Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
39 Cards in this Set
- Front
- Back
|
Performance Standards 2330 - Documenting Information
|
Internal auditors must document relevant information to support the conclusions and engagement results
|
|
|
Functions of working papers
|
1. Aid in the planning, performance, and review of engagements 2. Provide the principal support for engagement results 3. Document whether engagement objectives were achieved 4. Support the accuracy and completeness of the work performed 5. Provide a basis of the internal audit activity's quality assurance and improvement program 6. Facilitate third part reviews |
|
|
What must working papers include, at a minimum
|
Identify the engagement and describe the contents or purpose of the working paper. Should be signed and dated by the internal auditor and contain an index or reference number
|
|
|
Primary objective of maintaining security over working papers
|
Prevent unauthorized changes or removal of information
|
|
|
Implementation Standards 2330.A1 - Control of Working Papers
|
The CAE must control access to engagement records. The CAE must obtain the approval of senior management and/or legal counsel prior to releasing such records to external parties, as appropriate
|
|
|
May working papers be shown to the client?
|
Yes, when engagement objectives will not be compromised, to encourage corrective action
|
|
|
Implementation Standard 2330.A2 - Working Paper Retention
|
The CAE must develop retention requirements for engagement records, regardless of the medium in which each record is stored. These retention requirements must be consistent with the organization's guidelines and any pertinent regulatory or other requirements
|
|
|
Common flowchart symbols
|
|
|
|
What are flowcharts
|
Graphical representations of the step-by-step progression of information through preparation, authorization, flow, storage, etc
|
|
|
What is process mapping
|
A simple form of flowcharting used to depict a client process
|
|
|
What are horizontal flowcharts (system flowcharts)
|
Depict areas of responsibility (departments of functions) arranged horizontally across the page in vertical columns. Accordingly, activities, controls, and document flows that are the responsibility of a given department or function are shown in the same column.
|
|
|
What are vertical flowcharts (program flowcharts)
|
Present successive steps in a top-to-bottom format. Principal use is in the depiction of the specific actions carried out by a computer program
|
|
|
Data flow diagrams
|
Show how data flow to, from, and within an information system and the processes that manipulate the data. Can be used to depict lower-level details as well as higher-level processes.
|
|
|
Performance Standard 2310 - Identifying Information
|
Internal auditors must identify sufficient, reliable, relevant, and useful information to achieve the engagement's objectives
|
|
|
Sufficient information
|
Factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions as the auditor. The difference in risk determines the quality and quantity of information
|
|
|
Reliable information
|
The best attainable information through the use of appropriate engagement techniques
|
|
|
When is information more reliable
|
1. Obtained from sources other than the engagement client 2. Corroborated by other information 3. Direct rather than indirect 4. An original document, not a copy |
|
|
Relevant information
|
Supports engagement observations and recommendations and is consistent with the objectives for the engagement
|
|
|
Useful information
|
Helps the organization meet its goals
|
|
|
Pneumonic for four qualities of information
|
SRRU - Should Rick Record Uniformly
|
|
|
Forms of legal evidence
|
Direct Evidence
Circumstantial Evidence
Conclusive Evidence
Corroborative Evidence |
|
|
Direct Evidence
|
Establishes a particular fact of conclusions without having to make any assumptions - i.e., testimony by a witness
|
|
|
Circumstantial Evidence
|
Establishes a fact or conclusion that can then lead by inference to another fact
|
|
|
Conclusive Evidence
|
Absolute proof, by itself
|
|
|
Corroborative Evidence
|
Serves to confirm a fact or conclusions that can be inferred from other evidence
|
|
|
Forms of audit evidence
|
Physical Testimonial Documentary |
|
|
Physical Information
|
The auditor's direct observation and inspection of people, property, or activities, e.g., of the counting of inventory
|
|
|
Testimonial Information
|
Consists of written or spoken statements of client personnel and others in response to inquiries or interview questions
|
|
|
Documentary Information
|
Exists in some permanent form, such as checks, invoices, shipping records, receiving reports, and purchase orders
|
|
|
Analytical Information
|
Drawn from the consideration of the interrelationships among data or, in the case of internal control, the particular policies and procedures of which it is comprised
|
|
|
Internal Information
|
Originates and remains with the engagement client - i.e., payroll records
|
|
|
Reliability of internal information
|
Lack of involvement of external parties reduces the persuasiveness of information. Reliability is greater when it comes from sources that are independent of the client
|
|
|
Internal-External Information
|
Originates with the client but also is processed by an external process - i.e., cancelled checks are created by the client but circulate through the banking system. Bank acceptance of a check is some confirmation of its validity
|
|
|
Reliability of internal-external information
|
More reliable than purely internal information
|
|
|
External-Internal Information
|
Created by an external party but subsequently processed by the client - i.e., supplier invoices
|
|
|
Reliability of external-internal information
|
Greater validity than information initiated by the client, but its value is impaired because of the client's opportunity to alter or destroy it
|
|
|
External Information
|
Created by an independent party and transmitted directly to the internal auditor - i.e., receivables sent in response to the auditor's request
|
|
|
Reliability of external information
|
Ordinarily regarded as the most reliable because it has not been exposed to possible alteration or destruction by the client
|
|
|
Levels of Persuasiveness of Evidence
|
1. Auditor physical examination 2., Direct examination 3. Information from a third-party 4. Information from the client |
