1 / 22

CHAPTER 14 – Communicating Assurance Engagement Outcomes and Performing Follow up Procedures

CHAPTER 14 – Communicating Assurance Engagement Outcomes and Performing Follow up Procedures. Objectives. Understand why it is appropriate and necessary to communicate assurance engagement outcomes Identify the different forms of assurance engagement communications

zytka
Download Presentation

CHAPTER 14 – Communicating Assurance Engagement Outcomes and Performing Follow up Procedures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CHAPTER 14 – Communicating Assurance Engagement Outcomes and Performing Follow up Procedures

  2. Objectives • Understand why it is appropriate and necessary to communicate assurance engagement outcomes • Identify the different forms of assurance engagement communications • Identify the steps involved in creating an effective assurance engagement communications • Understand the distribution process for the effectively communicating assurance engagement outcomes • Understand what is involved in effective monitoring of, and follow-up on assurance engagement outcomes

  3. Perform Observation Evaluation and Escalation Process Determine the COSO Objective Category Operations Financial reporting Compliance Classification Inadequately/Ineffectively Impact and Likelihood of the Observations Assessment Insignificant Significant Material Observation assessment template Assisting documentation Observation summary

  4. Observation Assessment Template • Conditions(facts)- What is found through testing? • Criteria- What should exist? • Cause- What allowed the condition to exist? • Effect- What could go wrong? • Compensating Controls-Other controls in place to mitigate the observation. • Conclusion- Detailed analysis • Detailed Recommendation- What does the IA function recommend? • Managements Solution- What will management do to fix the existing condition or prevent the problem from occurring again? • Observation Evaluation- The assessment • Evaluation performed by: Who performed the Evaluation? • Working paper Reference

  5. Conducting Interim and Preliminary Communications

  6. Interim Engagement Communication • Communication is key to assurance engagement • Usually between IA’s and members of audit subject area • Purpose is to discuss observations throughout engagement • Information from this communication is eventually used in management’s action plan

  7. Final Engagement Communication • Preliminary facts and conclusions must be confirmed before being finalized • An exit interview is usually conducted in a formal meeting to resolve any last issues • Final meeting involves feedback and a proposed course of action • Results much be communicated to appropriate parties

  8. Develop Final Engagement Communications

  9. Final Communication Should Include: • Purpose and Scope of the Engagement • Time Frame Covered by the Engagement • Observations and Recommendations • Conclusions and Ratings (if applicable) • Management’s Action Plan (if applicable)

  10. Rating System • Relatively common • Effective Controls = Positive Observation • Ineffective Controls = Negative Observation • Systems range from numerical to descriptive ratings • Disadvantage: relationship tension between IA’s and area audited

  11. Distribute Formal Communications • After all observations have been identified and assessed through observation evaluation and escalation processes individually and in the aggregate they must be communicated according to the results of that process • Communications must be reviewed and approved by the CAE or designee before they can be distributed • Then the CAE distributes the final engagement communication to management of the audited activity and members who can ensure the results are given due consideration and take corrective action • Assurance engagement communications are FORMAL or INFORMAL depending n the outcome as determined by the observation evaluation and escalation process

  12. Formal Communications • Recipients of formal assurance engagement communications are senior management, the audit committee, the organizations independent outside auditor, and/or auditee management • Use when controls evaluated during an assurance engagement are: - insignificantly compromised (although key controls are compromised) - significantly compromised - materially compromised • Format used to be communicated through hard copies and word documents but now are moving towards power point presentations– format is less important than covering all of the elements of a formal communication • Should Include - The purpose and scope of the audit - The time frame of the audit - The observations and recommendations (results) of the audit, if any - The conclusion (opinion/rating) of the internal audit function - Managements response (action plan) to the recommendations

  13. Informal Communications • Considered appropriate only when, during the observation evaluation and escalation process, all observations were assessed to be insignificant with no key controls compromised • Will cover insignificant observations related to secondary controls that may be compromised and will only • Distributed only to management of the area that was the target of the engagement informally via e-mail, face-to-face, meetings, or conference calls • To satisfy the Standards relative to communicating assurance engagement outcomes must still communicate to senior management , audit committee, and independent outside auditor that NO observations were identified related to key controls

  14. Quality of Communications • Standard 2420 states that communications must be: • Accurate- free from errors and distortions and faithful to the underlying facts • Objective- fair, impartial, and unbiased; are the result of a fair-minded and balanced assessment of all relevant facts and circumstances • Clear- easily understood and logical providing all significant and relevant information; avoid using unnecessary technical language • Concise- to the point- avoid unnecessary elaboration, superfluous detail redundancies and wordiness • Constructive- helpful to the engagement client and the organization and lead to improvements where needed • Complete- lack nothing essential to target audience; include all significant and relevant information and observations to support recommendations and conclusions • Timely- opportune and expedient, depending on significance of the issue, allowing management to take appropriate corrective action

  15. Practice advisory 2420-1: Quality of Communications additional guidance • Internal Auditors should: • Gather, evaluate, and summarize data and evidence with care and precision • Derive and express observations, conclusions, and recommendations without prejudice, partisanship, personal interests, and undue influence of others • Improve clarity by avoiding unnecessary technical language and providing all significant and relevant information in context • Develop communications with the objective of making each element meaningful but succinct • Adopt a useful, positive, and well-meaning content and tone that focuses on the organizations objectives • Ensure communication is consistent with the organizations style and culture • Plan the timing of the presentation of engagement results to avoid undue delay

  16. Errors and Omissions • At times there will be an unintentional misstatement or omission of significant information in the final engagement communication • According to the Standards 2421: Errors and Omissions “If a final communication contains a significant error or omission, the CAE must communicate corrected information to all parties who received the original communication”

  17. Perform Monitoring and Follow-up • As stated in the Standards, the internal auditor is to “establish a follow-up process to monitor and ensure that management actions have been effectively implemented or that senior management has accepted the risk of not taking action”

  18. Perform Monitoring and Follow-up • The internal auditor’s job isn’t done when the engagement results are communicated. • During the engagement, the internal auditor identifies observations and management must make the choice to: • Implement changes to remediate the observation • Accept the risk associated with making no changes to the control • Management’s decision determines the course of the monitoring and follow-up procedures.

  19. Implementation • Management • implements suggested changes • Internal auditor • monitors the progress of changes • Regularly follow-ups to assess efficiency and effectiveness of changes • Ensures that changes are made in accordance with the schedule defined in the final engagement communication • Document findings for working papers, and additional follow-up

  20. Acceptance • Management • Accepts the risk • Chief Audit Executive • Evaluates management’s decision If it is believed that management has accepted a risk beyond the tolerance, the CAE must: • Discuss with management • If not resolved, must report it to the Board of Directors for resolution

  21. Assurance Engagement Outcome • Specific focus of Chapter 14 • Consulting engagement communications are discussed in Chapter 15

  22. Questions?

More Related