1 / 59

Understand the Auditee

Understand the Auditee. Communicate Results. Understand the Auditee. Assess Risk. Develop Audit Plan. Execute the Audit. Co-Develop Expectations. Understand the Auditee. Understand the Auditee’s Mandate, Strategies, Operations and Environment.

adeola
Download Presentation

Understand the Auditee

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Understand the Auditee

  2. Communicate Results Understand the Auditee Assess Risk Develop Audit Plan Execute the Audit Co-Develop Expectations

  3. Understand the Auditee Understand the Auditee’s Mandate, Strategies, Operations andEnvironment Understand the Financial andOperating Processes and Performance Assess Control Environment Understand the Relevant Operational Processes

  4.  Key activities: • Understand the Auditee’s Mandate, Strategies, Operations, and Environment • Understand the Financial and Operational Performances • Assess Control Environment • 4. Understand the Relevant Operational Processes

  5. Understand the Auditee’s Mandate, Strategies, Operations and Environment Understand the Auditee’s Mandate, Strategies, Operations andEnvironment I. Review Auditee-Generated Documents Auditee-generated documentation will provide insight into the Auditee’s mandate or objectives, strategies, processes, and risks. Potential audit areas can be identified by reviewing the organization chart, major operational processes, operational plans, financial statement captions and interviewing management personnel

  6. I. Review Auditee-Generated Documents (continued) Information Technology In reviewing Auditee-generated documentation and discussing with the Head of the Auditee, determine if information systems are critical to the Auditee in attaining its operating objectives. If computerized systems are an integral part of the Auditee, and are required for the critical processes, the risks inherent in information systems need to be addressed.

  7. Procedures 1. Obtain documentation of the Auditee’s objectives, strategies, and environment including those related to information technology objectives and strategies to support the operations. 2. Review the relevant parts of the documents obtained with the objective to understand the critical factors for success, including environment, activitiesof the auditee, resources available and required and information technology

  8. Hints 1. The Auditee Analysis Framework (AAF) Template be useful for discussions with the Auditee as part of documentation for the audit plan. 2. The Auditee’s internal reports will give guidance on its strategies. Focus on documents used as “executive information systems” to communicate key strategies and results to Head of the Auditee.

  9. Hints (continued) 3. Consider any process re-engineering and new systems under development for help in identifying additional processes and changes to the Auditee. 4. Use Computer Assisted Auditing Techniques (CAATs) tool to efficiently extract and analyze information from the systems.

  10. II. Review Other Information Objective: To understand the environment in which the Auditee operates to later understand the processes it must perform and the risks that threaten its objectives. Every Auditee faces a variety of risks from external sources that must be assessed.

  11. II. Review Other Information (continued) • In understanding the Auditee’s environment, consider the Auditee’s reliance on information. Understand what information, both internally and externally, the Auditee needs. Understandhow the Auditee uses this information to maintain its operating efficiency.

  12. III. Discuss with the Head of the Auditee • Objective: • To gain the perspective of the Head of the Auditee on the Auditee’s operating efficiency, efficient and effective, fiscal administration, and effective performance of Auditee affairs and functions, and to recommend corrective actions on operational deficiencies observed.

  13. III. Discuss with the Head of the Auditee(continued) • Obtaining a good understanding of what the Head of the Auditee thinks is relevant and important from the beginning, will allow the audit team to focus on those important issues throughout the planning process and audit.

  14. III. Discuss with the Head of the Auditee(continued) Information Technology • Depending on the extent to which information systems are relied upon by the Auditee, consider including an IT professional. • Assess the reliance of the Auditee on information technology, • Understand how management manages the required information, • Confirm the IAD understanding of information gathered and documented.

  15. Information Technology (continued) Discuss with the Head of the Auditee: Whether they think the Auditee was effective in utilizing its technology. How important technology is to the success of the Auditee as a whole. What changes in information technology will be required to attain the Auditee’s objectives and strategies. What are the policies on IT acquisitions, standardization of platforms, and inter- connectability.

  16. Procedures Prepare a list of questions to ask the Head of (refer to Information Technology Questionnaire), Auditee Analysis Framework, Interview Guidelines 2. Obtain answers to the questions from the Head of the Auditee either through interview, survey, or facilitated meetings.

  17. Hints • Do not forget to include discussions of critical information processing with Head of the Auditee.

  18. IV. Document and Summarize Objective: To document the Auditee’s strategies, operations, and environment based on the review of Auditee-generated documents and discussion with the Head of the Auditee. The documentation of knowledge gained should show where the Auditee aligns in relation to broader operational strategy and objectives.

  19. IV. Document and Summarize (continued) • In the first year of adoption of the RBPFAA, invest sufficient effort to gain an overall understanding of the Auditee's culture, values, organization and operation.

  20. Procedures • 1. Use the Auditee Analysis Framework (AAF) to document the audit team’s understanding of the Auditee and to prepare quality documentation for presentation to the Head of the Auditee

  21. Procedures (continued) • 2. Verify that, at a minimum, documentation includes key information in the following categories: • Operations Financial Environment • Value Primary Sources of resources • Information Users • Management Strategies • Public

  22. Hints • 1. This step is critical for engagements. • 2. Documentation is important as this information will be used by future audit teams. • 3. Time spent here will save time later.

  23. Understand the Financial and Operating Processes and Performance • B. Understand the Financial and Operational Performances I. Identify Performance Measures • Objective: • To identify the Auditee’s critical performance measures and link them to its operations and strategic objectives. By linking operational processes to the measures will demonstrate how each aspect of the Auditee contributes to overall organizational success..

  24. I. Identify Performance Measures (continued) This step should include discussions and/or a view of internal “executive information systems” and management reports used by the Head of the Auditee, to identify the performance indicators and measures they apply to monitor and manage the operations.

  25. I. Identify Performance Measures (continued) Information Systems Information and communication systems are critical to the success of the Auditee and for effective internal controls. These systems enable the people involved in the Auditee to capture and exchange the information needed to conduct, manage, and control its operations. These systems can be either computerized or manual, but usually are a combination of the two.

  26. Information Systems (continued) Information is needed at all levels to run the operations and achieve objectives. Consider the following: 1. Financial reporting measurement information, 2. Operations 3. Compliance information.

  27. I. Identify Performance Measures (continued) Procedures 1. Identify the appropriate personnel to interview or survey.

  28. I. Identify Performance Measures (continued) Procedures (continued) • 2. During the interview, determine/discuss the following: • a. What performance measures (financial and operational) are used to track critical success factors and progress towards objectives and strategic plan. • b. Review internal “executive information systems” and related reports used by the Head of the Auditee/ Senior Management to identify the performance measures they use to monitor and manage the operations.

  29. I. Identify Performance Measures (continued) Procedures (continued) • c. Review performance measures for reasonableness. • d. Determine which operational processes drive the various performance measures.

  30. I. Identify Performance Measures (continued) Procedures (continued) 3. Document the results and conclusions from your discussions.

  31. I. Identify Performance Measures (continued) Hints • 1. The performance measures should include the information that the Head of the Auditee uses when making decisions • 2. Since monitoring performance is an important control, identify how the Auditee gathers data to calculate performance measures used by the Head of the Auditee.

  32. II. Analyze Financial Performance • Objective: • To assess financial performance in terms of factors that contribute more or less to the overall financial results. • The results of this step along with later steps will be linked to how the Auditee achieves its objectives and the important processes to target in the audit.

  33. II. Analyze Financial Performance (continued) Tasks • 1. Discuss unusual items with the Head of the Auditee to determine if it should be a target for audit. This discussion can occur now or in a later step when you are discussing the audit plan with them. • 2. Determine whether the documentation generated by the tools is appropriate.

  34. II. Analyze Financial Performance (continued) Tasks (continued) • 3. Communicate the results of financial benchmarks information, if available, to the Head of the Auditee to bring value.

  35. III. Analyze Operational Performance • Objective • To identify and understand key operational performance measures used to manage and monitor the Auditee’s operations, including how they support and reinforce the overall Auditee’s operational strategy.

  36. III. Analyze Operational Performance (continued) Tasks 1. Determine the relevant financial and operational performance measures to evaluate based on discussions with the Head of the Auditee,

  37. III. Analyze Operational Performance (continued) Tasks (continued) • 2. Assess the relative position of the Auditee bycomparing one or more of the following:  • Current performance vs. past performance. • Current performance objectives or desired performance. • Current performance vs. others in the industry (or similar Auditee). • Auditee performance measures vs.industry averages, if applicable.

  38. III. Analyze Operational Performance (continued) Tasks (continued) 3. Perform high level analysis and compare these results to your tentative conclusions and information from your understanding of the Auditee’s strategies and objectives. 4. Document the strengths and weaknesses identified in this analysis. This will be helpful later in developing the audit plan.

  39. III. Analyze Operational Performance (continued) Tasks (continued) • 5. Prepare a preliminary summary and assessment of the areas which should be included in the audit universe noting risks and processes that are potential targets for the audit.

  40. Assess Control Environment • C. Assess Control Environment • Objective: • To identify and document high-level or organizational level controls and their impact on the significance and/or likelihood of risks. • Organizational level management controls are control practices used by the Senior Management to mitigate the risk of a material misstatement of financial and operational information and safeguarding of assets. These controls have a pervasive effect on the Auditee.

  41. Assess Control Environment • C. Assess Control Environment • Organizational controls are designed to: • Establish an effective overall control environment • Enable Head of the Auditee to assess external and internal Auditee risks • Provide management with relevant and reliable information • Monitor performance of the control structure • Establish physical safeguards over assets • Establish an effective financial accounting and reporting process (both internally and externally).

  42. Assess Control Environment • C. Assess Control Environment • Organizational level controls include the control environment as defined in the Committee of Sponsoring Organizations of the Tradeway Commission (COSO) report. The COSO report defines the control environment as follows:   • “The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure.”

  43. Assess Control Environment • C. Assess Control Environment The Head of the Auditee should convey the message that integrity and ethical values cannot be compromised. Employees must receive and understand that message. The Head of the Auditee should continually demonstrate a commitment to high ethical standards through words and actions (Refer to Assess Control Environment (ACE) tools for guidelines on assessing the level of ethical standards).

  44. Assess Control Environment • C. Assess Control Environment Hints • 1. Evaluation should include the management control structure, including the control environment, risk assessment processes, information processes and systems, communication processes, and processes for monitoring the effectiveness of Auditee process controls.

  45. Assess Control Environment • C. Assess Control Environment Hints (continued) • 2. Control environment factors include the integrity, ethical values, and competence of the organization’s people, management’s philosophy and operating style, the way management assigns authority and responsibility, organizes, and develops its people, and the attention and direction provided by the Head of the Auditee

  46. Understand the Relevant Operational Process • D.Understand the Relevant Operational Processes I. Document Relevant Processes Objective: To identify processes at a high level that are critical to the success of the Auditee in complying with its mandates in order to create the potential “audit universe” and audit plan.

  47. Understand the Relevant Operational Process • D.Understand the Relevant Operational Processes • Auditee processes include: • operating processes, and • management and support processes. • The critical operational processes should be analyzed using process maps to identify and understand their key activities. The Auditee’s control structure should also be understood because it significantly influences the effectiveness of operational process controls.

  48. Understand the Relevant Operational Process • D.Understand the Relevant Operational Processes I. Document Relevant Processes(continued) Information Technology • Operational information systems are integrated into the major processes. Consider reviewing documentation of major computerized applications as a means of identifying additional significant processes.

  49. Understand the Relevant Operational Process • D.Understand the Relevant Operational Processes Information Technology (continued) • IT Planning • IT Operations Management • IT Systems Development • IT Security • IT Contingency Planning • Management of outsourced IT functions

  50. Understand the Relevant Operational Process • D.Understand the Relevant Operational Processes Procedures 1. Obtain the Process Classification Scheme for the Auditee (see Process Classification Scheme tool). 2. Determine which processes are relevant to the Auditee.  3. Identify any other critical processes using personal information about the operations.

More Related