Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Human Resource Management

Part 2 A - Raven Global Training

advertisement 
THE IIA’S CIA LEARNING SYSTEMTM
Audit Engagement Overview
Plan
Perform
Communicate
Monitor
Research and apply Standards
Maintain fraud awareness
Assess risk
Collect, evaluate,
analyze, interpret data.
Develop workpapers.
www.LearnCia.com
Report findings,
conclusions,
recommendations.
Part 2, Section A, Overview
Monitor
engagement
outcomes.
Part 2 A – 1
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Section Topics
1. Research and apply
appropriate international
standards
2. Maintain an awareness of
the potential for fraud when
conducting an engagement
3. Collect data
4. Evaluate the relevance,
sufficiency, and
competence of evidence
5. Analyze and interpret data
6. Develop working papers
7. Review working papers
www.LearnCia.com
8. Communicate interim
progress
9. Draw conclusions
10. Develop recommendations
when appropriate
11. Report engagement results
12. Conduct client satisfaction
survey
13. Complete performance
appraisals of engagement
staff
Part 2, Section A
Part 2 A – 2
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Which parts of the International Professional
Practices Framework are mandatory for IIA
members? (Select all that apply.)
I. Definition of internal auditing
II. Code of Ethics
III. Standards
IV. Practice Advisories
V. Practice Guides and Position Papers
Answer: I, II, and III
www.LearnCia.com
Part 2, Section A, Topic 1
Part 2 A – 3
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Internal Auditing: IIA Definition
“Internal auditing is an independent, objective
assurance and consulting activity designed to
add value and improve an organization’s
operations. It helps an organization accomplish
its objectives by bringing a systematic,
disciplined approach to evaluate and improve the
effectiveness of risk management, control, and
governance processes.”
www.LearnCia.com
Part 2, Section A, Topic 1
Part 2 A – 4
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Which of the four principles underlying
The IIA Code of Ethics is missing from
the following list?
Integrity
Objectivity
Confidentiality
Competency
www.LearnCia.com
Part 2, Section A, Topic 1
Part 2 A – 5
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
IIA Code of Ethics
Integrity
Objectivity
Confidentiality
Competency
1.1. Perform work with
honesty, diligence, and
responsibility.
2.1. Avoid acts or
relationships that
impair unbiased
assessment, including
those that conflict with
the organization’s
interests.
3.1. Be prudent in use
and protection of
information acquired in
the course of duties.
4.1. Engage only in
services for which you
have the knowledge,
skills, and experience.
3.2. Do not use
information for
personal gain, contrary
to the law, or to the
detriment of legitimate
and ethical objectives
of the organization.
4.2. Perform internal
auditing services in
accordance with the
Standards.
1.2. Observe the law
and make disclosures
expected by the law
and the profession.
1.3. Avoid illegal
activity or acts that are
discreditable to the IA
profession or to the
organization.
1.4. Respect and
contribute to legitimate
and ethical objectives
of the organization.
www.LearnCia.com
2.2. Accept nothing
that might impair
professional judgment.
2.3. Disclose all
material facts known
that, if undisclosed,
may distort reporting.
Part 2, Section A, Topic 1
4.3. Continually
improve proficiency
and effectiveness and
quality of services.
Part 2 A – 6
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
What should you do when confronted
by an ethical dilemma that can’t be
resolved by reference to any of the
specific Rules of Conduct?
Answer: Apply the four principles
to determine an ethical course of
action.
www.LearnCia.com
Part 2, Section A, Topic 1
Part 2 A – 7
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
The IIA’s Standards: 3 Types
Attribute
Standards
Characteristics of
organizations and
parties performing
internal audit
services
www.LearnCia.com
Performance
Standards
Descriptions of the
nature of internal
audit services and
quality criteria for
service performance
measurement
Part 2, Section A, Topic 1
Implementation
Standards
Mandatory instructions
for implementing
Attribute and
Performance
Standards for
assurance and
consulting
engagements
Part 2 A – 8
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Which list describes assurance audit services
and which describes consulting audit services?
Answer:
Assurance
Consulting
• Objective assessment of
evidence.
• Independent opinion or
conclusions about a
process, system, etc.
• Internal auditor determines
nature and scope.
• Three parties generally
involved.
www.LearnCia.com
• Advisory engagement.
• Requested by client.
• Nature and scope
subject to client-auditor
agreement.
• Two parties generally
involved.
Part 2, Section A, Topic 1
Part 2 A – 9
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Engagement Examples
Assurance Engagements
•
•
•
•
•
•
Financial assurance
Controls assurance
Information technology (IT)
Compliance
Operations
Integrated
www.LearnCia.com
Consulting Engagements
• Management requests
• Due diligence assignments
in mergers and acquisitions
Part 2, Section A, Topic 1
Part 2 A – 10
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
IIA Nonmandatory Guidance: Three Types
Practice Advisories
• IIA-sanctioned best practices
• Address approach,
methodology, and
considerations
Practice Guides
Detailed guidance for internal
audit activities (e.g., processes
and procedures—tools and
techniques, programs, and
approaches)
Position Papers
Statements to assist a wide
range of interested parties
www.LearnCia.com
Part 2, Section A, Topic 1
Part 2 A – 11
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Other Relevant Standards
US Racketeer
Influenced and
Corrupt Practices
Act (RICO)
Treadway
SarbanesCOSO for
Commission
Oxley Act
small
Report
business
(COSO)
COSO Internal
COSO
• Revised
US Foreign
Control—
Enterprise
Yellow Book
Corrupt
Integrated
Risk
standards
Practices
Framework
Management— • Auditing
Act (FCPA)
(revised 1994)
Integrated
Standard
Framework
Number 5
(AS5)
www.LearnCia.com
Part 2, Section A, Topic 1
Part 2 A – 12
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Sarbanes-Oxley Act’s Impact
• Outside auditor may not also do internal audits; cosourcing is acceptable.
• Audit committee shall:
– Appoint, compensate, etc., the outside auditor.
– Contain only independent members (no consulting fees
accepted).
– Contain at least one financial expert (or disclose as to why
not).
– Establish procedures for monitoring controls, handling
complaints, etc.
• All SEC filings must contain an internal control report.
www.LearnCia.com
Part 2, Section A, Topic 1
Part 2 A – 13
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Auditing Standard Number 5 (AS5)
“Top-down, risk-based approach”
• Clarifies how entity level controls should be used in performing
an integrated audit
• Broadens the expected use of the work of other external
auditors beyond internal auditors
• Allows increased use of work of others by external auditors as
the level of risk decreases
• Requires that an understanding of the flow of transactions be
obtained
• Excuses walkthroughs if external auditors can rely on the work
performed by internal audit in this area
www.LearnCia.com
Part 2, Section A, Topic 1
Part 2 A – 14
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Committee of Sponsoring Organizations (COSO)
Internal Control—Integrated
Framework*
Enterprise Risk Management—
Integrated Framework
1 Control environment
1 Internal environment
2 Risk assessment
2 Objective setting
3
3 Event identification
Control activities
4 Information and communication
5 Monitoring
4 Risk assessment
5 Risk response
6 Control activities
7 Information and communication
*Same components for 2006 “Internal Control Over
Financial Reporting” for smaller public companies
www.LearnCia.com
8 Monitoring
Part 2, Section A, Topic 1
Part 2 A – 15
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
The COSO Challenge:
Take a Broader View of Control Environment
Financial
statements
www.LearnCia.com
+
“Tone at the top”
Ethics
Competency
Human resource policies
Corporate culture
Part 2, Section A, Topic 1
Part 2 A – 16
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Are there sets of standards similar to
COSO that apply outside the US?
Sample answer: Yes, for example,
CoCo in Canada and the Cadbury
Commission’s model in the UK.
www.LearnCia.com
Part 2, Section A, Topic 1
Part 2 A – 17
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Name at least four specific actions every
internal auditor should be able to accomplish
regarding fraud.
Answer:
• Notice indicators of fraud.
• Design appropriate steps to address
significant risk of fraud.
• Employ audit tests to detect fraud.
• Determine if any suspected fraud merits
investigation.
www.LearnCia.com
Part 2, Section A, Topic 2
Part 2 A – 18
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
IPPF Glossary Definition of Fraud
“Any illegal act characterized by deceit,
concealment, or violation of trust. These acts
are not dependent upon the application of
threat of violence or of physical force. Frauds
are perpetrated by parties and organizations to
obtain money, property, or services; to avoid
payment or loss of services; or to secure
personal or business advantage.”
www.LearnCia.com
Part 2, Section A, Topic 2
Part 2 A – 19
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
What are some examples of the two major types of fraud
listed below?
Fraud perpetrated to the
detriment of the organization
Sample answer:
•
•
•
•
Bribes and kickbacks
Diverting profitable transactions
Embezzlement
Intentional concealment of
events, etc.
• Submitting claims for goods or
services not provided
www.LearnCia.com
Fraud perpetrated on behalf of
the organization
Sample answer:
• Improper payments to
government officials
• Intentional, improper
valuations
• Intentional, improper
transfer pricing
• Sale or assignment of
fictitious assets
Part 2, Section A, Topic 2
Part 2 A – 20
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
What are some examples of red flags
indicating the potential for fraud?
Sample answer: Loose internal controls,
poor management philosophy, poor
financial position, low employee morale,
confusion about ethics, lack of
background checks in hiring, lack of
employee support programs.
www.LearnCia.com
Part 2, Section A, Topic 2
Part 2 A – 21
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
What three conditions suggest the
possibility of fraud?
Answer:
• Opportunity (e.g., poor control design)
• Motive (e.g., desire for power, greed,
pressure)
• Rationalization (“I’m entitled.”)
www.LearnCia.com
Part 2, Section A, Topic 2
Part 2 A – 22
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Design Appropriate Engagement Steps
What would tempt
employees here?
How about
managers?
www.LearnCia.com
What controls
pass a costbenefit
analysis?
Part 2, Section A, Topic 2
What are the
e-commerce
implications?
Part 2 A – 23
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
The internal auditor needs authority to take necessary
engagement steps. What are some specific powers the
internal auditor should seek from management?
Sample answer: Authority to review annual
reports, audit consulting contracts, review
executive-approved transactions, have access to
the board’s actions, review transactions with
subsidiaries and associated organizations, test
documentation supporting financial reports,
monitor compliance of record-retention policies,
ask about political contributions, review expense
accounts, monitor conflicts of interest.
www.LearnCia.com
Part 2, Section A, Topic 2
Part 2 A – 24
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Analytical Tools for Fraud Tests
What’s the ratio of A to B?
(proportional analysis)
Condition
A
Does this change in a trend have a
reasonable explanation? (trend analysis)
Will computer analysis make
testing more efficient and effective?
(verifying transactions with
computers)
Outcome B
www.LearnCia.com
Part 2, Section A, Topic 2
Part 2 A – 25
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Which of the following statements best describes
continuous auditing?
A. Research to identify a root cause
B. Software that runs on an ongoing basis
C. Ratio analysis of high risks
D. Comparative transactions
Answer: B. Continuous auditing (or continuous
monitoring) uses computerized techniques to
perpetually audit the processing of business
transactions.
www.LearnCia.com
Part 2, Section A, Topic 2
Part 2 A – 26
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Name several major types of audit evidence
and give examples of each.
Sample answer:
Physical evidence (e.g., stored media, security system in
operation)
Documentary evidence (e.g., letters, e-mails, memos,
invoices)
Representations or testimonial evidence (responses to
inquiries supported by documentation)
Analytical evidence (e.g., computations, reasoning,
analytical audit tests)
www.LearnCia.com
Part 2, Section A, Topic 3
Part 2 A – 27
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Persuasive Evidence
Relevant
Reliable
Must be pertinent Must come
to audit objective from credible
and logically
source
support internal
auditor’s
conclusion or
advice
www.LearnCia.com
Sufficient
Should be enough
evidence; different
but related pieces
of evidence should
corroborate each
other
Part 2, Section A, Topic 3
Part 2 A – 28
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Match the type of legal evidence on the left with
its description on the right.
B
Secondary
A. Generally documentary
F
Corroborative
B. Copy of a document or oral evidence of contents
A
Best
D
Conclusive
H
Hearsay
G
Opinion
E
C
C. Eyewitness testimony, for example
D. Leads to only one conclusion
E. Proves an intermediate fact
F. Supplemental supporting evidence
G. Usually admissible only when
provided by experts
Circumstantial
H. Secondhand; generally ruled inadmissible in
court
Direct
www.LearnCia.com
Part 2, Section A, Topic 3
Part 2 A – 29
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Other Concerns About Evidence
Will the evidence be available when I
need it for testing?
Can I use the evidence without violating
confidentiality (Code of Ethics)?
Will I have access to the evidence
without interference?
www.LearnCia.com
Part 2, Section A, Topic 3
Part 2 A – 30
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Define sufficiency, competence (reliability),
and relevance in regard to audit evidence.
Sample answer:
Sufficient evidence—Factual, adequate, and convincing so
that a prudent, informed person would reach the same
conclusion as the auditor.
Competent (called “reliable” in Standards) evidence—
Reliable and best obtainable through the use of appropriate
techniques.
Relevant evidence—Supports engagement observations
and recommendations and is consistent with engagement
objectives.
www.LearnCia.com
Part 2, Section A, Topic 4
Part 2 A – 31
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Evidence-Gathering Techniques
What are appropriate times to use:
• Inquiry?
• Observation?
• Inspection?
• Vouching?
• Tracing?
• Re-performance?
• Analytical procedures?
• Confirmation?
www.LearnCia.com
Part 2, Section A, Topic 4
Part 2 A – 32
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Reinforcing Activity 2-1
Part 2, Section A, Topic 4
Evaluate the Relevance, Sufficiency, and
Competence of Evidence
www.LearnCia.com
Part 2, Section A, Topic 4
Part 2 A – 33
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Assumed: Variety of techniques for gathering
data; solid basis for determining conclusions.
Question: What are some conditions the internal
auditor discovers by using analytical procedures?
Sample answer:
• Unexpected differences
• Absence of expected differences
• Potential errors
• Potential irregularities or illegal acts
• Other unusual or nonrecurring transactions and
events
www.LearnCia.com
Part 2, Section A, Topic 5
Part 2 A – 34
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
The heart of analysis is comparison. What are
some types of comparisons used to analyze and
interpret audit evidence?
Sample answer:
• Comparison of current to prior period
• Comparison of current period to budget or forecast
• Comparison of financial data to nonfinancial data
• Study of relationships among elements of information (e.g.,
interest expense to debt balance)
• Comparison of one organizational unit’s performance to
another unit’s
• Comparison of organization to industry benchmark
www.LearnCia.com
Part 2, Section A, Topic 5
Part 2 A – 35
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Define and provide examples of two types of
ratio analysis.
Sample answer: Two commonly used types of
ratio analysis are 1) common-size statements,
with all statement items formulated as ratios with
a common denominator, and 2) financial ratios
used to evaluate organizational structure and
performance (debt/equity, price/earnings, etc.).
www.LearnCia.com
Part 2, Section A, Topic 5
Part 2 A – 36
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Provide a definition and some examples of
trend analysis.
Sample answer: Trend analysis traces
relationships over time and is the analytical
technique most commonly used by internal
auditors. Some trends analyzed include
revenues, expenses, same-store sales,
store openings; trends in ratios are also
subject to analysis.
www.LearnCia.com
Part 2, Section A, Topic 5
Part 2 A – 37
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Give a brief definition of regression analysis.
Sample answer:
Statistical technique
used to measure the
amount of change in
one value caused by
change in another.
70,000
60,000
Sales 50,000
Revenues
40,000
(USD)
30,000
20,000
10,000
0
20
40
60
80
100 120 140
Marketing
Expenditures (USD)
www.LearnCia.com
Part 2, Section A, Topic 5
Part 2 A – 38
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
What are some common types of analytical
comparisons?
Sample answer:
Period-to-period comparisons of performance—
quarter to quarter, etc.
Comparisons of actual revenues, profits, etc.
to budgets and forecasts
Comparisons with other causal factors such as
benchmarks or best practices
www.LearnCia.com
Part 2, Section A, Topic 5
Part 2 A – 39
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Other Analytical Considerations
•
•
•
•
•
Significance of the area under examination
Degree of risk in the area under examination
Availability and reliability of information
Prediction of analytical results
Availability and comparability of information
regarding the industry in which the
organization operates
• Extent to which engagement procedures
support results
www.LearnCia.com
Part 2, Section A, Topic 5
Part 2 A – 40
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Standard 2330
“Internal auditors must document relevant
information to support the conclusions and
engagement results.”
2330.A1—CAE controls access to engagement records and
obtains approval of senior management and/or legal
counsel prior to releasing records.
2330.A2—CAE must develop retention requirements
consistent with organization and regulatory requirements.
2330.C1—CAE must develop policies for retention and
release of records (internal and external).
www.LearnCia.com
Part 2, Section A, Topic 6
Part 2 A – 41
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
What are the purposes of working papers?
Support engagement
communications.
Aid engagement planning,
performance, and review.
Document achievement
of engagement
objectives.
www.LearnCia.com
Facilitate third-party
reviews.
Provide basis for quality
assurance and
improvement program.
Demonstrate compliance
with Standards.
Part 2, Section A, Topic 6
Part 2 A – 42
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Documenting the Engagement (PA 2330-1)
Working papers
document all
aspects of the
engagement
process from
planning to
communicating
results.
The organization,
design, and content of
engagement working
papers depend on the
engagement’s nature
and objectives and the
organization’s needs.
Internal audit activity determines the media used.
www.LearnCia.com
Part 2, Section A, Topic 6
Part 2 A – 43
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Necessary Working Paper Contents
• Should contain all the work
done during the engagement
• Should document the audit’s
objectives and methods so
thoroughly that a new auditor,
added to the project at any
point, could fully comprehend
the engagement from the
working papers and bring the
audit to a successful
conclusion
www.LearnCia.com
Part 2, Section A, Topic 6
Part 2 A – 44
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Working Paper Format
Engagement identification;
description of contents or purpose
Signature or initials of IA
performer and date
Index or reference number of the
working paper
Explanation of verification (tick
marks, etc.)
Clear identification of data
sources
Summaries
www.LearnCia.com
Part 2, Section A, Topic 6
Part 2 A – 45
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Who is responsible for control of working
papers, and why is control a significant
concern?
Answer: CAE is responsible for
retention policies (2330.A1).
Issues: Crucial to engagement success
or survival and may contain
confidential information.
www.LearnCia.com
Part 2, Section A, Topic 6
Part 2 A – 46
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Engagement Supervision
Span of CAE Engagement
Supervisory Responsibility
Assures that engagement has been carried out
according to high quality standards, objectives
achieved, staff evaluated for professional
development.
www.LearnCia.com
Part 2, Section A, Topic 7
Part 2 A – 47
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Elements of Proper Engagement Supervision
• Trained auditor—knowledge,
skills, and competencies to
perform.
• Proper instructions during the
planning and approval of
engagement program.
• Program is completed and
modified using accepted
practices.
• Communications are
accurate, objective, clear,
concise, constructive, and
timely.
• Engagement objectives are
met.
• Opportunities for developing
auditors’ knowledge, skills,
and competence.
• Working papers support
observations, conclusions,
and recommendations.
www.LearnCia.com
Part 2, Section A, Topic 7
Part 2 A – 48
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
What are some reasons for filing an
interim report?
Sample answer: To alert management
to information too important to put on
hold, including information that
requires immediate attention, a
change in scope, and strong
suspicion of fraud. (See PA 2410-1.)
www.LearnCia.com
Part 2, Section A, Topic 8
Part 2 A – 49
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Findings should be based on solid facts. What
are the five parts of a finding?
Internal Audit Finding
www.LearnCia.com
Part 2, Section A, Topic 9
Facts
Recommendation
Facts
Effect
Facts
Cause
Facts
Condition
Facts
Criteria
Facts
Answer:
Part 2 A – 50
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Recommendation Considerations
The course of action that is most practical and
economical in correction of the disparity
The objectives that should be kept in mind when
recommending corrective action
The considerations for management in setting
forth an improved course of action
The open choices and how they measure up when
compared with the objectives
The best choice with the least unsatisfactory side
effects
The mechanism that should be suggested to
control the corrective action after it is taken
www.LearnCia.com
Part 2, Section A, Topic 9
Part 2 A – 51
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
The Nature of Audit Opinions (PA 2410-1)
Your program
objectives do/do not
conform to
organizational
objectives.
www.LearnCia.com
Your organizational
objectives are/are
not being met.
Part 2, Section A, Topic 9
The activity
reviewed in this
internal audit is/is
not functioning as
intended.
Part 2 A – 52
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Reinforcing Activity 2-2
Part 2, Section A, Topic 9
Draw Conclusions
www.LearnCia.com
Part 2, Section A, Topic 9
Part 2 A – 53
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Recommendation Do’s & Don’ts
Do
Incorporate audit conclusions and
opinions.
Don’t
Tell management how to
manage.
Do Call for action.
Do
Suggest options to achieve
desired results.
Do
Make either general or specific
suggestions.
Do Consult with management.
Do
Obtain agreement on results and
action plan to improve operations.
Do Document disagreement.
www.LearnCia.com
Part 2, Section A, Topic 10
Part 2 A – 54
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
SMART Model for Composing
Recommendations
S
Specific
M
Measureable
A
Action-oriented
R
Relevant
T
Time-based
www.LearnCia.com
Part 2, Section A, Topic 10
Part 2 A – 55
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Reinforcing Activity 2-3
Part 2, Section A, Topic 10
Develop Recommendations When Appropriate
www.LearnCia.com
Part 2, Section A, Topic 10
Part 2 A – 56
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
The Engagement’s Finale
Rough
draft
Exit conference
Discuss conclusions and
recommendations.
Final
report
Resolve misunderstandings
or misinterpretations.
Agree on possible solutions
to identified problems.
Express appreciation to client
for cooperation in the audit.
www.LearnCia.com
Part 2, Section A, Topic 11
Part 2 A – 57
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Exit Conference Best Practices
Ensure the right people attend.
Provide the necessary documents in advance.
Set the agenda and manage the meeting.
Explore and resolve as many issues as possible.
Provide clear messages, even about difficult
issues.
Thank the audit customer for cooperation.
Hold a post-meeting debriefing with the audit
team.
www.LearnCia.com
Part 2, Section A, Topic 11
Part 2 A – 58
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
According to PA 2440-1, you should obtain
management response before issuing final
communications. What are some reasons for
doing so?
Sample answer: Improves chances of
serious discussion, resolving
misunderstandings, and ultimately
gaining positive action on
recommendations.
www.LearnCia.com
Part 2, Section A, Topic 11
Part 2 A – 59
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
What are some suggestions for making
delivery of the final report successful?
Sample answer:
• Assume partnership with the client.
• Move from general to specific.
• Start and end on a positive note.
• Present opportunities—but be realistic.
• Emphasize the “effects” aspect of findings.
www.LearnCia.com
Part 2, Section A, Topic 11
Part 2 A – 60
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Final Report Format (PA 2410-1)
Engagement purpose
Engagement scope
Results
Background
Summaries
Client accomplishments
Client views
www.LearnCia.com
Part 2, Section A, Topic 11
Part 2 A – 61
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Who should approve the final report and to
whom should it be distributed?
Answer:
• CAE should approve and sign report and be
responsible for distribution.
• Recipients should include those who can
take corrective action. Higher-ups may
receive summaries, and communications
can go to external auditors, the board, and
appropriate others.
www.LearnCia.com
Part 2, Section A, Topic 11
Part 2 A – 62
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
What are some questions the internal auditor
should ask the engagement client?
Sample answer:
•
•
•
•
•
•
•
•
•
Were your expectations positive or negative?
Did we confirm, exceed, or fail to meet expectations?
Was the audit conducted professionally?
Was the audit disruptive? Did we honor your schedule requests?
Was the audit performed in a timely manner?
Did your staff and management have good relations with audit staff?
Did you request assistance? Was it provided?
Did the audit findings help you improve in desired areas?
How could we improve our engagement performance?
www.LearnCia.com
Part 2, Section A, Topic 12
Part 2 A – 63
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Dual Track for Performance Appraisals
(Standard 1300—Quality Assurance)
Annual performance
appraisal (CAE)
Annual performance
appraisal (CAE)
Post-audit appraisal
(auditor-in-charge)
Post-audit appraisal
(auditor-in-charge)
Post-audit appraisal
(auditor-in-charge)
www.LearnCia.com
Part 2, Section A, Topic 13
Part 2 A – 64
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Internal Audit Designated Competencies
Interpersonal skills
Tools and techniques
Competency
Categories
Internal audit
standards, theory,
and methodology
www.LearnCia.com
Knowledge areas
Part 2, Section A, Topic 13
Part 2 A – 65
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
What are some strong and weak points of postengagement performance reviews?
Sample answer:
Strong
Immediate, based
on fresh
impressions
www.LearnCia.com
Weak
Wide variation
for different
audits, different
reviewers
Part 2, Section A, Topic 13
Part 2 A – 66
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
What are some issues that should be discussed
in the post-engagement performance review?
Sample answer:
• Quantity of work
• Quality of work:
— Accurate computations
— Appropriate tests
— Thorough fieldwork
— Useful final working
papers
— Written and oral
presentations
www.LearnCia.com
•
•
•
•
Grasp of procedures
People skills
Technical skills
Business knowledge
Part 2, Section A, Topic 13
Part 2 A – 67
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Face-to-Face Meeting Guidelines
Schedule in Begin with
advance.
an outline.
“How’s
Thursday at
4:00 p.m.?”
www.LearnCia.com
“You did a very
professional
job, for the
most part…”
Ask for selfassessment.
Give honest
appraisal.
End with a
summary.
“What do you
think were your
strong points
and what are
your areas for
development?”
“Can we talk
about a few
more effective
techniques
you can use in
the future?”
“Let’s review
main points and
commitments for
development.”
Part 2, Section A, Topic 13
Part 2 A – 68
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
End of Section A
Questions?
www.LearnCia.com
Part 2, Section A
Part 2 A – 69
V3.0
Related documents
We would like to announce to you a number of upcoming changes to
We would like to announce to you a number of upcoming changes to
CIA Review Program Student Expectations
CIA Review Program Student Expectations
Comprehensive Impact Assessment (CIA)
Comprehensive Impact Assessment (CIA)
TECHNICAL MESSAGES OF THE IIA – UK AND IRELAND
TECHNICAL MESSAGES OF THE IIA – UK AND IRELAND
INSTITUTE OF INTERNAL AUDITORS - UK & IRELAND
INSTITUTE OF INTERNAL AUDITORS - UK & IRELAND
Research Methods
Research Methods
Download
advertisement