Module 4 - Introduction to Performance Audit_4C

More documents

Recommendations

Info

equirements must be consistent with the organization’s guidelines and any pertinent regulatory or other requirements. 2330.C1 The chief audit executive must develop policies governing the custody and retention of consulting engagement records, as well as their release to internal and external parties. These policies must be consistent with the organization’s guidelines and any pertinent regulatory or other requirements. 72 The auditor must determine what should be documented while avoiding the temptation to include every piece of information gathered. Data should only be included if it is used as evidence to support conditions and recommendations. While evidence may include physical evidence (such as samples) and testimonials from individuals and groups, generally evidence is prepared in digital or paper-based format that are records derived from multiple sources. Documentation requirements also include records of analysis. The steps taken to establish the sufficiency, reliability, relevance, and usefulness of evidence should be clear from the documentation. Potential weaknesses in each major category of evidence are considered by Rauum and Morgan where the auditor should take extra care, as shown below. Physical Evidence – be alert to evidence that: Is collected without a specific methodology and may not be representative (i.e., it may be an isolated case or an outlier). Is a photograph without a record of observation or memo to the record. Lacks a clear chain of custody (e.g., police confiscated drugs). Lacks a test of inventory (i.e., may look at an oil tank and assume it is full of oil when actually it contains mostly water with a layer of oil on top). Is not witnessed (i.e., comes from only one observer). Is collected by an unqualified observer. Is a “setup” (i.e., contrived to give a false or misleading impression). Documentary Evidence – be alert to evidence that is: Taken out of context (pulled from other documents). From a newspaper or magazine article (which may be biased by personal, political, religious, or other opinion). Other auditors’ work (i.e., relying on their work without checking). From a secondary, not a primary, source. Outdated. Unofficial. Refutable. Controversial. Incomplete. Unclear (unidentified acronyms, etc.). Inconsistent. 72 Standard 2330 – Documenting Information, The International Professional Practices Framework, The IIA, 2016. 50
Testimonial Evidence – be alert to evidence that is: From a source whose knowledge about the topic is in doubt. From a source whose credibility is questionable. From a source who is not impartial and/or has a vested interest. The only evidence used to support a point (for example, if we rely only on statements from one person – one worker in a group of workers). Uncorroborated. Used out of context. Inconsistent. Incomplete. A “snow job” (an attempt to flatter or persuade). Disguised as documentary evidence (examples: written comments or numbers written or typed on a blank piece of paper by an official during an interview). Improperly substituted for documentary evidence (e.g., relying on what an official told us the law says instead of obtaining the law or using testimony for the date of a contract was signed instead of using the contact). Analytical Evidence – be alert to evidence that: Uses inappropriate analysis. Lacks methodological rigor. Is based on erroneous or useless physical, documentary, and/or testimonial evidence. Is interpreted inappropriately. Depends on microcomputer work that does not used quality assurance/control procedures. Potential Weaknesses in Evidence 73 The process of documenting evidence should be covered by quality assurance procedures. Care should always be taken to protect personal, confidential, and sensitive information. To help with the process of audit documentation, some teams use a template or matrix, like the one given below, to structure the results. Findings are conclusions based on the analysis of information, should be stated succinctly and precisely, and be supported by a clear expression of the criteria used, the condition identified, the causes of the condition, and the effects of the condition (the outcomes and impacts). Audit objective Audit question(s) Condition Criteria Finding Evidence, analysis Cause(s) Effect(s) Developed in the planning stages, linked to the scope Developed to help expand and investigate the objective Relevant discoveries during information gathering (a description of actual performance in terms of economy, effectiveness, and efficiency) Expected or desired conditions Supporting evidence for the condition Identification of root causes for the condition Identification of actual or likely outcomes and impacts of the condition 73 Rauum and Morgan, Performance Auditing: A Measurement Approach, The Internal Audit Research Foundation, 2009. 51
Page 1 and 2: 4C. Performing a Performance Audit
Page 3 and 4: Direct •Evidence gathered directl
Page 5 and 6: Payback The concept of payback is s
Page 7: Financial ratios may be used in per

Module 4 - Introduction to Performance Audit_4C

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?