TIAPS Module 1 Audit and Assurance workbook

More documents

Recommendations

Info

C.1.3 Assurance and Advisory Engagements Compared There are many similarities between assurance and advisory engagements and internal auditors will apply many common skills. In particular, both types of engagements must be defined in the internal audit charter and internal auditors must adhere to appropriate standards and apply due professional care. There are also important differences, as shown below. Feature Purpose Key differences between advisory and consulting services Assurance services Advisory services To provide assurance through an To offer advice, usually in response opinion on the adequacy and to a request. effectiveness of governance, risk management, and internal control based on an objective assessment of evidence. Principal parties • Internal auditor. • Unit manager or process owner. • Recipient of assurance (senior management and the governing body). Scope and approach Objectives Governance, risk management, and internal control Auditor assignment Conflicts of interest Determined by internal auditor with consultation with relevant manager. Based on a risk assessment, taking account of the possibility of error, fraud, and noncompliance. Must be part of the engagement scope and objectives. The head of internal audit must obtain the necessary skills for the engagement, either from the team or from other sources rather than defer the engagement. In accordance with Standard 1130, internal auditors should not provide assurance for operations for which they were responsible within the previous year. • Internal auditor. • Client. Agreed between client and internal auditor. Consistent with the organization’s goals and priorities. May be included in the engagement scope and objectives. The head of internal audit must wait until the necessary skills for the engagement are available. In accordance with Standard 1130, internal auditors may provide consulting services relating to operations for which they had previous responsibilities but any potential impairments to independence or objectivity must be disclosed prior to accepting the engagement. In undertaking advisory engagements, care must be taken to ensure the independence of the function and objectivity of auditors for future engagements. Implementing controls, making executive decisions, enforcing policies, directing the application of resources, and in general terms “owning the risk” are responsibilities of management which internal auditors should not assume. In offering training, facilitating control self-assessment workshops, 48
helping managers developing controls, and providing advice on potential improvements, internal auditors are sharing the benefit of their expertise and insights with management. However, they must refrain from taking ownership of decisions management must take. This is illustrated by the table diagram below (adapted from The IIA fan graphic 46 ). Threats to Functional Independence and Auditor Objectivity Responsibilities Examples Safeguards needed Core responsibilities of the internal auditor Broader responsibilities providing additional value Management responsibilities • Providing assurance on the adequacy and effectiveness of governance, risk management, and internal control. • Evaluating processes. • Assessing risks. • Sharing insights and opinions. • Making recommendations for innovation and improvement. • Coaching and training. • Developing the risk management framework. • Designing controls. • Coordinating activities. • Monitoring responses made to the fraud or ethics hotline. • Taking operational decisions on behalf functional units. • Determining organizational strategy. • Participating in the decision-making process as part of a working group or taskforce. • Implementing controls. • Enforcing policies. • Accepting responsibility for managing risks. Can be undertaken without special safeguards May be undertaken with additional safeguards Should not be undertaken by members of the internal audit function This is relevant to consideration of threats to and safeguards for independence and objectivity discussed in B but also helps separate the point at which advisory services may stray into managerial responsibilities. C.1.4 Blended Engagements The principal differences between assurance and advisory engagements can be summarized as follows: • Purpose: assurance engagements provide an opinion based on an assessment; consulting engagements provide support and expertise to advise on the acquisition, development, or improvement of resources (inc people), systems, and processes. 46 IIA Position Paper, The Role of Internal Auditing in Enterprise-wide Risk Management, The IIA, 2009. 49
Page 1 and 2: Module 1: Audit and Assurance TIAPS
Page 3 and 4: Table of Contents Module 1: Audit a
Page 5 and 6: Relevant Standards Reference is mad
Page 7 and 8: • Close scrutiny. The activities
Page 9 and 10: A.2 Public Sector Governance IIA In
Page 11 and 12: The need for governance arises for
Page 13 and 14: Although developed for government a
Page 15 and 16: A.3 Governance Models When evaluati
Page 17 and 18: defensive aspects to minimize negat
Page 19 and 20: A.3.3 CIPFA International Framework
Page 21 and 22: 8. Ensure that its arrangements for
Page 23 and 24: • Consideration of overlapping in
Page 25 and 26: A.3: Reflection Which model or mod
Page 27 and 28: Although they are related, the prin
Page 29 and 30: B.1.1 Independence, Objectivity, an
Page 31 and 32: B.1: Reflection Is it possible to
Page 33 and 34: According to The IIA Position Paper
Page 35 and 36: B.2: Reflection When was the last t
Page 37 and 38: When independence or objectivity ar
Page 39 and 40: B.4 Safeguards for Independence and
Page 41 and 42: In other cases, there is no audit c
Page 43 and 44: C. Assurance and Advisory Engagemen
Page 45 and 46: It is common to build an allowance
Page 47: The following list is taken from Sa
Page 51 and 52: C.1.5 Internal Audit Opinions Audit
Page 53 and 54: Leadership and Communication Intern
Page 55 and 56: C.2 Auditing Governance The IIA Sup
Page 57 and 58: C.2: Reflection How does your inter
Page 59 and 60: Fraud may be perpetrated via measur
Page 61 and 62: circumstances (unethical and often
Page 63 and 64: Management Issues • Lack of area
Page 65 and 66: Risk management techniques can be a
Page 67 and 68: IT controls may be manual, automate
Page 69 and 70: The IIA’s Cybersecurity Toolkit d
Page 71 and 72: C.3: Reflection Fraud: How are susp
Page 73 and 74: Global Perspectives and Insights -
Page 75: CIPFA: 77 Mansell Street, London E1

TIAPS Module 1 Audit and Assurance workbook

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?