Chapter 21 Internal, Operational, and Compliance Auditing McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Post on 16-Dec-2015
241 Views
Preview:
Transcript
Chapter 21
Internal, Operational, and Compliance Auditing
McGraw-Hill/Irwin Copyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Internal AuditingInternal Auditing
Institute of Internal Auditors (IIA) Purpose of internal auditing:
An independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Assist member of organization in performing their responsibilities by furnishing them analyses, appraisals, recommendations and counsel
Part of organization’s internal control High level control that measures and evaluates effectiveness of other
controls
21-2
Certified Internal AuditorCertified Internal Auditor
Awarded by IIA Certification requirements
Bachelor’s degree Pass two-day examination consists of:
• Internal audit process• Internal audit skills• Management control and information technology• Audit environment
Two years work experience in internal auditing or advanced degree with one year
21-3
Major Developments Affecting the Internal Major Developments Affecting the Internal Auditing ProfessionAuditing Profession
Need for additional assurance about financial information Demand by stock exchanges and SEC for management
to assume more responsibility for financial information Need for assurance about the reliability of operational
reports Demand for solutions to operational problems Passage of the Foreign Corrupt Practices Act of 1977 Report of the National Commission on Fraudulent
Financial Reporting Report of the Blue Ribbon Committee on Audit
Effectiveness (1998) Passage of the Sarbanes-Oxley Act of 2002
21-4
Knowledge and Skills Needed by Knowledge and Skills Needed by Internal AuditorsInternal Auditors
Accounting Auditing Information Systems Economics Law Finance Statistics Taxation
Sarbanes-Oxley ComplianceSarbanes-Oxley Compliance
Skills and experience make internal auditors valuable to compliance effort
Involvement Document and test controls to support management’s
assertion Role can be significant but it is management’s
responsibility to ensure organizational compliance Role should not impair objectivity External auditors can rely on work of internal auditors
to fulfill responsibilities
21-6
Professional Standards of Internal Auditors—Professional Standards of Internal Auditors—Attribute Standards Attribute Standards (1 of 6)(1 of 6)
Purpose, Authority, and Responsibility• Recognition of the definition of internal auditing, the Code
of Ethics, and the Standards in the Internal Audit Charter Independence and Objectivity
• Organizational independence• Direct interaction with the board• Individual objectivity• Impairments to independence and objectivity
Proficiency and Due Professional Care• Proficiency• Due professional care• Continuing Professional development
21-7
Professional Standards of Internal Auditors—Professional Standards of Internal Auditors—Attribute Standards Attribute Standards (2 of 6)(2 of 6)
Quality Assurance and Improvement Program
• Requirements of the quality assurance and improvement program
Internal assessments External assessments
• Reporting on the Quality Program• Use of “Conducted in accordance with the
Standards”• Disclosure of Noncompliance
21-8
Professional Standards of Internal Auditors—Professional Standards of Internal Auditors—Attribute Standards Attribute Standards (3 of 6)(3 of 6)
Manage the Internal Auditing Activity• Planning• Communication and approval• Resource management• Policies and procedures• Coordination• Reporting to the board and senior
management• External Service Provider and
Organizational Responsibility for Internal Auditing
21-9
Professional Standards of Internal Auditors—Professional Standards of Internal Auditors—Attribute Standards Attribute Standards (4 of 6)(4 of 6)
Nature of Work• Governance• Risk management • Control
Engagement Planning• Planning considerations• Engagement objectives• Engagement scope• Engagement resources allocation• Engagement work program
21-10
Performing the Engagement• Identifying information• Analysis and evaluation• Documenting information• Engagement supervision
Professional Standards of Internal Auditors—Professional Standards of Internal Auditors—Attribute Standards Attribute Standards (5 of 6)(5 of 6)
21-11
Communicating Results• Criteria for communicating• Quality of communications• Errors and omissions• Engagement disclosure of
noncompliance with the Standards• Disseminating results
Monitoring Progress Resolution of Senior Management’s
Acceptance of Risks
Professional Standards of Internal Auditors—Professional Standards of Internal Auditors—Attribute Standards Attribute Standards (6 of 6(6 of 6))
21-12
Operational AuditsOperational Audits
Focus on the efficiency, effectiveness, and economy of an organization or sub-unit.
Comprehensive examination the organization’s systems, controls and performance in areas such as:
Purchasing Data processing Receiving Shipping Office services Advertising Engineering
21-13
Compliance AuditingCompliance Auditing
Testing and reporting on whether an organization has complied with the requirements of various laws, regulations and agreements
SSAE No. 10 provides guidance for examination or agreed-upon procedures but prohibits reviews.
21-15
Attesting to Compliance with Laws and Attesting to Compliance with Laws and RegulationsRegulations
Applying Agreed-Upon Procedures to Specified Requirements
Applying Agreed-Upon Procedures to the Effectiveness of Internal Controls
Performing Examinations
21-16
Compliance reportCompliance report
Examination report modified when:1. Material noncompliance with specified
requirements.
2. Scope restriction.
3. Involvement of another CPA firm in the examination.
21-17
Auditing and Reporting on Compliance Auditing and Reporting on Compliance with Laws and Regulationswith Laws and Regulations
21-18
Audits in Accordance with Audits in Accordance with GAAS GAAS (1 of 2)(1 of 2)
Design audits to obtain reasonable assurance of detecting material misstatements resulting from violations of laws and regulations with a direct and material effect on line-item amounts in the financial statements
Laws and regulations often dictate way funds are spent
Financial assistance subject to compliance provisions
21-19
Audits in Accordance with Audits in Accordance with GAAS GAAS (2 of 2)(2 of 2)
Identify laws and regulations(1) discussing laws and regulations with management,
program and grant administrators, and government auditors;
(2) reviewing state and federal compliance requirement documents;
(3) reviewing relevant grant and loan agreements; and
(4) reviewing minutes of the legislative body of the governmental organization.
Also obtain written representations from management about completeness of laws and regulations
21-20
Audits in Accordance with Government Audits in Accordance with Government Auditing Standards (GAGAS)Auditing Standards (GAGAS)
GAO issues Generally Accepted Government Auditing Standards (GAGAS) Use in auditing federal entities and
organizations that received federal financial assistance
Included in publication entitled Government Auditing Standards (Yellow Book)
Standards apply only when required by law, regulation or agreement
21-21
Additional requirements Ethics Audit communications Considering the results of previous audits Noncompliance with provisions of contracts
and grant agreements Audit documentation Reporting
Additional Requirements for GAGAS Additional Requirements for GAGAS AuditsAudits
21-22
Ethics for GAGAS AuditsEthics for GAGAS Audits
1. The public interest—Observing integrity, objectivity, and independence in performing professional services assists the auditors in serving the public interest.
2. Integrity—Public confidence in government is maintained by auditors’ performing professional services with integrity.
3. Objectivity—Objectivity includes being independent in fact and appearance when providing audit and attest services, maintaining an attitude of impartiality, being intellectually honest, and being free from conflicts of interest. Similar to AICPA the Yellow Book contains a conceptual framework for independence.
4. Proper use of government information, resources, and position—These items should be used for official purposes and not for the auditors’ personal gain or otherwise inappropriately.
5. Professional behavior—Auditors should comply with laws and regulations and avoid any conduct that might bring discredit to the auditors’ work.
21-23
Audit Documentation for GAGAS AuditsAudit Documentation for GAGAS Audits
Additional requirements beyond GAAS Before the report is issued, evidence of supervisory
review of the work performed that supports findings, conclusions, and recommendations contained in the audit report.
Any departures from Generally Accepted Government Auditing Standards and the impact on the audit or the auditors’ conclusions.
21-24
Reporting for GAGAS AuditsReporting for GAGAS Audits
Independent auditor’s report on financial statements
Written report on compliance with laws and regulations and on internal control Describes scope of tests and present findings
Separate reports are allowed but reference to other report must be made in final paragraph
21-25
Single Audit Act (1 of 3)Single Audit Act (1 of 3)
Every gov’t dept. used to do its own separate audit (HUD, Interior, FDIC, etc) and gov’t units were being subjected to multiple audits every few weeks; thus, someone got the idea of combining the audits into one.
Statutory requirement to test controls over compliance and actual compliance with program requirements
OMB Circular A-133 provides specific guidance on compliance issues. This guidance was issued in part because of the scandal at Stanford and other research universities who used gov’t funds to pad their expenses by charging exaggerated overhead rates
Applies to states, local governments and nonprofit organizations that expend $500,000 or more within a fiscal year in federal financial assistance
Single Audit Act (2 of 3)Single Audit Act (2 of 3)
A recipient is any organization receiving funding directly from the federal gov’t. A sub-recipient would be an organization who receives funds from a recipient.
Example: US Dept of Education sends funds to WA State Dept. of Education (recipient) which then passes funds on the Walla Walla School District (sub-recipient)
Example: WWU receives federal funds to do a research project at Rosario Marine Station, which hires Jacques Cousteau’s boat to do research for it.
BOTH recipients and sub-recipients must be audited to ensure compliance with regulations
Single Audit Act (3 of 3) Single Audit Act (3 of 3)
Requirements include determining and reporting on:
(1) the financial statements are presented fairly in all material respects in accordance with generally accepted accounting principles,
(2) the schedule of expenditures of federal awards is fairly presented in all material respects in relation to the financial statements taken as a whole, and
(3) the entity complied with the provisions
of laws, regulations, and contracts or grants that may have a direct and material effect on each major federal financial assistance program.
Major ProgramsMajor Programs
Major federal financial assistance programs Those programs to which the auditor must
apply procedures to test for compliance and test the effectiveness of controls
Determined by risk-based approach• Amount of program’s expenditures• Risk of material noncompliance• Auditor must test programs that in aggregate equal
50% of total federal expenditures
21-29
Designing Compliance ProceduresDesigning Compliance Procedures
Concerned with compliance with laws and regulations that could have direct and material effect on each major federal financial assistance program
Assess inherent risk and control risk, then design substantive procedures using OMB Circular A-133 compliance supplement Specifies compliance requirements and
provides suggested audit procedures
21-30
Specific Requirements Specific Requirements (1 of 3)(1 of 3)
1. Activities allowed or not allowed. Determine that the organization complies with the specific requirements regarding the activities allowed or not allowed by the program.
2. Allowable costs/cost principles. Determine that the organization complies with federal cost accounting policies applicable to the program.
3. Cash management. Determine that the recipient/sub-recipient followed procedures to minimize the time elapsing between the transfer of funds from the U.S. Treasury, or pass-through entity, and their disbursement.
4. Davis-Bacon Act. Determine that wages paid are not less than those established for the locality of the project (prevailing wage rates) by the Department of Labor.
5. Eligibility. Determine that individuals or groups of individuals that are being provided goods or services under a program are eligible for participation in and for the levels of assistance received under that program.
21-31
Specific Requirements Specific Requirements (2 of 3)(2 of 3)
6. Equipment and real property management. Determine that the organization safeguards and maintains equipment purchased with federal assistance and uses the equipment for appropriate purposes.
7. Matching, level of effort, earmarking. Determine that the organization contributes the appropriate amount of its own resources to the program.
8. Period of availability of federal funds. Determine that federal funds were spent or obligated within the period of availability.
9. Procurement and suspension and debarment. Determine that the organization uses appropriate policies for purchases with federal funds, and that the organization does not contract with vendors that are suspended or debarred
10. Program income. Determine whether program income is correctly recorded and used in accordance with the program requirements.
11. Real property acquisition and relocation assistance. Determine that the organization complied with property acquisition, appraisal, negotiation, and residential relocation requirements.
21-32
Specific Requirements Specific Requirements (3 of 3)(3 of 3)
12. Reporting. Determine that the organization has complied with prescribed reporting requirements.
13. Sub-recipient monitoring. Determine whether recipients monitor the compliance of sub-recipients.
14. Special tests and provisions. Determine that the organization complies with other significant specific requirements that apply to the program.
21-33
Evaluate ResultsEvaluate Results
Consider Frequency of noncompliance Whether it results in material amount of questioned
costs - expenditure that the auditor questions on the grounds that it does not meet the criteria for allow ability, program eligibility, or other requirements or is not adequately supported with documentation
Consider actual amounts and projected amounts from samples
Must report all questioned costs that exceed $10,000
21-34
ReportReport
• Whether the schedule of expenditures of federal awards is fairly presented in all material respects in relation to the financial statements taken as a whole.
• Whether the entity complied with the provisions of laws, regulations, and contracts or grants that may have a direct and material effect on each major federal financial assistance program.
• The work performed on internal control relating to major federal financial assistance programs.
21-35
top related