REVIEW QUESTIONS – CHAPTER 9

1. Discuss the advantages of writing an internal audit report.

According to the study done by Holt and Dezoort (2006), providing an internal audit
report of the management’s financial status increase investor confidence that the reported
financial information is free from both errors and intentional misstatements. Moreover,
internal audit report was perceived to be as useful as an audit committee report,
management’s discussion and analysis and management’s report on internal control.
Furthermore, there is higher perceived disclosure credibility when a chief audit executive
(CAE) report to the audit committee, chief executive officer (CEO) and chief finance officer
(CFO).

Other than that, internal audit is used to check the proper use of resources. The
misuse of resources can increase the cost of organization. The optimum use of resources
can be determined to control the cost of output. In this way internal audit is a tool to use the
resources in the best interest of business. It also very helpful to get better the performance
of the organization. The achievements of previous year are the basis of preparing budgets
for the next years. The estimated income statement and balance sheet are drawn up. An
attempt is made to get helpful results. Thus internal audit look up performance of business
and employees.
2. Discuss the process of writing an internal audit report based on the
Performance Standard 2400 in the International Professional Practices
Framework (IPPF).

First of all, conduct field audit exit meeting. This is when internal audit team
conducts a meeting with an auditee or management to discuss the result from an audit
process. The purpose of an exit meeting is to enable auditors to discuss matters on the
weaknesses of the system and the risk areas discovered during the audit. More
corrective action on lack of control and protection need to be provided on risk area
system. In the meeting, auditors need to discuss and ask auditees and management for
significant and material issues.

Second, internal auditors will prepare the draft audit report after management has
agreed with the entire content and facts. The draft audit will include audit observations,
audit recommendations and an audit plan. The audit plan will highlight specific
recommendations and will mention the person in charge of improving the risk areas. The
draft will be prepared by the CAE and submitted to the CEO or senior management. The
CEO or senior management will make decisions based on recommendations given in the
report.

Next, auditees will receive a copy of draft report from the CEO. The department
itself must take into consideration each recommendation provided by the internal
auditors for the purpose of improving the business operations and ensuring the
effectiveness of the system.

After that, the final audit report will be prepared by the CAE after receiving
responses from auditees. The final report will include the significant issues, action plan,
recommendations, department’s response and auditors’ conclusion. The internal audit
report will be publish together with management’s responses.

Next, the group of internal auditors will require auditees and management to fill in a
post-audit survey. This is to evaluate the effectiveness of the audit process, audit
planning, audit performance, professionalism and knowledge of the audit team.

Lastly, auditors will perform a follow up audit for the significant issues that were
identified in the final engagement report. Internal auditors will request for follow up
information to review and report on corrective actions taken in addressing all previous
significant issues.
3. Describe the quality of an internal audit report based on the IIA Standard 2420
Quality of Communications.

There are seven quality of an internal audit report based on the IIA Standard 2420
Quality of Communications which are must be accurate, objective, clear, concise,
constructive, complete and timely.

Quality Description
Accurate Free from errors and distortions and is faithful to underlying facts.

Objective Fair impartial and unbiased and is the result of a fair minded and
balance assessment of all relevant facts and circumstances.

Clear Easily understood and logical, avoiding unnecessary technical language

and providing all significant and relevant information.

Concise Communication is to the point and avoid unnecessary elaboration,

superfluous details, redundancy and wordiness.

Constructive Helpful to the engagement client and organization and leads to

improvements where needed.

Complete Lacks nothing that is essential to the target audience and includes all
significant and relevant information and observations to support
recommendations and conclusions.

Timely Opportune and expedient, depending on the significance of the issue,

allowing management to take appropriate corrective action.
4. Comment on the quality of internal audit reporting in Table 9.5: The structure of
Report, Payroll Internal Control Review, Time and Attendance Record. You can
comment based on the quality checklist.

In payroll internal audit have to check the on the structure of Report, Payroll Internal
Control Review, Time and Attendance Record, the overall adheres expected structure and
format.

Based on the report quality checklist, the structure of Report must be readability.
Message placement, coherence, conciseness and the use of graphics can help enhance the
readability of a report. Message placement refer to the structure of report, where each
observation needs to be delivered in a structured manner in executive summary and body of
the report. The executive summary which consist of background, objective, scope, and
opinion must be accurate, include necessary exclusions, tailors the objective to the
engagement and limits the background not more than three short paragraphs. The report
has to contain the right information and avoid redundant wording. It will help management in
understanding the main conditions, causes, effects and recommendation for each
observation.

According to the Payroll Internal Control Review, the record must be clarity which
there has to be appropriate use of definitions. Definitions are crucial in understanding
concepts for each observation and audit process. Each observation may carry different
concepts and terms. The report should be written in simple and clear structured sentences.

Based on the time and attendance record, the report about time and record must be
unbiased wording and must be prepared objectively when describing the engagement,
where the wording used must be fair, impartial and unbiased. The written report must state
the weakness of the process internal control payroll so that the company can improve it. The
tone of writing has to reflect level severity for each observation. While, the language in
explaining the performance of time and attendance record used in report should be
associated with the culture of the place.
5. Discuss the role of internal auditors in monitoring and follow-up process for each
reporting.

monitoring

During an internal auditing process, monitoring is considered useful and important to

ensure that improvement is made based on Advisory 2500-1. Internal audit process may
effectively monitor progress by:

1. conveying engagement observations and recommendations to appropriate levels of

management who are responsible for taking action.
2. receiving and evaluating management responses and proposed action plan(s) on
observations and recommendations during the engagement or within a reasonable time
period after the engagement results are communicated. responses are more useful if
they include sufficient information for CAE to evaluate the adequacy and timeliness of
proposed actions.
3. receive periodic updates from management to evaluate the status of its efforts to correct
observation and/or implement recommendation.
4. receiving and evaluating information from other organizational units assigned
responsibility to follow-up or take corrective actions.
5.
reporting to senior management and/or the board on the status of responses to
engagement observations and recommendations.

Follow-up

Internal auditor need to look through whether management has taken action for each
recommendation. based on Practice Advisory 2500, A1-1, a follow up is a process by which
internal auditors evaluate the adequacy, effectiveness and timeliness of actions taken by
management on reported observations and recommendations, including those made by
external auditors and others.

1. Follow-up documentation
performance standard 2330, internal auditor must document relevant information
to support their conclusions and engagement results as well as document follow-up
procedures and results.

2. Follow-up reporting results

follow-up procedures are an integral part of internal audit activities, thus, the CAE
should also report the results of these procedures to upper management and the board.
the report preparation depends on the organization’s culture.
in formal culture, the auditor might conclude the engagement by sending written
reports to the upper management and the board on any open issue.
in an informal culture, the report will consist of an oral presentation to upper
management and to the board, it will include the number of action plan implemented, the
number of open action plans and the impact of open action plans.

3. follow-up frequency
According to Flynn (2010), the rule of thumb for follow-up performance is that it
should be conducted at least twice a year.
REVIEW QUESTIONS - CHAPTER 10

1. Define fraud.
Fraud defined in the law as an intentional misrepresentation of material existing fact
made by one person to another with knowledge of its falsity and for the purpose of
inducing the other person to act, and upon which the other person relies with
resulting injury or damage. Fraud may also include an omission or international
failure to state material facts, knowledge of which would be necessary to make other
statements not misleading.

2. What are three elements that have to be present for a person committing
fraud?
1. Opportunity
2. Rationalization
3. Pressure

3. Identify the element of Fraud Triangle theory for each of the following
situations:
1. A person who is having financial constraints stole the company’s money.
= Pressure
2. A person labels a theft as ‘borrowing’ and fully intends to pay back the stolen
money at some point.
= Rationalization
3. A cashier stole the money from cash register machine because she knew that
there is no CCTV installed at the shop.
= Opportunity

4. Identify five key steps in fraud risk assessment.

1. Identify relevant fraud risk factors.

2. Identify potential fraud schemes and prioritize them based on risk.
3. Map existing controls to potential fraud schemes and identify gaps.
4. Test operating effectiveness of fraud prevention and detection controls.
5. Document and report of the fraud risk assessment.

4. Identify whether the following measures are meant for fraud prevention or
fraud detection.

1. Set a strong control environment such as code of fraud prevention

conduct
2. Segregation of duties in business process fraud prevention
3. Whistle-blower hotline fraud detection
4. Exit interviews fraud detection
5. Fraud awareness training fraud prevention
6. Identify whether the following statements are TRUE or FALSE.

1. Statutory audit determines correctness of the accounts or whether any fraud

has actually taken place, whereas forensic audit expresses opinion as “true or
fair” presentation. ( FALSE )

2. Forensic audit involves analysis of past trend and substantive or ‘in depth’
checking of selected transaction, whereas statutory audit involves ‘substantive’
and ‘compliance‘ procedures. ( TRUE )

3. Statutory audit relies on independent verification of selected item, whereas

forensic audit relies on management representation. ( FALSE )