TIAPS Module 1 Audit and Assurance workbook

More documents

Recommendations

Info

Internal auditors have an important role to play in raising fraud risk awareness, helping to reduce the likelihood and impact of fraud, and supporting the identification of fraud schemes and events. The following extracts from the Standards illustrate the role and its limits. 1210.A2 Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud. 57 1220.A1 Internal auditors must exercise due professional care by considering the: • … • Probability of significant errors, fraud, or noncompliance. 58 2060 Reporting [by the chief audit executive] must also include significant risk and control issues, including fraud risks, governance issues, and other matters that require the attention of senior management and/or the board. 59 As part of a regular audit engagement, internal auditors should: • Gather information to understand the purpose and context of the engagement, as well as the governance, risk management, and controls relevant to the area or process under review. Information may be drawn from multiple sources, including previous audit engagements, reports from specialist investigators (such as fraud examiners, external auditors, and financial inspections), interviews, external research of similar situations, and fraud risk and control models and benchmarks. • Brainstorm fraud scenarios to identify potential fraud risks. • Assess the identified fraud risks to determine which risks require further evaluation during the engagement. 60 Certain red flags should alert the internal auditor to the potential for fraud. These may include: Issues Give-away phrases used Potential Red Flags for Fraud • “As a work around …” • “Just this one time …” • “I have always done it this way.” • “Once in a while we …” • “Off the record …” • “There are no policies or procedures for this process.” • “Someone told me to do it this way; however, I am not sure why.” • “This is really how it is done.” • “The way it is supposed to work …” 57 The International Professional Practices Framework, The IIA, 2016. 58 The International Professional Practices Framework, The IIA, 2016. 59 The International Professional Practices Framework, The IIA, 2016. 60 IIA Practice Guide: Engagement Planning – Assessing Fraud Risks, The IIA, 2017. 62
Management Issues • Lack of area expertise. • Lack of supervision. • History of legal violations. Personnel Issues • Lack of background checks. • Dissatisfied employees. • Unwillingness to share duties. Process Issues • Duties not segregated. • Poor physical security. • Poor access controls. 61 Guidance published by the World Bank Group identifies examples of internal frauds perpetrated by employees: • Procurement fraud (e.g., false invoicing, credit card misuse, manipulations in the procurement process or procuring low quality items, receiving kickbacks for referring contract work to related parties). • Theft and skimming (e.g., removing and selling inventory, cash, consumables, or information, fraudulent acceptance of goods and services, and receiving compensation without reporting transactions). • Fraudulent expenditure claims (e.g., using false receipts to claim travel and accommodation allowances). • Payroll fraud (e.g., adding fake employees to the payroll or claiming overtime for hours not worked). 62 Accounting fraud, money laundering, and tax evasion can be added to this list. When internal auditors suspect fraud, great care needs to be taken. The organization requires well-defined procedures to follow in such circumstances. In some cases, the internal auditor is expected to pass over the evidence giving rise to a suspected fraud to investigators or law enforcement to pursue. Auditors may be asked to be witnesses or provide other evidence. The careful preservation of papers and audit trails is extremely important. In some organization, internal auditors are expected to investigate fraud, but as with all activities this should only occur where individuals have the competency to do so. 61 IIA Practice Guide: Engagement Planning – Assessing Fraud Risks, The IIA, 2017. 62 Public Sector Internal Audit: Focus on Fraud, Center for Financial Reporting Reform, World Bank Group, 2017. 63
Page 1 and 2:
Module 1: Audit and Assurance TIAPS
Page 3 and 4:
Table of Contents Module 1: Audit a
Page 5 and 6:
Relevant Standards Reference is mad
Page 7 and 8:
• Close scrutiny. The activities
Page 9 and 10:
A.2 Public Sector Governance IIA In
Page 11 and 12: The need for governance arises for
Page 13 and 14: Although developed for government a
Page 15 and 16: A.3 Governance Models When evaluati
Page 17 and 18: defensive aspects to minimize negat
Page 19 and 20: A.3.3 CIPFA International Framework
Page 21 and 22: 8. Ensure that its arrangements for
Page 23 and 24: • Consideration of overlapping in
Page 25 and 26: A.3: Reflection Which model or mod
Page 27 and 28: Although they are related, the prin
Page 29 and 30: B.1.1 Independence, Objectivity, an
Page 31 and 32: B.1: Reflection Is it possible to
Page 33 and 34: According to The IIA Position Paper
Page 35 and 36: B.2: Reflection When was the last t
Page 37 and 38: When independence or objectivity ar
Page 39 and 40: B.4 Safeguards for Independence and
Page 41 and 42: In other cases, there is no audit c
Page 43 and 44: C. Assurance and Advisory Engagemen
Page 45 and 46: It is common to build an allowance
Page 47 and 48: The following list is taken from Sa
Page 49 and 50: helping managers developing control
Page 51 and 52: C.1.5 Internal Audit Opinions Audit
Page 53 and 54: Leadership and Communication Intern
Page 55 and 56: C.2 Auditing Governance The IIA Sup
Page 57 and 58: C.2: Reflection How does your inter
Page 59 and 60: Fraud may be perpetrated via measur
Page 61: circumstances (unethical and often
Page 65 and 66: Risk management techniques can be a
Page 67 and 68: IT controls may be manual, automate
Page 69 and 70: The IIA’s Cybersecurity Toolkit d
Page 71 and 72: C.3: Reflection Fraud: How are susp
Page 73 and 74: Global Perspectives and Insights -
Page 75: CIPFA: 77 Mansell Street, London E1
show all

TIAPS Module 1 Audit and Assurance workbook

Create successful ePaper yourself

Delete template?

Save as template?