Internal Audit - Root Cause Analysis and Audit Fieldwork
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/71
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
72 Terms
Principle 14
Conduct Engagement Work
What do internal auditors do to implement the engagement work program?
Gather information and perform analyses and evaluations to produce evidence
What do these steps in principle 14 enable internal auditors to do?
Provide assurance and identify potential findings
Determine the causes, effects, and significance of the findings
Develop recommendations and/or collaborate with management to develop management’s action plans
Develop conclusions
What active processes are related to conducting fieldwork of the engagement?
Information gathering
Sampling
Computer assisted tools and techniques
Evidence
Process mapping
Data analytics
Analytical review
Documentation and workpapers associated with fieldwork
To perform analyses and evaluations, internal auditors must gather information that is:
Relevant
Reliable
Sufficient
Reliability is strengthened when the information is:
Obtained directly by an internal auditor or from an independent source
Corroborated
Gathered from a system with effective governance, risk management, and control processes
What are the four types of audit evidence?
Physical
Analytical
Testimonial
Documentary
What does professional skepticism mean?
Taking nothing for granted
Continuously questioning what you hear and see
Critically assessing audit evidence
Not assuming the auditee personnel are either honest or dishonest
Internal Auditor provide reasonable (not absolute) assurance due to:
The nature and extent of evidence gathered and the type of decisions made
Reliance on evidence that is persuasive rather than absolutely convincing
Audit decisions that are rarely black and white
The fact that internal auditors’ conclusion and advice must be formed at a reasonable cost within a reasonable length of time to add economic value
Relevant
Is the evidence pertinent to the audit objectives?
Reliable
Is the evidence from a credible source?
Sufficient
Is there enough evidence to support a conclusion?
The quality of an auditor’s conclusion and advice depend on:
Their ability to gather, appropriately evaluate, and document audit engagement evidence
What are the five C’s?
Condition
Criteria
Consequences
Cause
Corrective Actions
Audit Procedures
A specific tasks performed by the internal auditor to gather the evidence required to achieve the prescribed audit objectives
Audit objectives are applied during the audit process to:
Obtain a thorough understanding of the auditee, including the auditee’s objectives, risks, and controls
Test the design adequacy and operating effectiveness of the targetd area’s system of internal controls
Analyze plausible relationships among different elements of data
Directly test recorded financial and nonfinancial information for errors and fraud
Obtain sufficient appropriate evidence to achieve the prescribed audit objectives involved in determining the nature, extent, and timing of audit procedures to perform
Commonly performed manual audit procedures include
Inquiry
Observation
Inspection
Vouching
Tracing
Reperformance
Analytical Procedures
Confirmation
What need to be determined about audit tests?
Nature, timing, and extent
Nature of Audit Procedures
The types of tests the internal auditor performs to achieve his or her objectives
Extent of audit procedures
How much audit evidence the internal auditor must obtain to achieve his or her objectives
Timing of audit procedures
Pertains to when the tests are conducted, and the period of time covered by the tests
Potential Outcomes from Testing
Financial statement errors or misclassifications
Control deficiencies
Shortfalls in objective achievement
Inefficiencies
Out-of-compliance situations
Standard 14.3
Evaluation of Findings
Condition
The factual evidence found during the examination (the current state)
Question for Condition
"What is the problem”
Criteria
The standards,, measures, or expectations used in making the evaluation
Question for Critera?
What should it be?
Cause
The reason for the difference between the expected and actual conditions?
Question for cause
Why does the problem exist?
Effect (Consequence)
The consequence of the difference between what should exist and what does exist
Question for effect?
What is the consequence of the problem?
Recommendation (Corrective Action)
Suggested actions for management to correct the condition
Question for reccomendation?
What should be done?
Standard 14.4
Recommendations and Action Plans
What must an engagement conclusion do?
Summarize the internal auditor’s professional judgement about the overall significance of the aggregated engagement findings
What do analytical procedures entail?
Assessing information obtained during an engagement by comparing the information
When do internal auditors use analytical procedures?
Planning the engagement, and during engagement fieldwork
Data Analytics
The process of gathering and analyzing data and then using the results to make better decisions
What do you need for data analytics to be effective?
People, processes, and technology in place
How can data analytics be applied to the internal audit function ?
Historical perspective
Continuous review
Future perspective
Historical Perspective
Error detection and quantification
Continuous review
continuous monitoring and continuous auditing
Future Perspective
Kay Risk Indicators along with predictive and prescriptive analytics
The four types of data analytics
Descriptive
Diagnostic
Predictive
Prescriptive
What internal audit functions use data analytics?
Compliance
Fraud Detection and Investigation
Operational Performance
Internal Controls
What are the steps in the data analytics process?
Define the question
Obtain the data
Clean and normalize the data
Analyze the data and understand the results
Communicate the results
Audit Sampling
The application of an audit procedure to less than 100% of the items in a population for the purpose of drawing an inference about the entire population
What are the two audit sampling approaches?
Statistical and Non statistical
Statistical Approach
Allows the internal auditor to quantify, measure, and control sampling risk
Non-statistical Approach
Allows the internal auditor more latitude regarding sample selection and evaluation
Internal auditors should select larger samples to compensate for the less rigorous selection method
Conclusions are strictly judgmental, instead of being based on probability theory
Requirements for a random sample
Population must be defined
Sample unit must be defined
Every possible combination of sampling units must have an equal (or known) probability of being selected
Once selected the item must be taken to a conclusion and included in compilation of results
What are the types of sampling plans?
Attribute
Variable
Attribute
Used to determine the proportion of items in a population and that have an attribute of interest
Variable
Variables sampling techniques are used to measure the value of an account balance
Sampling risk
The risk that a conclusion is based on sample testing that reaches a different conclusion than if the audit procedure was applied to all items in the population
What are the two aspects of sampling risks?
The risk of assessing control risk too high
The risk of assessing control risk too low
What 3 factors determine sample size
What is an acceptable risk of over reliance (accepting as ok when it is not)
What is a tolerable error (how much reliance do you need)
Expected population deviation rate
What do working papers do?
Aid in planning and performing the engagement
Facilitate supervision of the engagement and review of the work completed
Indicate whether engagement objectives were achieved
Provide the principal support for the communications
Serve as a basis for evaluating the internal audit function’s quality assurance program
Contribute to the professional development of the internal audit staff
Demonstrate the internal audit function’s compliance with the IAA’s Internal Standards for the Professional Practice of Internal Auditing
What are formatting elements of working papers
Heading
Objective
Method
Findings
Summary
Conclusion
References
Notes
Name
Appropriate working paper standardization may include:
A uniform cross-referencing system for all engagements
Consistent working paper layouts
Standardized tick marks
Prescription for the types of information to store in permanent or carry forward files
Cause
The reason for the difference between the expected and actual conditions. Answers the question “why:
The four rules of causation
A causes B (direct)
B causes A (inverse)
A and B are both caused by C (common causation)
There is no connection, only a coincidence
What are the three levels of cause?
Proximate cause
Intermediate Cause
Root cause
Proximate Cause
The action or lack of action that led directly to the condition
Intermediate Cause
The cause that led to the proximate cause
Root Cause
The underlying cause and should be the actionable cause
Root Cause
The underlying cause that sets in motion the entire cause-and-effect chain that ultimately leads to the problem, which when corrected or removed, will prevent (or significantly reduce) to recurrence of the situation
Root Cause is the:
Earliest point
Where you can take action
That will reduce or eliminate the chance of the problem reoccurring
Root causes are specific causes that:
Can be reasonably identified
Can be fixed under management’s control
Can generate corrective recommendations for preventing recurrences, increasing effectiveness, and improving efficiency
What is the ultimate goal of RCA?
The ultimate goal of RCA is to permanently prevent the recurrence of a problem
To validate the root causes(s) preliminarily identified, the following three criteria must be met:
Correlation
Sequence in time
Plausible mechanism (the how)
The two final checks/tests for a root cause
Reproducibility
Reversibility