Chapter 10 - Audit Flashcards

Question

What is post-completion audit?

Answer 1

A post-completion audit is an objective and independent appraisal of the measure of success of a project. It should cover the project throughout its lifecycle from the planning and implementation stages through to performance after commissioning. The review should take place at some time after the project or process has been completed or is being used. Review should not be too soon, where the project or process hasn't been given a chance to bed in. But it should also not be too late where important feedback and learning has not been applied on later projects. Projects are often assessed on three criteria: time, cost and quality. Was the project implemented on time? Did the project come in on budget? Was the project delivered at the expected quality level, or more commonly did it solve the original issue that prompted the project? Post-completion audits are often performed by internal audit, as long as they are not involved in the original design of the project itself. The auditor will source the documentation which stated the original objectives of the project, and then follow the process carried out to ensure that all activities led to the successful completion of these objectives - in an economical, efficient and effective way. If the objectives are not met, why not? And what should be done about it?

Answer 2

Value for money audit is an investigation into whether proper arrangements have been made for securing economy, efficiency and effectiveness in use of resources. It is an audit into the 3 Es in an item or operation. - Economy of a business is assessed by looking at the inputs to the business and deciding whether these are the most economical that are available at an acceptable quality level. Economy means obtaining the required resources at the lowest cost. There would be a lack of economy for example, if there was overstaffing in a particular department or if an excessive price was paid for the materials of the required quality. ECONOMY DOEST NOT MEAN ACHIEVING THE LOWEST COST POSSIBLE: IT MEANS KEEPING COSTS WITHIN ACCEPTABLE LIMITS FOR OBTAINING RESOURCES OF THE DESIRED QUALITY. - Efficiency of an operation is assessed by considering how well operation converts inputs to outputs. It means using the minimum quantity of resources to achieve a given quantity and quality output. Efficiency can be measured either in terms of: a) maximising the output for a given quantity of input, such as the maximum quantity of services provided per employee or per $1 spent, or b) achieving a given quantity of output with the minimum resources possible. - Effectiveness exists when the output from a system achieves its intended aims and objectives. The effectiveness of an organisation is assessed by examining whether the organisation is achieving its objectives. To assess it there must be clear objectives for the organisation that can be examined.

Answer 3

- it might be difficult to measure outputs, particularly in government services. For example, the output from an education system can be measured in many different ways, both in term of the numbers educated and the quality of education. - The objectives of the activity might be difficult to establish. Particularly in the public sector. For example, what are the objectives of the police service? If an activity has several different objectives, the problem is then how to decide their priorities. - The focus might be either on the economy and efficiency or on effectiveness. It is difficult to report on both issues simultaneously because costs can almost always be reduced by cutting back on the quality of service, while outputs can almost always be improved by spending more - Quality might be ignored when economy and efficiency measured.

Answer 4

Environmental audit is a management tool comprising a systematic, documented, periodic and objective evaluation of how well organisations, management and equipment are performing, with the aim of contributing to safeguarding the environment by facilitating management control of environmental practices, and assessing compliance with company policies, which would include meeting regulatory requirements and standards applicable.

Answer 5

The social audit would look at the company's contribution to society and the community. The contributions made could be through: - Donations - Sponsorship - Employment practices - Education - Health and safety - Ethical investments, etc

Answer 6

A management audit is also called an operational audit. A management audit is an objective and independent appraisal of the effectiveness of managers and the corporate structure in the achievement of the entities' objectives and policies. - its aim is to identify existing and potential management weakness and recommend ways to rectify them. - This type of audit would require the use of very experienced staff who understand the nature of the business.

Answer 7

- re-focusing resources towards mission-critical objectives - improving efficiency (improving work flows, eliminating unnecessary activities, eliminating duplicated activities, etc.) - improving the effectiveness of management support tools (such as improvements in controls, automated system support etc) - assessing the appropriate levels of service for an activity or operation - identifying cost saving - identifying opportunities to enhance revenue - improvements in governance

Answer 8

- a review of policies and procedures - a general review of workloads, work methods and work flows - an evaluation of system and processes - a review of management practices - a review of resource utilisation - a detailed cost analysis

Answer 9

- a lack of technical competence or knowledge of the business amongst managers, and insufficient management training - an unwillingness to delegate - regular failure to achieve standards or targets - inadequate management information systems - poor communications within or between departments - poor management/staff relationships - an absence of clear leadership - a failure by management to make good decisions

Answer 10

A systems-based audit is an audit of internal controls within an organisation. Although term refers to any type of system, it is often associated with the audit of accounting systems, such as the sales ledger system, purchase ledger system, receipts and payments, fixed asset records, stock records, and so on. The aim of such an audit is to identify weaknesses in the system (weaknesses in either the controls or in the application of controls, such that there is risk of material inaccuracy in financial records and statements, or risk fraud).

Answer 11

- identify the objectives of each system - identify the procedures - identify why the system might not meet its objectives - identify ways to manage the above - identify if current controls are adequate - report on the above

Answer 12

A transactions audit

Answer 13

A post completion audit

Answer 14

1. Agree the objectives of the audit 2. Planning: a) Plan the audit b) Find out about systems and controls c) confirm operations of the system d) assess if controls are adequate 3. Testing a) test compliance with controls b) test application of controls 4. Review, report and recommend 5. Agree the objectives of the audit again

Answer 15

The auditor assesses whereabouts the key risks are in a system, and then concentrates the audit effort at those key risks. The result of this approach is that the audit should be more efficient and effective at achieving its objectives than if another approach were followed. One of the key ways an auditor can try to identify risk is by benchmarking.

Answer 16

1. Process benchmarking - the company focuses its observation and investigation on business processes with a goal of identifying and observing the best practices from one or more benchmarked firms. Process analysis is required where the objective is usually to benchmark cost and efficiency. This is increasingly applied to back-office processes where outsourcing may be a consideration. 2. Product benchmarking - the process of designing new products or upgrades to current ones. This process can sometimes involve reverse engineering which is taking apart competitors products to find strengths and weaknesses. 3. Functional benchmarking - a company will focus its benchmarking on a single function e.g. production, to improve the operation of that particular function. Complex functions such as HR, finance and IT are unlikely to be directly comparable in cost and efficiency terms and may need to be disaggregated into processes to make valid comparison. 4. Competitor benchmarking - involves studying the leading competitor of the company that best carries out a specific function 5. Environmental benchmarking - this is the process of collecting, analysing and relating environmental performance data of comparable activities with the purpose of evaluating and comparing performance between or within the entities. Entities can include processes, buildings or companies. Benchmarking can be internal within a single organisation, or - subject to confidentiality restrictions - external between competing entities.

Answer 17

Inherent risk is the risk in the activity or operation, ignoring the controls in the system. For example, a cash based business such as a market stall or taxi business is inherently risky due to their possible theft or mis-declaration of tax payable. Inherent risk relates to both to the severity and the incidence of the risk, i.e. potential loss if an adverse situation or event arises, and the probability that an adverse situation or event will arise. The size of the inherent risk will depend on a variety of factors, such as: - the size of the operations unit or the size of the expenditure budget - the nature of the assets used or handled - the extent to which procedures are computerised. The quality of control is the perceived quality of the existing controls for the activity. Confidence in the quality will be affected by: - the apparent effectiveness of management and supervision - pressures on management to achieve targets - changes in the system activities and procedures - changes in key personnel - a high staff turnover - a rapid expansion in operations and the volume of transactions handled - the length of time since the last audit of the activity was carried out. Confidence in the quality of controls will diminish over time without fresh reassurance from another audit that the controls are still effective.

Answer 18

The term materiality is often used in the context of financial reporting. An item in the financial statements is material if its omission or a misstatement of its value would be likely to influence a user of the financial statements. Materiality should also be considered in relative terms. For example, the risk of valuing an asset incorrectly by $100k would be material in the context of the company with assets of $1 million, but far less material in the context of a company with assets of $100 mil.

Answer 19

1. Flowcharts - these could be examined or created from discussions with staff who use and operate systems. They might be used to record: - the sequences of activities and checks within an operation or procedure - which individuals carry out each procedure or check The advantages of flowcharting the stages in an operation are that: - a flowchart is more often effective at presenting information in an understandable form than a narrative description - if there are weaknesses in the controls within an operation, these might be easier to identify by studying a flowcharts 2. Questionnaires - A questionnaire is a list of questions for which the auditor needs to find answers in order to gather the information or evidence he needs. The questions should be specific, and should ideally call for a yes or not answer, although room should be left on the form for additional comments to be added if required. The answers to thee questions help the auditor both to: - establish the facts, and - identify potential control weaknesses.

Answer 20

- requiring that all cheques are signed by hand by a senior manager in the company, instead of signed automatically - a review by the individual's supervisor of all bank reconciliations; - a periodic listing from the company's bank of all the payments out of the company's bank account in the period, for review by a senior manager

Answer 21

- compliance testing (test of controls) - it should be carried out to ensure that the controls identified at the planning stage operate as they should. If the controls are not being complied with then there will be a material weakness in the control system and the result could be serious errors or fraud and the business objectives may not be achieved. The results of the compliance testing should indicate whether: a - the controls are effective, or b - the controls are ineffective in practice, even though they appeared adequate on paper. - substantive testing (test of balances or transactions) - it does not look at the controls in the system, - it rather concentrates on the output and ensuring that the output is as expected. Substantive testing is normally associated with financial systems but can also be used for non-financial systems. The purpose of the substantive tests is either to: a - confirm that the controls are effective b - or where the controls are ineffective, to establish the apparent consequences

Answer 22

- The objectives of the audit work - A summary of the process undertaken by the auditor - The results of tests carried out - The audit opinion - Recommendation for action

Answer 23

CAAT - computer-assisted audit techniques are methods of using a computer to carry out an audit of computer system. There are two main categories of CAAT: - Audit software, such as audit interrogation software - test data

Chapter 10 - Audit Flashcards

(50 cards)