Purpose:

Internal auditing is an independent appraisal

function established within an organization to

examine and evaluate its activities as a service

the organization.

The objective of internal auditing is to assist
members of the organization in the effective
discharge of their responsibilities.
The audit objective includes promoting control
reasonable cost.

to


at

a

3
The Audit Process Model

INPUTS PROCESSES OUTPUTS OUTCOMES
Software and
Organization
in
their
Effective use of
4

Reputation
for Integrity
and Fairness

Promote the
Internal Control

Time and
Money

Supporting the
the Discharge of
Responsibilities

Computers,
IIA Standards

Analyses,
Appraisals,
Recommendations
, Counsel and
Information

Internal Audit
Practices
and
Procedures

Internal
Audit
Knowledge
and Skills
IIA Statement of Responsibilities

Scope:
The scope of internal auditing should encompass

the examination of the adequacy and effectiveness

of the organizations system of internal control

and the quality of performance in carrying out

assigned responsibilities.

Assessment (adequacy and effectiveness).
Enhancement (measuring performance quality
improvement).


5
The Nature of Business

Risk is a concept used by
auditors and managers
to express concerns about
the probable effects of an
Risk

uncertain

environment.

6
Control and

Control mitigates
Risk

risk:
Preventive
Control
Feedback Loop
INPUT ? OUTPUT
Compare to
Standard
Criteria
Detective Control Feedback Loop
INPUT ? OUTPUT
Compare to
Standard Criteria
7

PROCESS

PROCESS
Phase I:
Internal Audit

Framework

Planning
Planning the Audit
Performing

Phase II:
Reporting

Performing the Audit
Phase III:
Documenting the Audit
8

DRAFT AUDIT
REPORT

DISCUSS
CONCLUSIONS

FIELDWORK
(TESTING)

DEVELOP AUDIT
PROGRAM

RISK
ASSESSMENT

PRELIMINARY
SURVEY

RESEARCH
AUDIT
ASSIGNMENT
AND OBJECTIVE
Establishing Audit Objective

and Scope

Ensure a positive link between the audit objective

and the entitys goals.
Ensure the audit program will produce the
evidence as required.

Ensure that each test will provide

the

evidence

required

by the audit program.

Linking the Audit
to the Business Plan
Audit Unit Entity
Objective Goals Purpose
Serving
Customer
9
Needs
Planning the

Audit





Research

Risk Assessment
Audit Strategy
Preliminary Survey
Policies and
Procedures
Inputs and Outputs
Control Steps
People
10
Planning Step #1

Perform Research on Area under Audit
Research is important for understanding, but

must be able to recognize when enough is

enough

we

Research tells us define the historical issues, current

issues, marketing issues, pervasive risks, personnel

issues, and future issues.

11
Planning Step #2

Prepare Your Hypothesis
1.

The activity is operating normally

What is = What should Be
2.

The activity is not operating as it

some significant way

What is does not = What should be
Some value in between
There are minor differences between
What is and What should be
should

in

3.

12
Planning Step #3

1.

2.
To executive management

Include the name of the audit effort
initiation date
and

the

3.

Request

the

name

of

a

contact

person

13
Designing Audit Tests

Evidence is created from tests or questions.
The creation of the right test or question to ask is a
process of working backwards from the audit objective.
A Logical Sequence: From Tests to Objective
Objective
14

Audit

Hypothesis:
What do you
want to prove?

Evidence:
What proves the
hypothesis?

Tests:
What creates the
evidence (y/n)?
Documenting the Audit

Automated Work Papers provide



A framework to guide the audit process.

Support for the conclusions reached by the audit.

A record of the

to standards.
audit

process

and

its

conformance

15
Work Papers

Good Practices

Use electronic templates to capture

data:

*

*
*
*
*
Background & Scope

Risk
Control
Test
Audit Point Sheet
Document

Structure your work paper documents

you would the final audit report.
as carefully as

16
A

1.
2.
3.
Framework for the Audit

Audit Strategy/ Audit Scope & Objective.
Creation of Risk Based Work Papers
Collection of basic reference materials
charts, etc.)
Determination of tests needed
Sample Design
Preparation of meeting agendas
(f low
4.
5.
6.
7.
8.
9.
Follow-up on information gleaned/re-direction
Documentation of test results and conclusions.
Creation of Audit Point Sheets.
10. Audit Report
17
Writing Up Conclusions

Best practices include:



Test description or question.

Results (clearly stated).
Conclusion

reached

as

a

result

of

that

test.

18
Best Practices (cont)

Discussion of the conclusion with management.

To avoid misunderstandings.
To give management a heads-up about issues.
To encourage corrective action as soon as possible.
Cross-reference the audit point sheets to the

conclusions in the audit work papers (and

back-

reference

the

conclusions

to

the

report).

19
Summarizing and Evaluating

Results

The

audit process creates evidence.

The Logical Results: From Tests to Findings


Evidence is summarized into conclusions.

Evidence (facts) + Context (impact) = Finding
20

FINDING

Conclusion: Puts
the facts in
context (impact).

Evidence:
Provides factual
information.

Test:
Creates the
evidence.
The Audit Point Sheet

Ensures all aspects of problems (findings)

captured.

are

Useful as ready documentation.

Serves as a basis for
discussion.
Aids the summarization
and report
writing.
21
Writing Effective Audit

Reports

Reports are important because they:
Provide documented communication

assurance to senior management.

Provide operating management with
and


assessments of operations and corrective action.

Provide the auditor with records for follow-up
of audit results.
Provide the audit group with marketing
opportunities to demonstrate added value.



22
Following Up Corrective Actions

The control aspect of auditing is not
complete until corrective action is taken

the risk formally assumed by senior

management).

Effective statements of corrective action include:
(or




The

The
The
specific steps to be taken,

completion date and
person responsible for completion.
23
Audit Interaction with

Auditee

Competition Cooperation Collaboration
Auditor Manager Auditor Manager Audit Team
Auditor Manager
Internal Audit Internal Audit Internal Audit
24
Building Trust with Auditee

The slow way- Making and keeping

commitments
The faster way

Collaboration.
25