Sie sind auf Seite 1von 9

AUDIT ENGAGEMENT FRAMEWORK

February 2012

AGENDA

Audit Engagement Types Introduction Engagement Timeline Engagement General Work Processes Standards Overview Break-Out Session Special Engagement Type Tools & Techniques

Engagement Level Risk Assessment Sampling Fraud Questionnaire

Engagement Types

ASSURANCE Traditional Audits

(Internal Controls Dept., External, ICFR: Internal Controls over Financial Reporting)

Integrated Business Audits


Assessment)

(Joint Controls Self-

Follow-up Audits Unannounced Surprise Audits CONSULTING/ADVISORY Pre-Implementation Emerging Risk

Sample Engagement Timeline


WEEKS FROM FIELDWORK Engagement Planning (-7 WKS) Announcing Communication (-5 WKS) Pre-Work (-1 WK) Internal Kick-Off Fieldwork (WK 0) Business Kick-Off Testing/Validation Wrap-Up Engagement Close-Out (WK +1-3) Documentation (Findings/Workpapers) Calibration/Scoring Report Release

Work Process Standards


Internal Audit Charter & Roles & Responsibilities Engagement Types Standards Engagement Timelines Assurance Planning Engagement Planning Sampling Fraud Red Flags Documentation (Workpapers) Audit Communications (Reports & Distribution Lists) Calibration & Evaluation (Issue Identification & Classification, Scoring) Conducting Meetings Quality Assurance (Engagement Checklists, Audits) Remote Audits Audit Standards Update & Maintenance Risk Acceptance & Mitigation

Special Engagement Types

Surprise/Unannounced Audits

Planning can be limited vs announced audits Effectiveness Barriers i.e. language, documentation Use of technology i.e. meetings, documentation Handling of issues identified beyond original scope Balancing efficiency with independence considerations

Remote Audits

Follow-up Audits

Joint Audits with Business

Tools & Techniques

Engagement Level Risk Assessment Business Landscaping/Profiling Preliminary Survey Financial Auditing Controls History Scoping & Prioritization Resourcing

Tools & Techniques

Sampling Methodology Statistical Discovery Definition Population Sample Results Interpretation i.e. incident threshold for
outages, extrapolation

Documentation i.e. Test Templates

Tools & Techniques

Fraud Questionnaire Controls Environment Sensing Assess & Build Organizational Capability Red Flag Identification & Escalation