Lecture 9: Internal Assurance Flashcards Preview

APA > Lecture 9: Internal Assurance > Flashcards

Flashcards in Lecture 9: Internal Assurance Deck (5)
Loading flashcards...
1
Q

The role of internal assurance in achieving organisational goals

A

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve effectiveness of risk mgmt., control and governance processes

Internal audit does this by:

  • Providing independent, unbiased assessment of organisational operations (objectivity—based on professionalism and integrity through professional standards and code of ethics)
  • Provide mgmt. with info on effectiveness of risk mgmt., control and governance processes
  • Acting as catalyst for improvement in risk mgmt., control and governance process
  • Being an advisor that tells mgmt. what it need to know, when it needs to know it.
2
Q

Tutorial 10 Q5:

Discuss the issues raised in relation to performance of internal auditors on 2015 Toshiba accounting scandal

A

Background: Toshiba inflated earnings by at least $1.2 billion during period 2009-2014 by understating costs on long term projects and improperly valuing inventory

Issues
- Internal audit focus: focused more on consulting services rather than assurance services. Mgmt set targets that were unachievable and that remuneration of employees was largely dependent on achievement of these targets—argued that internal audit function should’ve been aware of the risk of earnings mgmt.

  • Audit committee: the three external members of the audit committee had little knowledge of finance and accounting. CFO was member of audit committee as well so internal audit not independent of mgmt.
  • Organisational culture existed where employees could not act in contrary to intention of their superiors. Discrepancies were raised but dismissed as insignificant.
  • Rotational Staffing Model: staff were rotated through the internal audit department on route to other areas creating potential issues in relation to lack of expertise and commitment to audit function.
3
Q

Tutorial 10 Q1

Computer-assisted audit techniques (CAATs)

A
  • As most businesses use computers extensively, particular for processing significant applications, it is impossible for audits to be conducted efficiently and effectively without using technology such as CAATs.
  • Test data technique: uses a set of ‘dummy’ input data to validate system integrity. Auditors prepare both valid and invalid data. Output compared with what was expected by auditor to assess whether controls are operating effectively
    White box approach
  • Integrated Test Facility (ITF): automated technique that enables test data to be continually evaluated under normal operation of a system. Auditor creates fictitious situations and perform wide variety of tests over the system. Involves creation of small sub-system within regular computer accounting system. (more computer expertise required, and is time-consuming and expensive)
    White box approach
  • Parallel simulation: Attempts to stimulate firm’s key processes. Auditor writes a computer program to reprocess firm’s actual data for past period to stimulate results. Stimulated results compared with actual results to determine system validity
    White box approach
  • Generalised Audit Software (GAS): often used to test controls. Standard software that can directly read and access data from various database platforms enabling transactional data analysis
  • Online real-time systems—continuous auditing: Instead of traditional testing, auditor may arrange for continuous monitoring of system by adding an audit routine to entity’s system. Transactions sampled at regular intervals and output used in testing controls. ‘Audit hooks’ build into the system to enable auditors to select transactions with characteristics of interest for investigation.
4
Q

Tutorial 10 Q2:

Advantages and disadvantage of test data approach

A

Advantages may include:

  • Test data approach is a way of auditing ‘through the computer’ (white box approach). Internal auditor would create test cases to verify specific logic and controls in the system.
  • It is simple to use although does require auditor to understand internal logic of the system—efficient in finding errors and problems
  • Due to required internal knowledge of software, maximum coverage can be obtained
  • There is not much disruption to the computer system in this instance

Disadvantage may include:

  • Auditory has disrupted the integrity of data system by entering what is essentially false data into the live database. The data that is entered is now part of the legal records of company even though it is not real. Could be constructed as fraudulent data entry. Thus, if this method is utilised, essential that proper procedures are followed to ensure such dummy transactions are appropriately identified and reversed.
  • Computer operators within the firm will be aware that the tests are being run, which could compromise integrity of the output.
  • The test is at a specific point in time and consequently doesn’t provide evidence in relation to how the system operates at other times.
5
Q

Black-box approach?

A

Auditing around the computer

  • Auditors test reliability of computer generated info by first calculating expected results from the transactions entered into the system. Then auditors compare these calculations to the processing/output results.
  • If they prove to be accurate and valid, assumed that system of controls is effective and that system is operating properly.

Advantages:

  • Systems will not be interrupted for auditing purposes
  • Auditors do not need to gain detailed knowledge of the systems’ internal logic
  • Separation between user’s and developer’s perspectives

Disadvantages:

  • Only adequate when automated systems applications are relatively simple
  • Limited coverage since only a fraction of test scenarios performed
  • Blind coverage since tester has limited knowledge about application