Internal Auditing: Assurance & Advisory Services
4th edition
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Conducting the Assurance Engagement
Chapter 13
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 13: Conducting the Assurance Engagement
Learning objectives
Describe how the purpose of an assurance engagement impacts the audit objectives.
Determine engagement objectives and scope statements.
Describe different types and sources of information that will help the internal auditor understand the process of conducting an assurance engagement.
Document simple process flows, showing key process steps, interfaces, and departments involved.
Perform a process-level risk assessment.
Distinguish key controls from controls not considered key.
Describe how to evaluate the design adequacy of process-level controls.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 13: Conducting the Assurance Engagement
Learning objectives (cont.)
Design different types of testing approaches, depending on the design of the process and engagement objectives.
Develop a general work program to guide the engagement process.
Describe the resource considerations that must be evaluated when determining how to staff and schedule an engagement.
Conduct and document certain types of tests to gather evidence.
Evaluate evidence from assurance procedures to reach conclusions based on the results of testing.
Develop observations and formulate recommendations.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Standards Related to Assurance Engagements
Chapter 13: Conducting the Assurance Engagement
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 13: Conducting the Assurance Engagement
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Reasons for Conducting the Engagement
Identified in the annual audit plan
Part of annual review and compliance, such as the Sarbanes-Oxley Act
A recent event (disaster, fraud, bankruptcy, or other event) that needs a post mortem
Significant changes in business or industry
Chapter 13: Conducting the Assurance Engagement
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Engagements Objectives and Scope
Engagement objectives – what internal auditors intend to achieve through the audit
Engagement scope – what is and is not included in an engagement
Boundaries of the process
In-scope vs. out-of-scope locations
Subprocesses
Components
Time frame
Chapter 13: Conducting the Assurance Engagement
Information to be Gathered
Policies and procedures
Organization charts
Process maps
Key tasks and responsibilities
Individual questions
What do you do?
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Add exhibit 1-2
8
Potential Outcomes from Testing
Financial statement errors or misclassifications within financial accounts, balances, or disclosures.
Control deficiencies indicating specific controls that are not achieving the desired effect, that is, mitigating the corresponding risks to the desired level.
Shortfalls in objective achievement due to control deficiencies or inadequate performance.
Inefficiencies due to resources not being deployed in an optimal manner.
Out-of-compliance situations when laws, regulations, or policies are not complied with consistently.
Chapter 13: Conducting the Assurance Engagement
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Add exhibit 1-2
9
Documenting the Process Flow
Process maps - depict the broad inputs, activities, workflows, and interactions with other processes and outputs
Flowcharts – include additional information, frequently depicting computer systems and applications, document flows, detailed risks and controls, manual versus automated steps, elapsed time for steps in the process, owners of key steps, and any additional information needed to help the reviewer understand the process and its flow
Narrative memoranda – provide information about the process flow using only written words
Chapter 13: Conducting the Assurance Engagement
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Key Performance Indicators
Relevant
Measurable
Available
Aligned with key objectives
Articulated
Chapter 13: Conducting the Assurance Engagement
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Add exhibit 1-2
11
Chapter 13: Conducting the Assurance Engagement
Identify and Assess risks
Identify process-level risk scenarios
Define process-level risks
Evaluate impact and likelihood of risks
Understand management’s risk tolerance
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Add exhibit 1-2
12
Identify Key Controls
Approving
Calculating
Documenting
Examining
Matching
Monitoring
Restricting
Segregating
Supervising
Chapter 13: Conducting the Assurance Engagement
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Add exhibit 1-2
13
Chapter 13: Conducting the Assurance Engagement
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 13: Conducting the Assurance Engagement
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Allocate Resources
Budgeting
Hours needed to complete the engagement
Other costs
Allocating human resources
Scheduling
Availability of key personnel
Availability of engagement resources
Availability of outside resources
Availability of key reviewers
Chapter 13: Conducting the Assurance Engagement
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Add exhibit 1-2
16
Chapter 13: Conducting the Assurance Engagement
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Evaluate Evidence and Reach Conclusions
Are the key controls designed adequately?
Are the key controls operating effectively, that is, as they are designed to operate?
Are the underlying risks being mitigated to an acceptable level?
Overall, do the design and operation of the key controls support achievement of the objectives for the process or area under review?
Chapter 13: Conducting the Assurance Engagement
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Add exhibit 1-2
18
Chapter 13: Conducting the Assurance Engagement
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Chapter 13: Conducting the Assurance Engagement
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Summary
There are different reasons for conducting assurance engagements
Engagements must define objectives and scope
Information is gathered and the process documented
Risk are identified and assessed
Key controls are identified
Resources are allocated, testing is completed, evidence is evaluated, and conclusions reached
All steps are documented in a risk and control matrix
Chapter 13: Conducting the Assurance Engagement
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.
Internal Auditing: Assurance & Advisory Services, 4th Edition © 2017 by the Internal Audit Foundation.