McGraw-Hill/Irwin

Copyright 2013 by The McGraw-Hill Companies, Inc. All rights reserved.

Module D Internal, Governmental, and Fraud Audits Objectives

1. Define internal auditing; describe internal audit institutions (e.g. IIA); describe how internal auditors interact with independent auditors; explain internal auditors independence problems; and list features of internal reports. Define governmental auditing; describe governmental audit institutions (e.g. GAO); describe how governmental auditors interact with independent auditors; explain governmental auditors independence problems; and list features of governmental audit reports. Explain the function of standards and measurements in economy, efficiency and program audits. Describe the Single Audit Act of 1984 in relation to audits of governmental fund recipients. Define fraud auditing; describe various engagements performed by fraud auditors. Describe the elements necessary for a successful fraud examination and explain the differences between how fraud examination and external auditors handle evidence. Describe the ways CPAs can assist in prosecuting fraud perpetrators.
Mod D-2

2.

3. 4. 5. 6. 7.

Internal Audit
BasicallyExternal auditors audit financial statements

Internal Auditors audit business systems

Mod D-3

Role of the Internal Auditor

Ensure reliability and integrity of information Safeguard assets Ensure compliance with policies and regulations Achieve organizational objectives and goals Improve operational economy and efficiency Identify areas of business risk Help prevent and detect fraud Coordinate audit activities with external auditors

Mod D-4

Standards for the Professional Practice of Internal Audit

Attribute Standards

1000 Purpose, Authority, and Responsibility 1100 Independence and Objectivity 1200 Due Professional Care 1300 Quality Assurance and Improvement Program
2000 Managing the Internal Audit Activity 2100 Nature of Work 2200 Engagement Planning 2300 Performing the Engagement 2400 Communicating Results 2500 Monitoring Progress 2600 Managements Acceptance of Risk
Mod D-5

Performance Standards

Principles of the IIA Code of Ethics

Integrity- establishes trust that is the basis for reliance on their judgment. Objectivity- highest level of professional objectivity in
gathering, evaluating, and communicating information balanced assessment of all the relevant circumstances not unduly influenced by self interests or by others

Confidentiality- respect the value and ownership of information

Competency- apply the knowledge, skills and experience needed in performance of internal auditing services.

Mod D-6

Audit Applications
Financial Audits
Examine and evaluate Areas of management concern (e.g. new payment process) Financial information used by internal decision makers (e.g. monthly sales reports) Financial information being sent to outside agencies (e.g. regulatory agencies)

Operational Audits
Term is sometimes used synonymously with internal audit. Examine and evaluate Current risks that need to be managed Possible future risks systems of internal control quality of performance
Mod D-7

Audit Applications
Compliance Audits The degree the organization conforms to certain specific requirements Policy and procedures Professional standards Laws, regulations or contracts

The audit focuses on the detailed testing of existing conditions and compares them to requirements.
Mod D-8

Audit Applications
Corporate Governance The board of directors and senior management must have reliable and relevant information Management policies are in effect Strategy decisions are made with the best information Adequate progress toward goals Operating performance is measured and communicated Risk assessment is performed and communicated Effectiveness of proactive risk management.
Mod D-9

Audit Applications
Performance Auditing
Evaluating 1) the efficient and effective use of recourses; 2) progress towards goals or objectives; and/or 3) results of a program are acceptable
Identification of performance criteria is critical and may be difficult

Mod D-10

Audit Findings
Include both favorable or unfavorable findings
Unfavorable findings should include
Condition what was found Criteria basis for determining that the condition was improper Cause why did this happen? Effect why is this bad? Recommendation what do you think should be done about this?

Mod D-11

Government Auditing Standards (The Yellow Book)

Audits must be performed in accordance with GAAS and Generally Accepted Government Auditing Standards (GAGAS) As in a GAAS audit, a report on the fairness of the entity's financial statements is issued. In a GAGAS audit, a report on the entity's compliance with laws and regulations is also issued Illegal acts/ fraud Should be reported to the client unless they are clearly inconsequential. May need to be reported directly to external parties. In addition to the audit of the entity's financial statements, an examination of a governmental entity introduces the following considerations for the auditor's consideration: Compliance with Laws and Regulation Effectiveness of the Entitys Internal Control Compliance with the Specific Requirements of Individual Federal Financial Assistance Programs Compliance with Requirements Applicable to All Federal Financial Assistance Programs

Mod D-12

Governmental Reporting
Usually three reports
Report on the financial statements Report on the auditees internal control Report on auditees compliance with applicable laws and regulations

More reports required under Single Audit Act

Mod D-13

Single Audit Act Audit

Required for entities who receive specified levels of financial assistance from the federal government. Requires the auditor to issue the same reports as those issued in a Government Auditing Standards audit:
Opinion on financial statements Compliance with laws and regulations The auditor issues an opinion on Compliance with the Specific Requirements of nonmajor programs Auditor's report on Compliance with the General Requirements
Mod D-14

Fraud Audits
Who performs a fraud audit? Internal audit Independent auditors Security Certified Fraud Examiners Combination working as a team

To a fraud auditor fraud is always material It grows Indicates control weaknesses Indicates a lack of integrity The objective is to uncover fraud Its presence Its scope The perpetrators The control weakness
Mod D-15

Differences Between Audits and Fraud Audits

1. 2.

Audits Audit program Procedural approach

1. 2.

3. Look for misstatements 4. Assess controls related to FS 5. Material misstatements 6. Accounting Theory
7. Evidence documented in audit documentation

3. 4.
5. 6. 7.

Fraud Audits No set program Procedures defined during investigation Look for patterns Evaluate how controls can be circumvented Fraud are always material Theories of psychology and human behavior Safeguarding and chain of custody for evidence
Mod D-16