Course Name: Internal Auditing & Controls Module: 5 Module Title: Examination phase of the internal audit Lecture and handouts prepared by Chuck Campbell Examination phase of the internal audit Module 5 This module covers the main aspects of the examination phase of the internal audit. In this module, you will learn how the auditor organizes and carries out the work needed to obtain sufficient, appropriate evidence to assess the quality of management systems and practices in areas selected for audit. You will also be introduced to generalized audit software packages such as ACL and will use this software to obtain evidence for internal audits, including fraud investigations. MU1 2007-08 Module 5 Part 1 Slide 2 Internal Auditing & Controls Module 5 Part 1 Topic 5.1 Topic 5.2 Part 2 Topic 5.3 Topic 5.4 Part 3 Topic 5.5 Topic 5.6 Overview of the examination phase Preparing the audit program Testing and evidence Developing audit criteria and preparing an audit program case study Computer-assisted audit techniques Generalized audit software MU1 2007-08 Module 5 Part 1 Slide 3 1
Internal Auditing & Controls Module 5 Part 4 Topic 5.7 Topic 5.8 Evaluating audit results Completing and reviewing audit files Part 5 Topic 5.9 Fraud and investigations Topic 5.10 Conducting a fraud investigation Topic 5.11 Fraud in a technological environment Part 6 Module summary Learning objectives Recent examination questions MU1 2007-08 Module 5 Part 1 Slide 4 Internal Auditing & Controls Module 5 Part 1 Topic 5.1 Topic 5.2 Overview of the examination phase Preparing the audit program MU1 2007-08 Module 5 Part 1 Slide 5 Steps in the examination phase of an internal audit 1. Examining and testing operations and transactions by performing the procedures set out in the audit program. MU1 2007-08 Module 5 Part 1 Slide 6 2
Steps in the examination phase of a internal audit (cont d) 1. Examining and testing operations and transactions by performing the procedures set out in the audit program. 2. Analyzing audit results by comparing audit evidence with audit criteria and establishing the causes for any significant variances. MU1 2007-08 Module 5 Part 1 Slide 7 Steps in the examination phase of a internal audit (cont d) 1. Examining and testing operations and transactions by performing the procedures set out in the audit program. 2. Analyzing audit results by comparing audit evidence with audit criteria and establishing the causes for any significant variances. 3. Completing and reviewing audit files including summarizing audit findings, in preparation for producing the audit report. MU1 2007-08 Module 5 Part 1 Slide 8 Purposes of audit programs ensuring that audit standards are met clearly communicating objectives, audit criteria and procedures aiding in understanding the activities being audited outlining the work to be done and ensuring that no important steps are overlooked providing a basis for scheduling and controlling audit work and time MU1 2007-08 Module 5 Part 1 Slide 9 3
Purposes of audit programs (cont d) providing for an orderly review of the work performed providing a checkpoint for approval of planned audit work and subsequent audit review ensuring that the most efficient procedures are followed in the proper order to gather sufficient, appropriate evidence to support the auditor s observations providing supporting evidence for audit findings MU1 2007-08 Module 5 Part 1 Slide 10 Steps in preparing internal audit programs 1. Determine the nature of evidence required by the audit objectives. MU1 2007-08 Module 5 Part 1 Slide 11 Steps in preparing internal audit programs (cont d) 1. Determine the nature of evidence required by the audit objectives. 2. Determine what evidence is appropriate to achieve the audit objectives. MU1 2007-08 Module 5 Part 1 Slide 12 4
Steps in preparing internal audit programs (cont d) 1. Determine the nature of evidence required by the audit objectives. 2. Determine what evidence is appropriate to achieve the audit objectives. 3. Determine how much evidence is needed to achieve the audit objectives. MU1 2007-08 Module 5 Part 1 Slide 13 Steps in preparing internal audit programs (cont d) 1. Determine the nature of evidence required by the audit objectives. 2. Determine what evidence is appropriate to achieve the audit objectives. 3. Determine how much evidence is needed to achieve the audit objectives. 4. Determine the timeliness of the evidence needed to meet the audit objectives. MU1 2007-08 Module 5 Part 1 Slide 14 Steps in preparing internal audit programs (cont d) 1. Determine the nature of evidence required by the audit objectives. 2. Determine what evidence is appropriate to achieve the audit objectives. 3. Determine how much evidence is needed to achieve the audit objectives. 4. Determine the timeliness of the evidence needed to meet the audit objectives. 5. Determine how the required evidence will be obtained. MU1 2007-08 Module 5 Part 1 Slide 15 5
Steps in preparing internal audit programs (cont d) 1. Determine the nature of evidence required by the audit objectives. 2. Determine what evidence is appropriate to achieve the audit objectives. 3. Determine how much evidence is needed to achieve the audit objectives. 4. Determine the timeliness of the evidence needed to meet the audit objectives. 5. Determine how the required evidence will be obtained. 6. Write the audit program. MU1 2007-08 Module 5 Part 1 Slide 16 Components of the audit program Audit objectives summarize why the audit is being performed. MU1 2007-08 Module 5 Part 1 Slide 17 Components of the audit program Audit objectives summarize why the audit is being performed. Audit criteria are the standards used by the auditor to assess performance. MU1 2007-08 Module 5 Part 1 Slide 18 6
Components of the audit program Audit objectives summarize why the audit is being performed. Audit criteria are the standards used by the auditor to assess performance. Audit procedures are the general and specific techniques performed by the auditors to obtain sufficient, appropriate evidence to determine if operations are in accordance with the audit criteria. MU1 2007-08 Module 5 Part 1 Slide 19 Examples of audit procedures Audit procedures include: inspection of documents (vouching and tracing) analysis interviews MU1 2007-08 Module 5 Part 1 Slide 20 Examples of audit procedures Audit procedures include: inspection of documents (vouching and tracing) analysis interviews replication or reperformance physical observation computation confirmation MU1 2007-08 Module 5 Part 1 Slide 21 7
Internal Auditing & Controls Module 5 Part 2 Topic 5.3 Topic 5.4 Testing and evidence Developing audit criteria and preparing an audit program case study MU1 2007-08 Module 5 Part 2 Slide 1 Appropriateness of internal audit evidence In determining the appropriateness of audit evidence, the internal auditor considers three factors: its competence or reliability MU1 2007-08 Module 5 Part 2 Slide 2 Appropriateness of internal audit evidence In determining the appropriateness of audit evidence, the internal auditor considers three factors: its competence or reliability its relevance for the purpose for which it is to be used MU1 2007-08 Module 5 Part 2 Slide 3 8
Appropriateness of internal audit evidence In determining the appropriateness of audit evidence, the internal auditor considers three factors: its competence or reliability its relevance for the purpose for which it is to be used its usefulness in helping the organization improve and achieve its goals MU1 2007-08 Module 5 Part 2 Slide 4 Sufficiency of internal audit evidence Sufficiency of audit evidence means that the auditor has examined a large enough quantity of evidence such that a reasonably trained person would concur that the amount of evidence was adequate to support the audit conclusions reached MU1 2007-08 Module 5 Part 2 Slide 5 Factors in determining sufficiency of audit evidence Factors to consider in determining how much evidence is required include: the risk associated with the activities being audited MU1 2007-08 Module 5 Part 2 Slide 6 9
Factors in determining sufficiency of audit evidence Factors to consider in determining how much evidence is required include: the risk associated with the activities being audited the materiality or impact of the potential weaknesses MU1 2007-08 Module 5 Part 2 Slide 7 Factors in determining sufficiency of audit evidence Factors to consider in determining how much evidence is required include: the risk associated with the activities being audited the materiality or impact of the potential weaknesses the nature of the evidence available (the more persuasive the evidence, the less of it is needed) MU1 2007-08 Module 5 Part 2 Slide 8 Factors in determining sufficiency of audit evidence Factors to consider in determining how much evidence is required include: the risk associated with the activities being audited the materiality or impact of the potential weaknesses the nature of the evidence available (the more persuasive the evidence, the less of it is needed) the sensitivity of the matter being assessed (more evidence is needed, for example, for suspected frauds) MU1 2007-08 Module 5 Part 2 Slide 9 10
Factors in determining sufficiency of audit evidence Factors to consider in determining how much evidence is required include: the risk associated with the activities being audited the materiality or impact of the potential weaknesses the nature of the evidence available (the more persuasive the evidence, the less of it is needed) the sensitivity of the matter being assessed (more evidence is needed, for example, for suspected frauds) the cost of obtaining the evidence MU1 2007-08 Module 5 Part 2 Slide 10 Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; MU1 2007-08 Module 5 Part 2 Slide 11 Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; objective; MU1 2007-08 Module 5 Part 2 Slide 12 11
Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; objective; documented; MU1 2007-08 Module 5 Part 2 Slide 13 Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; objective; documented; external to the organization; MU1 2007-08 Module 5 Part 2 Slide 14 Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; objective; documented; external to the organization; derived from a large sample; MU1 2007-08 Module 5 Part 2 Slide 15 12
Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; objective; documented; external to the organization; derived from a large sample; derived from a random, statistical sample; MU1 2007-08 Module 5 Part 2 Slide 16 Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; objective; documented; external to the organization; derived from a large sample; derived from a random, statistical sample; corroborated by evidence from other sources; MU1 2007-08 Module 5 Part 2 Slide 17 Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; objective; documented; external to the organization; derived from a large sample; derived from a random, statistical sample; corroborated by evidence from other sources; timely; MU1 2007-08 Module 5 Part 2 Slide 18 13
Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; objective; documented; external to the organization; derived from a large sample; derived from a random, statistical sample; corroborated by evidence from other sources; timely; authoritative; MU1 2007-08 Module 5 Part 2 Slide 19 Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; objective; documented; external to the organization; derived from a large sample; derived from a random, statistical sample; corroborated by evidence from other sources; timely; authoritative; direct; MU1 2007-08 Module 5 Part 2 Slide 20 Persuasiveness of audit evidence Evidence is most persuasive when it is: relevant; objective; documented; external to the organization; derived from a large sample; derived from a random, statistical sample; corroborated by evidence from other sources; timely; authoritative; direct; from a well-controlled system. MU1 2007-08 Module 5 Part 2 Slide 21 14
Connon Chemicals Inc. case study 1. Decide how you would expect the company to mitigate each of the risks identified in the planning stage of the audit. 2. For each risk, state the criteria that you would use to evaluate the company s efforts to address each identified risk. 3. For each criterion stated, set out one or more steps that would make up the audit program to obtain and assess evidence as to whether the company is in compliance with the criteria you have determined to be appropriate. MU1 2007-08 Module 5 Part 2 Slide 22 Internal Auditing & Controls Module 5 Part 3 Topic 5.5 Topic 5.6 Computer-assisted audit techniques Generalized audit software MU1 2007-08 Module 5 Part 3 Slide 1 Prerequisites to using computerassisted audit techniques The information must be stored in computer records. MU1 2007-08 Module 5 Part 3 Slide 2 15
Prerequisites to using computerassisted audit techniques The information must be stored in computer records. Computer software must be available to perform the computer assisted audit techniques (or can be developed economically). MU1 2007-08 Module 5 Part 3 Slide 3 Prerequisites to using computerassisted audit techniques The information must be stored in computer records. Computer software must be available to perform the computer assisted audit techniques (or can be developed economically). The auditor must have the technical competence to perform the audit procedures using the computer assisted audit techniques. MU1 2007-08 Module 5 Part 3 Slide 4 Systems-oriented CAATs Systems-oriented CAATs are used to: enable the auditor to directly test system-based internal controls; MU1 2007-08 Module 5 Part 3 Slide 5 16
Systems-oriented CAATs Systems-oriented CAATs are used to: enable the auditor to directly test system-based internal controls; enable the auditor to check the logic of the computer systems; MU1 2007-08 Module 5 Part 3 Slide 6 Systems-oriented CAATs Systems-oriented CAATs are used to: enable the auditor to directly test system-based internal controls; enable the auditor to check the logic of the computer systems; enable the auditor to gain a better understanding of the computer systems; MU1 2007-08 Module 5 Part 3 Slide 7 Systems-oriented CAATs Systems-oriented CAATs are used to: enable the auditor to directly test system-based internal controls; enable the auditor to check the logic of the computer systems; enable the auditor to gain a better understanding of the computer systems; enable the auditor to establish that there have been no unauthorized changes to programs. MU1 2007-08 Module 5 Part 3 Slide 8 17
Systems-oriented CAATs (cont d) Examples of system-oriented CAATs include: test data; integrated test facilities; system control audit review files (SCARF); logic analysis programs; code comparison programs. MU1 2007-08 Module 5 Part 3 Slide 9 Data-oriented CAATs Data-oriented CAATs: are used to retrieve, select, summarize and process data for the purposes of establishing its completeness and accuracy; MU1 2007-08 Module 5 Part 3 Slide 10 Data-oriented CAATs Data-oriented CAATs: are used to retrieve, select, summarize and process data for the purposes of establishing its completeness and accuracy; are used to perform statistical and other analysis on audit data; MU1 2007-08 Module 5 Part 3 Slide 11 18
Data-oriented CAATs Data-oriented CAATs: are used to retrieve, select, summarize and process data for the purposes of establishing its completeness and accuracy; are used to perform statistical and other analysis on audit data; are usually used to produce substantive audit evidence (occasionally to test controls); MU1 2007-08 Module 5 Part 3 Slide 12 Data-oriented CAATs Data-oriented CAATs: are used to retrieve, select, summarize and process data for the purposes of establishing its completeness and accuracy; are used to perform statistical and other analysis on audit data; are usually used to produce substantive audit evidence (occasionally to test controls); enable the auditor to gain a better understanding of the computer systems; MU1 2007-08 Module 5 Part 3 Slide 13 Data-oriented CAATs Data-oriented CAATs: are used to retrieve, select, summarize and process data for the purposes of establishing its completeness and accuracy; are used to perform statistical and other analysis on audit data; are usually used to produce substantive audit evidence (occasionally to test controls); enable the auditor to gain a better understanding of the computer systems; are used to increase audit effectiveness and efficiency. MU1 2007-08 Module 5 Part 3 Slide 14 19
Data-oriented CAATs (cont d) Examples of data-oriented CAATs include: generalized audit software; system utilities; custom-written programs; industry-specific audit programs. MU1 2007-08 Module 5 Part 3 Slide 15 Functionality of generalized audit software Most generalized audit software programs (such as ACL) can do the following: read data in a variety of formats and file structures; merge records from multiple files; extracts records according to auditor s specifications; sort records according to the auditor s specifications; select samples using statistical or other criteria; MU1 2007-08 Module 5 Part 3 Slide 16 Functionality of generalized audit software (cont d) Most generalized audit software programs (such as ACL) can do the following: perform numerical calculations on data; perform statistical analysis on data; perform summation of data; generate reports in prescribed formats (e.g., spreadsheets, database formats). MU1 2007-08 Module 5 Part 3 Slide 17 20
An example of the use of ACL ACL was used to: select travel and entertainment payments from the accounts payable master file; select employees who had the highest total travel and entertainment costs; select the highest reimbursements to employees other than those selected in the previous step; select transactions from those identified by previous internal audits as violators of the company s policies and procedures; select a random sample of the remaining reimbursements; merge data with employee file to obtain employee s names and locations; generate a worksheet containing selected reimbursements for audit follow-up. MU1 2007-08 Module 5 Part 3 Slide 18 Steps in using generalized audit software 1. define the specific audit objectives for the application; MU1 2007-08 Module 5 Part 3 Slide 19 Steps in using generalized audit software 1. define the specific audit objectives for the application; 2. determine the specific tests to be performed by the software; MU1 2007-08 Module 5 Part 3 Slide 20 21
Steps in using generalized audit software 1. define the specific audit objectives for the application; 2. determine the specific tests to be performed by the software; 3. obtain copies of the data files to be tested; MU1 2007-08 Module 5 Part 3 Slide 21 Steps in using generalized audit software 1. define the specific audit objectives for the application; 2. determine the specific tests to be performed by the software; 3. obtain copies of the data files to be tested; 4. verify completeness of data files to be used; MU1 2007-08 Module 5 Part 3 Slide 22 Steps in using generalized audit software 1. define the specific audit objectives for the application; 2. determine the specific tests to be performed by the software; 3. obtain copies of the data files to be tested; 4. verify completeness of data files to be used; 5. enter the commands into the generalized audit software and run the program; MU1 2007-08 Module 5 Part 3 Slide 23 22
Steps in using generalized audit software 1. define the specific audit objectives for the application; 2. determine the specific tests to be performed by the software; 3. obtain copies of the data files to be tested; 4. verify completeness of data files to be used; 5. enter the commands into the generalized audit software and run the program; 6. check the output and draw audit conclusions. MU1 2007-08 Module 5 Part 3 Slide 24 Computer illustrations using ACL You should work through computer illustrations 5-1 to 5-4 to gain some hands-on experience working with a generalized audit software package: 5-1: Basic table management using ACL 5-2: Analyzing field contents and sorting a table 5-3: Creating new fields and analyzing a field 5-4: Aggregating the values of a field (These are found under the ACL computer illustrations link on the navigation pane.) MU1 2007-08 Module 5 Part 3 Slide 25 Internal Auditing & Controls Module 5 Part 4 Topic 5.7 Topic 5.8 Evaluating audit results Completing and reviewing audit files MU1 2007-08 Module 5 Part 4 Slide 1 23
Evaluating audit results 1. The auditor compares the observation with the audit criteria. MU1 2007-08 Module 5 Part 4 Slide 2 Evaluating audit results 1. The auditor compares the observation with the audit criteria. 2. The auditor determines the cause and effects of the identified weakness. a) the auditor must define the problem and gather evidence as to the cause of the deficiency; MU1 2007-08 Module 5 Part 4 Slide 3 Evaluating audit results 1. The auditor compares the observation with the audit criteria. 2. The auditor determines the cause and effects of the identified weakness. a) the auditor must define the problem and gather evidence as to the cause of the deficiency; b) the auditor must consider the effect of the deficiency on the company s operations; MU1 2007-08 Module 5 Part 4 Slide 4 24
Evaluating audit results 1. The auditor compares the observation with the audit criteria. 2. The auditor determines the cause and effects of the identified weakness. a) the auditor must define the problem and gather evidence as to the cause of the deficiency; b) the auditor must consider the effect of the deficiency on the company s operations; c) the auditor must ensure that sufficient evidence is obtained to support the existence of the weakness and its cause and effects. MU1 2007-08 Module 5 Part 4 Slide 5 Reviewing audit files Audit working paper files should contain: a statement of audit objectives; MU1 2007-08 Module 5 Part 4 Slide 6 Reviewing audit files Audit working paper files should contain: a statement of audit objectives; reasons for performing specific audit procedures; MU1 2007-08 Module 5 Part 4 Slide 7 25
Reviewing audit files Audit working paper files should contain: a statement of audit objectives; reasons for performing specific audit procedures; the basis for sample selection; MU1 2007-08 Module 5 Part 4 Slide 8 Reviewing audit files Audit working paper files should contain: a statement of audit objectives; reasons for performing specific audit procedures; the basis for sample selection; documentation of matters examined; MU1 2007-08 Module 5 Part 4 Slide 9 Reviewing audit files Audit working paper files should contain: a statement of audit objectives; reasons for performing specific audit procedures; the basis for sample selection; documentation of matters examined; key documentary evidence; MU1 2007-08 Module 5 Part 4 Slide 10 26
Reviewing audit files Audit working paper files should contain: a statement of audit objectives; reasons for performing specific audit procedures; the basis for sample selection; documentation of matters examined; key documentary evidence; audit programs, setting out work done; MU1 2007-08 Module 5 Part 4 Slide 11 Reviewing audit files Audit working paper files should contain: a statement of audit objectives; reasons for performing specific audit procedures; the basis for sample selection; documentation of matters examined; key documentary evidence; audit programs, setting out work done; drafts of audit reports; MU1 2007-08 Module 5 Part 4 Slide 12 Reviewing audit files Audit working paper files should contain: a statement of audit objectives; reasons for performing specific audit procedures; the basis for sample selection; documentation of matters examined; key documentary evidence; audit programs, setting out work done; drafts of audit reports; details of discussions with management; MU1 2007-08 Module 5 Part 4 Slide 13 27
Reviewing audit files Audit working paper files should contain: a statement of audit objectives; reasons for performing specific audit procedures; the basis for sample selection; documentation of matters examined; key documentary evidence; audit programs, setting out work done; drafts of audit reports; details of discussions with management; management s response to audit findings; MU1 2007-08 Module 5 Part 4 Slide 14 Reviewing audit files Audit working paper files should contain: a statement of audit objectives; reasons for performing specific audit procedures; the basis for sample selection; documentation of matters examined; key documentary evidence; audit programs, setting out work done; drafts of audit reports; details of discussions with management; management s response to audit findings; evidence of adequate review of work done. MU1 2007-08 Module 5 Part 4 Slide 15 internal audit working papers Working papers should be: complete and accurate; MU1 2007-08 Module 5 Part 4 Slide 16 28
internal audit working papers Working papers should be: complete and accurate; clear and concise; MU1 2007-08 Module 5 Part 4 Slide 17 internal audit working papers Working papers should be: complete and accurate; clear and concise; pertinent (relevant); MU1 2007-08 Module 5 Part 4 Slide 18 internal audit working papers Working papers should be: complete and accurate; clear and concise; pertinent (relevant); systematically organized. MU1 2007-08 Module 5 Part 4 Slide 19 29
Internal Auditing & Controls Module 5 Part 5 Topic 5.9 Topic 5.10 Topic 5.11 Fraud and investigations Conducting a fraud investigation Fraud in a technological environment MU1 2007-08 Module 5 Part 5 Slide 1 Responsibility for the deterrence and detection of fraud Management has the primary responsibility for preventing and detecting fraud. MU1 2007-08 Module 5 Part 5 Slide 2 Responsibility for the deterrence and detection of fraud Management has the primary responsibility for preventing and detecting fraud. Internal auditors must have sufficient knowledge of fraud to be able to identify indications that fraud might have occurred. MU1 2007-08 Module 5 Part 5 Slide 3 30
Some indicators of potential fraud control in the hands of few individuals; little segregation of duties; unexplained variances and unexpected performance ratios; late reporting; unexplained shortages in physical assets; MU1 2007-08 Module 5 Part 5 Slide 4 Some indicators of potential fraud (cont d) unusually high number of interbank transfers; staff not taking vacations; high staff turnover; extreme pressure to achieve results; unexplained extravagant lifestyles. MU1 2007-08 Module 5 Part 5 Slide 5 Steps in a fraud investigation 1. Be alert to the indications of the existence of possible fraud. MU1 2007-08 Module 5 Part 5 Slide 6 31
Steps in a fraud investigation 1. Be alert to the indications of the existence of possible fraud. 2. Inform management of suspicious circumstances. MU1 2007-08 Module 5 Part 5 Slide 7 Steps in a fraud investigation 1. Be alert to the indications of the existence of possible fraud. 2. Inform management of suspicious circumstances. 3. Assist in the investigation, as requested: a) co-ordinate efforts of all parties working in the investigation; b) determine appropriate audit procedures; c) obtain and evaluate audit evidence; d) determine actual or potential loss; e) identify specific cause or deficiency that permitted fraud to occur; f) carry out interviews; g) respect the legal rights of all employees. MU1 2007-08 Module 5 Part 5 Slide 8 Steps in a fraud investigation (cont d) 4. Reappraise internal controls and audit procedures. MU1 2007-08 Module 5 Part 5 Slide 9 32
Steps in a fraud investigation (cont d) 4. Reappraise internal controls and audit procedures. 5. The company must determine the action to be taken against the perpetrator. MU1 2007-08 Module 5 Part 5 Slide 10 Steps in a fraud investigation (cont d) 4. Reappraise internal controls and audit procedures. 5. The company must determine the action to be taken against the perpetrator. 6. Prepare a written report. MU1 2007-08 Module 5 Part 5 Slide 11 Contents of a fraud report how the fraud was discovered nature or type of fraudulent activity identity of perpetrator dollar amount involved method of concealment MU1 2007-08 Module 5 Part 5 Slide 12 33
Contents of a fraud report (cont d) time period during which fraud occurred effect on financial statements recommendations to prevent recurrence disciplinary or legal action taken MU1 2007-08 Module 5 Part 5 Slide 13 Types of computer fraud 1. theft of information MU1 2007-08 Module 5 Part 5 Slide 14 Types of computer fraud 1. theft of information 2. theft of assets (with manipulation of accounting records to cover up the fraud) MU1 2007-08 Module 5 Part 5 Slide 15 34
Types of computer fraud 1. theft of information 2. theft of assets 3. malicious destruction of programs and/or data MU1 2007-08 Module 5 Part 5 Slide 16 Internal Auditing & Controls Module 5 Part 6 Module summary -- Learning Objectives Recent past examination questions MU1 2007-08 Module 5 Part 6 Slide 1 Module 5 Learning Objectives 1. Outline the main steps in the examination phase of an internal audit. (Level 1) MU1 2007-08 Module 5 Part 6 Slide 2 35
Module 5 Learning Objectives 2. Describe the purpose of a internal audit program and explain its components and format. (Level 1) MU1 2007-08 Module 5 Part 6 Slide 3 Module 5 Learning Objectives 3. Explain how evidence is gathered, selected, and assessed, and the importance of the decisions involved. (Level 1) MU1 2007-08 Module 5 Part 6 Slide 4 Module 5 Learning Objectives 4. Develop appropriate criteria and prepare an audit program for a risk-based audit. (Level 1) MU1 2007-08 Module 5 Part 6 Slide 5 36
Module 5 Learning Objectives 5. Distinguish between systems-oriented and data-oriented computer-assisted audit techniques (CAATs). (Level 1) MU1 2007-08 Module 5 Part 6 Slide 6 Module 5 Learning Objectives 6. Explain and demonstrate how data are analyzed using generalized audit software such as ACL. (Level 1) MU1 2007-08 Module 5 Part 6 Slide 7 Module 5 Learning Objectives 7. Assess conditions within an audited unit against audit criteria, and analyze the cause and effects of any observed deficiencies. (Level 1) MU1 2007-08 Module 5 Part 6 Slide 8 37
Module 5 Learning Objectives 8. Explain the standards for preparing audit working papers and the importance of the internal auditor s role in supervising the engagement. (Level 2) MU1 2007-08 Module 5 Part 6 Slide 9 Module 5 Learning Objectives 9. Describe the roles and responsibilities of management and the internal auditor in the deterrence and detection of fraud. (Level 1) MU1 2007-08 Module 5 Part 6 Slide 10 Module 5 Learning Objectives 10. Outline the main steps in a fraud investigation and the auditor s responsibility in following up on the results of such an investigation. (Level 1) MU1 2007-08 Module 5 Part 6 Slide 11 38
Module 5 Learning Objectives 11. Describe computer fraud and outline current practices for how internal auditors deal with it (Level 2); examine how ACL can be used to conduct a payroll fraud investigation. (Level 1) MU1 2007-08 Module 5 Part 6 Slide 12 Recent examination questions Multiple choice questions: June 2005, Questions 1(c) and 1(d) MU1 2007-08 Module 5 Part 6 Slide 13 Recent examination questions Multiple choice questions: December 2005, Question 1(d) MU1 2007-08 Module 5 Part 6 Slide 14 39
Recent examination questions Multiple choice questions: March 2006, Questions 1(e) and 1(f) MU1 2007-08 Module 5 Part 6 Slide 15 Recent examination questions Multiple choice questions: June 2006, Questions 1(e) and 1(f) MU1 2007-08 Module 5 Part 6 Slide 16 Recent examination questions Multiple choice questions: March 2007, Question 1(l) MU1 2007-08 Module 5 Part 6 Slide 17 40
Recent examination questions GAS output interpretation questions: March 2006, Question 2 MU1 2007-08 Module 5 Part 6 Slide 18 Recent examination questions GAS output interpretation questions: June 2006, Question 2 MU1 2007-08 Module 5 Part 6 Slide 18 Recent examination questions Essay questions June 2005, Question 3 (26 marks) MU1 2007-08 Module 5 Part 6 Slide 19 41
Recent examination questions Essay questions: December 2005, Question 3 (part) MU1 2007-08 Module 5 Part 6 Slide 20 Recent examination questions Essay questions: June 2006, Question 4 MU1 2007-08 Module 5 Part 6 Slide 21 42