Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Risk Based Audit Planning

    Hochgeladen von

    harmandian
    4K Ansichten18 Seiten

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    XLS, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als XLS, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    4K Ansichten18 Seiten

    Risk Based Audit Planning

    Hochgeladen von

    harmandian

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als XLS, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 18

    Audit Program for Creating a Risk Based Audit Plan

    AUDIT PROCEDURES Ref.

    Evaluate risks existing within the organization


    1. Likelihood of risk occurring
    2. Significance of the risk related to the organization

    Risk-based auditing begins by reviewing the organizational objectives, then


    considers the risks that impact on the achievement of those objectives, and
    examines the methodologies in place to mitigate those risks.

    Risks can be avoided, shared, or transferred rather than controlled. Risk-based


    auditing also explicitly accepts that there will always be some risk that must be
    accepted; but the acceptable amount must be kept within the limits established by
    the Board and management.

    Audit Services identifies risk factors and evaluates them. The evaluation of risk
    factors includes, but is not limited to, discussions with management, observations
    made during previous audits, and the past history of the unit. Some examples of risk
    factors are:

    Example 1 of Risk Factors


    Size of the unit
    Recent changes in accounting or administrative systems
    Complexity of operations
    Liquidity of assets
    Recent changes in key personnel
    Economic condition of the unit
    Rapid growth or decline of the unit’s personnel
    Time since last audit
    Pressure on management to meet objectives
    Level of employees’ moral

    Example 2 of Risk Factors

    the date and results of the last audit


    financial exposure
    potential loss and risk
    requests by management
    major changes in operations, programs, systems and controls
    opportunities to achieve operating benefits
    changes to and capabilities of audit staff.

    Example 3 of Risk Factors


    A. Financial Impact

    1. Proposed revenues and expenses for fiscal year


    2. Expenditures and revenue trend over last three years
    3. Fund type
    4. Negative fund balances
    5. Value of fixed assets
    6. Capital expenditures
    7. Proposed budget cuts

    B. Results of Prior Years Audit

    1. Occurrence of fraud
    2. Information obtained from external reviewers
    3. Date of last audit

    C. Changes in Organization and/or Management

    1. Management and staff capabilities


    2. High employee turnover or new management
    3. Management accountability

    D. Systems

    1. Stability and reliability of information technology


    2. Disaster recovery

    E. Political and/or Economic Environment

    1. Regulations of a specific program’s activities


    2. Adverse criticism or public embarrassment

    F. Impact of Not Providing Service

    1. Central control responsibility


    2. Complexity of operations
    3. Dependency on centralized processing

    Based on the evaluation, assign a “Risk Rating” (low, medium or high) and a
    “Priority Level” of 1, 2 or 3 (with 1 being the highest priority).

    Select audits based on the identification and evaluation of significant risk exposures
    as mentioned above. By focusing on the risk, internal auditors are able to identify
    controls that are absent or ineffective, as well as those that are no longer relevant.

    Consider requests originating from other sources including the Board, the Audit
    Committee, Administration or deparmental management.
    Done Time Date Date Checked
    By Spent Expected Finished Remarks By:
    Audit Program

    Audit Procedure Control Objective


    Workpaper Performed Date
    Risk if Objective Not Met Control Technique Reference By Expected
    Date Budget Actual Document
    Completed Hours Hours Reference Source Reviewed By
    Remarks/Comments
    AREA:

    Process Control Objective Risk


    Assertion Documentation W/P
    Control Considerations E,A,C,V,P Description of control Ref.
    Testing
    Do controls meet
    exceptions
    objective?
    Test noted? Resolution / remediation/ comments
    Yes/No
    W/P Ref Yes/No W/P Ref
    Potential Risk Factors

    Business strategic risks


    IT strategic operations risk
    Financial return
    Competitive impact
    Regulatory impact

    Size of the unit


    Recent changes in accounting or administrative systems
    Complexity of operations
    Liquidity of assets
    Recent changes in key personnel
    Economic condition of the unit
    Rapid growth or decline of the unit’s personnel
    Time since last audit
    Pressure on management to meet objectives
    Level of employees’ moral
    Audit Program Area

    Audit Procedure
    Global Ref
    No,
    Control Objective Risks Control
    Activity
    Number
    Control KeyControl? Frequency Owner Exceptions Type Document Mapping to
    Description Reference Standards
    AREA
    DATE COMPLETED:
    COMPLETED BY:
    Question Yes No Comment
    Finding Ref # Control Testing Finding
    Management Response & Treatment

    Das könnte Ihnen auch gefallen