Module 4 - Introduction to Performance Audit_4B

More documents

Recommendations

Info

Results-oriented approach: the objective directly describes what is to be measured. For example, “to assess the extent to which officers have implemented key income tax provisions.” Systems-oriented approach: the objective focuses on what the system under review is designed to do. For example, “to assess the extent that agency systems include controls needed to monitor how grant recipients use funds.” Audit Questions Once formulated, audit objectives are often used to develop more specific audit questions as a focus for the audit work. Guidance for creating audit questions for performance audits is included in GUID 3920 The Performance Auditing Process (31-34). 55 This can be summarized as follows: Audit questions “stated in a neutral form” addressing the audit objectives “help define and structure the audit.” Questions should be “thematically related, complementary, not overlapping, and collectively exhaustive in addressing the audit objective(s).” In relation to a known condition or conditions, questions may be analytical, normative, or descriptive. The engagement can be considered complete when the questions are satisfactorily answered. Further questions, however, may arise as the engagement proceeds, especially if significant changes occur in the operating during the execution of fieldwork, such as changes to relevant laws, policies, structures, and operations. Investigation will establish conditions. Root cause analysis techniques can be used to help the auditor identify potential causes of known conditions and develop additional audit questions to be used to guide further inquiry that will establish causality in fact. It is possible to imagine a hierarchy of questions stemming from the primary question which originates from the risk analysis. Collectively the questions should be exhaustive and mutually exclusive without undue overlap or gaps, and be both relevant (i.e., derived from the risk assessment) and auditable (i.e., definitively answerable). 56 4B.3: Reflection What process is followed for developing and approving audit objectives and questions for performance audits? Is there a set format or template for audit objectives and questions your audit function uses? When are objectives and questions communicated with the responsible party and how? 55 GUID 3920 The Performance Auditing Process, INTOSAI, 2019. 56 For more guidance on developing audit objectives and questions see, for example, European Court of Auditors “Developing the Audit Objectives,” 2013. 33
4B.4 Audit Scope It is necessary to define the scope of any engagement as it sets the boundaries for the investigative work, including the period of interest and particular activities and locations to be audited. Without a scope or in the absence of a well-defined scope, there is no clear indication of what may be considered within the engagement nor when the engagement may be regarded as complete. Audit objectives and questions to be answered help guide the auditor in determining to what needs to be included in the scope. The scope defines the boundary of your audit and addresses such things as specific questions you intend to ask and the type of study you will complete. In particular, the audit scope defines the subject matter the auditor will assess and report on, the documents or records to be examined, the period reviewed, and the locations that will be included. The scope is directly impacted by the audit’s objective(s) and questions. As a result, you may need to modify the scope as you collect information and become more knowledgeable about the subject of the audit. 57 Engagement creep can occur when scope is poorly defined and additional work is included which is outside of the original intended purpose. While it is sometimes possible and useful to extend the engagement, such as when consulting opportunities are identified during the audit, this should be done in a formalized manner. Standard 2220 describes the requirements applicable to all internal audit engagements. The established scope must be sufficient to achieve the objectives of the engagement. 2220.A1 The scope of the engagement must include consideration of relevant systems, records, personnel, and physical properties, including those under the control of third parties. 2220.A2 If significant consulting opportunities arise during an assurance engagement, a specific written understanding as to the objectives, scope, respective responsibilities, and other expectations should be reached and the results of the consulting engagement communicated in accordance with consulting standards. 2220.C1 In performing consulting engagements, internal auditors must ensure that the scope of the engagement is sufficient to address the agreed-upon objectives. If internal auditors develop reservations about the scope during the engagement, these reservations must be discussed with the client to determine whether to continue with the engagement. 2220.C2 During consulting engagements, internal auditors must address controls consistent with the engagement’s objectives and be alert to significant control issues. 58 57 Performance Audit ISSAI Implementation Handbook, IDI, 2021. 58 Standard 2220 – Engagement Scope, The International Professional Practices Framework, The IIA, 2016. 34
Page 1 and 2: 4B. Planning a Performance Audit En
Page 3 and 4: General overviews Consideration of
Page 5 and 6: Understand interests and priorities
Page 7 and 8: Internal auditors must develop and
Page 9: How does the planning process for a
Page 13 and 14: What is the subject matter that wil
Page 15 and 16: eliability may include corroboratio
Page 17 and 18: e) Objective audit criteria are fre
Page 19: Establish current performance: •

Module 4 - Introduction to Performance Audit_4B

Create successful ePaper yourself

Delete template?

Save as template?