Академический Документы
Профессиональный Документы
Культура Документы
Governance: Board -- Top Mngt (C-Level roles) -- Middle Mngt -- Process Owners
Board - setting the tone, strategic planning
Risk-Management: To identify, assess, manage and control potential events or
situations to provide reasonable assurance.
Everyone is responsible for risk management
Control: Process effected by an entity's board to provide reasonable assurance
4 Principles:
Objectivity: Not unduly influence by self interest
Integrity: Establish trust
Competence: Continuous improvement
Confidentiality: Respect the owner of information
1. Demonstrate integrity
2. Demonstrate competence and due prof care
3. Obejctve and free from undue influence
4. Aligns wit strategy
5. Appropriately positiones
6. Demonstrate quality and continuous improvement
7. Communicates effectively
8. Provide risk-based assurance
9. Insightful, proactive, and future-focused
10. Promote organizational improvement ( even if nothing's wrong, improve/
recomment more effective or efficient process)
3 LINES OF DEFENSE
-----------------------------------------------------------------------------------
-
IA FUNCTION
Pros:
1. Flexibility
2. Provide access to leading edge tools and methodologies
Cons:
1. It may prove to be costly and time-consuming if the board decides to bring the
outsourced internal audit function back in house.
2. Significant information needed may be restricted to the outsourced IA provided.
-----------------------------------------------------------------------------------
---
IA AND ITS KEY STAKEHOLDERS
IA FUNCTION
1. BOD
2. Aud. Com.
3. Senior mngt
4. Process Owners
5. Statutory Auditors
-----------------------------------------------------------------------------------
---
IA Process
Planning
a. Preliminary Survey
b. Preparation of audit planning memo (defines and authorize the audit engagement)
c. Basic Audit coverage
d. Preparation of kick off materials
e. Arrange kick off meeting date and time
f. Preparation of Introduction letter
g. Kick off meeting with client management
h. Adjustment of audit plan (Based on clients input, Familliarization with clients
processess)
Fieldwork
a. Perform TOC; Preventive, Detective, Directive
b. Perform Test of Details
c. Sampling Methodology
---increase sample when risk is high. lower sample when controls are in place,
take samples for each type of transaction
d. Customized Audit work program
e. Risk and Control Assessment
---Prioritize areas with high risk
Communication of Results
a. Preliminary Audit Discussion - with process owners
b. Plant/Region Exit meeting - with client management
c. Final Audit Discussion
d. Preparation of Audit report package
e. Audit Client survey
f. Quarterly Reporting to the Board
COMMON IA FINDINGS
1. Non-compliance with policies and procedures
2. Lack of written procedures
3. Inefficient policies and procedures
4. Insufficient documentation
5. Improper use of GL Accounts
6. Non-application or incorrect application of taxes
7. Non-availability or missing of documents
-----------------------------------------------------------------------------------
-----
Internal Controls
-----------------------------------------------------------------------------------
-----
Fraud
-----------------------------------------------------------------------------------
--------
Data Analytics
a) Risk focus
b) Performance Focus
How Analytics enhanced audit?