Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
106 Cards in this Set
- Front
- Back
|
Audit Standards are developed and followed to:
|
1. Provide uniform guidance to auditors.
2. Build credibility and confidence. 3. Inform customers. 4. Establish a basis of conducting internal/external reviews. |
|
|
Role of Auditing Standards
|
- Guide profession, enhance audit quality and credibility/confidence outside
- Generally address staff qualifications, independence, due care, quality, planning, fieldwork & reporting - Benefit auditors, customers, management & external parties |
|
|
Four sets of Audit Standards
|
1. IIA Standards
2. Generally Accepted Government Auditing Standards 3. International Organization of Supreme Audit Institutions (INTOSAI) Standards 4. International Standards on Auditing (ISA) |
|
|
Need for Effective Standards
|
- “Audit failures” in 1980s
- Public wondered why “clean opinions? - National Commission on Fraudulent Financial Reporting (Treadway, 1987) - Financial mischief and “audit failures” relating to Arthur Andersen, Enron, Haliburton, & WorldCom - Effective standards should help |
|
|
Audit Standards that Might Apply to Government Audits
|
1. Institute of Internal Auditors’ Standards
2. Generally Accepted Government Auditing Standards (GAGAS)/(GAS) 3. GAAS (relationship to GAGAS) FS audit 4. International Organization of Supreme Audit Institutions (INTOSAI) Standards (ISSAI) 5. International Federation of Accountants (IFAC) (ISAs—auditing historical fin. info.) |
|
|
Application of appropriate standards depends on:
|
1. Engagement objective
2. Mandates and local requirements relevant to the audit organization and engagement 3. Availability of information, |
|
|
Definition of Internal Auditing (IIA)
|
Independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
|
|
|
Purpose of the IIA Standards
|
1. Delineate basic principles of IA
2. Framework for value-added IA 3. Basis to evaluate IA performance 4. Foster improved processes and operations |
|
|
Mandatory Elements of the IIA IPPF
|
1. Definition of IA
2. Code of Ethics 3. IIA Standards |
|
|
What are the IIA Standards
|
Principles focused, mandatory requirements consisting of (1) statements of requirements and (2) interpretations.
|
|
|
IIA Standards use of "must"
|
unconditional requirement
|
|
|
IIA Standards use of "should"
|
conformance is expected unless, when applying professional judgement, circumstances justify deviation.
|
|
|
Three Types of IIA Audit Standards
|
1. Attribute
2. Performance 3. Implementation |
|
|
Implementation Standards (IIA)
|
Expand upon the attribute and performance standards by providing the requirementst applicable to assurance (ISA) or consulting (ISC) services.
|
|
|
Attrribute Standards (IIA)
|
Address the attributes of organizations and individuals performing internal audit servcies.
|
|
|
Performance Standards - PS (IIA)
|
Describe the nature of Internal Audit services and provide quality criteria against which performance of these services can be measured. APPLY TO ALL IA SERVICES
|
|
|
Assurance Services - AS (IIA)
|
- Assessment of evidence to provide opinion or conclusion
- Involves process owner, internal auditor, & the user |
|
|
Consulting Services (IIA)
|
- Advisory in nature, usually at request
- Involves internal auditor & client |
|
|
Attribute Standards - Organizations & Parties (1000-1300)
|
- Define purpose, authority, and responsibility of IA activity.
- Independence & objectivity - Proficiency & due care - Continuing professional development - Quality assurance & improvement program |
|
|
Performance Standards - Activities, Quality, Measurement (2000-2600)
|
* Managing IA activity – planning, communication & approval, resource management, coordination, policies
* Nature of work – improve risk management, control and governance * Engagement planning – consider risk & control; objectives (criteria); scope; resource allocation; & work program * Performing – identifying suff., rel., rel., useful info; appropriate analysis & evaluation; documenting ; supervision * Communicating results – criteria e.g. opinion, conclusion, as appropriate; quality, e.g.,accurate, objective, clear; noncompliance w/ stds; dissemination * Monitoring progress (follow-up) * Management’s acceptance of risks |
|
|
Purpose of IIA's Position Papers
|
1. To assist a wide range of parties, including those not in the internal audit profession
2. Intended to assist in understanding significant governance, risk or control issues 3. Delineating related roles and responsibilities of internal auditing |
|
|
Two (IIA) Position Papers
|
1. The Role of Internal Auditing in Enterprise-wide Risk Management
2. The Role of Internal Auditing in Resourcing the Internal Auditing Activity |
|
|
Purpose of IIA Practice Advisories
|
* Assist internal auditors in applying the IA Definition, the Code of Ethics and the Standards, and promote good practices
* Address IA’s approach, methodologies, and considerations, but do not give detailed processes or procedures * Include practices related to international, country, or industry-specific issues; specific types of engagements; and legal/regulatory issues * Scope of practice advisories was narrowed in 2009, with the content that addresses tools or techniques moved to the Practice Guides element |
|
|
How many and what kind of IIA Practice Advisories have bene issued?
|
About 20 attribute-related and 40 performance-related PAs
|
|
|
Practice Advisories Related to Attribute Standards (AS) (IIA)
|
1. Internal Audit Charter
2. Organizational Independence 3. Individual Objectivity 4. Impairment to Independence or Objectivity 5. Quality Assurance and Improvement 6. Use of “Conforms with ISPPIA” |
|
|
Practice Advisories Related to Performance Standards (PS) (IIA)
|
1. Linking the Audit Plan to Risk and Exposure
2. Reporting to Senior Management and the Board 3. Assessing the Adequacy of Control Processes 4. Risk Assessment in Audit Planning |
|
|
IIA Practice Guides
|
Provide detailed guidance for conducting internal audit activities and include detailed processes and procedures, such as tools and techniques, programs, and step-by-step approaches, including examples of deliverables.
|
|
|
How many Practice Guides (IIA) have been issued?
|
13
|
|
|
What is a GTAG?
|
Global Tehnology Audit Guide (IIA)
|
|
|
How many GTAG's have been issued?
|
16
|
|
|
GTAG Examples (IIA)
|
* Information Technology Controls
* Continuous Auditing * Auditing Application Controls * Developing the IT Audit Plan |
|
|
Who must follow GAGAS?
|
Fed IGs, nonfederal auditors on federal audits, CFO Act auditors, Single Audit Act auditors, others required by law, regulation or other requirement.
|
|
|
GAGAS use of "must"
|
Unconditional Requirement
|
|
|
GAGAS use of "should"
|
Presumptively Mandatory
|
|
|
GAGAS use of "may", "might", and "could"
|
Explanatory, descriptive
|
|
|
What are GAGAS General Standards?
|
1. Independence*—personal*, external and organizational impairments
2. Professional judgment 3. Competence 4. Quality control & assurance |
|
|
Personal Independence Impairments (GAGAS)
|
* Relationships, fin interests, biases, etc.
* Non-audit services—two overarching principles & “safeguards” (clarified in 2007 revision) * Conceptual framework added in 2011 |
|
|
Organizational Independence Impairments (GAGAS)
|
Reporting externally—presumptive criteria, other
Reporting internally--criteria |
|
|
Types of Audits (GAGAS)
|
Finanical
Performance Attestation |
|
|
What are GAGAS Financial Audits?
|
principally whether FS’s are fairly presented
also, “special reports,” e.g. OCBOA, Single Audit |
|
|
What are GAGAS Attestation Engagements?
|
involves “assertions” by mgmt. (examples?)
|
|
|
Other standards that GAGAS Financial Audits are performed under
|
AICPA’s GAAS/SAS’s
|
|
|
Other standards that GAGAS Attestation Enagagements are performed under
|
AICPA’s SSAE’s
|
|
|
What are GAGAS Performance Audits?
|
E & E, or program effectiveness
Can focus on I/C, compliance, prospective issues |
|
|
Types of GAGAS Standards
|
1. General Standards for all audits/engagements
2. Field Work Standards for Financial Audits 3. Reporting Standards for Financial Audits 4. General, Field Work and Reporting for Attestation Engagements 5. Field Work Standards for Performance Audits 6. Reporting Standards for Performance Audits |
|
|
Two ways to report GAGAS compliance
|
1. Unmodified - audit was in accordance
2. Modified - some standards were not followed |
|
|
Generally Accepted Audit Standards (GAAS) by the AICPA
|
General(3), *fieldwork(3), & *reporting(4)
Statements of Audit Standards (SAS), codified annually, provide interpretation |
|
|
GAGAS Fieldwork Standards – Financial Audits
|
Incorporate GAAS for
(1) planning (supervision), (2) understanding I/C’s, & (3) evidence—sufficient, competent GAGAS* adds (1) communication, (2) audit follow-up (3) material misstatements—from violations of G’s/K’s, abuse (4) developing finding elements, & (5) audit documentation. |
|
|
Additional considerations” in in Government: Materiality and Early Communication (GAGAS)
|
* Materiality may be set lower in government
* Early communication allows prompt corrective action |
|
|
The Role of Management Assertions in Considering I/C’s (GAGAS)
|
Management assertions
- existence or occurrence - completeness - rights & obligations - valuation & allocation - presentation & disclosure |
|
|
GAGAS Reporting Standards – Financial Audits
|
Per GAAS,
(1) GAAP (2) consistency, (3) disclosures and (4) opinion/discl. Add-ons (1) GAGAS, (2) req. reptg on I/C & compliance w/ laws, regs., K’s & G’s (3)*I/C, F & IAs, non-compliance (4) views of mgmt, (5) privileged or confidential info and (6) report distribution *(AICPA, elements-finding) |
|
|
Components of Financial Statement Audit Reports
|
1. Auditor’s opinion
2. Internal control (A “management letter” can also be used.) 3. Compliance |
|
|
Attestation Standards
|
1. AICPA General & Field Work
2. Field Work Standards in GAGAS (Auditor communication, previous audits/engagements, internal control, FWA, elements of findings, documentation) 3. Reporting Standards in GAGAS (Compliance w/ GAGAS, I/C & FWA, mgmt views, priv/conf info, issue/distribution) |
|
|
GAGAS Fieldwork Standards – Performance Audits
|
1. Planning
2. Supervision 3. Evidence 4. Audit Documentation |
|
|
GAGAS Reporting Standards – Performance Audits
|
Form – appropriate, retrievable
Contents Quality Issuance & Distribution |
|
|
What are the contents of an audit report?
GAGAS Reporting Standard - Performance Audit |
O,S & M,
findings (“elements”, I/C deficiencies, fraud & illegal acts), conclusions, recommendations, GAGAS statement, compliance, views of management, privileged/confidential data |
|
|
What are the quality standards for a GAGAS Performance Audit?
|
timely,
complete, accurate, objective, convincing, clear, concise |
|
|
Differences between GAO and IIA Standards (12)
|
1. “Consulting”
2. Independence 3. Performing Non-audit Work 4. Reviewing ethics programs 5. Risk assessment for overall planning 6. External quality assurance 7. Quality assurance systems 8. Reporting compliance with standards 9. Referencing the standards 10. Fraud 11. Follow-up on previous audits 12. CPE’s |
|
|
What is INTOSAI?
|
International Organization of Supreme Audit Institutions
* professional organization of SAI’s in countries belonging to UN |
|
|
What are the INTOSAI publications?
|
1. Auditing Standards
2. Guidelines for Internal Control Standards |
|
|
INTOSAI Framework
|
1. Founding Principles
2. Codes for SAIs 3. Fundamental Audit Principles (includes audit standards) 4. Audit Guidelines (voluminous) - Financial - Performance - Compliance |
|
|
INTOSAI Structure of Auditing Standards
|
Basic Principles
General Standards Field Standards Reporting Standards |
|
|
INTOSAI’s Basic Principles
|
1. Comply w/ standards where material
2. SAI applies judgment 3. Need for accountability 4. Adequate information, control, evaluating, & reporting (management) 5. Accounting stds/performance targets 6. Fair presentation—position, results 7. Adequate i/c minimizes risks of errors & irregularities 8. Legislative enactments should facilitate auditors’ access to records 9. All audit activities should be within SAI’s audit mandate 10. Work on validity of performance measures |
|
|
INTOSAI’s View of Full Scope of Government Auditing
|
1. Regularity audits - Financial accountability, systems, i/c, other
2. Performance audits - Economy, efficiency, effectiveness |
|
|
INTOSAI’s General Standards: Auditor & Audit Organization
|
1. Recruiting qualified personnel
2. Development & training 3. Manuals, guidance to conduct audits 4. Skills, experience, sufficient numbers, proper planning & supervision 5. Review of SAI’s standards, procedures (i. e., quality assurance) |
|
|
INTOSAI’s General Standards IDs standards w/ Ethical Significance
|
* Independence
* Avoiding Conflicts of Interest * Competence (e.g. full range of up-to date audit methodologies, including systems-based techniques, analytical review, statistics, & automation) * Due Care |
|
|
INTOSAI’s Field Standards
|
1. Planning
2. Supervision & Review 3. Study & Evaluation of I/C 4. Compliance with Applicable Laws, Regs 5. Audit Evidence: competent, relevant, reasonable, techniques/procedures, wp 6. Analysis of Financial Statements: In regularity audits and other, if applicable |
|
|
INTOSAI’s Reporting Standards
|
* Not possible to lay down a rule for reporting for every situation (judgment)
* For “regularity” audits, an opinion and other remarks, e.g. compliance, control, fraud, maybe budgetary execution * For “performance” audits, reports vary considerably in scope and nature |
|
|
INTOSAI’s Two Reporting Standards
|
1. Written opinion or report—clear; supported by evidence; independent; objective, fair & constructive
- Principles for form and content - 4 Types of opinions on FSs 2. SAI needs to decide on final action in cases of fraud or serious irregularity |
|
|
INTOSAI Reporting on Compliance in Regularity Audits
|
Address consideration of compliance with relevant laws, regulations, and report:
* Positive assurance where tested, * Negative assurance where not tested. |
|
|
INTOSAI Reporting on Compliance in Performance Audits
|
Address compliance where pertinent to the audit objectives, and report significant instances of non-compliance
|
|
|
What is IFAC?
|
International Federation of Accountants
Worldwide organization for accounting profession. |
|
|
What is IAASB?
|
IFAC’s International Auditing & Assurance Standards Board (IAASB) issues auditing & assurance standards
|
|
|
What has been IFAC’s Impact on Government Audits?
|
1. SAIs or other bodies appointed may be required to audit FSs in public sector.
2. When an audit opinion is to be expressed on FSs, the same audit principles apply, regardless of entity 3. In past, basics supplemented/clarified in PSPs, being eliminated. (PSPs did not apply to unique compliance, i/c, e-e-e in govt audits.) |
|
|
IFAC: International Framework for Assurance Engagements
|
1. IFAC Code of Ethics
2. International Standards on Quality Control 3. Audits and Reviews of Historical Financial Information (includes International Standards of Auditing, ISAs) 4. Assurance Engagements Other Than Audits and Reviews of Historical Financial Information (includes International Standards on Assurance Engagements, ISAEs) |
|
|
Description of IFAC Assurance Engagements
|
1. Designed to enhance confidence—two types are “reasonable” (positive) &”limited” (neg.)
2. Excludes certain engagement, e.g. taxes, consluting 3. ISAs, ISAE’s, ISRE’s are applied under this “framework” and provide the principles, etc. - IFAC’s acceptance characteristics include ethics, suitable criteria, access to evidence 4. Elements: 3-party relationship (practitioner, responsible party, users); appropriate subject matter; suitable criteria; sufficient, appropriate evidence; written report |
|
|
Are IFAC International Standards on Auditing (ISA's) applicable to performance audits?
|
No
|
|
|
What is Governance in the Public Sector?
|
Accountability
Standard setting Ethics/Code of Conduct Public Scrutiny Elected or appointed officials |
|
|
What is Accountability as it relates to governance?
|
1. Foundation of democracy
2. Exercise of authority, direction & control 3. Elements include: Performance budgeting & reporting, Financial reporting, audits, evaluations, Open government 4. Drucker explained why important, e.g. no PM capacity, involuntary resources, etc. |
|
|
What is the role of auditing in Accountability?
|
Accuracy & completeness of records
Compliance Goal accomplishment, E & E, safeguarding Should not be seen as only a negative. |
|
|
Four Levels of Ethics/Code of Conduct in Governance
|
1. Personal morality
2. Professional ethics 3. Organizational ethics 4. Social ethics |
|
|
Concept of Public Scrutiny in Governance
|
1. Open government laws, e.g., access to records, public meetings
2. Due process considerations 3. Affects government practices regarding: Agency responsibilities, Customer/client privacy, Elected /appointed officials, and Audit process |
|
|
What is the role of auditing in Governance?
|
1. Part of foundation of trust
2. Access to information not available to the public creates audit responsibilities 3. Sensitivity to misuse of information from computer systems 4. Auditors’ responsibilities for returning/destroying sensitive info |
|
|
What is the Audit Committee's Role in Governance?
|
1. Critical element of control environment
2. Assures independence of IA. 3. Assures appropriate action on rec.s 4. Links internal & external auditors 5. Members should be independent 6. Formal, written charter (or equivalent) 7. Auth., respons., meetings, maybe in law? |
|
|
Risk/Control Framework: Definition of Internal Control
|
I/C defined as a process effected by an entity’s board of directors, management, and other personnel designed to provide reasonable assurance for three categories of objectives:
* operations * financial reporting * compliance. |
|
|
AICPA’s Five Interrelated Components of I/C
|
1. control environment
2. risk assessment 3. information & communication 4. control activities 5. monitoring |
|
|
Two Primary I/C Frameworks
|
1. COSO’s conceptual framework widely accepted
* private sector initiative in 1980’s to address fraudulent financial reporting * AICPA, AAA,FEI, IIA, IMA formed COSO 2. CICA’s IC Framework Evolution |
|
|
According to COSO - Two Goals of Risk and Control
|
1. Common definition
2. A standard for measurement |
|
|
Views on Risk and Control According to COSO
|
- I/C is a “tool,” not a substitute for mgmt.
- I/C has limitations - Key words—process, people (carry it out), reasonable assurance, achievement of objectives |
|
|
COSO's ERM Described
|
A process, effected by an entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding achievement of entity objectives.
|
|
|
Four ERM Categories (COSO)
|
1. Strategic
2. Operations 3. Reporting 4. Compliance |
|
|
What are the two components of the IIA's Code of Ethics?
|
Principles & Rules of Conduct
|
|
|
What are the four principles of the IIA's Code of Ethics?
|
Integrity
Objectivity Confidentiality Competency |
|
|
What is CICA?
|
Canadian Institute iof Chartered Accountants
|
|
|
According to CICA's Risk/Control Framework, what are the six board responsibilities?
|
1) Ethics &
2) Mission, vision & strategy 3) External communication & 4) sr. mgmt. 5) Control systems & 6) bd. effectiveness |
|
|
What are the three objectives of CICA's Risk/Control Framework?
|
Effectiveness & efficiency
Reliability of internal and external reporting Compliance |
|
|
According to COSO, what is the auditors role in ERM?
|
Assurance on processes
Assurance that risk are properly assessed |
|
|
According to COSO, what shoudl auditors NOT undertake in ERM?
|
Setting the Risk Appetite
|
|
|
What are COSO's eighth ERM Sub-components?
|
Internal environment
Objective setting Event identification Risk assessment Risk response Control activities Information and communication Monitoring |
|
|
What are the IIA's Rules of Conduct for Integrity?
|
honesty, diligence, responsibility, observe law, no illegal or discreditable act, respect for ethics
|
|
|
What are the IIA's Rules of Conduct for Objectivity?
|
relationships/activities/gifts that are/appear to bias--avoid. Disclose.
|
|
|
What are the IIA's Rules of Conduct for Confidentiality?
|
prudent use of info, not to be used for personal gain or illegally
|
|
|
What are the IIA's Rules of Conduct for Competency?
|
Have KSE, follow ISPPIA, improve proficiency/efficiency
|
|
|
What ar the four key words in INTOSAI's Code of Ethics?
|
Integrity
Independence/objectivity/impartiality Professional Secrecy Competence |
|
|
What are the principles of IFAC's Code of Ethics for Public Accountants?
|
Integrity
Objectivity Professional Competence & Due Care Confidentiality Professional Behavior Technical Standards |
|
|
What are the GAGAS Ethical Principles?
|
The public interest
Integrity Objectivity Proper use of government information, resources, and position Professional behavior |
