The Case Western Reserve’s Board of Trustees and management place assets at risk to achieve established priorities and goals. A key function of the Office of Internal Audit Services is to understand, audit, and report to management and the Board of Trustees how that risk is being managed. Knowing what areas to audit and where to commit resources is an integral part of
managing the internal audit function. To identify areas of potential risk, each year the Office of Internal Audit Services performs a thorough risk assessment of all university management centers, operating units, and significant departments. From this assessment, an Audit Plan is developed and presented to the Audit Committee for approval. The plan addresses high-risk areas as well as allocates time for special ad-hoc projects. In intervening years, the risk assessment is updated
through data analysis and interviews with senior executives across the university. If necessary, the audit plan is adjusted for any changes to the university's risk assessment. We believe that the university is best served if the Audit Plan is a dynamic document that continually adjusts to changes in the environment. Therefore, if your management center or department has a need for our services, please contact us. Depending on the relative risk associated to your need and the amount
of time necessary to fulfill your request, the Office of Internal Audit Services will communicate what level of assistance we will be able to provide. At a minimum, we will be available to offer guidance and advice throughout any project you perform on your own. In most cases, expect to receive notification when you or your department is to be audited. The auditor will review prior audits in your area and professional literature. The auditor will also research applicable policies and statutes and prepare a basic audit program to
follow. The Office of Internal Audit Services will notify the appropriate department or department personnel regarding the upcoming audit and its purpose, at which time an opening meeting will be scheduled. This meeting will include management and any administrative personnel involved in the audit. The audit's purpose and objective will be discussed as well as the audit program. The audit program may be adjusted based on
information obtained during this meeting. This step includes the testing to be performed as well as interviews with appropriate department personnel. After the fieldwork is completed, a report is drafted. The report includes such areas as the objective and scope of the audit, relevant background, and the findings and recommendations for correction or improvement. Step 6: Management ResponseA draft audit report will be submitted to the management of the audited area for their review and responses to the recommendations. Management responses should include their action plan for correction. Step 7: Closing MeetingThis meeting is held with department management. The audit report and management responses will be reviewed and discussed. This is the time for questions and clarifications. Results of other audit procedures not discussed in the final report will be communicated at this meeting. Step 8: Final Audit Report DistributionAfter the closing meeting, the final audit report with management responses is distributed to department personnel involved in the audit, the President, Provost, and Chief Financial Officer, and CWRU’s external accounting firm. Step 9: Follow-upApproximately six months after the audit report is issued, the Office of Internal Audit Services will perform a follow-up review. The purpose of this review is to conclude whether or not the corrective actions were implemented.
CAS 500.6 The auditor shall design and perform audit procedures that are appropriate in the circumstances for the purpose of obtaining sufficient appropriate audit evidence. (Ref: Para. A5-A29) CAS 500.A6 Most of the auditor’s work in forming the auditor’s opinion consists of obtaining and evaluating audit evidence. Audit procedures to obtain audit evidence can include inspection, observation, confirmation, recalculation, reperformance and analytical procedures, often in some combination, in addition to inquiry. Although inquiry may provide important audit evidence, and may even produce evidence of a misstatement, inquiry alone ordinarily does not provide sufficient audit evidence of the absence of a material misstatement at the assertion level, nor of the operating effectiveness of controls. CAS 500.A7 As explained in CAS 200, reasonable assurance is obtained when the auditor has obtained sufficient appropriate audit evidence to reduce audit risk (that is, the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated) to an acceptably low level. Sources of Audit Evidence CAS 500.A11 Some audit evidence is obtained by performing audit procedures to test the accounting records, for example, through analysis and review, reperforming procedures followed in the financial reporting process, and reconciling related types and applications of the same information. Through the performance of such audit procedures, the auditor may determine that the accounting records are internally consistent and agree to the financial statements. CAS 500.A12 More assurance is ordinarily obtained from consistent audit evidence obtained from different sources or of a different nature than from items of audit evidence considered individually. For example, corroborating information obtained from a source independent of the entity may increase the assurance the auditor obtains from audit evidence that is generated internally, such as evidence existing within the accounting records, minutes of meetings, or a management representation. CAS 500.A13 Information from sources independent of the entity that the auditor may use as audit evidence may include confirmations from third parties, and information from an external information source, including analysts’ reports, and comparable data about competitors (benchmarking data). CAS 500.A14 As required by, and explained further in, CAS 315 and CAS 330, audit evidence to draw reasonable conclusions on which to base the auditor’s opinion is obtained by performing: (a) Risk assessment procedures; and (b) Further audit procedures, which comprise: (i) Tests of controls, when required by the CASs or when the auditor has chosen to do so; and (ii) Substantive procedures, including tests of details and substantive analytical procedures. CAS 500.A15 The audit procedures described in paragraphs A18-A29 below may be used as risk assessment procedures, tests of controls or substantive procedures, depending on the context in which they are applied by the auditor. As explained in CAS 330, audit evidence obtained from previous audits may, in certain circumstances, provide appropriate audit evidence where the auditor performs audit procedures to establish its continuing relevance. CAS 500.A16 The nature and timing of the audit procedures to be used may be affected by the fact that some of the accounting data and other information may be available only in electronic form or only at certain points or periods in time. For example, source documents, such as purchase orders and invoices, may exist only in electronic form when an entity uses electronic commerce, or may be discarded after scanning when an entity uses image processing systems to facilitate storage and reference. CAS 500.A17 Certain electronic information may not be retrievable after a specified period of time, for example, if files are changed and if backup files do not exist. Accordingly, the auditor may find it necessary as a result of an entity’s data retention policies to request retention of some information for the auditor’s review or to perform audit procedures at a time when the information is available. CAS 500.A18 Inspection involves examining records or documents, whether internal or external, in paper form, electronic form, or other media, or a physical examination of an asset. Inspection of records and documents provides audit evidence of varying degrees of reliability, depending on their nature and source and, in the case of internal records and documents, on the effectiveness of the controls over their production. An example of inspection used as a test of controls is inspection of records for evidence of authorization. CAS 500.A19 Some documents represent direct audit evidence of the existence of an asset, for example, a document constituting a financial instrument such as a stock or bond. Inspection of such documents may not necessarily provide audit evidence about ownership or value. In addition, inspecting an executed contract may provide audit evidence relevant to the entity’s application of accounting policies, such as revenue recognition. CAS 500.A20 Inspection of tangible assets may provide reliable audit evidence with respect to their existence, but not necessarily about the entity’s rights and obligations or the valuation of the assets. Inspection of individual inventory items may accompany the observation of inventory counting. CAS 500.A21 Observation consists of looking at a process or procedure being performed by others, for example, the auditor’s observation of inventory counting by the entity’s personnel, or of the performance of controls. Observation provides audit evidence about the performance of a process or procedure, but is limited to the point in time at which the observation takes place, and by the fact that the act of being observed may affect how the process or procedure is performed. See CAS 501 for further guidance on observation of the counting of inventory. CAS 500.A22 An external confirmation represents audit evidence obtained by the auditor as a direct written response to the auditor from a third party (the confirming party), in paper form, or by electronic or other medium. External confirmation procedures frequently are relevant when addressing assertions associated with certain account balances and their elements. However, external confirmations need not be restricted to account balances only. For example, the auditor may request confirmation of the terms of agreements or transactions an entity has with third parties; the confirmation request may be designed to ask if any modifications have been made to the agreement and, if so, what the relevant details are. External confirmation procedures also are used to obtain audit evidence about the absence of certain conditions, for example, the absence of a “side agreement” that may influence revenue recognition. See CAS 505 for further guidance. CAS 500.A23 Recalculation consists of checking the mathematical accuracy of documents or records. Recalculation may be performed manually or electronically. CAS 500.A24 Reperformance involves the auditor’s independent execution of procedures or controls that were originally performed as part of the entity’s internal control. CAS 500.A25 Analytical procedures consist of evaluations of financial information through analysis of plausible relationships among both financial and non-financial data. Analytical procedures also encompass such investigation as is necessary of identified fluctuations or relationships that are inconsistent with other relevant information or that differ from expected values by a significant amount. See CAS 520 for further guidance. CAS 500.A26 Inquiry consists of seeking information of knowledgeable persons, both financial and non-financial, within the entity or outside the entity. Inquiry is used extensively throughout the audit in addition to other audit procedures. Inquiries may range from formal written inquiries to informal oral inquiries. Evaluating responses to inquiries is an integral part of the inquiry process. CAS 500.A27 Responses to inquiries may provide the auditor with information not previously possessed or with corroborative audit evidence. Alternatively, responses might provide information that differs significantly from other information that the auditor has obtained, for example, information regarding the possibility of management override of controls. In some cases, responses to inquiries provide a basis for the auditor to modify or perform additional audit procedures. CAS 500.A28 Although corroboration of evidence obtained through inquiry is often of particular importance, in the case of inquiries about management intent, the information available to support management’s intent may be limited. In these cases, understanding management’s past history of carrying out its stated intentions, management’s stated reasons for choosing a particular course of action, and management’s ability to pursue a specific course of action may provide relevant information to corroborate the evidence obtained through inquiry. CAS 500.A29 In respect of some matters, the auditor may consider it necessary to obtain written representations from management and, where appropriate, those charged with governance to confirm responses to oral inquiries. See CAS 580 for further guidance. Obtaining Evidence CSAE 3001.53R Based on the practitioner’s understanding (see paragraph 51R) the practitioner shall: (Ref: Para. A110-A114) (a) Identify and assess the risks of significant deviation; and (b) Design and perform procedures to respond to the assessed risks and to obtain reasonable assurance to support the practitioner’s conclusion. In addition to any other procedures on the underlying subject matter that are appropriate in the engagement circumstances, the practitioner’s procedures shall include obtaining sufficient appropriate evidence as to the operating effectiveness of relevant controls over the underlying subject matter when: (i) The practitioner intends to rely on the operating effectiveness of those controls in determining the nature, timing and extent of other procedures, or (ii) Procedures other than testing of controls cannot alone provide sufficient appropriate evidence. Revision of Risk Assessment in a Reasonable Assurance Engagement CSAE 3001.54R The practitioner’s assessment of the risks of significant deviation may change during the course of the engagement as additional evidence is obtained. In circumstances where the practitioner obtains evidence which is inconsistent with the evidence on which the practitioner originally based the assessment of the risks of significant deviation, the practitioner shall revise the assessment and modify the planned procedures accordingly. (Ref: Para. A114) The Nature, Timing and Extent of Procedures (Ref: Para. 53(L)–54(R)) CSAE 3001.A110 The practitioner chooses a combination of procedures to obtain reasonable assurance or limited assurance, as appropriate. The procedures listed below may be used, for example, for planning or performing the engagement, depending on the context in which they are applied by the practitioner:
CSAE 3001.A111 Factors that may affect the practitioner’s selection of procedures include the nature of the underlying subject matter; the level of assurance to be obtained; and the information needs of the intended users and the engaging party, including relevant time and cost constraints. CSAE 3001.A112 In some cases, a subject-matter-specific CSAE may include requirements that affect the nature, timing and extent of procedures. For example, a subject-matter-specific CSAE may describe the nature or extent of particular procedures to be performed or the level of assurance expected to be obtained in a particular type of engagement. Even in such cases, determining the exact nature, timing and extent of procedures is a matter of professional judgment and will vary from one engagement to the next. CSAE 3001.A113 In some engagements, the practitioner may not identify any areas where a significant deviation is likely to arise. Irrespective of whether any such areas have been identified, the practitioner designs and performs procedures to obtain a meaningful level of assurance. CSAE 3001.A114 An assurance engagement is an iterative process, and information may come to the practitioner’s attention that differs significantly from that on which the determination of planned procedures was based. As the practitioner performs planned procedures, the evidence obtained may cause the practitioner to perform additional procedures. What factors would you consider before accepting the audit engagement?Assuming independence and requisite technical abilities, the pre- acceptance evaluation of a prospective audit engagement normally focuses on three factors: 1) personal integrity of the prospective client's management and principals, 2) presence of circumstances pointing towards unusual risks in the engagement or ...
What factors should be considered while preparing an audit procedure?Factors Affecting Audit Planning
Size of the company and nature of its operations. Accounting system, internal control and adherence to standard. Environment in which the company operates. Knowledge of client's business.
What activities does the auditor perform during the initial phase of the audit engagement?Planning an Audit. Preliminary Engagement Activities. The auditor should perform the following activities at the beginning of the audit:. Planning Activities. ... . Audit Strategy. ... . Audit Plan. ... . Multi-location Engagements. ... . Changes During the Course of the Audit. ... . Persons with Specialized Skill or Knowledge.. What are the factors to be considered by the auditor when determining the need to use work of an expert?The competence, capabilities and objectivity of an auditor's expert are factors that significantly affect whether the work of the auditor's expert will be adequate for the auditor's purposes.
|
What factors are considered in the selection of audit procedures to be performed in an audit engagement?
zusammenhängende Posts
Urheberrechte © © 2024 decemle Inc.
