MODULE 2_Audit Planning and Business Processes PANOPTO.pdf

What is an Operational Audit?

It examines the operational efficiency and effectiveness of an entity’s business conduct, using criteria usually established by management.

What is a Compliance Audit?

It examines adherence to established and authoritative policies, with criteria set by a higher authority like legal or regulatory bodies.

Define a Financial Statement Audit.

It examines compliance with established financial reporting standards, such as the Philippine Financial Reporting Standards (PFRS)

What is the primary role of an IT Audit?

It supports the overall financial audit by assessing the integrity, security, and reliability of IT systems that produce and store data.

What does the Revenue to Collection Cycle cover?

Activities related to generating revenue and collecting payments, from customer order receipt to cash collection

List the key steps in the Purchase to Payment Cycle.

1. Purchase Requisition;

2. Vendor Selection;

3. Receiving Goods;

4. Invoice Processing;

5. Payment.

What is the primary goal of the Payroll Cycle?

Managing the payment of wages to employees for work achieved.

Define the Conversion Cycle.

The production process that converts raw materials into finished goods through production planning and manufacturing.

Name a major risk in the Payroll Cycle.

Ghost employees leading to fraudulent payments or errors in calculating wages and deductions.

Name a major risk in the Conversion Cycle.

Inventory shrinkage or obsolescence and misallocation of costs.

What is Risk-Based Audit Planning (RBAP)?

An approach that prioritizes audit resources based on the areas of highest risk within an organization.

What is an Audit Universe?

A list of all relevant processes that represent the blueprint of the enterprise's business and may be considered for audit

What is the formula for Risk Value?

Risk Value = Likelihood × Impact.

What does FMEA stand for and how is it used in audit planning?

Failure Mode and Effects Analysis is a structured approach used to evaluate risks in business processes and prioritize them using a Risk Priority Number (RPN).

How is the Risk Priority Number (RPN) calculated in FMEA?

RPN = Severity (S) × Occurrence (O) × Detection (D).

In FMEA, what does a higher RPN indicate?

A higher priority risk that requires more immediate attention or extensive testing.

Define Preventive Controls and give an example.

Purpose: To inhibit attempts to violate security policies before they occur. Examples: Encryption, firewalls, and biometrics.

Define Deterrent Controls and give an example.

Purpose: To provide warnings that discourage attempts to compromise security. Examples: Warning banners on login screens and security cameras.

Define Detective Controls and give an example.

Purpose: To identify and provide warnings of violations after they have occurred. Examples: Audit trails and Intrusion Detection Systems (IDS).

Define Corrective Controls and give an example.

Purpose: To remediate errors or intrusions after detection. Examples: Data backups and automated failure recovery systems

What are Compensating Controls?

Controls that offset weaknesses in the control structure due to technical or business constraints, such as using third-party security tools.

What are Routine Transactions?

Transactions that occur regularly as part of normal operations, such as sales and payroll processing.

What are the risks associated with Routine Transactions?

System failures, improper configurations, or unauthorized access if automated controls are weak.

Define Non-Routine Transactions.

Infrequent transactions involving unusual circumstances, such as mergers, acquisitions, or significant asset sales.

Why are Non-Routine Transactions high risk?

They involve complexity and often require manual intervention, leading to a lack of standardization and potential manipulation.

What are Estimation Transactions?

Transactions involving subjective judgments, such as calculating depreciation or allowances for doubtful accounts.

What is the primary auditor's role regarding Estimation Transactions?

To evaluate the reasonableness of assumptions, validate IT inputs/outputs, and review historical trends.