Inside: - Media Communication Group

More documents

Recommendations

Info

The Importance ofEvidence inan Audit“You can observe a lot just by watching” - Yogi BerraAN AUDITOR’S RESPONSIBILITY ISTHE EXPRESSION OF HIS/HEROPINION BASED ON CONCLUSIONS THAT ARE BACKED BYrelevant facts, figures and all necessaryinformation that supports the opinion.Put simply, all such information thatis used by the auditor to form conclusionsis audit evidence. A lack of thisevidence, or the lack of relevant & upto-dateevidence, can lead to issues if abank’s staff is not able to fulfill requestsfrom auditors.BY SUZANNE FARRDepending on the nature of yourbusiness, there are at least six types ofaudits. They include: financial review,operational review, compliance review,internal control review, informationalreview and special audits. While multiplecompliance audits are requirementin banks, often the audit process andprocedures are similar in obtaining sufficientand appropriate audit evidence.Knowing this process can help staffprepare for audits. Sufficiency is a measure of thequality of audit evidence and inassessing sufficiency an auditormust determine whether enoughevidence has been obtained to drawa reasonable conclusion. Insufficientaudit evidence can be as simple as anetwork diagram that does not reflectrecent changes. Appropriateness is a measure ofthe quality of evidence. The qualityof all audit evidence is affectedby the relevance and reliabilityof the information it is based on.The reliability of information isinfluenced by its source, nature andhow it is obtained. For example, abank statement obtained directlyfrom the bank is more reliable thana bank statement from an entitybeing audited, and an original bankstatement is more reliable that aphotocopy of a bank statement.A combination of audit proceduresare used to obtain audit evidence duringthe conduct of an audit, including: Inquiry - seeking information fromwithin and outside the entity, rangingfrom formal written inquiries toinformal discussions Inspection - examining records anddocuments in paper or electronicform Observation - looking at a process orprocedure being performed by others External confirmation - obtainingwritten confirmation directly from athird party Recalculation - checking themathematical accuracy of documentsor records Re-performance - independentlyre-performing procedures or controlsthat were originally performed aspart of the entity’s internal controls Analytical procedures - evaluatingfinancial information made by astudy of plausible relationshipsamong both financial and nonfinancialdataAlthough inquiry may provideimportant audit evidence, inquiryalone does not provide sufficientaudit evidence upon which to forma conclusion. Auditors are requiredto corroborate evidence obtained viainquiry through other means such asinspecting relevant documents.Inspection involves examiningrecords or documents, whether internalor external, in paper or electronic formor other media. Inspection of records ordocuments provides audit evidence ofvarying degrees of reliability, dependingon their nature and source and in thecase of internal records and documents,22 www.azbankers.org
on the effectiveness of the controls over their production. Aclassic example of inspection used to test controls is inspectionof records for evidence of authorization.Authorization is a critical control requirement within anaudit. Documentation evidence includes requesting, approving,reviewing and modifying or changing an authorizationcomponent or the authorization in its entirety and the supportingdocumentation must evidence that the transactionis appropriate, accurate and complies with applicable laws,regulations, policies, and procedures. An entity’s policies andprocedures are often considered essential evidence of controldocumentation and a link between the entity’s vision andday-to-day operations, allowing employees to understand theirroles and responsibilities within predefined limits. Policies andprocedures allow management to guide operations withoutconstant management intervention and set expectations ofemployee behavior.For example, given these statements, the documentation evidenceassociated with authorizing an employee to have accessto a computer likely includes:• Policies & procedures• Authorization request mechanism(s)• Reviews for request appropriateness• Request authorization by appropriate resources• Request establishment within approved limits• Periodic review that access is still valid• Appropriate action to amend, modify or eliminate access.In aggregate, you can see there is a significant amount ofdocumentation in paper and/or electronic form for this oneexample of compliance documentation.Organizations can become overwhelmed with the upkeepand maintenance all of the documentation needed to evidencecompliance. The risks of not having up-to-date, complianceready documentation has grown into an enormous problemwith fines, loss of business revenue, reputation or even civiland criminal penalties becoming more prevalent.Many organizations realize that their technical staff’s timeand energy is not well spent on creating and updating documentation- efforts they typically dislike. Additionally staffstruggles to monitor and enforce compliance when it comesto routine tasks or control activities. When not a valued useof time often the end result is insufficient or inappropriateevidence, especially when audits are pending or underway andrequired evidence is lacking. For more informaon, contact Suzanne Farr at Terra Verde Services at877-707-7997, ext 7 or suzanne.farr@terraverde.net. Suzanne is theChief Operang Officer of Terra Verde Services and has over 30 years ofIT, operaonal and audit experience.ARIZONA BANKER Spring 2013 23
Page 1 and 2: SPRING 2013You’re Invited!The AzB
Page 3 and 4: FINANCIALINSTITUTIONSOur financial
Page 5 and 6: A legal partner you can trust.Jeff
Page 7 and 8: Mark your calendar now!Arizona Bank
Page 9 and 10: uilt forchangeFinancial institution
Page 11 and 12: understand risk-based analysis. In
Page 13 and 14: With changes in technology, regulat
Page 15 and 16: the door was always open for employ
Page 17 and 18: Ranch, Johnson Ranch, Verrado, Vist
Page 19 and 20: We can help unlock your potential.G
Page 21: Community banks should be prepared
Page 25 and 26: organization and mirror the commitm
Page 27 and 28: committeenotesThe Arizona Bankers A
Page 29: Get to know theBUSINESS SIDE OF COX
Page 32: 111 West Monroe, Suite 440Phoenix,

Inside: - Media Communication Group

Create successful ePaper yourself

Delete template?

Save as template?