Navigate to... Select a page
Show
Performance Standards describe the nature of internal audit activities and provide criteria against which the performance of these services can be evaluated. Learn about our partnersWe are continually searching for innovative products and services to enhance our members' ability to meet their rising stakeholder demands. Introduction.01 This standard establishes requirements regarding planning an audit. Objective.02 The objective of the auditor is to plan the audit so that the audit is conducted effectively. Responsibility of the Engagement Partner for Planning.03 The engagement partner1 is responsible for the engagement and its performance. Accordingly, the engagement partner is responsible for planning the audit and may seek assistance from appropriate engagement team members in fulfilling this responsibility. Engagement team members who assist the engagement partner with audit planning also should comply with the relevant requirements in this standard. Planning an Audit.04 The auditor should properly plan the audit. This standard describes the auditor's responsibilities for properly planning the audit.2 .05 Planning the audit includes establishing the overall audit strategy for the engagement and developing an audit plan, which includes, in particular, planned risk assessment procedures and planned responses to the risks of material misstatement. Planning is not a discrete phase of an audit but, rather, a continual and iterative process that might begin shortly after (or in connection with) the completion of the previous audit and continues until the completion of the current audit. Preliminary Engagement Activities.06 The auditor should perform the following activities at the beginning of the audit:
Planning Activities.07 The nature and extent of planning activities that are necessary depend on the size and complexity of the company, the auditor's previous experience with the company, and changes in circumstances that occur during the audit. When developing the audit strategy and audit plan, as discussed in paragraphs .08-.10, the auditor should evaluate whether the following matters are important to the company's financial statements and internal control over financial reporting and, if so, how they will affect the auditor's procedures:
Audit Strategy.08 The auditor should establish an overall audit strategy that sets the scope, timing, and direction of the audit and guides the development of the audit plan. .09 In establishing the overall audit strategy, the auditor should take into account:
Audit Plan.10 The auditor should develop and document an audit plan that includes a description of:
Multi-location Engagements.11 In an audit of the financial statements of a company with operations in multiple locations or business units,13 the auditor should determine the extent to which audit procedures should be performed at selected locations or business units to obtain sufficient appropriate evidence to obtain reasonable assurance about whether the consolidated financial statements are free of material misstatement. This includes determining the locations or business units at which to perform audit procedures, as well as the nature, timing, and extent of the procedures to be performed at those individual locations or business units. The auditor should assess the risks of material misstatement to the consolidated financial statements associated with the location or business unit and correlate the amount of audit attention devoted to the location or business unit with the degree of risk of material misstatement associated with that location or business unit. .12 Factors that are relevant to the assessment of the risks of material misstatement associated with a particular location or business unit and the determination of the necessary audit procedures include:
.13 In determining the locations or business units at which to perform audit procedures, the auditor may take into account relevant activities performed by internal audit, as described in AS 2605, Consideration of the Internal Audit Function, or others, as described in AS 2201. AS 2605 and AS 2201 establish requirements regarding using the work of internal audit and others, respectively. .14 AS 1205, Part of the Audit Performed by Other Independent Auditors, describes the auditor's responsibilities regarding using the work and reports of other independent auditors who audit the financial statements of one or more of the locations or business units that are included in the consolidated financial statements.18 In those situations, the auditor should perform the procedures in paragraphs .11-.13 of this standard to determine the locations or business units at which audit procedures should be performed. Changes During the Course of the Audit.15 The auditor should modify the overall audit strategy and the audit plan as necessary if circumstances change significantly during the course of the audit, including changes due to a revised assessment of the risks of material misstatement or the discovery of a previously unidentified risk of material misstatement. Persons with Specialized Skill or Knowledge.16 The auditor should determine whether specialized skill or knowledge is needed to perform appropriate risk assessments, plan or perform audit procedures, or evaluate audit results. .17 If a person with specialized skill or knowledge employed or engaged by the auditor participates in the audit, the auditor should have sufficient knowledge of the subject matter to be addressed by such a person to enable the auditor to:
Additional Considerations in Initial Audits.18 The auditor should undertake the following activities before starting an initial audit:
.19 The purpose and objective of planning the audit are the same for an initial audit or a recurring audit engagement. However, for an initial audit, the auditor should determine the additional planning activities necessary to establish an appropriate audit strategy and audit plan, including determining the audit procedures necessary to obtain sufficient appropriate audit evidence regarding the opening balances.19 Appendix A - Definition.A1 For purposes of this standard, the term listed below is defined as follows: .A2 Engagement partner - The member of the engagement team with primary responsibility for the audit. What is the most important reason for an organization to use enterprise risk management?Having an ERM strategy in place allows a business to stay one step ahead of the risks that threaten its operations now and in the future. This is a crucial part of becoming resilient because the goal in times of adversity is to sustain business operations.
How does COSO define strategy and business objectives?How does COSO define strategy and business objectives? Strategy = The organization's plan to achieve its mission and vision and apply its core values. Business objectives = Those measurable steps the organization takes to achieve its strategy.
Which one of the following activities is designed to provide feedback on the effectiveness of an internal audit department?Internal Audit Activity's Role in Governance, Risk, & Control. What is the purpose of strategic risk management?Strategic risk management is the process of identifying, quantifying, and mitigating any risk that affects or is inherent in a company's business strategy, strategic objectives, and strategy execution. These risks may include: Shifts in consumer demand and preferences.
|