4. Definition of Internal Auditing
Internal Auditing is an independent,
objective assurance, and consulting activity
designed to add value and improve an
organization’s operations.
Internal Auditing helps an organization
accomplish its objectives to evaluate and improve
the effectiveness of risk management, control,
and governance processes
6. Roles of Internal Auditors
Role Appropriate Inappropriate
Provide management with assurance about
the design and functioning of controls.
Serve as an internal control advisor to the
organization.
Lead system implement projects.
Guarantee that controls are designed
appropriately.
Help to revise policies and procedures
8. Examples : Audit Model Steps
Audit Model Stage Steps
Planning • Review documentation and data
• Conduct interviews
• Assess risks
• Define control objectives
• Plan to audit work
Performing • Process Flowchart
• Conduct walkthroughs
• Testing
• Document test results
Communicating • Report on finding and make recommendations.
• Render an overall opinion
• Solicit management action plans
9. Examples : Audit Model Steps (Cont.)
Audit Model Stage Steps
Monitoring • Monitor the implementation of action plan
Quality Assurance • Survey audit customer
• Conduct supervisor reviews
• Conduct internal assessment
10. Audit Planning
IPPF Mandatory Guidance
2200-Engagement Planning:
“Internal auditors should develop and record a
plan for each engagement.”
11. Audit Planning : Introduction
Overview
This unit covers the following topics :
• Audit Project Planning
• The opening meeting
Objective :
To identify the components of an audit project plan.
12. Considerations of Audit Project Plan
Consideration
• The objectives of the activity being reviewed.
• The significant risks to the activity.
• The adequacy and effectiveness of the activity’s
risk-management and control systems.
• Opportunities for making significant
improvement to the activity’s risk-management
and control systems.
• Audit customer constaints and availability.
14. Planning Audit Projects
Stages Actions
Understanding of the activity
being audited.
• Preliminary survey to determine the objectives,
system, apparent risk.
• Discussion with audit customer.
• Interviews with individuals affected by the
activity.
• Review of management reports.
• Review of IA literature relevant to the activity.
• Onsite observations.
• Analytical Audit procedures.
Understanding of risks and
controls.
• Review or creation of process flowcharts.
• Review or creation of process narratives.
• Walkthroughs
• Document of risk and control.
15. Planning Audit Projects (Cont.)
Stages Actions
Project Planning • Development of audit programs
• Issuance of engagement letter to the audit
customer.
16. Audit Opening Meetings
Typical Objectives
• Define the overall objectives of the audit.
• Explain the audit process and the anticipated schedule.
• Introduce the team members.
• Explain your expectations for responses to information and data
requests (Appropriateness, Completeness, Timely response).
• Gain the audit customer ’s concurrence with your expectation.
Best Practices
• Set agenda
• Have the entire audit team present
• Aim to build rapport and trust
18. Interviewing : Introduction
Overview
This unit cover how to interviewing is used
within an audit as well as best practices for
conducting and documenting interviews.
Objectives
To identify the components of interviews.
19. Stages of an interview
Planning
Interviewing
Documenting
Following up
The advance work
The interview itself
The recording of information
The pursuit of related information and
the fulfillment of commitments to the
interviewee.
20. Best Practices for Planning Interviews
• Establish the purpose for interview.
• Communicate and share information with your
audit team.
• Send advance information:
▫ The interview’s purpose.
▫ The topics to be covered
▫ The documentation that the interviewee should
provide.
▫ The anticipated length of the interview.
• Make a list of the topics and related questions.
21. Best Practices for Planning Interviews (cont.)
• Decide type of documentation (note or tape
recording).
• Gather copies of pertinent reference documents
such as prior audit reports, flowchart, etc.
22. Best Practices for Conducting Interviews
Begin
• Notifying the interviewee how the interview
will be document.
• Checking for understand.
During
• Having a professional, sincere manner.
• Helping the interviewee stay on track.
• Seek permission to continue discussion, or
reschedule, if the interview is exceeding its
allotted time.
Close
• Asking a capstone question.
• Summarizing what the interview covered.
• Review commitments made.
• Informing the interviewee of the next steps.
• Thanking the interviewee.
• Leaving your contact information.
23. Cone System
Opening Question
Probing
Question
Closed
Question
Use the “Cone” system of questioning to structure your questions on each topic.
• Tell me about,
describe, explain,
etc.
Start with
an opening
questions
• Who? What? When?
Where? Why? How?
Continuing
with
probing
questions
• Do you?, Is it true
that?, Would you
say that? Etc.
Ending with
a confirm
questions
24. Interview Practices to Avoid
• Coming into the interview believing you are expert.
• Conveying a “gotcha” attitude.
• Asking closed questions except as the final step in
the “cone” system.
• Interrupting when the interviewee is speaking.
• Failing to critically assess or independently verify
information provided.
• Avoid using leading and double question.
25. Active Listening Skill
• Showing interest and giving verbal and non-
verbal feedback.
• Letting the interviewee respond fully without
interrupting.
• Respecting the interviewee’s responses.
• Maintaining appropriate eye contact.
26. Best Practices for Documenting Interviews.
• Develop your own note-taking system. Use abbreviations.
• Set up topic in your notes.
Before
• Put a question mark (?) in the margin if you need to clarify a
point.
During
• Reread your notes. Distinguish facts from the opinions or views
of the interviewee.
• Complete you notes, preferably within one hour of the
interview.
• Write sentence summary.
• List document provide by the interviewee.
• List document promised or commitments made by the
interviewee.
• Have someone else review the interview write-up
After
28. Introduction
Overview
This unit covers two forms of process
documentation : narratives and flowcharts.
Objective
To identify the common forms used during
process documentation.
29. Form in Process Documentation
• Narrative
1. Narratives are step-by-step, chronological
descriptions of process or activity, written in
sentences.
2. Narratives describe who has responsibility for
them.
3. Further, they may explain where the controls are
within the process activity.
30. Form in Process Documentation
• Flowchart
1. Flowcharts are graphic representations of the
chronology or steps within a process or activity.
2. Flowcharts may serve as procedures or work
instructions used by those within the audited
activity, or they may be created by the auditor.
• Basic Flowchart Shapes
Action Decision Document
31. Walkthroughs
Walkthroughs are designed to confirm or
validate process documentation and to identify gaps or
errors in the documentation.
Walkthroughs Type
1. A process walkthrough
2. A shadowing walkthrough
3. A transaction walkthrough
33. Introduction
Overview
This unit covers the way audit work programs
are typically developed and used.
Objectives
To identify the components of audit programs.
34. Tailoring Audit Programs
IPPF Mandatory Guidance
2240 : Engagement work program
Internal auditors must develop and document
work programs that achieve the engagement.
2240.A1
Work programs must include the procedures for
identifying, analyzing, evaluating, and
documenting information during the engagement.
The work program must be approves prior to its
implementation, and any adjustments approved
promptly.
35. Tailoring Audit Programs (cont.)
To development of audit programs, the auditor
must record conclusions about the control activity
as the following:
1. Is the control a key control?
2. Is the control adequately designed?
3. Will the control be test during audit?
4. Is the control operating as intended?
36. Tailoring Audit Programs (cont.)
General Activity
• Review the audit programs, if any, from prior
audits.
• Confirm the objectives of the activity with the
audit customer.
• Tailoring audit programs.
• Document supervisory approval
37. Audit Program Characteristics
• Indicate the relative priority of the work steps,
and allot time accordingly.
• Include positive and clear instructions in the
work steps.
• Incorporate flexibility, and permit auditor
initiative and judgment in deviating from
prescribed procedures.
• Include only what is needed to perform the audit
work
38. Audit Program Components
• Audit objective
• Audit scope
• Audit program test steps, with testing objective
for each test step.
40. Introduction
Overview
This unit covers emerging software tools for
automating the audit process.
Objective
To identify emerging tools that automate the
audit process.
41. Overall Considerations for Audit tools
• Which software, which version is appropriate for
your organization and your internal audit
activity?
• What are the system-implementation
considerations?
• Which tools will add the greatest efficiency?
• What fits your budget?
• What is the learning time, and what is the
availability of training?
42. Examples Tools
Activity Tools
Electronic Working Paper • Idea
• Team Mate (PWC)
Data analysis and Data Extraction • ACL
• Idea
• Microsoft Access
System Security • ACL
• Idea
• Tripwire
Continuous Monitoring Tools • SAP
Control Self Assessment Tools • Option Finder
Survey Tools • Zoomerang TM
• Survey Monkey
• Web Surveyor
44. Introduction
Overview
This unit covers the requirements for audit
evidence and the methodologies used to gather
that evidence.
Objective
To identify the methods for obtaining and
presenting audit evidence.
47. Sampling
“ Confidential level is high when sampling size is
large.”
• Statistic sampling : Mathematically
• Judgmental sampling : Base on Professional
assessment
• Random sampling : Every item in data set has an
equal chance of being selected
48. Testing
Attribute Testing
• An attribute is indicates a control is operating.
• A deviation is the absence of the desired attribute.
Variable Testing
• Variable testing is used to reach a conclusion,
expressed in units.
49. Documentation of Test Result
Section Content
Heading • Audit Title
• Audit Number
• Scope area
• Date on which working paper was completed
• Work paper no.
Objective • The Testing objective
Method • Sample selection method
• Testing Method
• Data source
Result • Detail result of the test
Summary • Summarized result
Conclusion • Testing conclusion reached on the testing objective
50. Documentation of Test Result (cont.)
Section Content
References • Cross References to related documents
Noted • Any additional explanations needs
Name • Auditor’s name
55. Best Practices for Exit Conferences
Purpose
1) To minimize misunderstandings.
2) To clarify the audit results.
3) To allow the audit customer to express their
opinion.
56. Best Practices for Exit Conferences
(cont.)
Best Practices
1) Ensure that the right people attend.
2) Provide the necessary document.
3) Set agenda and manage the meeting.
4) Explore an resolve as many issues as possible.
5) Provide clear messages.
6) Thank the audit customer for cooperation.
7) Hold a post-meeting debriefing with the audit
team.
59. Best Practices for Monitoring
• Decide on what to monitor based on risk
• Be open to management requests for consulting
related to closing issues
• Make management responsible for updating
progress made, with internal audit responsible
for verification that issues are closed.