21
Internal Audit Reports CONT 4023

Internal Audit Reports

  • Upload
    kirima

  • View
    37

  • Download
    0

Embed Size (px)

DESCRIPTION

Internal Audit Reports. CONT 4023. Common Findings. • Inadequate design of internal control over a significant account or process. • Inadequate documentation of the components of internal control. - PowerPoint PPT Presentation

Citation preview

Page 1: Internal Audit Reports

Internal Audit Reports

CONT 4023

Page 2: Internal Audit Reports

Common Findings• Inadequate design of internal control over a significant account or process.• Inadequate documentation of the components of internal control.• Insufficient control consciousness within the organization, for example, the tone at the top and the control environment.• Absent or inadequate segregation of duties within a significant account or process.• Absent or inadequate controls over the safeguarding of assets • Inadequate design of information technology (IT) general and application controls that prevent the information system from providing complete and accurate information consistent with financial reporting objectives and current needs.

Page 3: Internal Audit Reports

Common Findings

• Employees or management who lack the qualifications and training to fulfill their assigned functions.

• Inadequate design of monitoring controls used to assess the design and operating effectiveness of the entity’s internal control over time.• The absence of an internal process to report deficiencies in internal control tomanagement on a timely basis.• Non - compliance

Page 4: Internal Audit Reports

Common Findings• Failure in the operation of effectively designed controls over a

significant account or process, for example, the failure of a control such as dual authorization for significant disbursements within the purchasing process.

• Failure of the information and communication component of internal control to provide complete and accurate output because of deficiencies in timeliness, completeness, or accuracy, for example, the failure to obtain timely and accurate consolidating information from remote locations this needed to prepare the financial statements.

• Failure of controls designed to safeguard assets from loss, damage, or misappropriation.

• Failure to perform reconciliations of significant accounts. For example, accounts receivable subsidiary ledgers are not reconciled to the general ledge account in a timelyor accurate manner.

Page 5: Internal Audit Reports

Common Findings• Undue bias or lack of objectivity by those responsible for

accounting decisions, for example, consistent understatement of expenses or overstatement of allowances at the direction of management.

• Misrepresentation by client personnel to the auditor (an indicator of fraud).

• Management override of controls.

• Failure of an application control caused by a deficiency in the design or operation of an IT general control.

Page 6: Internal Audit Reports

Purpose of Report

A written audit report:• Ensures the communication

reaches those responsible • Prevents misunderstandings• Facilitates the follow-up process.

Page 7: Internal Audit Reports

CompletenessEnsure all issues are communicated to

management.Review each issue to determine whether to

include it in the audit report.Prepare a memo for management of the area

audited detailing issues not significant enough to include in the report.

Ask management to review a draft of the audit report to ensure facts are correct and understood.

Page 8: Internal Audit Reports

Language

• Write the audit report using clear, concise language• Avoid using inflammatory terms or statements.• Audit reports should not be written to blame

management for control failings. • They should convey only the results of tests and their

impact on the entity. • Limit or clearly define unique terms, and restrict

sentences to 18 to 20 words to improve clarity.

Page 9: Internal Audit Reports

Sentence Length• One sentence: "The roles, responsibilities and

accountability mechanisms of managers and staffing officers are clearly defined in the departmental training course on sub-delegation which was given to all managers about to receive sub-delegated staffing authority." (33 words)

• Two sentences: "All managers who were to receive sub-delegated authority attended the departmental staffing course. The course defines the roles, responsibilities and accountability of managers and staffing officers." (13 words in each)

Page 10: Internal Audit Reports

Language - Intensifiers

Intensifiers are words like: clearly, special, key, well, reasonable, significant and very. Their use should be limited because they frequently lack precision, reflect personal values and fill space for no real purpose.Intensifiers raise questions such as "significant compared to what?" and "clearly according to whose criteria?"

Page 11: Internal Audit Reports

Presentation

BulletsReport writers can use bullets as punctuation in front of points to break up dense text and shorten sentences, focus attention, save words and improve logic and flow.• The use of bullets is highly recommended

when findings are lists of standards, samples, activities, facts and results.

Page 12: Internal Audit Reports

ExampleWithout Bullets: "The Department possesses control mechanisms such as a clearly identified responsibility center, consultative committees for target groups and an Affirmative Action Steering Committee. These mechanisms which include action plans and reporting systems adequately ensure the effectiveness of employment equity programs."

With bullets: "The Department has mechanisms to ensure effective employment equity programs, including: • an identified responsibility center• action plans and reporting systems• consultative committees for target groups• an Affirmative Action Steering Committee."

Page 13: Internal Audit Reports

Report Content

Page 14: Internal Audit Reports

Structure

Audit reports include the following sections: • Cover• Title page• Table of contents• Summary (including the recommendations)• Introduction• Findings• Appendices.

Page 15: Internal Audit Reports

Cover and Title Page

Audit reports use a standard cover, with a window showing:• The title: "Staffing Audit" or "Personnel

Management Audit“• The department's name• The report's date of issue (month and year). • These items are repeated at the bottom of

each page.

Page 16: Internal Audit Reports

Table of Contents

The table lists the sections and sub-sections with page numbers as follows: • Summary and recommendations• Introduction• Findings (by audit field) • Appendices (as required).

Page 17: Internal Audit Reports

Summary• The summary gives a quick overview of the state of

the department at the time of the audit in light of the main issues covered by the report. It does not normally exceed three pages, including the recommendations.

• Recommendations should be listed under a lead statement such as: (example) "We recommend that the Deputy Minister: amend...; establish...; implement..."

• Recommendations should be stand-alone statements that can be read out of context and still make sense.

Page 18: Internal Audit Reports

Introduction

• Context: This sub-section briefly describes conditions in the audit entity during the period under review.

• Purpose: This sub-section is a short description of what functions and special programs were audited and the clients' authorities.

• Scope: The scope lists the period under review, the issues covered in each function and program, the locations visited and the on-site dates.

• Methodology: This section briefly describes sampling, data collection techniques and the basis for auditors' opinions. It also identifies any weaknesses in the methodology to allow the client and auditee to make informed decisions as a result of the report.

• .

Page 19: Internal Audit Reports

Findings & Recommendations

The findings section details control issues significant enough to warrant attention from management. Findings usually include recommendations on how to fix the controls and management's detailed corrective action plans.

Page 20: Internal Audit Reports

Findings & Recommendations

• The depth of coverage for issues should normally reflect the significance of the findings.

• Situations representing a high degree of risk or indicating shortcomings that are serious enough to justify a recommendation should be treated extensively.

• Specific initiatives that the auditors wish to mention as examples should be described in detail, while issues where the department meets the expectations and there is nothing specific to mention should be dealt with briefly.

Page 21: Internal Audit Reports

Commentary• Where a recommendation and a compliment are

made under the same issue, they should be in separate paragraphs.

• Statistics need to be used consistently throughout the report. Sample size and error rate mean more when they are given in context. The size of the population, the number of transactions and the period of time provide that context.

• Percentages should not be used when referring to small samples (less than one hundred).

• Graphics should be used when they add to the understanding of the text.