INTERNAL AUDIT SHARED SERVICE (IASS) Audit Committee Presentation 6 th February 2014 PLAN TO REPORT How we undertake an Audit 1
INTERNAL AUDIT SHARED SERVICE (IASS) PRESENTATION OVERVIEW • Planning; • Conducting; • Reporting; 2
INTERNAL AUDIT SHARED SERVICE (IASS) Planning - Preparing for the Assignment Refer to Annual Audit Plan Assign Job Entity to the most appropriate Auditor (raise job via APACE); Prepare Audit Brief (specific Objectives, Scope, Audit Criteria and Methodology); Meet with Auditor to discuss assignment; Make initial contact with Auditee; Notify Auditee in Writing / Schedule opening meeting. 3
INTERNAL AUDIT SHARED SERVICE (IASS) Planning - Preparing for the Assignment – Lead Auditor Gain an understanding of the nature of the work, activity, organisation or initiative being audited; Attend opening meeting with Auditee; Prepare standard documentation (Control Evaluation Sheets, Working Papers, Report Format). Commence Audit Field Work. 4
INTERNAL AUDIT SHARED SERVICE (IASS) Conducting the Audit – Recording and Evaluating the System. Identify and document the System; Normally achieved through discussion with Directorate Management. The objectives of Recording Systems; Helps the auditor to understand the procedures for processing, recording and controlling its transactions; Helps assess the overall security of the systems by evaluating controls and any weaknesses; Helps assess the efficiency of the System. The Methods of Recording; Systems notes; Descriptive Questionnaires (I.C.Q’s); Flow Charts and Block Diagrams. Sources of Information Previous audit files, Guides, manuals, desk instructions, interviews with staff who operate the system, observations, organisational charts, job descriptions etc. 5
INTERNAL AUDIT SHARED SERVICE (IASS) Conducting the Audit - Continued Example: Payroll System:- • Control Objectives – “Pay and related costs should be incurred only in respect of staff currently employed in authorised posts”. • Expected Controls – “Each department should periodically be required to confirm the accuracy of a schedule containing names of all employees currently charged to the department, the post held, grade and the cost code of each post”. • Identifying risks . – “Ghost employees may be set up on the payroll system and go undetected resulting in fraudulent payments being made”. 6
INTERNAL AUDIT SHARED SERVICE (IASS) Conducting the Audit - Continued Determine Actual Controls:- this is achieved by:- Testing and Evidence; Types of Test 1. Walk Through Tests – follows a transaction or process through the system; 2. Compliance Tests – Seeks to provide evidence that internal control procedures identified within the system are actually operating in a manner intended by management; 3. Substantive Tests – tests the completeness, accuracy and the validity of transactions (tends to be directed at the outputs of the system). 7
INTERNAL AUDIT SHARED SERVICE (IASS) Conducting the Audit - Continued Fully document findings on the appropriate working papers (including Control Evaluation Sheets); Comparison of Benchmark (Expected) Control with Actual Control as determined from the outcome of the tests performed and the evidence gathered; Provide an overall assessment of the system. 8
INTERNAL AUDIT SHARED SERVICE (IASS) Reporting • The Aim of every report should be to:- • Prompt management action to implement recommendations for change leading to improvement in performance and control; • Provide a formal record of points arising from the audit and, where appropriate, of the actions agreed with management. • Internal Audit reports must be accurate, clear, concise and constructive and issued promptly. 9
INTERNAL AUDIT SHARED SERVICE (IASS) Reporting - Continued • Draft Report Prepared – the auditor will use the results of the tests performed and the assessment of weaknesses found to draw conclusion about the quality and reliability of the system under review; including an overall opinion on the internal control environment; • Discuss with Client Manager – normally takes the form of a debrief session at the conclusion of the fieldwork; • Reviewed by Group Auditors /Principal Auditors; • Review points documented and addressed; • Draft Report issued to Auditee including Implementation Action Plan for completion. 10
INTERNAL AUDIT SHARED SERVICE (IASS) Reporting - Continued • Response received from Auditee and Reviewed to ensure acceptance of recommendations, timeliness of implementation and accuracy. • Final PDF Audit Report issued (incorporating Management Responses); Internal Audit diarise key recommendations for follow up; particularly those where risks are high. • Client Satisfaction Questionnaire sent for feedback on conduct of the Audit. 11
INTERNAL AUDIT SHARED SERVICE (IASS) Plan to Report Questions??? 12
Recommend
More recommend
