Chp 7: Internal audit Flashcards
What are the six overall objectives of internal control?
SCREAM
- Safeguard assets
- Compliance
- Reduce Overheads
- Effective Controls
- Accounting Records
- Managing Risk
What are the four stages in the internal control process?
- Identifying business objectives
- Identifying risks that will threaten objectives
- Design internal controls to mitigate these risks
- Implement internal controls
What three conditions are likely to cause fraud?
- Pressure - financial problems
- Rationalisation - internally justify it to themselves
- Opportunity - low risk of getting caught
What is a system audit?
Tests and evaluates the internal controls in any system
What is a compliance audit?
A form of systems audit which ensures performance conforms to statuatory, regulatory or contractual requirement.
What is a Value for Money (VfM) audit?
AKA a Best Value audit
Assesses how much economy, efficiency and effectivness an organisation has.
Can be achieved by implementing the four C’s:
- Challenge - how and why a service is provided
- Compare - Make comparisons with similar organisations
- Consult - Discuss with local stakeholders in setting performance targets
- Compete - Embrace fair competition
What is a management audit?
An audit into the effectiveness of managers and corporate structure
What are social and environmental audits?
Designed to ascertain whether an entity is complying with codes of best practice, internal guidelines or is being a good corporate citizen
What four types of risk will auditors consider in their work?
- Inherent risk - the susceptibilit of an activity being subject to risk despite an internal control or the effectiveness of management
- Control risk - the risk that control systems fail, are absent or inadequate
- Residual risk - the risk that remains after controls have been deemed acceptable
- Detection risk - the risk the IA process doesn’t detect errors
What are the four types of auditor testing?
- Walkthrough testing - tracing an event from start to finish through a process
- Tests of Control - whether controls are operating as they should
- Substantive Testing - test whether indiviual events are valid (A COURIER)
- Analytical Review - gross margin, gearing etc.
For substantive testing, what is the mnemonic A COURIER?
- Analytical Review
- Confirmation - verifying with objective third party
- Observation
- compUtation &
- Recalculation - Internal Audit evidence
- Inspection
- Enquiry
- Re-performance - repeating a control activity
What are the two types of auditing in an information systems environment?
- Systems development auditing
- Auditing computer systems
What criteria do organisations use to assess the IA function?
PAIR
- Professionalism - act with consistency
- Authority - whether their recommendations are valued
- Independence - who they report to?
- Resources - do they have adequate training and experience?
How should IA reports be presented?
6 items
- The business objective of the audit
- The operational standard for the objective
- Observations of actual performance
- The causes of any weaknesses
- The effect of any weaknesses
- The recommendation to address any weaknesses
