Internal Auditing - CH10 - Working Papers

The flashcards below were created by user acelaker on FreezingBlue Flashcards.

  1. Three ways companies use spreadsheets
    • Operational
    • Analytical
    • Financial
  2. Spreadsheet complexity
    • Low:
    • electronic logging

    • Moderate:
    • simple calculations

    • High:
    • complex, valuations, modeling
  3. Spreadsheets, what to consider?
    • Purpose
    • Complexity
    • Size
    • Number of users
  4. Errors found in spreadsheets
    • input error
    • logic error
    • other errors
  5. 5 Steps to evaluating spreadsheet controls
    • 1- Inventory 
    • 2- Evaluate use
    • 3- Determine necesary level of control
    • 4- Evaluate controls
    • 5-Develop action plan
  6. Audit working papers
    serve as the principal record of the procedures completed, evidence obtained, conclusions reached, and recommendations formulated by the internal auditors assigned to an engagement

    also serve as the primary support for the internal audit teams’ communications to the auditee, senior management, the board of directors, and other stakeholders.
  7. The quality of the internal auditors’ conclusions and advice depends
    their ability to gather and evaluate sufficient appropriate evidence upon which their conclusions and advice are based
  8. Professional Skepticism
    means that internal auditors take nothing for granted; they continuously question what they hear and see and critically asses audit evidence
  9. Reasonable Assurance
    Internal auditors are rarely, if ever, in a position to provide absolute assurance regarding the truthfulness of management’s assertions regarding the system of internal controls and performance.

    Frequently, internal auditors must rely on evidence that is persuasive rather than absolutely convincing, and audit decisions are rarely black and white.

    Internal auditors’ conclusions and advice must be formed at a reasonable cost within a reasonable length of time to add economic value.
  10. Persuasiveness of Audit Evidence
    Relevant, Reliable, Sufficent

    • nRelevant.
    • nIs the evidence pertinent to the audit objective?
    • nDoes it logically support the internal auditor’s conclusion or advise?

    • nReliable.
    • nDid the evidence come from a credible source?
    • nDid the internal auditor directly obtain the evidence?

    • nSufficient.
    • nHas the internal auditor obtained enough evidence?
    • nDo different, but related, pieces of evidence corroborate each other?
  11. Levels of Persuasiveness of Audit Evidence
    • High:
    • Documents prepared by internal auditor
    • Documents sent directly from a 3rd party to internal auditor
    • ex: process maps, ltr from outside atrny

    • Medium:
    • Documents created by 3rd party and sent to orgaination, rqstd by auditor
    • ex: vendor invoices, cancelled checks

    • Low:
    • Documents created by organization and requested from auditor
    • ex: time cards, policy statements
  12. Audit Procedures
    specific tasks performed by the internal auditor to gather the evidence required to achieve the prescribed audit objectives

    Obtain a thorough understanding of the auditee, including the auditee’s objectives, risks and controls.

    Test the design adequacy and operating effectiveness of the targeted area’s system of internal controls.

    Analyze plausible relationships among different elements of data.

    Directly test recorded financial and nonfinancial information for errors and fraud.

    Obtaining sufficient appropriate evidence to achieve the prescribed audit objectives involves determining the nature, extent, and timing of audit procedures to perform.
  13. Audit Procedures NET
    Nature of Audit Procedures
    The nature of audit procedures relates to the type of tests the internal auditor performs to achieve his or her objectives.
  14. Audit Procedures NET
    Extent of Audit Procedures
    The extent of audit procedures pertains to how much audit evidence the internal auditor must obtain to achieve his or her objectives
  15. Audit Procedures NET
    Timing of Audit Procedures
    The timing of audit procedures pertains to when the tests are conducted and the period of time covered by the tests.
  16. Manual Audit Procedures
    • inquiry
    • observation
    • inspection
    • vouching
    • tracing
    • reperformance
    • analytical procedures
    • confirmation
  17. Manual Audit Procedures
    • refers to asking questions of auditee personnel or third parties and obtaining their oral or written responses
    • Not persuasive
  18. Manual Audit Procedures
    • refers to watching people, procedures, or processes
    • More Persuasive
  19. Manual Audit Procedures
    refers to studying documents and records and physically examining tangible resources.  Inspection of documents and records provides direct evidence of their contents.
  20. Manual Audit Procedures
    • entails tracking information “backward” from one document or record to a previously prepared document or record, or to a tangible resource
  21. Manual Audit Procedures
    • entails tracking information “forward” from one document, record or tangible resource, to a subsequently prepared document or record
  22. Manual Audit Procedures
    refers to redoing controls or other procedures.
  23. Manual Audit Procedures
    Analytical Procedures
    refers to assessing information obtained during an engagement by comparing the information with expectations identified or developed by the internal auditor

    • Analysis of common-size financial statements
    • Ratio analysis
    • Trend  analysis
    • Analysis of future-oriented information
    • External benchmarking
    • Internal benchmarking
  24. Manual Audit Procedures
    refers to obtaining direct written verification of the accuracy of information from independent third parties.

  25. Manual Audit Procedures
    POSITIVE Confirmation
    ask recipients to respond regardless of whether or not they believe the information provided to them is correct.
  26. Manual Audit Procedures
    NEGATIVE Confirmation
    ask recipients to respond only when they believe the information provided to them is incorrect.
  27. Computer-assisted Audit Techniques
    Generalized audit software (GAS) is "multipurpose software that can be used for [general purposes] such as record selection, matching, recalculation and reporting."
  28. Working Papers
    For aid in planning and performing the engagement.

    Facilitate supervision of the engagement and review of the work completed.

    Indicate whether engagement objectives were achieved.

    Provide the principal support for the internal auditors' communications to the auditee, senior management, the board of directors, and appropriate third parties.

    Serve as a basis for evaluating the internal audit function's quality assurance program.

    Contribute to the professional development of the internal audit staff
  29. Planning the Audit Engagement
    Engagement time budgets and resource allocation worksheets.

    Questionnaires used to obtain information about the auditee, including its objectives, risks, controls, operating activities, etc.

    Process maps or flowcharts used to document process activities, risks, and controls.

    Charts, graphs, and diagrams, such as a risk map used to plot the impact and likelihood of business risks

    Pertinent auditee organizational information, such as organization charts, job descriptions, and operating and financial policies and procedures
  30. Performing the Audit Engagement.
    Work programs used to document the nature, extent, and timing of the specific audit procedures.

    Worksheets prepared by the internal auditor, such as a risk and control matrix used to document process-level risks, key control descriptions, the internal auditor's evaluation of control design adequacy, the tests of controls performed, and the test results.

    Other types of working papers prepared by the internal auditor that reflect work performed (for example, analytical procedures, computerized data analysis, and direct tests of transactions, events, account balances, and performance measurements).

    Evidence compiled by the auditee and tested by the internal auditor.

    Controls performed by the auditee and reperformed by the internal auditor (for example, bank reconciliations).

    Copies of source documents, such as purchase requisitions, purchase orders, receiving reports, vendor invoices, vouchers, and checks
  31. Communicating the Engagement
    Final engagement communications and management's responses.

    • In other words, working papers occur in all three phases of the engagement:
    • Plan.
    • Perform.
    • Communicate.
  32. Working papers should stand on their own merits, which means:
    Contain an appropriate index or reference number.

    Identify the engagement and describe the purpose or contents of the working paper.

    Be signed or initialed and dated by both the internal auditor who performed the work as well as the internal audit who reviewed the work.

    Clearly identify the sources of auditee data included on the working papers.

    Include clear explanations of the specific procedures performed.

    Be clearly written and easy to understand by internal auditors unfamiliar with the work performed.
  33. Working papers should contain sufficient information for
    an internal auditor, other than the one who performed the work, to be able to reperform it.

    On the other hand, working papers should not contain more information as necessary (concise).

    Working papers may be prepared in paper form, electronic form or both.
Card Set:
Internal Auditing - CH10 - Working Papers
2014-10-26 21:42:35
Internal Auditing CH10 Working Papers

Internal Auditing - CH10 - Working Papers
Show Answers: