AUDITING – External audit, Internal audit, and Compliance Audit

- External audit – FS audit (primary), FS assertions, risk-based approach

- Internal audit – FS audit (not primary), management audit, operations audit, risk-based
approach
- Compliance audit – compliance with laws, compliance with rules and policies, risk-
based approach
All these types of audit need auditor’s independence.
TYPES OF INTERNAL AUDIT

- Financial Audit
- Management Audit
- Operations Audit

KEY TERMS TO CONSIDER IN OPERATIONAL AUDIT

- Independence
- Objectivity
- Assurance
- Consultation/ advice
- Design to add value
- Operational improvement
- Help accomplish objectives
- Systematic, disciplined approach
- Evaluate effectiveness

TRAITS REQUIRED FOR AUDITOR TO CONDUCT OP. AUD.

- Technical training & proficiency

- Knowledge of IT risks and controls
- Due care
- Alert to the significant risks
- Professional skepticism
- Risk management
- Control
- Evidential matter gathering
- Documentation
- Planning consideration

SKILLS REQUIRED FOR EFFECYIVE OPERATION AUDIT

 - Communication skills
- Problem-solving & solution skills
- Promote internal audit value
- Knowledge skills
- Organizational skills
- Behavioral skills
- Conflict resolution skills
- Staff training & development skills
- Accounting skills
- Change management skills
- IT/CT skills
- Cultural fluency skills

IIA STANDARDS
Attribute standards

- Purpose, authority, responsibility

- Independence & objectivity
- Proficiency & due professional care
- Quality assurance & improvement program

Performance standards

- Managing internal audit activity

- Nature of work
- Engagement planning
- Performing the engagement
- Communicating results
- Monitoring progress
- Resolution acceptance of risks

RISK-BASED AUDIT

- Objectives and operational consideration (to identify risks)

- Risk-assessment (on the internal control)
- Risk-response (audit approach)
- Evidence gathering

TYPES OF OPERATIONAL RISKS

 - Capacity risks
- Strategic risks
- Compliance risks
- Natural environmental
- Political risks

These risks involve people, equipment, and policies.

THREE LINES OF DEFENSE MODEL

1st line of defense

- Management controls
- Internal control measures

2nd line of defense

- Financial control
- Security
- Risk management
- Quality
- Inspection
- Compliance

3rd line of defense

- Internal audit

AUDIT EVIDENCES
Strongest evidences

- Document inspection
- Observation
- Professional skepticism
- Inquiry (3rd party)

Moderate evidences

- Recalculation/reperformance
- Working papers
 - Flowcharts
- Internal control questionnaire

Weak evidences

- Testimonial (employees)
- Inquiry (employees)

THE SEVEN (7) Es = SUCCESS

- Effectiveness
- Efficiency
- Economy
- Excellence
- Ethics
- Equity
- Ecology