sampling
so that a certain level of confidence (e.g..,
95%) can be achieved.
Preliminary Evaluation of
Internal Control System
• Auditors use internal control matrices to
organize audit results up to this point. It
contains the following columns:
– Specific audit objectives
– Important results from preliminary survey and
review of internal control
– The risks associated with each result
– Appropriate controls relevant to each result
– Auditor’s evaluation
Risk Assessment
• After internal control evaluation, auditors
reassess the level of risk associated with the
auditee’s operation. Three things are likely:
– The revised risk is low. Auditors should write a
report and go on to higher-risk areas.
– Little to gain from further audit. Wrap up and
go to next audit project.
– The risk remain high. Expand test of controls.