...Advanced External Auditing [AU2] Examination Blueprint 2013/2014 Purpose The Advanced External Auditing [AU2] examination has been constructed using an examination blueprint. The blueprint, also referred to as the test specifications, outlines the content areas covered on the examination and the weighting allotted to each content area. This document also lists the topics, the level of competence for each topic, and the related learning objectives and competencies. The learning objectives have been designed to ensure that the competencies are met. In addition, information is provided on the proportion of each question type presented in the examination (that is, multiple choice, quantitative problems, and so on). Use Candidates should use the examination blueprint to prepare for the course examination. The blueprint may not include all the topics listed in the course materials; however, candidates are still responsible for acquiring a broad-based knowledge of all topics not listed in the blueprint since these topics will be tested in assignment and review questions. The topics not listed in the blueprint will also provide candidates with a greater depth of understanding of auditing concepts. Examination Objectives The objective of the 4-hour comprehensive examination is to test CGA candidates on the prerequisite knowledge required for advancement into PA1 and PA2, so as to ensure that the candidates have the broad-based knowledge in assurance needed to function properly in the association’s...
Words: 7165 - Pages: 29
...Audit Week 2: Financial Statement Audits, Financial Statement Assertions and Audit Evidence Financial Statement Audit * A systematic process of objectively obtaining and evaluating evidence regarding assertions about the economic actions and events to ascertain the degree of correspondence between assertions and established criteria * Purpose: To enhance the degree of confidence of intended users in the financial statements by the expression of an opinion by the auditor Overall Objectives of the Auditor: * To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial statements are prepared, in all material aspects, in accordance with an applicable financial reporting framework * To report on the financial statements and communicate in accordance with the auditor’s findings Audit Process Overview: * Step 1: Client Acceptance and Retention * Step 2: Risk Assessment (Through understanding client business environment and operations Assess risks of material misstatement Assess Audit Risk) * Step 3: Audit Procedures Planning * Step 4: Test of controls (IF reliance on controls) * Step 5: Perform substantive tests * Step 6: Audit Completion and Reporting Financial Statement Assertions: * Assertions are representations made by management, explicit or otherwise, that are embodied in...
Words: 7274 - Pages: 30
...Advanced External Auditing [AU2] Examination Blueprint 2013/2014 Purpose The Advanced External Auditing [AU2] examination has been constructed using an examination blueprint. The blueprint, also referred to as the test specifications, outlines the content areas covered on the examination and the weighting allotted to each content area. This document also lists the topics, the level of competence for each topic, and the related learning objectives and competencies. The learning objectives have been designed to ensure that the competencies are met. In addition, information is provided on the proportion of each question type presented in the examination (that is, multiple choice, quantitative problems, and so on). Use Candidates should use the examination blueprint to prepare for the course examination. The blueprint may not include all the topics listed in the course materials; however, candidates are still responsible for acquiring a broad-based knowledge of all topics not listed in the blueprint since these topics will be tested in assignment and review questions. The topics not listed in the blueprint will also provide candidates with a greater depth of understanding of auditing concepts. Examination Objectives The objective of the 4-hour comprehensive examination is to test CGA candidates on the prerequisite knowledge required for advancement into PA1 and PA2, so as to ensure that the candidates have the broad-based knowledge in assurance needed to function properly in the association’s...
Words: 7165 - Pages: 29
...29, 2004 The Role of Internal Auditing in Enterprise-wide Risk Management In conjunction with the newly released Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management - Integrated Framework, The Institute of Internal Auditors (IIA), in coordination with its IIAUK and Ireland affiliate, has issued a position paper on The Role of Internal Audit in Enterprise-wide Risk Management. The paper's purpose is to assist chief audit executives (CAEs) in responding to enterprise risk management (ERM) issues in their organizations. The paper suggests ways for internal auditors to maintain the objectivity and independence required by The IIA's International Standards for the Professional Practice of Internal Auditing (Standards) when providing assurance and consulting services. Internal auditing's core role with regard to ERM is to provide objective assurance to the board on the effectiveness of an organization's ERM activities to help ensure key business risks are being managed appropriately and that the system of internal control is operating effectively Recommended Roles The main factors CAEs should take into account when determining internal auditing's role are whether the activity raises any threats to the internal auditors' independence and objectivity, and whether it is likely to improve the organization's risk management, control, and governance processes. The IIA's position paper indicates which roles internal auditing should and should...
Words: 3877 - Pages: 16
...Internal auditing covers a broad range of areas that includes a lot of regulation. Even more focus is on information technology. “As the demands of traditional audits responsibilities and the growing burden of information security evolve, the industry is beginning to see emerging trends in internal auditing departments across many organizations” (Hirth, 2012). Information technology controls continue to increase in importance to today’s organizations as reliance on technology and compliance requirements increase. Deficiencies in information technology controls can have a significant impact on the organization. According to a 2011 presentation by public accounting firm Deloitte & Touche, the following are some of the top emerging information technology emerging issues. Social networking and social media technologies is expanding into new areas, including user communities, business collaboration, and commerce. The risks in this area include brand protection, unauthorized access to confidential data, and regulatory or legal violations. Historical audits are not sufficient to determine risks in this area as the medium is constantly changing. The audit plans should be updated every year based on a review of social media usage within the company with an eye on emerging risks. Mobile devices, including cell phones and tablets have become common workplace tools. These devices do not maintain the same level of data security as the organizations stationary network. There is...
Words: 859 - Pages: 4
...Risk Management Planning Carvella Bennett Everest University Risk management planning is the process of developing options and actions to enhance opportunities and reduce threats to project objectives. Risk management implementation is the process of executing risk management actions. Effective crisis response begins with effective decision-making. Good initial decisions can make even a catastrophe manageable; bad decisions can fatally exacerbate an otherwise small problem. In both cases, the window of opportunity for initial decision making is extremely small and closes rapidly. Once the moment for decision making has gone, it does not come back. Proper crisis response is about developing a range of emergency management options that can be exercised and that focus on what could happen, not what will happen. This is achieved through practice, and lots of it. It is no easy task getting a crisis management team together for the first time during an unfolding emergency. In all cases, the best crisis management results are delivered on-site and in the same time zone. However centralized a company may be, when it comes to crisis management, even local staffs need to sharpen their crisis management skills because ultimately, those are the ones that will be used when disaster first strikes. When actually organizing a live run-through of the crisis management plan, the scenario should ideally be one in which a business system is disabled. It is better to act this out in a real...
Words: 1668 - Pages: 7
...no. 1/2010 57 Changing Methodologies in Financial Audit and Their Impact on Information Systems Audit Doctoral School – Accounting and Management Information Systems Academy of Economic Studies, Bucharest, Romania dan.vilsanoiu@gmail.com, mihaela.serban@gmail.com This paper tries to provide a better understanding of the relation between financial audit and information systems audit and to assess the influence the change in financial audit methodologies had on IS audit. We concluded that the COSO Internal Control – Integrated Framework was the starting point for fundamental changes in both financial and IS audit and that the Sarbanes-Oxley Act should be viewed as an enabler rather than an enforcer in establishing strong governance models. Finally, our research suggests that there is a direct causality effect between the employment of BRA (business risk audit) methodologies and the growing importance of IS audit. Keywords: Financial Audit Methodologies, Business Risk Audit, Information Systems Audit, Internal Controls Framework 1 Introduction The objective of this article is to provide a better understanding of the relation between financial audit and information systems audit and to assess the influence the change in financial audit methodologies had on IS audit. In order to achieve our objective, we reviewed existing research from both academics and professionals regarding financial and information systems audit methodologies. We also obtained and reviewed materials...
Words: 5254 - Pages: 22
...Business and fraud risk identification 511 Page 1 of 7 Entity Period ended Objective: To provide additional guidance on business and fraud risk identification. First identify sources of risk through understanding the entity (Form 510). This worksheet provides some additional sources of business and fraud risk that may be considered along with some typical control procedures. Cross reference the additional risk factors identified to Forms 520/522 (or their equivalent) where the risks can be assessed. This form does not include risks that relate to a particular industry or to a particular engagement. Note: Many business risks also create opportunity for fraud to occur (such as a new accounting system). Record such risks on both Form 520 and Form 522. 1. Corporate governance structure Consider corporate values, direction, major decisions, spending and internal control systems. Business risk factors Poorly skilled or inexperienced directors No audit committee Lack of board members who are independent of management No strategic business plan No code of conduct Infrequent board meetings Poorly skilled or inexperienced audit committee Limited or no internal audit function Management dominated by a single person or a small group Inadequate policies and internal controls over major decisions and expenditures Management roles and responsibilities not clear (no senior management job descriptions) High turnover in board, management or accounting personnel Fraud risk factors No...
Words: 2776 - Pages: 12
...Risk-Based IT Audit Risk-Based Audit Methodology Apply to Organization’s IT Risk Management Kun Tao (Quincy) Cal Poly Pomona Author Note This paper was prepared for GBA 577 Advanced IS Auditing, taught by Professor Manson. March 2014 Page 1 of 26 Risk-Based IT Audit Table of Contents Abstract .......................................................................................................................................... 3 Introduction .................................................................................................................................... 4 Methodology................................................................................................................................... 6 Risk-based auditing methodology: Risk assessment...................................................................... 6 IT Risk Management................................................................................................................... 7 IT Risk Control Framework........................................................................................................ 8 Identifying assets...................................................................................................................... 13 Determining criticality and confidentiality levels......................................................................14 Threat and vulnerability identification................................................................
Words: 6057 - Pages: 25
...APPENDIX D: Risk Management Procedure – Template Table of Contents Risk Management Procedure 1 Template 1 Table of Contents 2 Introduction 3 Definitions 3 Objectives of Risk Management 4 Benefits of Risk Management 4 Roles and responsibilities 5 Risk Management Governance Structure 5 Relationship with other processes 7 Key Process Steps 8 One: Communicate and Consult 9 Two: Establish the Context 10 Three: Identify Risks 11 Four: Analyse Risks 12 Five: Evaluate Risks 13 Six: Treat Risks 14 Seven: Monitor and Review 15 Risk Reporting 18 Risk Management Reporting Responsibilities 18 Risk Escalation 19 Risk Reports and Recipients 19 Review and Approval 20 Access to Risk Management Reporting Framework 20 References 20 Appendix: Risk Control Likelihood Consequence Rating 18 Control Effectiveness Rating Criteria 18 Likelihood Rating Criteria 18 Consequence Rating Scale 18 Appendix: Risk assessment templates and heat map 18 Risk Assessment Template 18 Risk Assessment Treatment Plan Template 18 Appendix: Risk Reporting – potential risk reports 1 Templates (Examples) 18 Risk Profile 18 Risk Treatment Actions Status – Detailed 18 Assurance Coverage of Key Risks 19 Risk Management Annual Activity Schedule and Improvement Initiatives 20 New and Emerging Threats and Opportunities 21 Detailed Risk Register 21 Introduction The role of this risk management procedure is to provide staff with guidance in how to apply consistent...
Words: 4595 - Pages: 19
...Internal Auditing * Gives you insight into compliance issues, risk assessment, fraud prevention, corporate governance, IT auditing, and many other topics, plus summaries of current audit research, case studies, and feedback on new initiatives and standards from COSO, the Institute of Internal Auditors (IIA), and other organizations. * An independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Differences Mandate: Although Internal Audit does have a degree of focus on the financial aspects of the organisation, it is essentially not a financial discipline - unlike its counterpart External Audit. Its multidimensional nature mandates a much broader scope in the organisation than that of External Audit. * EAs have a statutory obligation to shareholders and the public on the accuracy of the annual report and the financial statements * IAs has a duty to senior management and the board via the audit committee on the state of governance, risk management and control within the organisation. Areas of Focus: * EAs focus on finance and accounting * IAs focus on the whole organisation, all departments, functions and operations Independence: * EAs are independent external assurance providers to the organisation...
Words: 1141 - Pages: 5
...Global Technology Audit Guide Auditing IT Governance Global Technology Audit Guide (GTAG®) 17 Auditing IT Governance July 2012 GTAG — Table of Contents Executive Summary......................................................................................................................................... 1 1. Introduction................................................................................................................................................ 2 2. IT Governance Risks................................................................................................................................... 7 3. Aligning the Organization and IT — Key Considerations................................................................ 12 4. The Role of Internal Audit in IT Governance............................................................................ 15 Conclusion....................................................................................................................................................... 18 Authors and Reviewers.............................................................................................................................. 18 Appendix — IT Governance Risk Assessment/Engagement Planning Considerations............................................. 19 iv GTAG — Executive Summary Executive Summary To support the heightened importance of IT governance and the mandatory nature of the International Standards for the Professional...
Words: 10762 - Pages: 44
...Internal Audit Guidebook Providing a framework for understanding and delivering Grant Thornton’s Internal Audit Services in a consistent, high-quality way 2012 Internal audit guidebook 1 Contents Page Introduction 2 Common service delivery methodology 6 Determine client needs 8 Scope and arrange work 10 Plan 13 Analyze and assess 20 Report and recommend 28 Implement 32 Evaluate 33 Determine business and technology context 36 Manage engagement performance, quality and risk 38 Communicate and enable change 40 Appendix 42 Internal audit engagement checklist 43 © Grant Thornton LLP. All rights reserved. Updated August 1, 2012 Internal audit guidebook 2 Introduction What is internal audit? The Institute of Internal Auditors (IIA) defines internal auditing as: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. (1010) An internal audit objectively assesses the management of risks that a company faces. (2100 series) The aim is to • understand the current state, • assess the current state using appropriate standards and criteria, and • develop findings and recommendations...
Words: 15851 - Pages: 64
...Office of the New York State Comptroller Division of Local Government and School Accountability LOCAL GOVERNMENT M ANAGEMENT GUIDE Management’s Responsibility for Internal Controls Thomas P. DiNapoli State Comptroller For additional copies of this report contact: Division of Local Government and School Accountability 110 State Street, 12th floor Albany, New York 12236 Tel: (518) 474- 4037 Fax: (518) 486- 6479 or email us: localgov@osc.state.ny.us www.osc.state.ny.us October 2010 Table of Contents Who’s Responsible.............................................................................................................. 2 The Origin - Committee of Sponsoring Organizations ......................................................... 4 Integrated Internal Control Framework - The Big Picture ..................................................... 5 The Five Essential Elements of the Internal Control Framework ........................................... 6 Limitations of Internal Controls ..........................................................................................15 The Impact of Information Technology ...............................................................................16 The Role of Internal Auditors and Audit Committees ..........................................................17 Conclusion ....................................................................................................................... 20 Additional Resources...
Words: 8114 - Pages: 33
...Risk Assessment Methodology Introduction The Internal Audit and Oversight Division (IAOD) has developed a Risk Assessment Methodology which is based on the Institute of Internal Auditor (IIA) advisory and guidance as well as generally accepted good practice adopted for such exercises. The main purpose of the Risk Assessment Methodology is to enhance the objectivity and transparency and provide for a sound basis for the preparation of the Audit Needs Assessment (ANA) and Annual Audit Work Plan. The main definitions of risk and risk assessment to enable a better understanding of the Risk Assessment process undertaken by IAOD: Risk Assessment Definitions Risk It is an uncertain future event which could adversely affect the achievement of an organization’s objectives. Risk Likelihood It is the probability that a risk can occur. The factors that should be taken into account in the determination of likelihood are: the source of the threat, capability of the source, nature of the vulnerability and existence and effectiveness of current controls. Likelihood can be described as high, medium and low. · High: An event is expected to occur in most circumstances · Medium: An event will probably occur in many circumstances · Low: An event may occur at some time Risk Impact It is the potential effect that a risk could have on the organization if it arises. It is worth mentioning that not all threats will have the same impact as each system in the organization is worth...
Words: 689 - Pages: 3