Module 4 - Introduction to Performance Audit_4B

More documents

Recommendations

Info

Intended users: The individuals, organisations or classes thereof for whom the auditor prepares the audit report. The intended users may be legislative or oversight bodies, those charged with governance or the general public. 47 The responsible party is responsible not only for the activities being evaluated but also for supporting the auditors during the engagement by providing unrestricted access to the information, people, and resources needed. 4B.1: Reflection Identify some recent performance audits you have been involved with or those that have been managed by your audit team. Which aspects of the planning and execution of those performance audits worked well? Which aspects were less successful or more difficult or challenging than expected? What improvements can be made to the process for planning and performing performance audits? How is the decision made to include a performance audit in the plan of engagements? How is the topic identified? Who is involved in the decision? How are the key parties of an audit identified and their needs evaluated? Is there a formal process? 4B.2 Getting Started The key steps in audit design and planning may be described as follows: Conduct pre- Study Define objectives Establish approach/ methodology Formulate audit questions Select criteria Document the audit Key Steps in Performance Audit Design For internal audit planning, the IPPF provides standards relevant to every kind of audit without specific relevance to performance audits. 2200 – Engagement Planning 47 ISSAI 100 Fundamental Principles of Public Sector Auditing, INTOSAI, 2019. 29
Internal auditors must develop and document a plan for each engagement, including the engagement’s objectives, scope, timing, and resource allocations. The plan must consider the organization’s strategies, objectives, and risks relevant to the engagement. 2201 – Planning Considerations In planning the engagement, internal auditors must consider: The strategies and objectives of the activity being reviewed and the means by which the activity controls its performance. The significant risks to the activity’s objectives, resources, and operations and the means by which the potential impact of risk is kept to an acceptable level. The adequacy and effectiveness of the activity’s governance, risk management, and control processes compared to a relevant framework or model. The opportunities for making significant improvements to the activity’s governance, risk management, and control processes. 48 For external auditors, ISSAI 3000/96-105 provides standards for planning performance audits and may be summarized as follows: The plan should support quality and timely results. The audit should be considered as a project requiring “organizing, securing, managing, leading, and controlling resources to achieve specific goals.” The auditor needs sufficient background knowledge which generally requires initial research “for building knowledge, testing various audit designs and checking whether the necessary data are available” (acquired through the pre-study). Audit responsibilities should be clearly assigned. Audit plan and procedures should be designed to gather “sufficient and appropriate evidence” based on the objectives and develop timely and relevant findings, conclusions, and recommendations. The plan and procedures should be flexible to respond to insights gained. “Performance audit is a learning process involving adaptation of methodology, as part of the audit itself.” Audit plan, procedures, objectives, and criteria should be approved by the supervisor as part of quality control. 49 Performance Audit Pre-Study The pre-study is used to ensure the auditor has sufficient information to plan and manage the engagement. Implementation Guidance 2201 – Planning Considerations suggests a survey may be useful at the planning stage of an internal audit engagement. Internal auditors can plan effectively for an engagement if they start with an understanding of the mission, vision, objectives, risk, risk appetite, control environment, governance structure, and risk management process of the area or process under 48 The International Professional Practices Framework, The IIA, 2016. 49 ISSAI 3000 Performance Audit Standard, INTOSAI, 2019. 30
Page 1 and 2: 4B. Planning a Performance Audit En
Page 3 and 4: General overviews Consideration of
Page 5: Understand interests and priorities
Page 9 and 10: How does the planning process for a
Page 11 and 12: 4B.4 Audit Scope It is necessary to
Page 13 and 14: What is the subject matter that wil
Page 15 and 16: eliability may include corroboratio
Page 17 and 18: e) Objective audit criteria are fre
Page 19: Establish current performance: •

Module 4 - Introduction to Performance Audit_4B

Create successful ePaper yourself

Delete template?

Save as template?