Beruflich Dokumente
Kultur Dokumente
DEFINITION
Timing refers to the period/date when audit procedures are performed and
to which the audit evidence applies
2. Description of findings
It answers the question, What internal audit found to be wrong and why is it
wrong?
Based on the conditions observed and found during the review, the audit
report should describe the results of the audit.
1 | Page
5 COMPONENTS OF AUDIT FINDINGS (5 Cs)
1. Oral Reports
This mode might be used for reporting findings requiring emergency action,
or as an oral presentation, or as a prelude to the formal written report.
2 | Page
This type of report can be a useful interim summary to the formal audit report
or serve as an appendix to the formal report document.
This report summarizes the various individual reports issued, any significant
findings, and the range of their content.
The Management
o Facilitates corrective action.
o to gain support of higher management.
o Serves as window in to operation for busy managers.
o Means to evaluate operating performance.
o Source of objective information about controls and operations.
The Shareholders
The Potential Investors
Creditors
The Shareholders
o to see if the company is progressing.
o If the money they have invested is properly utilized.
3 | Page
The Potential Investors
o Would it be of any worth if they will invest in the company?
o Is it a risky company?
Creditors
o How well the company is doing?
o Bankruptcy and going concern issues.
Accurate
Objective
Clear
Concise
Constructive
Complete
Timely
INTRODUCTORY PAGE
EXECUTIVE SUMMARY
AUDIT FINDINGS
RECCOMMENDATIONS
AUDITEES RESPONSE OR MANAGEMENT RESPONSE
INTRODUCTORY PAGE
4 | Page
Locations visited and timing of audit.
The report cover page should clearly state when the audit fieldwork was performed
and also mention the locations visited.
EXECUTIVE SUMMARY
AUDIT FINDINGS
5 | Page
AUDIT REPORT FINDINGS SHOULD CONTAIN
Statement of conditions
- The first sentence in a report finding should summarize the results
of internal audits review of the area of concern.
Criteria of extremes
Clearly inadequate or outstanding performance is relatively easy
to appraise.
Criteria of comparables
Comparisons can be made between similar operations or
activities, determining their success or lack of success and
causes for the differences.
Criteria of expertise
In some cases, internal audit may find it useful to rely on other
experts to evaluate an activity.
LEVELS OF EFFECT
DIRECT, ONE TIME EFFECT ON THE PROCESS
CUMULATIVE EFFECT ON THE PROCESS
CUMULATIVE EFFECT ON THE ORGANIZATION
HIGH LEVEL, SYSTEMATIC EFFECT
6 | Page
TYPES OF CAUSE
o CONTIGUOUS- the action or lack of action that led
directly to the condition.
o TRANSITIONAL- the cause or causes that led to the
approximate cause.
o CORE- underlying cause.
Internal audits recommendation
- Audit report findings should conclude by recommending
appropriate corrective actions.
Recommendations
Types of Recommendations
7 | Page
- Auditee responses to a finding may contain information that
provides additional balance to an audit report.
Financial Audit
Operational Audit
Compliance Audit
Investigative Audit
Illustrating non-conformities
Outlining positives
Opportunities for improvement
Who will be reading your report, and what is their scope of knowledge on the
language you will use? An audit report is an official record of an audit project, so it
will likely be returned to in later years for re-audits. Define all the terms and
8 | Page
abbreviations you use, as the standard forms of communication have potential to
change.
Provide perspective for the reader, Be precise, and avoid redundant phrasing
and inexact terminology.
Do not use passive voice.
Use bullet points.
Use gender neutral terms.
Do not use audit buzzwords.
9 | Page
5. Continue onto the Statement on Auditing Standards.
A brief description of what was audited, objectives, scopes, and time periods.
Statements of significant action plans.
Overall statements of concerns and conclusions.
Overall audit report rating.
An audit report typically ends with results from the audits and recommendations
for improving the entity audited. Results and recommendations are the foundation
of a good report. Before you begin writing this section, provide a brief opening
statement that outlines the information you will be providing.
Be positive
Be specific
Identify who should act
Include a cover page. The cover page should be three or four lines, and
outline the subject of the audit report and the type of audit.
10 | P a g e
A memo should follow the cover page. The memo should be one or two short
paragraphs overviewing who and what was audited, who has received or is
receiving the report, and plans for future distribution.
A table of contents follows the memo, and it contains a catalogue of
chapters, page numbers, sections, and suggestions of the audit.
The report should be written in plainly-worded, non-technical language and
use proper grammar and paragraph organization.
Reports are organized by chapters, each with a title, and by sections and
subsections, each marked with a heading. Headings should go from general
to more specific.
Internal audit should schedule a follow report once the final audit report has
been issued.
Internal audit should play only a limited, specific role after the audit report
has been released.
Internal audit has a responsibility to produce audit reports that are readable,
understandable, and persuasive.
Internal audit receives a final payoff in its knowledge of the action taken by
auditees based on the internal report recommendations.
SOX rules require that all audit-related records must be maintained for a
period of seven (7) years.
All paper-based audit reports and supporting workpapers should be deposited
in a secure corporate records storage facility.
Computer-based digital records and supporting papers can be supporting
materials in litigation or even government legal actions.
11 | P a g e
Internal audit communication problems affect all steps in the communications
process and include:
12 | P a g e
RELATIONSHIP OF INTERNAL AUDITOR WITH EXECUTIVE
MANAGEMENT AND EXTERNAL AUDITORS
The IIA states that the Chief Audit Committee (CAE) should report functionally to the
audit committee or its equivalent. It also says that the CAE should report
administratively to the chief executive officer of the organization. Finally, the
guidance says, the chief financial officer, controller, or other similar officer should
ideally be excluded from overseeing the internal audit activities even in a dual role
(with the CAE reporting functionally to the audit committee).
According to the IIA's Practice Advisory 1110-2, report functionally means that the
governing authority would:
Approve the overall charter of the internal audit function, the risk
assessment, and the related audit plan;
13 | P a g e
Human resource administration, including personnel evaluations and
compensation of department staff;
Senior Management
Managers at the highest level of a company or organization, considered as a group.
Operational Management
Its task is to oversee and control the day-to-day operations of a business that
manufactures or sells goods or provides a service.
Audit committees
Responsible for the overall management of the auditing process and the auditors
14 | P a g e
Safeguarding of assets
Review of projects
Management audit
Fraud detection- developing fraud exposures for every audit and detecting
red flags
Preservation of ethical culture monitor the ethical climate and report on red
flags that may compromise ethics
Whether the companies has kept all the requisite books of accounts
The financial statements present a true and fair view of the state of affairs
Proper records for assets, inventory, loans etc. have been maintained by the
company
15 | P a g e
Varied strengths increase effectiveness
Increase in efficiency
Cost reduction
Approval
Commitment
Communication
Trust
Though the primary objective is different for both the auditors, some of their
means are same and the work of internal auditor may be useful to the
external auditor in determining the nature, extent and timing of procedures
to be performed
The external auditor should evaluate the internal audit function before relying
on the work and adopting less extensive procedures
The internal auditor cannot have the same degree of independence as the
external auditor so the opinion of the external auditor on the financial
statements remains his responsibility .
The coordination of internal audit activity with external audit activity is very
important from both points of view: from external audits point of view is important
because, in this way, external auditors have the possibility to raise the efficiency of
financial statements audit; the relevancy from internal audits point of view is
assured by the fact that this coordination assures for the internal audit a plus of
essential information in the assessment of risks control.
16 | P a g e
The importance of the relationship from internal audit and external audit is reflected
also by International Standards of Audit which foresees, among others:
Liaison with internal auditing is more effective when meetings are held at
appropriate intervals during the period. The external auditor would need to
be advised of and have access to relevant internal auditing reports and be
kept informed of any significant matter that comes to the internal auditors
attention which may affect the work of the external auditor. Similarly, the
external auditor would ordinarily inform the internal auditor of any significant
matters which may affect internal auditing;
Better communication among internal and external auditors and audit committee
members can ease some of the tensions, according to a new report.
The report, from the Institute of Internal Auditors and the Center for Audit Quality,
found that improved communication and cooperation among the various auditing
roles can help with enterprise risk management at a company. The report,
Intersecting Roles: Fostering Effective Working Relationships Among External Audit,
Internal Audit, and the Audit Committee, highlights examples of such strong
communications and cooperation from organizations across the country, with a
focus on building a clearer understanding of what external auditors require to be
able to use the work of internal audit, and when it is not appropriate to use that
work.
External auditors are certified professionals who check the accuracy and
completeness of a business's financial statements. Managing the external audit
relationship can be difficult for small business owners who must balance the
auditor's requests for sensitive financial information, the need for company
confidentiality as well as the choice of which auditor to engage.
17 | P a g e
Business owners should seek an auditor who is keen to discuss issues as they
arise and who doesn't hide the risk of financial decisions from the company or
its managers.
Interaction and cooperation between the internal auditors and external auditors
should help the governing body obtain a more comprehensive view of operations
and risks whilst eliminating areas of possible duplication of audit effort. Good
communication between internal and external audit should also be of benefit to
senior managers as both audit engagements and subsequent recommendations to
the improvement of risk management and internal control will be better
coordinated.
If the external auditor should decide to use the internal auditors work in arriving at
their opinion, the process will be regulated by ISA 610.
Given the specific scope and objectives of their mission, the risk information
gathered by external auditors is typically limited to financial reporting risks, and
does not include the way senior management and the board audit committee are
managing/monitoring the organizations strategic, business and compliance risks.
However, internal audit function can provide assurance on these areas to senior
management as well as the governing body.
Whilst the objectives of external and internal audit activities are different, there may
be some potential areas of overlap, particularly in the area of financial reporting. In
18 | P a g e
particular, external audit may provide management letter comments in relation to
internal control weaknesses noted in the course of their audit engagement.
Internal audit should consider these points in its audit planning process and may
initiate separate follow-up activities to ascertain the effectiveness of managements
corrective actions. Similarly, external audit should consider internal audit findings as
an input into their own work.
Before the cooperation takes place, each auditor will assess the work that can be
reused from the other auditors.
19 | P a g e