Internal Auditing & Controls. Examination phase of the internal audit Module 5. Course Name: Internal Auditing & Controls

Transcription

1 Course Name: Internal Auditing & Controls Module: 5 Module Title: Examination phase of the internal audit Lecture and handouts prepared by Chuck Campbell Examination phase of the internal audit Module 5 This module covers the main aspects of the examination phase of the internal audit. In this module, you will learn how the auditor organizes and carries out the work needed to obtain sufficient, appropriate evidence to assess the quality of management systems and practices in areas selected for audit. You will also be introduced to generalized audit software packages such as ACL and will use this software to obtain evidence for internal audits, including fraud investigations. MU Module 5 Part 1 Slide 2 Internal Auditing & Controls Module 5 Part 1 Topic 5.1 Topic 5.2 Part 2 Topic 5.3 Topic 5.4 Part 3 Topic 5.5 Topic 5.6 Overview of the examination phase Preparing the audit program Testing and evidence Developing audit criteria and preparing an audit program case study Computer-assisted audit techniques Generalized audit software MU Module 5 Part 1 Slide 3 1

2 Internal Auditing & Controls Module 5 Part 4 Topic 5.7 Topic 5.8 Evaluating audit results Completing and reviewing audit files Part 5 Topic 5.9 Fraud and investigations Topic 5.10 Conducting a fraud investigation Topic 5.11 Fraud in a technological environment Part 6 Module summary Learning objectives Recent examination questions MU Module 5 Part 1 Slide 4 Internal Auditing & Controls Module 5 Part 1 Topic 5.1 Topic 5.2 Overview of the examination phase Preparing the audit program MU Module 5 Part 1 Slide 5 Steps in the examination phase of an internal audit 1. Examining and testing operations and transactions by performing the procedures set out in the audit program. MU Module 5 Part 1 Slide 6 2

3 Steps in the examination phase of a internal audit (cont d) 1. Examining and testing operations and transactions by performing the procedures set out in the audit program. 2. Analyzing audit results by comparing audit evidence with audit criteria and establishing the causes for any significant variances. MU Module 5 Part 1 Slide 7 Steps in the examination phase of a internal audit (cont d) 1. Examining and testing operations and transactions by performing the procedures set out in the audit program. 2. Analyzing audit results by comparing audit evidence with audit criteria and establishing the causes for any significant variances. 3. Completing and reviewing audit files including summarizing audit findings, in preparation for producing the audit report. MU Module 5 Part 1 Slide 8 Purposes of audit programs ensuring that audit standards are met clearly communicating objectives, audit criteria and procedures aiding in understanding the activities being audited outlining the work to be done and ensuring that no important steps are overlooked providing a basis for scheduling and controlling audit work and time MU Module 5 Part 1 Slide 9 3

4 Purposes of audit programs (cont d) providing for an orderly review of the work performed providing a checkpoint for approval of planned audit work and subsequent audit review ensuring that the most efficient procedures are followed in the proper order to gather sufficient, appropriate evidence to support the auditor s observations providing supporting evidence for audit findings MU Module 5 Part 1 Slide 10 Steps in preparing internal audit programs 1. Determine the nature of evidence required by the audit objectives. MU Module 5 Part 1 Slide 11 Steps in preparing internal audit programs (cont d) 1. Determine the nature of evidence required by the audit objectives. 2. Determine what evidence is appropriate to achieve the audit objectives. MU Module 5 Part 1 Slide 12 4

5 Steps in preparing internal audit programs (cont d) 1. Determine the nature of evidence required by the audit objectives. 2. Determine what evidence is appropriate to achieve the audit objectives. 3. Determine how much evidence is needed to achieve the audit objectives. MU Module 5 Part 1 Slide 13 Steps in preparing internal audit programs (cont d) 1. Determine the nature of evidence required by the audit objectives. 2. Determine what evidence is appropriate to achieve the audit objectives. 3. Determine how much evidence is needed to achieve the audit objectives. 4. Determine the timeliness of the evidence needed to meet the audit objectives. MU Module 5 Part 1 Slide 14 Steps in preparing internal audit programs (cont d) 1. Determine the nature of evidence required by the audit objectives. 2. Determine what evidence is appropriate to achieve the audit objectives. 3. Determine how much evidence is needed to achieve the audit objectives. 4. Determine the timeliness of the evidence needed to meet the audit objectives. 5. Determine how the required evidence will be obtained. MU Module 5 Part 1 Slide 15 5

6 Steps in preparing internal audit programs (cont d) 1. Determine the nature of evidence required by the audit objectives. 2. Determine what evidence is appropriate to achieve the audit objectives. 3. Determine how much evidence is needed to achieve the audit objectives. 4. Determine the timeliness of the evidence needed to meet the audit objectives. 5. Determine how the required evidence will be obtained. 6. Write the audit program. MU Module 5 Part 1 Slide 16 Components of the audit program Audit objectives summarize why the audit is being performed. MU Module 5 Part 1 Slide 17 Components of the audit program Audit objectives summarize why the audit is being performed. Audit criteria are the standards used by the auditor to assess performance. MU Module 5 Part 1 Slide 18 6

7 Components of the audit program Audit objectives summarize why the audit is being performed. Audit criteria are the standards used by the auditor to assess performance. Audit procedures are the general and specific techniques performed by the auditors to obtain sufficient, appropriate evidence to determine if operations are in accordance with the audit criteria. MU Module 5 Part 1 Slide 19 Examples of audit procedures Audit procedures include: inspection of documents (vouching and tracing) analysis interviews MU Module 5 Part 1 Slide 20 Examples of audit procedures Audit procedures include: inspection of documents (vouching and tracing) analysis interviews replication or reperformance physical observation computation confirmation MU Module 5 Part 1 Slide 21 7

8 Internal Auditing & Controls Module 5 Part 2 Topic 5.3 Topic 5.4 Testing and evidence Developing audit criteria and preparing an audit program case study MU Module 5 Part 2 Slide 1 Appropriateness of internal audit evidence In determining the appropriateness of audit evidence, the internal auditor considers three factors: its competence or reliability MU Module 5 Part 2 Slide 2 Appropriateness of internal audit evidence In determining the appropriateness of audit evidence, the internal auditor considers three factors: its competence or reliability its relevance for the purpose for which it is to be used MU Module 5 Part 2 Slide 3 8

9 Appropriateness of internal audit evidence In determining the appropriateness of audit evidence, the internal auditor considers three factors: its competence or reliability its relevance for the purpose for which it is to be used its usefulness in helping the organization improve and achieve its goals MU Module 5 Part 2 Slide 4 Sufficiency of internal audit evidence Sufficiency of audit evidence means that the auditor has examined a large enough quantity of evidence such that a reasonably trained person would concur that the amount of evidence was adequate to support the audit conclusions reached MU Module 5 Part 2 Slide 5 Factors in determining sufficiency of audit evidence Factors to consider in determining how much evidence is required include: the risk associated with the activities being audited MU Module 5 Part 2 Slide 6 9

10 Factors in determining sufficiency of audit evidence Factors to consider in determining how much evidence is required include: the risk associated with the activities being audited the materiality or impact of the potential weaknesses MU Module 5 Part 2 Slide 7 Factors in determining sufficiency of audit evidence Factors to consider in determining how much evidence is required include: the risk associated with the activities being audited the materiality or impact of the potential weaknesses the nature of the evidence available (the more persuasive the evidence, the less of it is needed) MU Module 5 Part 2 Slide 8 Factors in determining sufficiency of audit evidence Factors to consider in determining how much evidence is required include: the risk associated with the activities being audited the materiality or impact of the potential weaknesses the nature of the evidence available (the more persuasive the evidence, the less of it is needed) the sensitivity of the matter being assessed (more evidence is needed, for example, for suspected frauds) MU Module 5 Part 2 Slide 9 10

11 Factors in determining sufficiency of audit evidence Factors to consider in determining how much evidence is required include: the risk associated with the activities being audited the materiality or impact of the potential weaknesses the nature of the evidence available (the more persuasive the evidence, the less of it is needed) the sensitivity of the matter being assessed (more evidence is needed, for example, for suspected frauds) the cost of obtaining the evidence MU Module 5 Part 2 Slide 10 Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; MU Module 5 Part 2 Slide 11 Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; objective; MU Module 5 Part 2 Slide 12 11

12 Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; objective; documented; MU Module 5 Part 2 Slide 13 Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; objective; documented; external to the organization; MU Module 5 Part 2 Slide 14 Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; objective; documented; external to the organization; derived from a large sample; MU Module 5 Part 2 Slide 15 12

13 Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; objective; documented; external to the organization; derived from a large sample; derived from a random, statistical sample; MU Module 5 Part 2 Slide 16 Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; objective; documented; external to the organization; derived from a large sample; derived from a random, statistical sample; corroborated by evidence from other sources; MU Module 5 Part 2 Slide 17 Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; objective; documented; external to the organization; derived from a large sample; derived from a random, statistical sample; corroborated by evidence from other sources; timely; MU Module 5 Part 2 Slide 18 13

14 Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; objective; documented; external to the organization; derived from a large sample; derived from a random, statistical sample; corroborated by evidence from other sources; timely; authoritative; MU Module 5 Part 2 Slide 19 Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; objective; documented; external to the organization; derived from a large sample; derived from a random, statistical sample; corroborated by evidence from other sources; timely; authoritative; direct; MU Module 5 Part 2 Slide 20 Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; objective; documented; external to the organization; derived from a large sample; derived from a random, statistical sample; corroborated by evidence from other sources; timely; authoritative; direct; from a well-controlled system. MU Module 5 Part 2 Slide 21 14

15 Connon Chemicals Inc. case study 1. Decide how you would expect the company to mitigate each of the risks identified in the planning stage of the audit. 2. For each risk, state the criteria that you would use to evaluate the company s efforts to address each identified risk. 3. For each criterion stated, set out one or more steps that would make up the audit program to obtain and assess evidence as to whether the company is in compliance with the criteria you have determined to be appropriate. MU Module 5 Part 2 Slide 22 Internal Auditing & Controls Module 5 Part 3 Topic 5.5 Topic 5.6 Computer-assisted audit techniques Generalized audit software MU Module 5 Part 3 Slide 1 Prerequisites to using computerassisted audit techniques The information must be stored in computer records. MU Module 5 Part 3 Slide 2 15

16 Prerequisites to using computerassisted audit techniques The information must be stored in computer records. Computer software must be available to perform the computer assisted audit techniques (or can be developed economically). MU Module 5 Part 3 Slide 3 Prerequisites to using computerassisted audit techniques The information must be stored in computer records. Computer software must be available to perform the computer assisted audit techniques (or can be developed economically). The auditor must have the technical competence to perform the audit procedures using the computer assisted audit techniques. MU Module 5 Part 3 Slide 4 Systems-oriented CAATs Systems-oriented CAATs are used to: enable the auditor to directly test system-based internal controls; MU Module 5 Part 3 Slide 5 16

17 Systems-oriented CAATs Systems-oriented CAATs are used to: enable the auditor to directly test system-based internal controls; enable the auditor to check the logic of the computer systems; MU Module 5 Part 3 Slide 6 Systems-oriented CAATs Systems-oriented CAATs are used to: enable the auditor to directly test system-based internal controls; enable the auditor to check the logic of the computer systems; enable the auditor to gain a better understanding of the computer systems; MU Module 5 Part 3 Slide 7 Systems-oriented CAATs Systems-oriented CAATs are used to: enable the auditor to directly test system-based internal controls; enable the auditor to check the logic of the computer systems; enable the auditor to gain a better understanding of the computer systems; enable the auditor to establish that there have been no unauthorized changes to programs. MU Module 5 Part 3 Slide 8 17

18 Systems-oriented CAATs (cont d) Examples of system-oriented CAATs include: test data; integrated test facilities; system control audit review files (SCARF); logic analysis programs; code comparison programs. MU Module 5 Part 3 Slide 9 Data-oriented CAATs Data-oriented CAATs: are used to retrieve, select, summarize and process data for the purposes of establishing its completeness and accuracy; MU Module 5 Part 3 Slide 10 Data-oriented CAATs Data-oriented CAATs: are used to retrieve, select, summarize and process data for the purposes of establishing its completeness and accuracy; are used to perform statistical and other analysis on audit data; MU Module 5 Part 3 Slide 11 18

19 Data-oriented CAATs Data-oriented CAATs: are used to retrieve, select, summarize and process data for the purposes of establishing its completeness and accuracy; are used to perform statistical and other analysis on audit data; are usually used to produce substantive audit evidence (occasionally to test controls); MU Module 5 Part 3 Slide 12 Data-oriented CAATs Data-oriented CAATs: are used to retrieve, select, summarize and process data for the purposes of establishing its completeness and accuracy; are used to perform statistical and other analysis on audit data; are usually used to produce substantive audit evidence (occasionally to test controls); enable the auditor to gain a better understanding of the computer systems; MU Module 5 Part 3 Slide 13 Data-oriented CAATs Data-oriented CAATs: are used to retrieve, select, summarize and process data for the purposes of establishing its completeness and accuracy; are used to perform statistical and other analysis on audit data; are usually used to produce substantive audit evidence (occasionally to test controls); enable the auditor to gain a better understanding of the computer systems; are used to increase audit effectiveness and efficiency. MU Module 5 Part 3 Slide 14 19

20 Data-oriented CAATs (cont d) Examples of data-oriented CAATs include: generalized audit software; system utilities; custom-written programs; industry-specific audit programs. MU Module 5 Part 3 Slide 15 Functionality of generalized audit software Most generalized audit software programs (such as ACL) can do the following: read data in a variety of formats and file structures; merge records from multiple files; extracts records according to auditor s specifications; sort records according to the auditor s specifications; select samples using statistical or other criteria; MU Module 5 Part 3 Slide 16 Functionality of generalized audit software (cont d) Most generalized audit software programs (such as ACL) can do the following: perform numerical calculations on data; perform statistical analysis on data; perform summation of data; generate reports in prescribed formats (e.g., spreadsheets, database formats). MU Module 5 Part 3 Slide 17 20

21 An example of the use of ACL ACL was used to: select travel and entertainment payments from the accounts payable master file; select employees who had the highest total travel and entertainment costs; select the highest reimbursements to employees other than those selected in the previous step; select transactions from those identified by previous internal audits as violators of the company s policies and procedures; select a random sample of the remaining reimbursements; merge data with employee file to obtain employee s names and locations; generate a worksheet containing selected reimbursements for audit follow-up. MU Module 5 Part 3 Slide 18 Steps in using generalized audit software 1. define the specific audit objectives for the application; MU Module 5 Part 3 Slide 19 Steps in using generalized audit software 1. define the specific audit objectives for the application; 2. determine the specific tests to be performed by the software; MU Module 5 Part 3 Slide 20 21

22 Steps in using generalized audit software 1. define the specific audit objectives for the application; 2. determine the specific tests to be performed by the software; 3. obtain copies of the data files to be tested; MU Module 5 Part 3 Slide 21 Steps in using generalized audit software 1. define the specific audit objectives for the application; 2. determine the specific tests to be performed by the software; 3. obtain copies of the data files to be tested; 4. verify completeness of data files to be used; MU Module 5 Part 3 Slide 22 Steps in using generalized audit software 1. define the specific audit objectives for the application; 2. determine the specific tests to be performed by the software; 3. obtain copies of the data files to be tested; 4. verify completeness of data files to be used; 5. enter the commands into the generalized audit software and run the program; MU Module 5 Part 3 Slide 23 22

23 Steps in using generalized audit software 1. define the specific audit objectives for the application; 2. determine the specific tests to be performed by the software; 3. obtain copies of the data files to be tested; 4. verify completeness of data files to be used; 5. enter the commands into the generalized audit software and run the program; 6. check the output and draw audit conclusions. MU Module 5 Part 3 Slide 24 Computer illustrations using ACL You should work through computer illustrations 5-1 to 5-4 to gain some hands-on experience working with a generalized audit software package: 5-1: Basic table management using ACL 5-2: Analyzing field contents and sorting a table 5-3: Creating new fields and analyzing a field 5-4: Aggregating the values of a field (These are found under the ACL computer illustrations link on the navigation pane.) MU Module 5 Part 3 Slide 25 Internal Auditing & Controls Module 5 Part 4 Topic 5.7 Topic 5.8 Evaluating audit results Completing and reviewing audit files MU Module 5 Part 4 Slide 1 23

24 Evaluating audit results 1. The auditor compares the observation with the audit criteria. MU Module 5 Part 4 Slide 2 Evaluating audit results 1. The auditor compares the observation with the audit criteria. 2. The auditor determines the cause and effects of the identified weakness. a) the auditor must define the problem and gather evidence as to the cause of the deficiency; MU Module 5 Part 4 Slide 3 Evaluating audit results 1. The auditor compares the observation with the audit criteria. 2. The auditor determines the cause and effects of the identified weakness. a) the auditor must define the problem and gather evidence as to the cause of the deficiency; b) the auditor must consider the effect of the deficiency on the company s operations; MU Module 5 Part 4 Slide 4 24

25 Evaluating audit results 1. The auditor compares the observation with the audit criteria. 2. The auditor determines the cause and effects of the identified weakness. a) the auditor must define the problem and gather evidence as to the cause of the deficiency; b) the auditor must consider the effect of the deficiency on the company s operations; c) the auditor must ensure that sufficient evidence is obtained to support the existence of the weakness and its cause and effects. MU Module 5 Part 4 Slide 5 Reviewing audit files Audit working paper files should contain: a statement of audit objectives; MU Module 5 Part 4 Slide 6 Reviewing audit files Audit working paper files should contain: a statement of audit objectives; reasons for performing specific audit procedures; MU Module 5 Part 4 Slide 7 25

26 Reviewing audit files Audit working paper files should contain: a statement of audit objectives; reasons for performing specific audit procedures; the basis for sample selection; MU Module 5 Part 4 Slide 8 Reviewing audit files Audit working paper files should contain: a statement of audit objectives; reasons for performing specific audit procedures; the basis for sample selection; documentation of matters examined; MU Module 5 Part 4 Slide 9 Reviewing audit files Audit working paper files should contain: a statement of audit objectives; reasons for performing specific audit procedures; the basis for sample selection; documentation of matters examined; key documentary evidence; MU Module 5 Part 4 Slide 10 26

27 Reviewing audit files Audit working paper files should contain: a statement of audit objectives; reasons for performing specific audit procedures; the basis for sample selection; documentation of matters examined; key documentary evidence; audit programs, setting out work done; MU Module 5 Part 4 Slide 11 Reviewing audit files Audit working paper files should contain: a statement of audit objectives; reasons for performing specific audit procedures; the basis for sample selection; documentation of matters examined; key documentary evidence; audit programs, setting out work done; drafts of audit reports; MU Module 5 Part 4 Slide 12 Reviewing audit files Audit working paper files should contain: a statement of audit objectives; reasons for performing specific audit procedures; the basis for sample selection; documentation of matters examined; key documentary evidence; audit programs, setting out work done; drafts of audit reports; details of discussions with management; MU Module 5 Part 4 Slide 13 27

28 Reviewing audit files Audit working paper files should contain: a statement of audit objectives; reasons for performing specific audit procedures; the basis for sample selection; documentation of matters examined; key documentary evidence; audit programs, setting out work done; drafts of audit reports; details of discussions with management; management s response to audit findings; MU Module 5 Part 4 Slide 14 Reviewing audit files Audit working paper files should contain: a statement of audit objectives; reasons for performing specific audit procedures; the basis for sample selection; documentation of matters examined; key documentary evidence; audit programs, setting out work done; drafts of audit reports; details of discussions with management; management s response to audit findings; evidence of adequate review of work done. MU Module 5 Part 4 Slide 15 internal audit working papers Working papers should be: complete and accurate; MU Module 5 Part 4 Slide 16 28

29 internal audit working papers Working papers should be: complete and accurate; clear and concise; MU Module 5 Part 4 Slide 17 internal audit working papers Working papers should be: complete and accurate; clear and concise; pertinent (relevant); MU Module 5 Part 4 Slide 18 internal audit working papers Working papers should be: complete and accurate; clear and concise; pertinent (relevant); systematically organized. MU Module 5 Part 4 Slide 19 29

30 Internal Auditing & Controls Module 5 Part 5 Topic 5.9 Topic 5.10 Topic 5.11 Fraud and investigations Conducting a fraud investigation Fraud in a technological environment MU Module 5 Part 5 Slide 1 Responsibility for the deterrence and detection of fraud Management has the primary responsibility for preventing and detecting fraud. MU Module 5 Part 5 Slide 2 Responsibility for the deterrence and detection of fraud Management has the primary responsibility for preventing and detecting fraud. Internal auditors must have sufficient knowledge of fraud to be able to identify indications that fraud might have occurred. MU Module 5 Part 5 Slide 3 30

31 Some indicators of potential fraud control in the hands of few individuals; little segregation of duties; unexplained variances and unexpected performance ratios; late reporting; unexplained shortages in physical assets; MU Module 5 Part 5 Slide 4 Some indicators of potential fraud (cont d) unusually high number of interbank transfers; staff not taking vacations; high staff turnover; extreme pressure to achieve results; unexplained extravagant lifestyles. MU Module 5 Part 5 Slide 5 Steps in a fraud investigation 1. Be alert to the indications of the existence of possible fraud. MU Module 5 Part 5 Slide 6 31

32 Steps in a fraud investigation 1. Be alert to the indications of the existence of possible fraud. 2. Inform management of suspicious circumstances. MU Module 5 Part 5 Slide 7 Steps in a fraud investigation 1. Be alert to the indications of the existence of possible fraud. 2. Inform management of suspicious circumstances. 3. Assist in the investigation, as requested: a) co-ordinate efforts of all parties working in the investigation; b) determine appropriate audit procedures; c) obtain and evaluate audit evidence; d) determine actual or potential loss; e) identify specific cause or deficiency that permitted fraud to occur; f) carry out interviews; g) respect the legal rights of all employees. MU Module 5 Part 5 Slide 8 Steps in a fraud investigation (cont d) 4. Reappraise internal controls and audit procedures. MU Module 5 Part 5 Slide 9 32

33 Steps in a fraud investigation (cont d) 4. Reappraise internal controls and audit procedures. 5. The company must determine the action to be taken against the perpetrator. MU Module 5 Part 5 Slide 10 Steps in a fraud investigation (cont d) 4. Reappraise internal controls and audit procedures. 5. The company must determine the action to be taken against the perpetrator. 6. Prepare a written report. MU Module 5 Part 5 Slide 11 Contents of a fraud report how the fraud was discovered nature or type of fraudulent activity identity of perpetrator dollar amount involved method of concealment MU Module 5 Part 5 Slide 12 33

34 Contents of a fraud report (cont d) time period during which fraud occurred effect on financial statements recommendations to prevent recurrence disciplinary or legal action taken MU Module 5 Part 5 Slide 13 Types of computer fraud 1. theft of information MU Module 5 Part 5 Slide 14 Types of computer fraud 1. theft of information 2. theft of assets (with manipulation of accounting records to cover up the fraud) MU Module 5 Part 5 Slide 15 34

35 Types of computer fraud 1. theft of information 2. theft of assets 3. malicious destruction of programs and/or data MU Module 5 Part 5 Slide 16 Internal Auditing & Controls Module 5 Part 6 Module summary -- Learning Objectives Recent past examination questions MU Module 5 Part 6 Slide 1 Module 5 Learning Objectives 1. Outline the main steps in the examination phase of an internal audit. (Level 1) MU Module 5 Part 6 Slide 2 35

36 Module 5 Learning Objectives 2. Describe the purpose of a internal audit program and explain its components and format. (Level 1) MU Module 5 Part 6 Slide 3 Module 5 Learning Objectives 3. Explain how evidence is gathered, selected, and assessed, and the importance of the decisions involved. (Level 1) MU Module 5 Part 6 Slide 4 Module 5 Learning Objectives 4. Develop appropriate criteria and prepare an audit program for a risk-based audit. (Level 1) MU Module 5 Part 6 Slide 5 36

37 Module 5 Learning Objectives 5. Distinguish between systems-oriented and data-oriented computer-assisted audit techniques (CAATs). (Level 1) MU Module 5 Part 6 Slide 6 Module 5 Learning Objectives 6. Explain and demonstrate how data are analyzed using generalized audit software such as ACL. (Level 1) MU Module 5 Part 6 Slide 7 Module 5 Learning Objectives 7. Assess conditions within an audited unit against audit criteria, and analyze the cause and effects of any observed deficiencies. (Level 1) MU Module 5 Part 6 Slide 8 37

38 Module 5 Learning Objectives 8. Explain the standards for preparing audit working papers and the importance of the internal auditor s role in supervising the engagement. (Level 2) MU Module 5 Part 6 Slide 9 Module 5 Learning Objectives 9. Describe the roles and responsibilities of management and the internal auditor in the deterrence and detection of fraud. (Level 1) MU Module 5 Part 6 Slide 10 Module 5 Learning Objectives 10. Outline the main steps in a fraud investigation and the auditor s responsibility in following up on the results of such an investigation. (Level 1) MU Module 5 Part 6 Slide 11 38

39 Module 5 Learning Objectives 11. Describe computer fraud and outline current practices for how internal auditors deal with it (Level 2); examine how ACL can be used to conduct a payroll fraud investigation. (Level 1) MU Module 5 Part 6 Slide 12 Recent examination questions Multiple choice questions: June 2005, Questions 1(c) and 1(d) MU Module 5 Part 6 Slide 13 Recent examination questions Multiple choice questions: December 2005, Question 1(d) MU Module 5 Part 6 Slide 14 39

40 Recent examination questions Multiple choice questions: March 2006, Questions 1(e) and 1(f) MU Module 5 Part 6 Slide 15 Recent examination questions Multiple choice questions: June 2006, Questions 1(e) and 1(f) MU Module 5 Part 6 Slide 16 Recent examination questions Multiple choice questions: March 2007, Question 1(l) MU Module 5 Part 6 Slide 17 40

41 Recent examination questions GAS output interpretation questions: March 2006, Question 2 MU Module 5 Part 6 Slide 18 Recent examination questions GAS output interpretation questions: June 2006, Question 2 MU Module 5 Part 6 Slide 18 Recent examination questions Essay questions June 2005, Question 3 (26 marks) MU Module 5 Part 6 Slide 19 41

42 Recent examination questions Essay questions: December 2005, Question 3 (part) MU Module 5 Part 6 Slide 20 Recent examination questions Essay questions: June 2006, Question 4 MU Module 5 Part 6 Slide 21 42