Embed Size (px)
Citation preview
IT Considerations in Integrated Audit
By: Yusuf Musaji
Audit Basics and the Integrated Audit
Objectives Recognize and understand key audit terminology
Describe the activities preformed in each phase of Y&A’s audit methodology
Describe key aspects of control testing Y&A’s audit methodology
Explain how an audit of internal control integrates with a financial statement audit to form the integrated audit
Identify the new and modified work papers required in the integrated audit workflow process
Demonstrate an awareness of activities preformed in each phase of the integrated audit
Module Introduction Audit Basics
Regulations and Key Concepts
Integrated Audit Methodology
Engagement Management Strategic Analysis
Process Analysis
SuPer
Wrap Up
Topics
Sec 2a: Introduction & Audit Basics
Sec 2b: Regulations & Key Concepts
Sec 2c: Overview of the Audit of Internal Control and Integrated Audit
Sec 2d: Strategic Analysis
Sec. 2e: Process Analysis
Sec 2f: SuPER
Sec 2g: Wrap-up
Audit Basics
Basic Audit Concepts Y&A’s Audit Methodology
Financial Statement Assertions (CEAVOP)
CompletenessExistenceAccuracyValuationObligation and RightsPresentation and Disclosure
Assertions can be remembered by CEAVOP
Module Introduction Audit Basics
Regulations and Key Concepts
Integrated Audit Methodology
Engagement Management Strategic Analysis
Process Analysis
SuPER
Wrap Up
Integrated Audit Overview
Module Introduction Audit Basics
Regulations and Key Concepts
Integrated Audit Methodology
Engagement Management Strategic Analysis
Process Analysis
SuPER
Wrap Up
Module Introductio
n
Audit Basics
Regulations and Key Concepts
Integrated Audit
Methodology
Engagement Managemen
t
Strategic Analysis
Process Analysis SuPER Wrap
Up
Workpapers
Business Understanding Document (BUD)
Planning Considerations Document (PCD)
Risk Analysis Document (RAD)
Evaluation of Management’s Assessment Process
Company and Business Level Controls Document
COSO
We document the COSO control component applicable to each control and use this information to ensure all COSO components are addressed for each SBR or SCOT
There may not be control environment controls within a process
IA – Substantive Procedures, Evaluation and Reporting
Material Weaknesses• Significant deficiencies that are strong indicators of a material weakness:
• Restatement of previously issued financial statements
• Identification of a material misstatement in the financial statements by an auditor
• Ineffective audit committee oversight
• Internal audit or risk assessment process is ineffective, if those functions are critical to company programs and controls
• Regulatory compliance function is ineffective in highly regulated industries
• Identification of any fraud by senior management
• Previously communicated significant deficiencies that remain uncorrected for a reasonable period of time
• Ineffective control environment
Evaluating Management’s Assessment of IT General Controls
IT General Controls Access to Program and Data
IT General Controls for Program Changes and Computer Operations
Company Level Controls
IT General Controls Program Development
Working Paper Documentation Requirements - FindingsFindings for systems that will not be implemented
during the first year will be categorized as “deficiencies.” You should make management aware of these deficiencies so that they can correct them prior to the system being implemented. These deficiencies should be carried forward on the SICD to the subsequent year
Deficiencies that are not resolved during the following year may result in a “material weakness.”
Use of Service Organizations
End-User Computing
Process/Application Level Controls
End-User Computing
