Question

DQ1. What is an Audit Work Program (some call it Audit Program)? The audit work program - Email Surveillance Audit Program – What is the structure and contents including various audit steps. Find 1-2 steps in the audit program where the audit software can be used. How can audit software be used to gather evidence?. (the Audit program (Email Surveillance Audit Program details is attached).

DQ3. Review the contents of the Audit Manual of Office of University Audits at University of Illinois, Urbana‐Champaign. With another internal audit department manual of any other organization, compare its contents at a high (topic) level and identify similarities and differences between the two manuals. Provide the link please.

DQ4. What are some of the difficulties internal auditors face in conducting an audit engagement? What is an appropriate article to support your answer.

Time Audit Step Initial WP Ref Administration Planning • Discuss the nature and scope of the audit with key personnel. • Discuss timing with key management. • Schedule timing with the auditee. • Finalize the audit program. • Schedule staffing as appropriate. Reporting • Create a summary scorecard for each process reviewed. • Using the standard report template, create the internal audit report (including a compilation of findings resulting from the work performed). Hold a closing meeting with key company management to review

Answer 1

DQ1.

Audit Program

An audit program, also called an audit plan, is an action plan that documents what procedures an auditor will follow to validate that an organization is in conformance with compliance regulations.

Structure and content

Audit program details are specific to individual organizations based on their unique needs, but audit plan preparation will consider the audit's relevant regulatory deadlines, staff requirements and reporting structure, and overall goals. In particular, these goals will consider how the company will maintain regulatory compliance via risk assessment and management procedures. The audit program should also include a timeline detailing when specific aspects of the audit program should take place and how they should be prioritized.

Audit program planning is usually a continual and iterative process. During audit planning and development, companies can build on lessons learned from previous audits by implementing newly learned best practices that alleviate risk and maintain compliance. Audit development guidelines and best practices vary by industry, but local and regional auditing certifications are available, as are internationally recognized audit certifications. These certifications include Certified Internal Auditor and Certified Information Systems Auditor, and membership in the International Register of Certificated Auditors.

It contains details regarding the relevancy of evidence, materiality level, risk tolerance, measure of the sufficiency of the evidence. Thus, programs enhance the accountability of the audit team and its members for the work performed by them.

Steps in Audit program

The Audit Program consists of five distinct steps.

1. Determine audit subject
2. Define audit objective
3. Set audit scope
4. Perform pre-audit planning
5. Determine audit procedures and steps for data gathering

In he first step, audit software can be used to determine the subject which needs to be audited based on the strengths and weaknesses of the internal control system in different areas like finance, operations, administration.

In the third step, audit software can be used to determine the scope of audit by highlighting and assessing the key areas in the financial statements.

Use of Audit software to gather Audit evidence

Audit software can be utilized in evidence-gathering techniques such as observation, inquiry, interviewing, and testing are examined and the techniques of compliance versus substantive testing as contrasted. The complex area of statistical and non-statistical sampling techniques and the design and selection of samples and evaluation of sample results can also be carried out through audit software.

DQ4. Difficulties faced by Internal auditors in audit engagement

In this article, let us take a look at the challenges that are faced by the internal audit profession in audit engagement

1. Engagement letter

One of the most frequent areas of concern relates to the letter of engagement between the auditor and the client. In more rare situations there is not a letter of engagement between the client and the auditor. The importance of the engagement letter cannot be over-emphasised - not only to comply with ISA 210 Agreeing the terms of audit engagements but also to ensure that there is clear understanding as to the responsibilities of the auditor and the responsibilities of management.

Audit firms must ensure that the ‘preconditions’ for the audit are also incorporated in the engagement letter which are outlined in paragraph 6 to ISA 210 and requires the auditor to:

• Determine whether the financial reporting framework to be applied in the preparation of the financial statements is acceptable
• Obtain the agreement of management that it acknowledges and understands its responsibility

2. Revenue recognition

Some reviewers have flagged up that audit evidence relating to revenue recognition in some cases is quite weak. Substantive testing for completeness will often start from the sales invoice to other supporting documentation rather than starting with the ‘source’ document (such as the customer order). It has also been flagged up that in some cases audit firms will use substantive analytical review procedures when such procedures are not likely to generate sufficient evidence and in these cases more detailed testing is likely to be more efficient and generate the required levels of evidence to support the assertions.

3. Fraud

ISA 240 The auditor’s responsibilities relating to fraud in an audit of financial statements recognises that the risk of fraud due to management override of internal controls is a significant risk. To that end, the auditor has to set aside all beliefs concerning management’s honesty and integrity and apply professional scepticism when carrying out their audit. Because ISA 240 places management override of internal controls as a significant risk, the UK and Ireland ISA requires auditors to carry out the tests outlined in paragraph 32. This paragraph says that the auditor shall design and perform audit procedures to:

• Test the appropriateness of journal entries recorded in the general ledger and other adjustments made in the preparation of the financial statements. In designing and performing audit procedures for such tests, the auditor shall:

o   Make inquiries of individuals involved in the financial reporting process about inappropriate or unusual activity relating to the processing of journal entries and other adjustments

o   Select journal entries and other adjustments made at the end of a reporting period

o   Consider the need to test journal entries and other adjustments throughout the period

4. Stock

If stock is material to the financial statements, then attendance at stocktake is required under ISA 501 Audit evidence - specific considerations for selected items unless it is impracticable to do so. Some firms have been criticised for not attending stocktakes on the grounds that it is inconvenient or too costly as these are not acceptable reasons.

Some audit firms have been criticised for failing to address the relevant assertions where stocktake attendance is concerned. For example, the auditor may test items from stock sheets to the physical inventory (which tests the existence assertion) but then not reversing the test (i.e. from physical inventory to stock sheets) which tests the completeness assertion.