Module 4 - Introduction to Performance Audit_4B
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>4B</strong>.4 <strong>Audit</strong> Scope<br />
It is necessary <strong>to</strong> define the scope of any engagement as it sets the boundaries for the<br />
investigative work, including the period of interest and particular activities and locations <strong>to</strong> be<br />
audited. Without a scope or in the absence of a well-defined scope, there is no clear<br />
indication of what may be considered within the engagement nor when the engagement may<br />
be regarded as complete. <strong>Audit</strong> objectives and questions <strong>to</strong> be answered help guide the<br />
audi<strong>to</strong>r in determining <strong>to</strong> what needs <strong>to</strong> be included in the scope.<br />
The scope defines the boundary of your audit and addresses such things as specific<br />
questions you intend <strong>to</strong> ask and the type of study you will complete. In particular, the<br />
audit scope defines the subject matter the audi<strong>to</strong>r will assess and report on, the<br />
documents or records <strong>to</strong> be examined, the period reviewed, and the locations that<br />
will be included. The scope is directly impacted by the audit’s objective(s) and<br />
questions. As a result, you may need <strong>to</strong> modify the scope as you collect information<br />
and become more knowledgeable about the subject of the audit. 57<br />
Engagement creep can occur when scope is poorly defined and additional work is included<br />
which is outside of the original intended purpose. While it is sometimes possible and useful<br />
<strong>to</strong> extend the engagement, such as when consulting opportunities are identified during the<br />
audit, this should be done in a formalized manner.<br />
Standard 2220 describes the requirements applicable <strong>to</strong> all internal audit engagements.<br />
The established scope must be sufficient <strong>to</strong> achieve the objectives of the<br />
engagement.<br />
2220.A1 The scope of the engagement must include consideration of relevant<br />
systems, records, personnel, and physical properties, including those under the<br />
control of third parties.<br />
2220.A2 If significant consulting opportunities arise during an assurance<br />
engagement, a specific written understanding as <strong>to</strong> the objectives, scope, respective<br />
responsibilities, and other expectations should be reached and the results of the<br />
consulting engagement communicated in accordance with consulting standards.<br />
2220.C1 In performing consulting engagements, internal audi<strong>to</strong>rs must ensure that<br />
the scope of the engagement is sufficient <strong>to</strong> address the agreed-upon objectives. If<br />
internal audi<strong>to</strong>rs develop reservations about the scope during the engagement, these<br />
reservations must be discussed with the client <strong>to</strong> determine whether <strong>to</strong> continue with<br />
the engagement.<br />
2220.C2 During consulting engagements, internal audi<strong>to</strong>rs must address controls<br />
consistent with the engagement’s objectives and be alert <strong>to</strong> significant control<br />
issues. 58<br />
57<br />
<strong>Performance</strong> <strong>Audit</strong> ISSAI Implementation Handbook, IDI, 2021.<br />
58<br />
Standard 2220 – Engagement Scope, The International Professional Practices<br />
Framework, The IIA, 2016.<br />
34