Course Name: Internal Auditing & Controls
Module: 5
Module Title: Examination phase of the
internal audit
Lecture and handouts prepared by
Chuck Campbell
Examination phase of the internal audit
Module 5
This module covers the main aspects of the examination
phase of the internal audit. In this module, you will learn
how the auditor organizes and carries out the work
needed to obtain sufficient, appropriate evidence to
assess the quality of management systems and
practices in areas selected for audit. You will also be
introduced to generalized audit software packages such
as ACL and will use this software to obtain evidence for
internal audits, including fraud investigations.
MU1 2007-08 Module 5 Part 1 Slide 2
Internal Auditing & Controls
Module 5
Part 1 Topic 5.1
Topic 5.2
Overview of the examination phase
Preparing the audit program
Part 2 Topic 5.3
Topic 5.4
Testing and evidence
Developing audit criteria and preparing an
audit program – case study
Part 3 Topic 5.5
Topic 5.6
Computer-assisted audit techniques
Generalized audit software
MU1 2007-08 Module 5 Part 1 Slide 3
1
Internal Auditing & Controls
Module 5
Part 4 Topic 5.7
Topic 5.8
Evaluating audit results
Completing and reviewing audit files
Part 5 Topic 5.9 Fraud and investigations
Topic 5.10 Conducting a fraud investigation
Topic 5.11 Fraud in a technological environment
Part 6 Module summary – Learning objectives
Recent examination questions
MU1 2007-08 Module 5 Part 1 Slide 4
Internal Auditing & Controls
Module 5
Part 1
Topic 5.1
Topic 5.2
Overview of the examination phase
Preparing the audit program
MU1 2007-08 Module 5 Part 1 Slide 5
Steps in the examination phase of
an internal audit
1.
Examining and testing operations and transactions by
performing the procedures set out in the audit program.
MU1 2007-08 Module 5 Part 1 Slide 6
2
Steps in the examination phase of
a internal audit (cont’d)
1.
Examining and testing operations and transactions by
performing the procedures set out in the audit program.
2.
Analyzing audit results by comparing audit evidence
with audit criteria and establishing the causes for any
significant variances.
MU1 2007-08 Module 5 Part 1 Slide 7
Steps in the examination phase of
a internal audit (cont’d)
1.
Examining and testing operations and transactions by
performing the procedures set out in the audit program.
2.
Analyzing audit results by comparing audit evidence
with audit criteria and establishing the causes for any
significant variances.
3.
Completing and reviewing audit files including
summarizing audit findings, in preparation for
producing the audit report.
MU1 2007-08 Module 5 Part 1 Slide 8
Purposes of audit programs





ensuring that audit standards are met
clearly communicating objectives, audit criteria
and procedures
aiding in understanding the activities being
audited
outlining the work to be done and ensuring that
no important steps are overlooked
providing a basis for scheduling and controlling
audit work and time
MU1 2007-08 Module 5 Part 1 Slide 9
3
Purposes of audit programs (cont’d)




providing for an orderly review of the work
performed
providing a checkpoint for approval of planned
audit work and subsequent audit review
ensuring that the most efficient procedures are
followed in the proper order to gather sufficient,
appropriate evidence to support the auditor’s
observations
providing supporting evidence for audit findings
MU1 2007-08 Module 5 Part 1 Slide 10
Steps in preparing internal audit
programs
1. Determine
the nature of evidence
required by the audit objectives.
MU1 2007-08 Module 5 Part 1 Slide 11
Steps in preparing internal audit
programs (cont’d)
1. Determine
the nature of evidence
required by the audit objectives.
2. Determine what evidence is appropriate
to achieve the audit objectives.
MU1 2007-08 Module 5 Part 1 Slide 12
4
Steps in preparing internal audit
programs (cont’d)
1. Determine
the nature of evidence
required by the audit objectives.
2. Determine what evidence is appropriate
to achieve the audit objectives.
3. Determine how much evidence is needed
to achieve the audit objectives.
MU1 2007-08 Module 5 Part 1 Slide 13
Steps in preparing internal audit
programs (cont’d)
1. Determine
the nature of evidence
required by the audit objectives.
2. Determine what evidence is appropriate
to achieve the audit objectives.
3. Determine how much evidence is needed
to achieve the audit objectives.
4. Determine the timeliness of the evidence
needed to meet the audit objectives.
MU1 2007-08 Module 5 Part 1 Slide 14
Steps in preparing internal audit
programs (cont’d)
1. Determine the nature of evidence required by
the audit objectives.
2. Determine what evidence is appropriate to
achieve the audit objectives.
3. Determine how much evidence is needed to
achieve the audit objectives.
4. Determine the timeliness of the evidence
needed to meet the audit objectives.
5. Determine how the required evidence will be
obtained.
MU1 2007-08 Module 5 Part 1 Slide 15
5
Steps in preparing internal audit
programs (cont’d)
1. Determine the nature of evidence required by
the audit objectives.
2. Determine what evidence is appropriate to
achieve the audit objectives.
3. Determine how much evidence is needed to
achieve the audit objectives.
4. Determine the timeliness of the evidence
needed to meet the audit objectives.
5. Determine how the required evidence will be
obtained.
6. Write the audit program.
MU1 2007-08 Module 5 Part 1 Slide 16
Components of the audit program
Audit objectives summarize why the audit is being
performed.
MU1 2007-08 Module 5 Part 1 Slide 17
Components of the audit program
Audit objectives summarize why the audit is being
performed.
Audit criteria are the standards used by the auditor
to assess performance.
MU1 2007-08 Module 5 Part 1 Slide 18
6
Components of the audit program
Audit objectives summarize why the audit is being
performed.
Audit criteria are the standards used by the auditor
to assess performance.
Audit procedures are the general and specific
techniques performed by the auditors to obtain
sufficient, appropriate evidence to determine if
operations are in accordance with the audit
criteria.
MU1 2007-08 Module 5 Part 1 Slide 19
Examples of audit procedures
Audit procedures include:



inspection of documents (vouching and tracing)
analysis
interviews
MU1 2007-08 Module 5 Part 1 Slide 20
Examples of audit procedures
Audit procedures include:







inspection of documents (vouching and tracing)
analysis
interviews
replication or reperformance
physical observation
computation
confirmation
MU1 2007-08 Module 5 Part 1 Slide 21
7
Internal Auditing & Controls
Module 5
Part 2
Topic 5.3
Topic 5.4
Testing and evidence
Developing audit criteria and preparing an
audit program – case study
MU1 2007-08 Module 5 Part 2 Slide 1
Appropriateness of internal audit
evidence
In determining the appropriateness of audit
evidence, the internal auditor considers three
factors:

its competence or reliability
MU1 2007-08 Module 5 Part 2 Slide 2
Appropriateness of internal audit
evidence
In determining the appropriateness of audit
evidence, the internal auditor considers three
factors:


its competence or reliability
its relevance for the purpose for which it is to be
used
MU1 2007-08 Module 5 Part 2 Slide 3
8
Appropriateness of internal audit
evidence
In determining the appropriateness of audit
evidence, the internal auditor considers three
factors:



its competence or reliability
its relevance for the purpose for which it is to be
used
its usefulness in helping the organization improve
and achieve its goals
MU1 2007-08 Module 5 Part 2 Slide 4
Sufficiency of internal audit
evidence
Sufficiency of audit evidence means that the
auditor has examined a large enough
quantity of evidence such that a reasonably
trained person would concur that the
amount of evidence was adequate to
support the audit conclusions reached
MU1 2007-08 Module 5 Part 2 Slide 5
Factors in determining sufficiency
of audit evidence
Factors to consider in determining how much evidence
is required include:

the risk associated with the activities being audited
MU1 2007-08 Module 5 Part 2 Slide 6
9
Factors in determining sufficiency
of audit evidence
Factors to consider in determining how much evidence
is required include:


the risk associated with the activities being audited
the materiality or impact of the potential
weaknesses
MU1 2007-08 Module 5 Part 2 Slide 7
Factors in determining sufficiency
of audit evidence
Factors to consider in determining how much evidence
is required include:



the risk associated with the activities being audited
the materiality or impact of the potential
weaknesses
the nature of the evidence available (the more
persuasive the evidence, the less of it is needed)
MU1 2007-08 Module 5 Part 2 Slide 8
Factors in determining sufficiency
of audit evidence
Factors to consider in determining how much evidence
is required include:




the risk associated with the activities being audited
the materiality or impact of the potential
weaknesses
the nature of the evidence available (the more
persuasive the evidence, the less of it is needed)
the sensitivity of the matter being assessed (more
evidence is needed, for example, for suspected
frauds)
MU1 2007-08 Module 5 Part 2 Slide 9
10
Factors in determining sufficiency
of audit evidence
Factors to consider in determining how much evidence
is required include:





the risk associated with the activities being audited
the materiality or impact of the potential
weaknesses
the nature of the evidence available (the more
persuasive the evidence, the less of it is needed)
the sensitivity of the matter being assessed (more
evidence is needed, for example, for suspected
frauds)
the cost of obtaining the evidence
MU1 2007-08 Module 5 Part 2 Slide 10
Persuasiveness of audit evidence
Evidence is most persuasive when it is:

relevant;
MU1 2007-08 Module 5 Part 2 Slide 11
Persuasiveness of audit evidence
Evidence is most persuasive when it is:


relevant;
objective;
MU1 2007-08 Module 5 Part 2 Slide 12
11
Persuasiveness of audit evidence
Evidence is most persuasive when it is:



relevant;
objective;
documented;
MU1 2007-08 Module 5 Part 2 Slide 13
Persuasiveness of audit evidence
Evidence is most persuasive when it is:




relevant;
objective;
documented;
external to the organization;
MU1 2007-08 Module 5 Part 2 Slide 14
Persuasiveness of audit evidence
Evidence is most persuasive when it is:





relevant;
objective;
documented;
external to the organization;
derived from a large sample;
MU1 2007-08 Module 5 Part 2 Slide 15
12
Persuasiveness of audit evidence
Evidence is most persuasive when it is:






relevant;
objective;
documented;
external to the organization;
derived from a large sample;
derived from a random, statistical sample;
MU1 2007-08 Module 5 Part 2 Slide 16
Persuasiveness of audit evidence
Evidence is most persuasive when it is:







relevant;
objective;
documented;
external to the organization;
derived from a large sample;
derived from a random, statistical sample;
corroborated by evidence from other sources;
MU1 2007-08 Module 5 Part 2 Slide 17
Persuasiveness of audit evidence
Evidence is most persuasive when it is:








relevant;
objective;
documented;
external to the organization;
derived from a large sample;
derived from a random, statistical sample;
corroborated by evidence from other sources;
timely;
MU1 2007-08 Module 5 Part 2 Slide 18
13
Persuasiveness of audit evidence
Evidence is most persuasive when it is:









relevant;
objective;
documented;
external to the organization;
derived from a large sample;
derived from a random, statistical sample;
corroborated by evidence from other sources;
timely;
authoritative;
MU1 2007-08 Module 5 Part 2 Slide 19
Persuasiveness of audit evidence
Evidence is most persuasive when it is:










relevant;
objective;
documented;
external to the organization;
derived from a large sample;
derived from a random, statistical sample;
corroborated by evidence from other sources;
timely;
authoritative;
direct;
MU1 2007-08 Module 5 Part 2 Slide 20
Persuasiveness of audit evidence
Evidence is most persuasive when it is:











relevant;
objective;
documented;
external to the organization;
derived from a large sample;
derived from a random, statistical sample;
corroborated by evidence from other sources;
timely;
authoritative;
direct;
from a well-controlled system.
MU1 2007-08 Module 5 Part 2 Slide 21
14
Connon Chemicals Inc. case study –
1.
Decide how you would expect the company to mitigate
each of the risks identified in the planning stage of the
audit.
2.
For each risk, state the criteria that you would use to
evaluate the company’s efforts to address each
identified risk.
3.
For each criterion stated, set out one or more steps
that would make up the audit program to obtain and
assess evidence as to whether the company is in
compliance with the criteria you have determined to be
appropriate.
MU1 2007-08 Module 5 Part 2 Slide 22
Internal Auditing & Controls
Module 5
Part 3
Topic 5.5
Topic 5.6
Computer-assisted audit techniques
Generalized audit software
MU1 2007-08 Module 5 Part 3 Slide 1
Prerequisites to using computerassisted audit techniques

The information must be stored in computer
records.
MU1 2007-08 Module 5 Part 3 Slide 2
15
Prerequisites to using computerassisted audit techniques

The information must be stored in computer
records.

Computer software must be available to
perform
the
computer
assisted
audit
techniques
(or
can
be
developed
economically).
MU1 2007-08 Module 5 Part 3 Slide 3
Prerequisites to using computerassisted audit techniques

The information must be stored in computer records.

Computer software must be available to perform the
computer assisted audit techniques (or can be
developed economically).

The auditor must have the technical competence to
perform the audit procedures using the computer
assisted audit techniques.
MU1 2007-08 Module 5 Part 3 Slide 4
Systems-oriented CAATs
Systems-oriented CAATs are used to:

enable the auditor to directly test system-based
internal controls;
MU1 2007-08 Module 5 Part 3 Slide 5
16
Systems-oriented CAATs
Systems-oriented CAATs are used to:


enable the auditor to directly test system-based
internal controls;
enable the auditor to check the logic of the
computer systems;
MU1 2007-08 Module 5 Part 3 Slide 6
Systems-oriented CAATs
Systems-oriented CAATs are used to:



enable the auditor to directly test system-based
internal controls;
enable the auditor to check the logic of the
computer systems;
enable the auditor to gain a better understanding of
the computer systems;
MU1 2007-08 Module 5 Part 3 Slide 7
Systems-oriented CAATs
Systems-oriented CAATs are used to:




enable the auditor to directly test system-based
internal controls;
enable the auditor to check the logic of the
computer systems;
enable the auditor to gain a better understanding of
the computer systems;
enable the auditor to establish that there have been
no unauthorized changes to programs.
MU1 2007-08 Module 5 Part 3 Slide 8
17
Systems-oriented CAATs (cont’d)
Examples of system-oriented CAATs include:





test data;
integrated test facilities;
system control audit review files (SCARF);
logic analysis programs;
code comparison programs.
MU1 2007-08 Module 5 Part 3 Slide 9
Data-oriented CAATs
Data-oriented CAATs:

are used to retrieve, select, summarize and process
data for the purposes of establishing its completeness
and accuracy;
MU1 2007-08 Module 5 Part 3 Slide 10
Data-oriented CAATs
Data-oriented CAATs:


are used to retrieve, select, summarize and process
data for the purposes of establishing its completeness
and accuracy;
are used to perform statistical and other analysis on
audit data;
MU1 2007-08 Module 5 Part 3 Slide 11
18
Data-oriented CAATs
Data-oriented CAATs:



are used to retrieve, select, summarize and process
data for the purposes of establishing its completeness
and accuracy;
are used to perform statistical and other analysis on
audit data;
are usually used to produce substantive audit evidence
(occasionally to test controls);
MU1 2007-08 Module 5 Part 3 Slide 12
Data-oriented CAATs
Data-oriented CAATs:




are used to retrieve, select, summarize and process
data for the purposes of establishing its completeness
and accuracy;
are used to perform statistical and other analysis on
audit data;
are usually used to produce substantive audit evidence
(occasionally to test controls);
enable the auditor to gain a better understanding of the
computer systems;
MU1 2007-08 Module 5 Part 3 Slide 13
Data-oriented CAATs
Data-oriented CAATs:





are used to retrieve, select, summarize and process
data for the purposes of establishing its completeness
and accuracy;
are used to perform statistical and other analysis on
audit data;
are usually used to produce substantive audit evidence
(occasionally to test controls);
enable the auditor to gain a better understanding of the
computer systems;
are used to increase audit effectiveness and efficiency.
MU1 2007-08 Module 5 Part 3 Slide 14
19
Data-oriented CAATs (cont’d)
Examples of data-oriented CAATs include:




generalized audit software;
system utilities;
custom-written programs;
industry-specific audit programs.
MU1 2007-08 Module 5 Part 3 Slide 15
Functionality of generalized audit
software
Most generalized audit software programs (such as
ACL) can do the following:





read data in a variety of formats and file
structures;
merge records from multiple files;
extracts records according to auditor’s
specifications;
sort records according to the auditor’s
specifications;
select samples using statistical or other criteria;
MU1 2007-08 Module 5 Part 3 Slide 16
Functionality of generalized audit
software (cont’d)
Most generalized audit software programs (such as
ACL) can do the following:




perform numerical calculations on data;
perform statistical analysis on data;
perform summation of data;
generate reports in prescribed formats (e.g.,
spreadsheets, database formats).
MU1 2007-08 Module 5 Part 3 Slide 17
20
An example of the use of ACL
ACL was used to:

select travel and entertainment payments from the
accounts payable master file;

select employees who had the highest total travel and
entertainment costs;

select the highest reimbursements to employees
other than those selected in the previous step;

select transactions from those identified by previous
internal audits as violators of the company’s policies
and procedures;

select a random sample of the remaining
reimbursements;

merge data with employee file to obtain employee’s
names and locations;

generate a worksheet containing selected
reimbursements for audit follow-up.
MU1 2007-08 Module 5 Part 3 Slide 18
Steps in using generalized audit
software
1.
define the specific audit objectives for the application;
MU1 2007-08 Module 5 Part 3 Slide 19
Steps in using generalized audit
software
1.
2.
define the specific audit objectives for the application;
determine the specific tests to be performed by the
software;
MU1 2007-08 Module 5 Part 3 Slide 20
21
Steps in using generalized audit
software
1.
2.
3.
define the specific audit objectives for the application;
determine the specific tests to be performed by the
software;
obtain copies of the data files to be tested;
MU1 2007-08 Module 5 Part 3 Slide 21
Steps in using generalized audit
software
1.
2.
3.
4.
define the specific audit objectives for the application;
determine the specific tests to be performed by the
software;
obtain copies of the data files to be tested;
verify completeness of data files to be used;
MU1 2007-08 Module 5 Part 3 Slide 22
Steps in using generalized audit
software
1.
2.
3.
4.
5.
define the specific audit objectives for the application;
determine the specific tests to be performed by the
software;
obtain copies of the data files to be tested;
verify completeness of data files to be used;
enter the commands into the generalized audit software
and run the program;
MU1 2007-08 Module 5 Part 3 Slide 23
22
Steps in using generalized audit
software
1.
2.
3.
4.
5.
6.
define the specific audit objectives for the application;
determine the specific tests to be performed by the
software;
obtain copies of the data files to be tested;
verify completeness of data files to be used;
enter the commands into the generalized audit software
and run the program;
check the output and draw audit conclusions.
MU1 2007-08 Module 5 Part 3 Slide 24
Computer illustrations using ACL
You should work through computer illustrations
5-1 to 5-4 to gain some hands-on experience
working with a generalized audit software
package:




5-1:
5-2:
5-3:
5-4:
Basic table management using ACL
Analyzing field contents and sorting a table
Creating new fields and analyzing a field
Aggregating the values of a field
(These are found under the ACL computer illustrations link
on the navigation pane.)
MU1 2007-08 Module 5 Part 3 Slide 25
Internal Auditing & Controls
Module 5
Part 4
Topic 5.7
Topic 5.8
Evaluating audit results
Completing and reviewing audit files
MU1 2007-08 Module 5 Part 4 Slide 1
23
Evaluating audit results
1. The auditor compares the observation with the
audit criteria.
MU1 2007-08 Module 5 Part 4 Slide 2
Evaluating audit results
1. The auditor compares the observation with the
audit criteria.
2. The auditor determines the cause and effects of
the identified weakness.
a) the auditor must define the problem and gather
evidence as to the cause of the deficiency;
MU1 2007-08 Module 5 Part 4 Slide 3
Evaluating audit results
1. The auditor compares the observation with the
audit criteria.
2. The auditor determines the cause and effects of
the identified weakness.
a) the auditor must define the problem and gather
evidence as to the cause of the deficiency;
auditor must consider the effect of the
deficiency on the company’s operations;
b) the
MU1 2007-08 Module 5 Part 4 Slide 4
24
Evaluating audit results
1. The auditor compares the observation with the
audit criteria.
2. The auditor determines the cause and effects of
the identified weakness.
a) the auditor must define the problem and gather
evidence as to the cause of the deficiency;
auditor must consider the effect of the
deficiency on the company’s operations;
c) the auditor must ensure that sufficient evidence is
obtained to support the existence of the weakness
and its cause and effects.
b) the
MU1 2007-08 Module 5 Part 4 Slide 5
Reviewing audit files
Audit working paper files should contain:

a statement of audit objectives;
MU1 2007-08 Module 5 Part 4 Slide 6
Reviewing audit files
Audit working paper files should contain:

a statement of audit objectives;

reasons for
procedures;
performing
specific
audit
MU1 2007-08 Module 5 Part 4 Slide 7
25
Reviewing audit files
Audit working paper files should contain:

a statement of audit objectives;

reasons for
procedures;

the basis for sample selection;
performing
specific
audit
MU1 2007-08 Module 5 Part 4 Slide 8
Reviewing audit files
Audit working paper files should contain:

a statement of audit objectives;

reasons for
procedures;

the basis for sample selection;

documentation of matters examined;
performing
specific
audit
MU1 2007-08 Module 5 Part 4 Slide 9
Reviewing audit files
Audit working paper files should contain:

a statement of audit objectives;

reasons for
procedures;

the basis for sample selection;

documentation of matters examined;

key documentary evidence;
performing
specific
audit
MU1 2007-08 Module 5 Part 4 Slide 10
26
Reviewing audit files
Audit working paper files should contain:

a statement of audit objectives;

reasons for performing specific audit procedures;

the basis for sample selection;

documentation of matters examined;

key documentary evidence;

audit programs, setting out work done;
MU1 2007-08 Module 5 Part 4 Slide 11
Reviewing audit files
Audit working paper files should contain:

a statement of audit objectives;

reasons for performing specific audit procedures;

the basis for sample selection;

documentation of matters examined;

key documentary evidence;

audit programs, setting out work done;

drafts of audit reports;
MU1 2007-08 Module 5 Part 4 Slide 12
Reviewing audit files
Audit working paper files should contain:

a statement of audit objectives;

reasons for performing specific audit procedures;

the basis for sample selection;

documentation of matters examined;

key documentary evidence;

audit programs, setting out work done;

drafts of audit reports;

details of discussions with management;
MU1 2007-08 Module 5 Part 4 Slide 13
27
Reviewing audit files
Audit working paper files should contain:

a statement of audit objectives;

reasons for performing specific audit procedures;

the basis for sample selection;

documentation of matters examined;

key documentary evidence;

audit programs, setting out work done;

drafts of audit reports;

details of discussions with management;

management’s response to audit findings;
MU1 2007-08 Module 5 Part 4 Slide 14
Reviewing audit files
Audit working paper files should contain:

a statement of audit objectives;

reasons for performing specific audit procedures;

the basis for sample selection;

documentation of matters examined;

key documentary evidence;

audit programs, setting out work done;

drafts of audit reports;

details of discussions with management;

management’s response to audit findings;

evidence of adequate review of work done.
MU1 2007-08 Module 5 Part 4 Slide 15
internal audit working papers
Working papers should be:

complete and accurate;
MU1 2007-08 Module 5 Part 4 Slide 16
28
internal audit working papers
Working papers should be:


complete and accurate;
clear and concise;
MU1 2007-08 Module 5 Part 4 Slide 17
internal audit working papers
Working papers should be:



complete and accurate;
clear and concise;
pertinent (relevant);
MU1 2007-08 Module 5 Part 4 Slide 18
internal audit working papers
Working papers should be:




complete and accurate;
clear and concise;
pertinent (relevant);
systematically organized.
MU1 2007-08 Module 5 Part 4 Slide 19
29
Internal Auditing & Controls
Module 5
Part 5
Topic 5.9
Topic 5.10
Topic 5.11
Fraud and investigations
Conducting a fraud investigation
Fraud in a technological environment
MU1 2007-08 Module 5 Part 5 Slide 1
Responsibility for the deterrence and
detection of fraud

Management has the primary responsibility
for preventing and detecting fraud.
MU1 2007-08 Module 5 Part 5 Slide 2
Responsibility for the deterrence and
detection of fraud

Management has the primary responsibility
for preventing and detecting fraud.

Internal auditors must have sufficient
knowledge of fraud to be able to identify
indications that fraud might have occurred.
MU1 2007-08 Module 5 Part 5 Slide 3
30
Some indicators of potential fraud

control in the hands of few individuals; little
segregation of duties;

unexplained
variances
performance ratios;

late reporting;

unexplained shortages in physical assets;
and
unexpected
MU1 2007-08 Module 5 Part 5 Slide 4
Some indicators of potential fraud
(cont’d)

unusually high number of interbank transfers;

staff not taking vacations;

high staff turnover;

extreme pressure to achieve results;

unexplained extravagant lifestyles.
MU1 2007-08 Module 5 Part 5 Slide 5
Steps in a fraud investigation
1.
Be alert to the indications of the existence of
possible fraud.
MU1 2007-08 Module 5 Part 5 Slide 6
31
Steps in a fraud investigation
Be alert to the indications of the existence of
possible fraud.
2. Inform management of suspicious circumstances.
1.
MU1 2007-08 Module 5 Part 5 Slide 7
Steps in a fraud investigation
1.
2.
3.
Be alert to the indications of the existence of possible
fraud.
Inform management of suspicious circumstances.
Assist in the investigation, as requested:
a) co-ordinate
b)
c)
d)
e)
f)
g)
efforts of all parties working in the
investigation;
determine appropriate audit procedures;
obtain and evaluate audit evidence;
determine actual or potential loss;
identify specific cause or deficiency that permitted fraud
to occur;
carry out interviews;
respect the legal rights of all employees.
MU1 2007-08 Module 5 Part 5 Slide 8
Steps in a fraud investigation (cont’d)
4. Reappraise internal controls and audit
procedures.
MU1 2007-08 Module 5 Part 5 Slide 9
32
Steps in a fraud investigation (cont’d)
4. Reappraise
internal controls and audit
procedures.
5. The company must determine the action to
be taken against the perpetrator.
MU1 2007-08 Module 5 Part 5 Slide 10
Steps in a fraud investigation (cont’d)
4. Reappraise
internal controls and audit
procedures.
5. The company must determine the action to
be taken against the perpetrator.
6. Prepare a written report.
MU1 2007-08 Module 5 Part 5 Slide 11
Contents of a fraud report

how the fraud was discovered

nature or type of fraudulent activity

identity of perpetrator

dollar amount involved

method of concealment
MU1 2007-08 Module 5 Part 5 Slide 12
33
Contents of a fraud report (cont’d)

time period during which fraud occurred

effect on financial statements

recommendations to prevent recurrence

disciplinary or legal action taken
MU1 2007-08 Module 5 Part 5 Slide 13
Types of computer fraud
1.
theft of information
MU1 2007-08 Module 5 Part 5 Slide 14
Types of computer fraud
1.
theft of information
2.
theft of assets (with manipulation
accounting records to cover up the fraud)
of
MU1 2007-08 Module 5 Part 5 Slide 15
34
Types of computer fraud
1.
theft of information
2.
theft of assets
3.
malicious destruction of programs and/or data
MU1 2007-08 Module 5 Part 5 Slide 16
Internal Auditing & Controls
Module 5
Part 6
Module summary -- Learning Objectives
Recent past examination questions
MU1 2007-08 Module 5 Part 6 Slide 1
Module 5 Learning Objectives
1. Outline the main steps in the examination
phase of an internal audit. (Level 1)
MU1 2007-08 Module 5 Part 6 Slide 2
35
Module 5 Learning Objectives
2. Describe the purpose of a internal audit
program and explain its components and
format. (Level 1)
MU1 2007-08 Module 5 Part 6 Slide 3
Module 5 Learning Objectives
3. Explain how evidence is gathered, selected,
and assessed, and the importance of the
decisions involved. (Level 1)
MU1 2007-08 Module 5 Part 6 Slide 4
Module 5 Learning Objectives
4. Develop appropriate criteria and prepare an
audit program for a risk-based audit. (Level 1)
MU1 2007-08 Module 5 Part 6 Slide 5
36
Module 5 Learning Objectives
5. Distinguish between systems-oriented and
data-oriented computer-assisted audit
techniques (CAATs). (Level 1)
MU1 2007-08 Module 5 Part 6 Slide 6
Module 5 Learning Objectives
6. Explain and demonstrate how data are
analyzed using generalized audit software such
as ACL. (Level 1)
MU1 2007-08 Module 5 Part 6 Slide 7
Module 5 Learning Objectives
7. Assess conditions within an audited unit against
audit criteria, and analyze the cause and effects
of any observed deficiencies. (Level 1)
MU1 2007-08 Module 5 Part 6 Slide 8
37
Module 5 Learning Objectives
8. Explain the standards for preparing audit
working papers and the importance of the
internal auditor’s role in supervising the
engagement. (Level 2)
MU1 2007-08 Module 5 Part 6 Slide 9
Module 5 Learning Objectives
9. Describe the roles and responsibilities of
management and the internal auditor in the
deterrence and detection of fraud. (Level 1)
MU1 2007-08 Module 5 Part 6 Slide 10
Module 5 Learning Objectives
10. Outline the main steps in a fraud investigation
and the auditor’s responsibility in following up
on the results of such an investigation. (Level 1)
MU1 2007-08 Module 5 Part 6 Slide 11
38
Module 5 Learning Objectives
11. Describe computer fraud and outline current
practices for how internal auditors deal with it
(Level 2); examine how ACL can be used to
conduct a payroll fraud investigation. (Level 1)
MU1 2007-08 Module 5 Part 6 Slide 12
Recent examination questions
Multiple choice questions:
June 2005, Questions 1(c) and 1(d)
MU1 2007-08 Module 5 Part 6 Slide 13
Recent examination questions
Multiple choice questions:
December 2005, Question 1(d)
MU1 2007-08 Module 5 Part 6 Slide 14
39
Recent examination questions
Multiple choice questions:
March 2006, Questions 1(e) and 1(f)
MU1 2007-08 Module 5 Part 6 Slide 15
Recent examination questions
Multiple choice questions:
June 2006, Questions 1(e) and 1(f)
MU1 2007-08 Module 5 Part 6 Slide 16
Recent examination questions
Multiple choice questions:
March 2007, Question 1(l)
MU1 2007-08 Module 5 Part 6 Slide 17
40
Recent examination questions
GAS output interpretation questions:
March 2006, Question 2
MU1 2007-08 Module 5 Part 6 Slide 18
Recent examination questions
GAS output interpretation questions:
June 2006, Question 2
MU1 2007-08 Module 5 Part 6 Slide 18
Recent examination questions
Essay questions
June 2005, Question 3 (26 marks)
MU1 2007-08 Module 5 Part 6 Slide 19
41
Recent examination questions
Essay questions:
December 2005, Question 3 (part)
MU1 2007-08 Module 5 Part 6 Slide 20
Recent examination questions
Essay questions:
June 2006, Question 4
MU1 2007-08 Module 5 Part 6 Slide 21
42