TIAPS Module 1 Audit and Assurance workbook

More documents

Recommendations

Info

Assurance Services An objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization. Examples may include financial, performance, compliance, system security, and due diligence engagements. 38 Consulting Services Advisory and related client service activities, the nature and scope of which are agreed with the client, are intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility. Examples include counsel, advice, facilitation, and training. 39 The IPPF provides additional comment to help distinguish between these two types of services. Assurance services involve the internal auditor’s objective assessment of evidence to provide opinions or conclusions regarding an entity, operation, function, process, system, or other subject matters. The nature and scope of an assurance engagement are determined by the internal auditor. Generally, three parties are participants in assurance services: (1) the person or group directly involved with the entity, operation, function, process, system, or other subject matter—the process owner, (2) the person or group making the assessment—the internal auditor, and (3) the person or group using the assessment—the user. Consulting services are advisory in nature and are generally performed at the specific request of an engagement client. The nature and scope of the consulting engagement are subject to agreement with the engagement client. Consulting services generally involve two parties: (1) the person or group offering the advice—the internal auditor, and (2) the person or group seeking and receiving the advice—the engagement client. When performing consulting services the internal auditor should maintain objectivity and not assume management responsibility. 40 The internal audit charter or legislation should describe the services to be provided. Assurance engagements are typically scheduled as a result of the head of internal audit’s assessment of organizational risks and priorities and form part of the internal audit plan. Consulting (or advisory) engagements tend to be agreed in response to requests from management but may also be proposed by the internal audit function to address opportunities for improvement where auditors can usefully lend their expertise. However, a consulting engagement should not be accepted simply because it has been requested: The chief audit executive should consider accepting proposed consulting engagements based on the engagement’s potential to improve management of risks, add value, and improve the organization’s operations. Accepted engagements must be included in the plan. 41 38 The International Professional Practice Framework, The Institute of Internal Auditors, 2016 39 The International Professional Practice Framework, The Institute of Internal Auditors, 2016 40 The International Professional Practice Framework, The Institute of Internal Auditors, 2016 41 The International Professional Practice Framework, The Institute of Internal Auditors, 2016 44
It is common to build an allowance into the internal audit plan and budget for ad hoc engagements which are non-periodic reactive assignments conducted at the entreaty of the governing body, senior managers, external auditors, or the head of internal audit, and may be an assurance engagement or advisory in nature. A change of internal or external circumstances may require engagements to be added to the plan. The Covid 19 pandemic led to significant redrafting of audit plans as priorities and operations were severely disrupted. One issue the head of internal audit must decide when creating the plan is an appropriate balance of assurance and advisory engagements. The starting point is a risk-based approach, meaning engagements are prioritized in response to organizational objectives and risks. Standard 2010 – Planning directs the internal audit function as follows: To develop the risk-based plan, the chief audit executive consults with senior management and the board and obtains an understanding of the organization’s strategies, key business objectives, associated risks, and risk management processes. The chief audit executive must review and adjust the plan, as necessary, in response to changes in the organization’s business, risks, operations, programs, systems, and controls. 2010.A1 The internal audit activity’s plan of engagements must be based on a documented risk assessment, undertaken at least annually. The input of senior management and the board must be considered in this process. 2010.A2 The chief audit executive must identify and consider the expectations of senior management, the board, and other stakeholders for internal audit opinions and other conclusions. 2010.C1 The chief audit executive should consider accepting proposed consulting engagements based on the engagement’s potential to improve management of risks, add value, and improve the organization’s operations. Accepted engagements must be included in the plan. 42 The assessment of risk needs to be independent, although the input of management and the governing body should be considered. There is no scientific formula for determining the right balance between assurance and advisory engagements in the audit plan, but the following factors are relevant: • Internal audit mandate and responsibilities (as defined in the charter or legislation). • Roles previously adopted by the internal audit function. • Strength of internal audit function independence. • Organizational objectives and priorities. • Internal and external risks (including new risks). • The role of the governing body in providing oversight and level of engagement with executive activity. 42 The International Professional Practice Framework, The Institute of Internal Auditors, 2016 45
Page 1 and 2: Module 1: Audit and Assurance TIAPS
Page 3 and 4: Table of Contents Module 1: Audit a
Page 5 and 6: Relevant Standards Reference is mad
Page 7 and 8: • Close scrutiny. The activities
Page 9 and 10: A.2 Public Sector Governance IIA In
Page 11 and 12: The need for governance arises for
Page 13 and 14: Although developed for government a
Page 15 and 16: A.3 Governance Models When evaluati
Page 17 and 18: defensive aspects to minimize negat
Page 19 and 20: A.3.3 CIPFA International Framework
Page 21 and 22: 8. Ensure that its arrangements for
Page 23 and 24: • Consideration of overlapping in
Page 25 and 26: A.3: Reflection Which model or mod
Page 27 and 28: Although they are related, the prin
Page 29 and 30: B.1.1 Independence, Objectivity, an
Page 31 and 32: B.1: Reflection Is it possible to
Page 33 and 34: According to The IIA Position Paper
Page 35 and 36: B.2: Reflection When was the last t
Page 37 and 38: When independence or objectivity ar
Page 39 and 40: B.4 Safeguards for Independence and
Page 41 and 42: In other cases, there is no audit c
Page 43: C. Assurance and Advisory Engagemen
Page 47 and 48: The following list is taken from Sa
Page 49 and 50: helping managers developing control
Page 51 and 52: C.1.5 Internal Audit Opinions Audit
Page 53 and 54: Leadership and Communication Intern
Page 55 and 56: C.2 Auditing Governance The IIA Sup
Page 57 and 58: C.2: Reflection How does your inter
Page 59 and 60: Fraud may be perpetrated via measur
Page 61 and 62: circumstances (unethical and often
Page 63 and 64: Management Issues • Lack of area
Page 65 and 66: Risk management techniques can be a
Page 67 and 68: IT controls may be manual, automate
Page 69 and 70: The IIA’s Cybersecurity Toolkit d
Page 71 and 72: C.3: Reflection Fraud: How are susp
Page 73 and 74: Global Perspectives and Insights -
Page 75: CIPFA: 77 Mansell Street, London E1

TIAPS Module 1 Audit and Assurance workbook

Create successful ePaper yourself

Delete template?

Save as template?