Internal Audit Practice from A to Z PDF
Preview Internal Audit Practice from A to Z
A Guide to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (2.0) Dan Shoemaker, Anne Kohnke, and Ken Sigler ISBN 978-1-4987-3996-2 A Practical Guide to Performing Fraud Risk Assessments Mary Breslin ISBN 978-1-4987-4251-1 Corporate Defense and the Value Preservation Imperative: Bulletproof Your Corporate Defense Program Sean Lyons ISBN 978-1-4987-4228-3 Data Analytics for Internal Auditors Richard E. Cascarino ISBN 978-1-4987-3714-2 Fighting Corruption in a Global Marketplace: How Culture, Geography, Language and Economics Impact Audit and Fraud Investigations around the World Mary Breslin ISBN 978-1-4987-3733-3 Investigations and the CAE: The Design and Maintenance of an Investigative Function within Internal Audit Kevin L. Sisemore ISBN 978-1-4987-4411-9 Internal Audit Practice from A to Z Patrick Onwura Nzechukwu ISBN 978-1-4987-4205-4 Leading the Internal Audit Function Lynn Fountain ISBN 978-1-4987-3042-6 Mastering the Five Tiers of Audit Competency: The Essence of Effective Auditing Ann Butera ISBN 978-1-4987-3849-1 Operational Assessment of IT Steve Katzman ISBN 978-1-4987-3768-5 Operational Auditing: Principles and Techniques for a Changing World Hernan Murdock ISBN 978-1-4987-4639-7 Securing an IT Organization through Governance, Risk Management, and Audit Ken E. Sigler and James L. Rainey, III ISBN 978-1-4987-3731-9 Security and Auditing of Smart Devices: Managing Proliferation of Confidential Data on Corporate and BYOD Devices Sajay Rai, Philip Chukwuma, and Richard Cozart ISBN 978-1-4987-3883-5 Software Quality Assurance: Integrating Testing, Security, and Audit Abu Sayed Mahfuz ISBN 978-1-4987-3553-7 The Complete Guide to Cybersecurity Risks and Controls Anne Kohnke, Dan Shoemaker, and Ken E. Sigler ISBN 978-1-4987-4054-8 Cognitive Hack: The New Battleground in James Bone ISBN 978-1-4987-4981-7 Internal Audit and IT Audit Series Editor: Dan Swanson Cybersecurity ... the Human Mind CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2017 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Printed on acid-free paper Version Date: 20160805 International Standard Book Number-13: 978-1-4987-4205-4 (Hardback) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmit- ted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright. com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Library of Congress Cataloging‑in‑Publication Data Names: Nzechukwu, Patrick Onwura, 1969- Title: Internal audit practice from A to Z / Patrick Onwura Nzechukwu. Description: 1 Edition. | Boca Raton : CRC Press, 2016. | Includes bibliographical references and index. Identifiers: LCCN 2016019259 | ISBN 9781498742054 Subjects: LCSH: Auditing, Internal. Classification: LCC HF5668.25 .N94 2016 | DDC 657/.458--dc23 LC record available at https://lccn.loc.gov/2016019259 Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com This book is dedicated to the glory and majesty of the Almighty God (God the Father, God the Son, and God the Holy Spirit). vii Contents List of Figures...................................................................................................xix List of Tables ..................................................................................................xxiii Preface ...........................................................................................................xxvii Acknowledgments..........................................................................................xxix About the Author ...........................................................................................xxxi 1 Introduction...........................................................................................1 1.1 Background Information...................................................................1 1.2 Definition..........................................................................................4 1.2.1 Meaning of Internal Auditing...............................................4 1.2.2 Four Resources......................................................................6 1.2.3 Internal Audit Function........................................................6 1.3 Scope.................................................................................................7 References....................................................................................................8 2 Internal Audit Procedure and Techniques .............................................9 2.1 Introduction......................................................................................9 2.2 Internal Audit Procedure and Objectives.........................................10 2.3 Internal Audit Planning...................................................................12 2.4 Audit Conduct.................................................................................13 2.4.1 Assessment Techniques .......................................................14 2.4.1.1 Preliminary Phase Assessment Techniques...........14 2.4.1.2 Fieldwork Phase Assessment Techniques..............14 2.5 Documentation of Audit Results .....................................................15 2.6 Audit Conduct Analysis...................................................................15 2.7 Audit Findings, Follow-Up and Closure..........................................15 2.8 Internal Auditing Process: A Collaborative Effort............................16 2.9 Balanced Scorecard (BSC) in Internal Audit Department...............16 2.9.1 Terminologies .....................................................................17 2.9.2 Benefits of a BSC ................................................................19 viii ◾ Contents 2.9.3 Performance Measures for Internal Auditing ......................19 2.9.3.1 Identifying Critical Performance Categories ........20 2.9.3.2 Identifying Performance Category Strategies and Measurements ...............................................21 2.9.3.3 Reasons for Performance Measurement................23 2.9.3.4 Creating an Effective Performance Measurement and Reporting Process ...................23 2.9.3.5 Strategic Questions to Address.............................24 2.9.3.6 Evaluation of Current Internal Auditing Performance Metrics............................................25 2.9.4 Steps to Create a BSC .........................................................26 2.9.4.1 Step 1—Identify What Your Customers/ Clients Want........................................................26 2.9.4.2 Step 2—Assess Internal Audit’s Capabilities ........27 2.9.4.3 Step 3—Develop Strategic Objectives..................31 2.9.4.4 Step 4—Identify Performance Measures..............32 2.9.4.5 Step 5—Identify Targets and Initiatives.............. 34 2.9.4.6 Step 6—Develop a Strategic Map ........................35 2.9.4.7 Step 7—Develop a Scorecard for Each Category ...36 2.10 Technology-Based Audit Techniques...............................................38 2.10.1 Data Mining in Auditing....................................................39 2.10.1.1 Introduction.........................................................39 2.10.1.2 Data Mining as an Auditing Tool ........................41 2.10.1.3 Why Is Data Mining Better than Traditional Auditing Methods?.............................................. 42 2.10.1.4 Applications of Data Mining............................... 42 2.10.1.5 General Auditing Software versus Data Mining Software................................................. 46 2.10.2 Analytics in Internal Auditing ............................................50 2.10.2.1 Business Intelligence (BI).....................................51 2.10.2.2 Predictive Analytics..............................................52 2.10.2.3 Prescriptive Analytics...........................................52 2.10.2.4 Why Analytics in Internal Auditing? ...................53 2.10.2.5 Benefits of Analytics in Internal Auditing............55 2.10.2.6 Approach Comparison .........................................56 2.10.2.7 Analytics Maturity Model....................................57 References..................................................................................................59 3 Internal Audit Charter .........................................................................61 3.1 Introduction ....................................................................................61 3.2 Mission/Purpose and Objective of Internal Audit ...........................62 3.3 Scope of Internal Audit Activity ......................................................63 3.4 Role and Responsibility of Management ........................................ 64 Contents ◾ ix 3.5 Role and Responsibility of the Internal Audit Function.................. 64 3.6 Relationship with External Auditors............................................... 66 3.7 Relationship with Audit Committee............................................... 66 3.8 Authority.........................................................................................68 3.9 Independence and Objectivity.........................................................68 3.10 Internal Audit Report and Monitoring............................................69 3.11 Confidentiality ................................................................................69 3.12 Organization and Resources of Internal Audit Function .................70 3.13 Internal Audit Plan..........................................................................71 3.14 Periodic Assessment (Quality Assurance and Improvement Program) .........................................................................................72 3.15 Approval and Amendment of the Charter .......................................73 References..................................................................................................73 4 Managing the Internal Audit Function (IAF)......................................75 4.1 Introduction....................................................................................75 4.2 Policies and Procedures....................................................................76 4.3 Planning..........................................................................................76 4.3.1 Strategic Audit Plan (Internal Audit Planning at the Organizational Level)................................................76 4.3.2 Annual Internal Audit Plan (Planning Individual Engagements)......................................................................78 4.4 Organizing ......................................................................................80 4.4.1 Internal Audit Operating Models........................................81 4.4.1.1 General Structure.................................................81 4.4.1.2 Overview of the Internal Audit Operating Models...84 4.4.1.3 Internal Audit Operating Models and Reporting Structures.................................... 84 4.4.1.4 In-House Internal Audit Department ................. 84 4.4.1.5 Co-Sourced Internal Audit Department ............. 90 4.4.1.6 Outsourced Internal Audit Department...............91 4.4.1.7 Insourcing the Internal Audit Department...........91 4.4.1.8 Conclusion...........................................................91 4.4.1.9 Public Sector Structure ........................................92 4.4.2 Audit Teams........................................................................94 4.4.3 Making IAF Management Training Ground (MTG) .........95 4.5 Staffing............................................................................................97 4.5.1 Hiring.................................................................................99 4.5.2 Training............................................................................100 4.5.3 Types of Employee Training Programs..............................102 4.5.4 Forms or Methods of Training..........................................103 4.5.5 Become a Professional Internal Auditor (PIA)...................104 4.5.6 Analyzing Task Structure..................................................105 x ◾ Contents 4.5.7 Necessary Skills ................................................................106 4.5.8 Managing Knowledge and Other Resources in the IAF....116 4.5.9 Performance Measurement................................................117 4.5.10 Compensation...................................................................118 4.5.11 Retention ..........................................................................119 4.6 Leading .........................................................................................119 4.6.1 Leadership.........................................................................119 4.6.2 Communication................................................................120 4.7 Controlling....................................................................................121 4.7.1 Measuring and Controlling the Performance of the IAF as a Whole ........................................................................121 4.8 Internal Audit Management Challenges........................................123 4.9 Overcoming the Challenges ..........................................................126 References................................................................................................129 5 Internal Audit Practice Layout...........................................................131 5.1 Introduction..................................................................................131 5.2 Internal Audit Planning.................................................................131 5.2.1 Developing a Risk-Based Internal Audit Plan ...................131 5.3 Risk Management Process.............................................................132 5.3.1 Types and Categories of Risks...........................................133 5.3.2 Principles of Risk Management.........................................137 5.3.3 Risk Assessment Process to Facilitate Audit Planning .......138 5.3.4 Risk Identification ............................................................138 5.3.5 Risk Analysis.....................................................................139 5.3.6 Internal Audit Risk Evaluation .........................................140 5.3.7 Rating of Risks .................................................................142 5.3.8 Approach to Conduct the Risk Assessment Exercise .........146 5.4 Integrating Risk Management Activities in the Organization Planning Process............................................................................146 5.4.1 Determining the Audit Universe.......................................147 5.4.1.1 Methods of Determining the Audit Universe.....147 5.4.1.2 Considerations in Defining the Audit Universe ...149 5.5 Types and Levels of Internal Audit Plans.......................................149 5.5.1 Formulating a Strategic Audit Plan...................................150 5.5.2 Formulating an Annual Audit Plan................................... 151 5.5.3 Estimating the Audit Resources........................................154 5.5.4 Planning Internal Audit Engagement................................154 5.5.4.1 Important Definitions........................................154 5.5.4.2 Purpose of Planning the Audit Engagement.......155 5.5.4.3 Team Appointment............................................155 5.5.4.4 Preliminary Team Meeting and In-Office Review ...............................................................155 Contents ◾ xi 5.5.4.5 Engagement/Announcement/Notification Letter .................................................................156 5.5.4.6 Internal Audit Opening/Initial/Entrance Conference.........................................................156 5.5.4.7 Internal Audit Preliminary Survey .....................157 5.5.5 Setting Audit Objectives...................................................158 5.5.6 Internal Control Review ...................................................159 5.5.7 Unplanned Audits.............................................................160 5.6 Preparing the Internal Audit Engagement Work Program.............160 5.6.1 Things to Consider while Preparing the Audit Program....160 5.6.2 Framing the Program........................................................161 5.6.3 Advantages of a Well-Prepared Audit Program .................162 5.6.4 Terminologies Used in Audit Programs.............................162 5.6.5 Linking Audit Objectives to Audit Procedures..................164 5.6.6 Internal Audit Time Budget..............................................166 5.7 Internal Audit Fieldwork ...............................................................166 5.7.1 Important Definitions.......................................................166 5.7.2 Qualities of Good Audit Evidence ....................................166 5.7.3 Testing Procedures, Strategies, and Techniques ................167 5.7.3.1 Testing Process...................................................168 5.7.3.2 Testing Strategies ...............................................168 5.7.3.3 Testing Techniques ............................................168 5.7.3.4 Recognizing and Recording of Audit Finding....170 5.7.3.5 Attributes of Audit Finding................................170 5.7.4 Advice and Informal Communications.............................172 5.7.5 Internal Audit Summary...................................................173 5.7.6 Internal Audit Working Papers .........................................173 5.8 Internal Audit Report....................................................................173 5.8.1 Discussion Draft...............................................................173 5.8.2 Exit Conference ................................................................173 5.8.3 Formal Draft.....................................................................173 5.8.4 Client Response ................................................................174 5.8.5 Final Report......................................................................174 5.8.6 Internal Audit Annual Report to the Board ......................174 5.8.7 Client Comments..............................................................175 5.9 Audit Follow-Up............................................................................175 5.9.1 Follow-Up Review ............................................................175 5.9.2 Follow-Up Report.............................................................175 5.9.3 Internal Audit Follow-Up Policy.......................................175 5.9.3.1 Purpose..............................................................175 5.9.3.2 Policy and Procedure..........................................176 References................................................................................................176 xii ◾ Contents 6 Internal Audit Documentation and Reporting ..................................177 6.1 Introduction..................................................................................177 6.2 Internal Audit Record Retention and Disposal..............................178 6.2.1 Records.............................................................................178 6.2.2 Record Retention..............................................................179 6.2.3 External Service Providers/Shared Services/Third-Party Assurance..........................................................................180 6.2.4 Reasons for Record Retention...........................................181 6.2.5 Retention Schedule ...........................................................182 6.3 Working Papers .............................................................................184 6.3.1 Objectives of Audit Working Papers .................................185 6.3.2 Principles of Maintaining Audit Working Papers..............185 6.3.3 Preparation of Working Papers..........................................186 6.3.4 Internal Audit Program.....................................................186 6.3.5 Planning and Preliminary Survey (Appendix A)...............189 6.3.5.1 Planning and Preliminary Survey Checklist/ Template ............................................................189 6.3.5.2 Work Paper Cover Template ..............................189 6.3.5.3 Information Request List ...................................189 6.3.5.4 Request for Management Input..........................189 6.3.5.5 Internal Audit Engagement Letter......................189 6.3.5.6 Planning Memorandum Form (Format A).........189 6.3.5.7 Audit Assignment Form (Format B)...................189 6.3.5.8 Entrance Conference Form (Format A)..............189 6.3.5.9 Analysis of Internal Controls..............................201 6.3.5.10 Risk Evaluation Form ........................................201 6.3.5.11 Planning Paperwork Index Template W/P Reference ...................................................201 6.3.5.12 Auditor Assignment and Independence Statement Form..................................................201 6.3.5.13 Quality Control Checklist—Survey Phase.........201 6.3.6 Internal Audit Fieldwork Templates (Appendix B)............243 6.3.6.1 Compliance Issues............................................. 244 6.3.6.2 Internal Control Questionnaire (Deposit Accounts)............................................ 244 6.3.6.3 Interview Summary Form................................. 244 6.3.6.4 Project Observation Form................................. 244 6.3.6.5 Internal Audit Finding Record.......................... 244 6.3.6.6 Internal Audit Review Point Sheet .................... 244 6.3.6.7 Quality Control Checklist—Fieldwork Phase... 244 6.4 Communicating Internal Audit Results.........................................256 6.4.1 Communicating Results Procedures .................................256 Contents ◾ xiii 6.4.2 Exit Conference Document ..............................................258 6.4.3 Internal Audit Report (Appendix C)................................ 260 6.4.3.1 Definition of Internal Audit Report ...................261 6.4.3.2 Objective and Function of the Internal Audit Report......................................................261 6.4.3.3 Types of Audit Procedure Reports......................262 6.4.3.4 Report Writing Planning Worksheet..................263 6.4.3.5 Types of Internal Audit Reports.........................263 6.4.3.6 Elements of an Effective Engagement Report.... 264 6.4.3.7 Nature of the Internal Audit Report.................. 266 6.4.3.8 Know Your Reader.............................................267 6.4.3.9 Internal Audit Standard Report Content........... 268 6.4.3.10 Summary of Audit Results and Potential Recommendations..............................................271 6.4.3.11 Specimen Internal Audit Report Covering Letter...272 6.4.3.12 Specimen Internal Audit Report ........................273 6.4.3.13 Quality Control Checklist for Audit Reports.....278 6.4.3.14 Action Plans...................................................... 280 6.5 Internal Audit Resolution and Follow-Up......................................282 6.5.1 Introduction......................................................................282 6.5.2 Audit Resolution and Follow-Up Templates (Appendix D)....................................................................283 6.5.2.1 Sample: Internal Audit Follow-Up Status Report .....................................................283 6.5.2.2 Audit Resolution and Follow-Up Quality Control Checklist.............................................. 304 References............................................................................................... 306 7 Internal Audit Peer Review ................................................................309 7.1 Overview.......................................................................................309 7.1.1 Planning ...........................................................................311 7.1.2 Conducting QA Review....................................................311 7.1.3 Reporting..........................................................................311 7.1.4 Follow-Up Action .............................................................311 7.2 Objectives......................................................................................311 7.3 Development of the Peer Review Concept.....................................312 7.4 Selection of Peer Review Partner ...................................................312 7.5 Main Focus Areas of the Peer Review............................................313 7.6 Evidence........................................................................................314 7.7 Conclusions and Reporting ...........................................................314 7.8 Ratings for Reporting Results........................................................315 7.9 Internal Audit Response ................................................................316 7.10 Implementation of Recommendations and Follow-Up ..................316 xiv ◾ Contents 7.11 Quality Assurance Review Forms..................................................316 7.11.1 Planning Phase .................................................................316 7.11.1.1 A1: Peer Review Volunteer Application Form.....316 7.11.1.2 A2: Peer Review Request Form..........................319 7.11.1.3 A3: Memorandum of Understanding Sample.....321 7.11.1.4 A4: Statement of Independence—Reviewer .......324 7.11.1.5 A5: Statement of Independence—Mediator .......325 7.11.1.6 A6: Planning Questionnaire...............................327 7.11.1.7 A7: Peer Review Program Checklist...................337 7.11.1.8 A8: Self-Assessment Checklist............................351 7.11.2 Conducting the QAR Phase..............................................359 7.11.2.1 Survey Phase ..................................................... 360 7.11.2.2 Interview Phase..................................................370 7.11.2.3 Program Phase ...................................................390 7.11.3 Evaluation Summary and Report Phase........................... 444 7.11.3.1 E1: Evaluation Tool—Observations and Issues Worksheet ........................................ 444 7.11.3.2 E2: Standard Conformance Evaluation..............445 7.11.3.3 E3: Quality Assurance Review...........................499 7.11.3.4 E4: Sample Draft Report .................................. 500 7.11.3.5 E5: Specimen of Peer Review Results/Reports....507 7.11.3.6 E6: Satisfaction Survey.......................................511 7.11.3.7 E7: Peer Review Survey......................................511 References................................................................................................519 8 What the Standards Say .....................................................................523 8.1 Introduction..................................................................................523 8.2 International Standards for the Professional Practice of Internal Auditing (Standards) .....................................................................524 8.2.1 Purpose of the Standards ..................................................524 8.2.2 Types of the Standards......................................................525 8.2.3 IIA’s Code of Ethics ..........................................................527 8.2.3.1 Fundamental Principles......................................528 8.2.3.2 Rules of Conduct ...............................................528 8.3 International Organization of Supreme Audit Institutions (INTOSAI)...................................................................................528 8.3.1 Introduction......................................................................528 8.3.2 INTOSAI Guidance for Good Governance: INTOSAI GOVs 9100–9230 ...........................................529 8.3.3 ISSAI 1610 Using the Work of Internal Auditors..............529 8.4 Generally Accepted Government Auditing Standards (GAGAS)...529 8.4.1 Summary..........................................................................529 8.4.2 Foundation and Ethical Principles ....................................530
The list of books you might like
