Internal, Operational, and Compliance Auditing

Chapter 21
Internal, Operational,
and Compliance
Auditing
McGraw-Hill/Irwin
Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.
Internal Auditing

Institute of Internal Auditors (IIA)
 Purpose of internal auditing:

An independent, objective assurance and consulting activity designed to
add value and improve an organization’s operations. It helps an
organization accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the effectiveness of risk
management, control, and governance processes.

Assist member of organization in performing their
responsibilities by furnishing them analyses, appraisals,
recommendations and counsel
 Part of organization’s internal control

High level control that measures and evaluates effectiveness of other
controls
21-2
Major Developments Affecting the
Internal Auditing Profession








Need for additional assurance about financial
information
Demand by stock exchanges and SEC for
management to assume more responsibility for
financial information
Need for assurance about the reliability of operational
reports
Demand for solutions to operational problems
Passage of the Foreign Corrupt Practices Act of 1977
Report of the National Commission on Fraudulent
Financial Reporting
Report of the Blue Ribbon Committee on Audit
Effectiveness (1998)
Passage of the Sarbanes-Oxley Act of 2002
21-3
Sarbanes-Oxley Compliance


Skills and experience make internal auditors valuable to
compliance effort
Involvement
 Document and test controls to support management’s
assertion
 Role can be significant but it is management’s
responsibility to ensure organizational compliance
 Role should not impair objectivity
 External auditors can rely on work of internal auditors
to fulfill responsibilities
21-4
Professional Standards of Internal
Auditors—Attribute Standards (1 of 6)



Purpose, Authority, and Responsibility
Independence and Objectivity
• Organizational independence
• Individual objectivity
• Impairments to independence and
objectivity
Proficiency and Due Professional Care
• Proficiency
• Due professional care
• Continuing Professional development
21-5
Professional Standards of Internal
Auditors—Attribute Standards (2 of 6)

Quality Assurance and Improvement
Program
• Quality program assessments
 Internal assessments
 External assessments
• Reporting on the Quality Program
• Use of “Conducted in accordance with the
Standards”
• Disclosure of Noncompliance
21-6
Professional Standards of Internal
Auditors—Attribute Standards (3 of 6)

Manage the Internal Auditing
Activity
• Planning
• Communication and approval
• Resource management
• Policies and procedures
• Coordination
• Reporting to the board and senior
management
21-7
Professional Standards of Internal
Auditors—Attribute Standards (4 of 6)


Nature of Work
• Risk management
• Control
• Governance
Engagement Planning
• Planning considerations
• Engagement objectives
• Engagement scope
• Engagement resources allocation
• Engagement work program
21-8
Professional Standards of Internal
Auditors—Attribute Standards (5 of 6)

Performing the Engagement
• Identifying information
• Analysis and evaluation
• Recording information
• Engagement supervision
21-9
Professional Standards of Internal
Auditors—Attribute Standards (6 of 6)



Communicating Results
• Criteria for communicating
• Quality of communications
• Errors and omissions
• Engagement disclosure of
noncompliance with the Standards
• Disseminating results
Monitoring Progress
Management’s Acceptance of Risks
21-10
Certified Internal Auditor
 Awarded
by IIA
 Certification requirements


Bachelor’s degree
Pass two-day examination consists of:
•
•
•
•

Internal audit process
Internal audit skills
Management control and information technology
Audit environment
Two years work experience in internal
auditing or advanced degree with one year
21-11
Operational Audits

Comprehensive examination of an operating unit or a
complete organization to evaluate its systems, controls
and performance as measured by management’s
objectives
 Purchasing
 Data processing
 Receiving
 Shipping
 Office services
 Advertising
 Engineering
21-12
The Operational Audit
21-13
Compliance Auditing
 Testing
and reporting on whether an
organization has complied with the
requirements of various laws, regulations
and agreements
 SSAE No. 10 provides guidance for
examination or agreed-upon procedures
but prohibits reviews.
21-14
Attesting to Compliance with Laws
and Regulations
 Applying Agreed-Upon
Procedures to
Specified Requirements
 Applying Agreed-Upon Procedures to
the Effectiveness of Internal Controls
 Performing Examinations
21-15
Compliance report
 Examination
report modified when:
1. Material noncompliance with specified
requirements.
2. Scope restriction.
3. Involvement of another CPA firm in the
examination.
21-16
Auditing and Reporting on Compliance
with Laws and Regulations
21-17
Audits in Accordance with
GAAS (1 of 2)

Design audits to obtain reasonable assurance of
detecting material misstatements resulting from
violations of laws and regulations with a direct
and material effect on line-item amounts in the
financial statements
 Laws and regulations often dictate way funds
are spent
 Financial assistance subject to compliance
provisions
21-18
Audits in Accordance with
GAAS (2 of 2)
Identify laws and regulations
(1) discussing laws and regulations with management,
program and grant administrators, and government
auditors;
(2) reviewing state and federal compliance requirement
documents;
(3) reviewing relevant grant and loan agreements; and
(4) reviewing minutes of the legislative body of the
governmental organization.
 Also obtain written representations from management
about completeness of laws and regulations
21-19
Audits in Accordance with Government
Auditing Standards (GAGAS)
 GAO
issues Generally Accepted
Government Auditing Standards (GAGAS)



Use in auditing federal entities and
organizations that received federal financial
assistance
Included in publication entitled Government
Auditing Standards (Yellow Book)
Standards apply only when required by law,
regulation or agreement
21-20
Additional Requirements
for GAGAS Audits
 Additional






requirements
Ethics
Audit communications
Considering the results of previous audits
Noncompliance with provisions of contracts
and grant agreements
Audit documentation
Reporting
21-21
Ethics for GAGAS Audits
1. The public interest—Observing integrity, objectivity, and
independence in performing professional services assists the
auditors in serving the public interest.
2. Integrity—Public confidence in government is maintained by auditors’
performing professional services with integrity.
3. Objectivity—Objectivity includes being independent in fact and
appearance when providing audit and attest services, maintaining
an attitude of impartiality, being intellectually honest, and being free
from conflicts of interest.
4. Proper use of government information, resources, and position—
These items should be used for official purposes and not for the
auditors’ personal gain or otherwise inappropriately.
5. Professional behavior—Auditors should comply with laws and
regulations and avoid any conduct that might bring discredit to the
auditors’ work.
21-22
Audit Documentation for GAGAS
Audits
 Additional


requirements beyond GAAS
Before the report is issued, evidence of supervisory
review of the work performed that supports
findings, conclusions, and recommendations
contained in the audit report.
Any departures from Generally Accepted
Government Auditing Standards and the impact on
the audit or the auditors’ conclusions.
21-23
Reporting for GAGAS Audits
 Independent
auditor’s report on financial
statements
 Written report on compliance with laws
and regulations and on internal control

Describes scope of tests and present findings
 Separate
reports are allowed but
reference to other report must be made in
final paragraph
21-24
Single Audit Act (1 of 2)
 Statutory
requirement to test controls over
compliance and compliance with program
requirements
 Applies to states, local governments and
nonprofit organizations that expend
$500,000 or more within a fiscal year in
federal financial assistance
 Audits are more extensive
21-25
Single Audit Act (2 of 2)

Requirements include determining and reporting on:
(1) the financial statements are presented fairly in all
material respects in accordance with generally accepted
accounting principles,
(2) the schedule of expenditures of federal awards is
fairly presented in all material respects in relation to the
financial statements taken as a whole, and
(3) the entity complied with the provisions
of laws, regulations, and contracts or grants that may
have a direct and material effect on each major federal
financial assistance program.
21-26
Major Programs
 Major
federal financial assistance
programs


Those programs to which the auditor must
apply procedures to test for compliance and
test the effectiveness of controls
Determined by risk-based approach
• Amount of program’s expenditures
• Risk of material noncompliance
• Auditor must test programs that in aggregate equal
50% of total federal expenditures
21-27
Designing Compliance Procedures

Concerned with compliance with laws and
regulations that could have direct and material
effect on each major federal financial assistance
program
 Assess inherent risk and control risk, then
design substantive procedures using OMB
Circular A-133 compliance supplement
 Specifies compliance requirements and
provides suggested audit procedures
21-28
21-29
Specific Requirements (1 of 3)
1. Activities allowed or not allowed. Determine that the organization complies
with the specific requirements regarding the activities allowed or not allowed
by the program.
2. Allowable costs/cost principles. Determine that the organization complies
with federal cost accounting policies applicable to the program.
3. Cash management. Determine that the recipient/subrecipient followed
procedures to minimize the time elapsing between the transfer of funds from
the U.S. Treasury, or pass-through entity, and their disbursement.
4. Davis-Bacon Act. Determine that wages paid are not less than those
established for the locality of the project (prevailing wage rates) by the
Department of Labor.
5. Eligibility. Determine that individuals or groups of individuals that are being
provided goods or services under a program are eligible for participation in
and for the levels of assistance received under that program.
21-29
Specific Requirements (2 of 3)
6. Equipment and real property management. Determine that the organization
safeguards and maintains equipment purchased with federal assistance and
uses the equipment for appropriate purposes.
7. Matching, level of effort, earmarking. Determine that the organization
contributes the appropriate amount of its own resources to the program.
8. Period of availability of federal funds. Determine that federal funds were
spent or obligated within the period of availability.
9. Procurement and suspension and debarment. Determine that the
organization uses appropriate policies for purchases with federal funds, and
that the organization does not contract with vendors that are suspended or
debarred
10. Program income. Determine whether program income is correctly recorded
and used in accordance with the program requirements.
11. Real property acquisition and relocation assistance. Determine that the
organization complied with property acquisition, appraisal, negotiation, and
residential relocation requirements.
21-30
Specific Requirements (3 of 3)
12. Reporting. Determine that the organization has
complied with prescribed reporting requirements.
13. Subrecipient monitoring. Determine whether recipients
monitor the compliance of subrecipients.
14. Special tests and provisions. Determine that the
organization complies with other significant specific
requirements that apply to the program.
21-31
Evaluate Results

Consider
 Frequency of noncompliance
 Whether it results in material amount of questioned
costs - expenditure that the auditor questions on the
grounds that it does not meet the criteria for
allowability, program eligibility, or other requirements
or is not adequately supported with documentation
 Consider actual amounts and projected amounts from
samples
 Must report all questioned costs that exceed $10,000
21-32
Report
• Whether the schedule of expenditures of federal awards
is fairly presented in all material respects in relation to
the financial statements taken as a whole.
• Whether the entity complied with the provisions of laws,
regulations, and contracts or grants that may have a
direct and material effect on each major federal financial
assistance program.
• The work performed on internal control relating to major
federal financial assistance programs.
21-33