Free Essay

It Audit

In:

Submitted By Pranay1
Words 2454
Pages 10
Pranay Bhardwaj

Disaster Recovery Planning

Introduction Hurricane Sandy is regarded as one of the most devastating natural disasters to strike the city of New York. People have different recollections of that time period, with some who recall the catastrophic damage done to their home, while others remember the 4 hours of wait just to fill up their cars with gas. For financial institutions, such as Citi bank, it was a time for the management team to pat themselves on the back and breathe a sigh of relief for being able to secure important data centers and keep bank operations running. All this was a result of successful implementation of Citi’s “Disaster Recovery Plan”.

What is a Disaster Recovery Plan? Just like the disaster discussed above, every week, month, and year, companies are exposed to risks of potential disasters that can affect the continuation of vital business processes. When critical processes and applications are lost, the company can incur damages ranging anywhere from $5,000- $5,000,000 per minute, depending on the size and function of the company. Some companies never recover from the excessive damage they incur during the time of the disaster, and may be forced out of business. To avoid such a situation, companies, particularly banking institutions, are heavily encouraged to have a disaster recovery plan in place. A disaster recovery plan is a powerful tool that allows companies to shield itself from any calamity that occurs, be it natural or man made. The focal point of a disaster recovery plan is business continuity. Business continuity is an activity performed by a company to ensure that critical business functions will be available to customers, clients, and regulators. Disaster recovery is a process that allows for business continuity, particularly in operations and technology infrastructure, during a time of disaster. The plan provides an effective solution that can be used to recover all important business processes within a reasonable time frame using records that are stored off site. To create a disaster recovery plan, the company must have a disaster recovery management system in place, which serves as an ongoing process of planning, developing, testing and implementing disaster recovery procedures and processes.

What is the problem? Despite the level of protection a disaster recovery plan provides, according to a survey performed by benchmark in 2014, a majority of companies are not prepared to recover critical IT systems in the event of a disaster. Having a stable IT system is an absolute requirement for almost all companies. It is almost impossible for companies and financial institutions to function without information systems for data processing, storage and communication. Therefore, the risk of losing/deleting critical files within the information system can prove to be detrimental to a company. Aside from natural disasters, a company’s information system faces significant risks from hackers, who attempt to steal confidential information such as trade secrets. As a result, these losses of critical systems cost businesses a substantial amount of money and damage their reputation. The root cause of such negative statistics is that many companies are faced with the problem of having inconsistent, or complicated IT disaster recovery planning guides, that eventually the company decides that it lacks sufficient resources for the completion of the plan. However, to ignore these risks is not a feasible solution, particularly for banks that are responsible for driving the global economy. With that being said, it is essential for banks not only to have a disaster recovery plan in place, but to perform disaster recovery planning on an ongoing basis. This is further stressed by federal agencies, which provide IT disaster recovery planning guidelines that banks must follow. However, even with guidelines in place, IT disaster recovery is a very difficult task. The difficulty mainly stems from the rapid pace at which technology changes on a yearly basis. The change makes it very difficult to ensure that the proper steps and controls to mitigate risks are in place.

Scope and Objectives of the plan
When designing a disaster recovery plan, it is important to highlight key steps and measures that need to be taken during the time of a disaster. This means, should an emergency situation occur, employees and management should be able to rely on this plan to provide an effective method to deal with the crisis situation, as well as lessen the potential negative impact it may have with shareholders and stakeholders.
Therefore the plan should provide information on how to handle crisis events and provide procedures for the following: * Executives * Legal * Investor Relations * Corporate Communications * Corporate Administration * Marketing and Sales * Human Resources * Technology Management

In addition the plan should clearly indicate the responsibilities of various staff, as well as procedures and checklists that will be used to manage the situation post the disaster occurrence.

Components of Disaster recovery planning

1) Risk Assessment: This component involves procedures geared towards detecting, communicating, and for warning recovery team members and stakeholders. The process of detection is straightforward for the most part, as it involves detecting IT disasters. The process of warning involves alerting key team members involved with recovery that a disaster has occurred, and for them to jumpstart the recovery process. In order to create an effective plan, management needs to maintain an open mind when assessing all types of disasters that the firm can encounter, and how they would affect it’s business continuity. This requires taking every single potential risk in account from power failures to terrorist attacks. Therefore, what management is essentially doing, is taking all predetermined risks and contemplating a response to these risks. 2) Preparing employees: This component first and foremost deals with disaster recovery team training. The team consists of those who are responsible for recovering IT service. During this training, the team is familiarized with their individual responsibilities. Non-team members, specifically stakeholders, are also given training during this time. The reason for this is that during times of disaster, stakeholders must be aware of the implications of IT disasters and what to do when IT services are down. Training also touches on decision making authority in cases where employees are missing, disabled, or unable to establish authority. 3) IT services analysis: This component can be further broken down into 3 subsections which include, identifying IT services, prioritizing IT services in terms of reactivation, and identifying potential threats. When identifying IT services, management must conduct a review of all services that an IT department offers to other departments within an organization. The focus would be on services such as email communications. The second section, prioritizing services, involves procedures meant to determine the order in which IT services should be restored. This requires determination of the specific business units that are dependent on the service and the importance of the service to business continuity. The third section involves identification of risks to the IT services. 4) Business Impact Analysis: The main task in performing this analysis is to acquire an understanding of which processes in the business are absolutely essential, and what the impact would be of a disruption due to a potential disaster identified during risk assessment. It is during this time that RTO and RPO are established. RTO of recovery time objective, is the duration of time within which a company must restore its business processes after a disaster, before incurring excessive losses. In other words, how much time did the business take to restore its processes after a disaster has occurred. The RPO or recovery point objective, can be viewed as a marked period of time. This means that when disaster strikes and the recovery process is in effect, all data leading up to that marked point need to be restored. Both RTO and RPO are established when performing the business impact analysis. The business impact analysis is where research is conducted to determine the likely impact of a disruption to the company in terms of loss of business, effects on reputation, loss of staff and loss of data.
.
5) Recovery process: This component focuses on restoring IT service inputs and switching IT operations to alternative facilities. The restoring process involves the restoration of 6 processes: human resources, facilities, communications technologies, servers, application systems, and data. The human resource function is made up of individuals who provide the labor needed for IT services. The facilities category involves restoring IT inputs that are physical in nature such as, buildings, utilities, and heating/cooling. The communications category involves restoring inputs needed to communicate via video, voice, or data. The means of communication can include anything from cell phones to local area networks. The server category includes physical hardware responsible for managing networks. The application systems category is a combination of both hardware and software which support computing needs. The data category is essentially a compilation of raw facts and figures. Finally, this component also deals with securing alternative facilities for IT services in case of the primary location going offline. 6) Backup Procedures: This component is strictly concerned with creating backup copies of data, software, configuration files, and the disaster recovery plan itself. 7) Offsite storage: Offsite storage involves procedures which ensure that all systems, software, and data going out of the primary location are made as portable as possible. This means that the firm must organize everything to be easy to transport. As far as the offsite storage facility is concerned, management must make sure that the location of the facility allows for easy transport and storage of materials. 8) Maintenance: The maintenance component can be regarded as one of the most essential components of recovery planning. Maintenance involves testing and updating the IT disaster recovery plan, and making sure that the plan fits within the scope of it’s business continuity plan. When testing the plan, the key focus is to ensure that the IT disaster recovery plan will work in the event of a disaster. The plan is then updated to reflect changes in IT services and inputs, and to correct any shortcomings that were identified during the testing stage. In addition to updating the plan, there is also a responsibility to update documentation such as configuration manuals, network schematics, and logs on a regular basis. This documentation may not be included in the actual plan, but may prove to be useful in the event of emergency. Even with testing and updates, it is impossible for management to predict every threat that is relevant to IT services, and therefore the recovery process should not be considered completely comprehensive. This means that there will be cases, where it may be necessary to create new plans from scratch.
Essentials of a disaster recovery plan in the banking industry The importance of a disaster recovery plan is evident. For the most part the basic requirements of a disaster recovery plan for all companies remain consistent, however for institutions such as banks that are so heavily regulated by the federal government, the task of planning may be a little more daunting. In some ways it is fitting for banks to be at the forefront of disaster recovery planning, as they were in fact one of the first entities to embrace information technology in the business world. This has led to the birth of the automated clearinghouse association, formed by seven banks based in Philadelphia in the mid 1970’s. The purpose of this association was to address the issues of how banks should implement data recovery if their computer systems go down. In 1983, the US government officially mandated all banks to have a disaster recovery plan. With the passing of this law, it became apparent that banks face certain challenges in the planning process such as the following: * Detailed Planning: In the banking industry, being obsessive towards planning is a must when constricting a recovery plan. The importance of this became apparent during the time of the 1993 world trade center bombings. Nearly two thirds of the companies located within the building, failed to construct well thought out disaster recovery plans. This led to millions of dollars in losses both due to operations and fines. * Greater exposure: Disaster recovery holds significant weight in the banking industry, maybe even over other types of businesses, because their services produce great demand during times of disaster. What causes tremendous amount of pressure in this case, is that a particular bank has multiple locations with varied operations and computer applications. Furthermore, mergers and acquisitions have further complicated matters by causing banks to inherit more varied applications. This makes planning for one particular branch very difficult. * People still use paper: At the branch level, most bank employees continue to heavily rely on paper. So the question is what happens when none of the paper transactions have been entered into the computer system, and there is a fire? This can have a significant impact on operations as loss of records, particularly those pertaining to money, can be detrimental. * Employees first: Banks have an obligation to employees when developing their disaster plans. They must ensure that they have the ability to house their employees in a time of crisis, and provide all the necessary essentials such as food, water, clothing. * Outsourced functions: Disaster recovery plans should take into account any outsourced functions. Many banks outsource data processing such as credit card operations, automated teller machine applications, etc. This must be clearly addressed in the disaster recovery plan. * Testing is critical: A bank’s recovery plan must be heavily tested in order to ensure good results in a real life event. This testing provides confirmation that the bank will be ready in a time of crisis.
Conclusion
IT disaster recovery planning certainly requires a lot of grunt work, and may not appeal to those looking for more glamorous professions. Furthermore, the value in such a task is not immediately noticeable as it is not everyday a company is struck with a major catastrophe. However, it is important to remember that through this process, members of the IT department develop a better understanding of the business use of their systems, and will display a better level of preparedness for change when initiated by disaster. IT departments need to be a source of revenue and not cost, and therefore it is essential that they stay on top of management to allocate sufficient resources towards recovery planning. Ultimately, emphasis should be placed on long term continuity of the business as opposed to short term savings.

Work Cited * http://drbenchmark.org/wp-content/uploads/2014/02/ANNUAL_REPORT-DRPBenchmark_Survey_Results_2014_report.pdf * http://www.banktech.com/sandy-highlights-the-importance-of-bank-disaster-recovery-plans/d/d-id/1295917?page_number=1 * https://www.sans.org/reading-room/whitepapers/recovery/disaster-recovery-plan-strategies-processes-564 * http://www.arraydev.com/commerce/JIBC/2010-04/KadlecShropshireITDRP.pdf *

Similar Documents

Premium Essay

Audit

...Audit Committee Material Weaknesses in Smaller Reporting Companies December 2nd, 2010 OUTLINE: I. SUMMARY OF THE ARTICLE II. PROBLEM STATEMENT III. SUGGESTIONS FROM THE AUTHORS IV. RELEVANCE TO AUDITING ENVIRONMENT V. CONCLUSION I. Summary of the Article This report summarizes the article published by Gramling, Audrey A, Hermanson, Dana R, Hermanson, Heather M in the CPA journal of 2009. The main focus of the article is to show the importance of audit committee in auditing and analyze problems of small companies face in developing effective audit committee. The critical issue of the article is material weaknesses related to audit committee and possibility of management’s override of internal control within small companies. Before, the Sarbanes-Oxley Act, audit committees in public companies were under more pressure to understand not just a company's financial statements, but to challenge management and auditors on key accounting, internal control and compliance issues. After the financial scandals that caused firms like Enron and WorldCom to collapse, audit committees have risen from relative darkness to center stage in modern corporate world. As it’s indicated in the article, the new role, the typical audit committee is charged with many duties. Because new role of audit committee increased complexity and accountability, it's easy for directors of small public companies to feel besieged when...

Words: 1917 - Pages: 8

Premium Essay

Audit

...6-22 a. The function of the independent auditor in the audit of financial statements is expression of an opinion on the fairness with which they present, in all material respects, financial position, results of operations, and its cash flows in conformity with generally accepted accounting principles. The auditor's report is the medium through which he expresses his opinion or, if circumstances require, disclaims an opinion. In either case, he states whether his audit has been made in accordance with generally accepted auditing standards. These standards require him to state whether, in his opinion, the financial statements are presented in conformity with generally accepted accounting principles and to identify those circumstances in which such principles have not been consistently observed in the preparation of the financial statements of the current period in relation to those of the preceding period. The responsibilities of the independent auditor in the audit of financial statements are planning and performing the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud. Because of the nature of audit evidence and the characteristics of fraud, the auditor is able to obtain reasonable, but not absolute, assurance that material misstatements are detected.   b. The responsibilities of the independent auditor for the detection of fraud is provide reasonable assurance of detecting material...

Words: 566 - Pages: 3

Premium Essay

Audit

...ILLUSTRATIVE AUDIT ENGAGEMENT LETTER (Date) Name of Auditee Address Dear ________________ We are pleased to confirm our understanding of the services we are to provide you with under this engagement. Audit Scope. USAID’s applicable scope of work that was part of your RFP will be included or referenced to. Audit Objectives. The objective of our audit is the expression of opinions as to whether your basic financial statements are fairly presented, in all material respects, in conformity with U.S. generally accepted accounting principles, the objective also includes reporting on: • Internal control related to the financial statements and compliance with laws, regulations, and the provisions of contracts and grant agreements, noncompliance with which could have a material effect on the financial statements, in accordance with Government Auditing Standards. • Internal control related to major programs and an opinion (or disclaimer of opinion) on compliance with laws, regulations, and the provisions of contracts and grant agreements that could have a direct and material effect on each major program in accordance with the Single Audit Act Amendments of 1996 and OMB Circular A-133, Audits of States, Local Governments, and Non-Profit Organizations. Our audit will be conducted in accordance with generally accepted auditing standards established by the Auditing Standards Board (United States); the standards for financial audits contained...

Words: 2547 - Pages: 11

Premium Essay

Audit

...Section A: Audit Practice Part b (i): Why is the audit of cash important part of the audit? From an auditing standpoint, cash is an important account because cash transactions affect all other business and financial processes. Businesses acquire cash by selling goods or services, disposing of fixed assets, or acquiring debt or equity. The same businesses put their cash to use through purchasing, paying employees, and buying inventory. Audits are an important part of business. Cash audits check that money has been handled properly, and performance audits ascertain whether employees are doing their jobs properly. Corporations are likely to undergo tax audits to ensure proper tax reporting and withholding. Audits may be performed in-house by management or human resources, by a third-party consulting firm hired specifically to perform the audits or by IRS agents who are auditing company tax records. The audit of cash is considered an important part of an audit mainly due to almost all business transactions will be ultimately settled through the cash accounts, the audit of cash accounts also assists in the verification of other asset and liability accounts as well as revenue and expenses. Some of the investor relies on the accuracy of the cash account to evaluate the financial health of the company. They use current asset which include the cash account to compute several financial measures. Other than that, cash is the highly liquid asset in a company and it is an area of high...

Words: 9221 - Pages: 37

Premium Essay

Is Audit

...basic controls are omitted. An IS Auditor being a part of this exercise to ensure that the basic controls required for business exist in the re-engineered process.  The IT Security Policy: The IS Auditor due to extensive engagement with the organisation is able to say which parts of the policy are being complied with and can also offer suggestions on improving compliance and making suitable changes to the IT Policy. He can also offer guidance in those areas which may not be adequately addressed in the policy.  Security Awareness: An effective IS Audit helps increase level of security awareness and compliance with security measures among IT users. This also provides motivation to security officers and system administrators to do their job effectively.  Better Return on Investment: IS audits are not only considered for security nowadays but also performance management and value for IT investments. Therefore, an IS audit can be used for facilitating the effective and efficient use of IT for fulfilling business objectives.  Risk Management: The domain of IS Auditing is moving towards risk Management and an IS auditor is being viewed as a risk management professional particularly in the area of operational risk. Effective risk management for the enterprise is vital, therefore the...

Words: 477 - Pages: 2

Premium Essay

Audit

...Fraud Auditing and Different type of fraud Introduction Over the years, the role of auditors become increasingly important especially in a capitalist economy as the process of wealth creation and political stability depends heavily upon confidence in processes of accountability and how well the expected roles are being fulfilled. An auditor has the responsibility for the prevention, detection and reporting of fraud, other illegal acts and errors is one of the most controversial issues in auditing. The most frequently debated areas amongst auditors, politicians, media, regulators and the public is where the fraud is coming from and by whom. This disagreement has been especially tinted by the collapse of big corporations like Enron and WorldCom. The unforeseen fall of Enron and WorldCom traumatized the world as both of these companies received clean bills of health from their auditors immediately prior to their for bankruptcy. Type of fraud Fraud itself comprises a large variety of activities and includes bribery, political corruption, business and employee fraud, consumer theft; network hacking, bankruptcy and divorce fraud, and identity theft. Many find it helpful to separate between internal and external fraud. Internal fraud is usually found by internal auditors. In the Statement of Auditing Standards 99, it’s defines fraud as an intentional act that results in a material misstatement in financial statements. There are two types of fraud considered: misstatements arising...

Words: 2588 - Pages: 11

Premium Essay

Audit

...1 Session 4 Audit Planning; Materiality and the audit risk model Auditing: Principles and Methods 2 After studying this session you should be able to: 1. Discuss why adequate audit planning is essential 2. Make client acceptance decisions and perform initial audit planning 3. Gain an understanding of the client’s business and industry 4. Assess client business risk 5. Perform preliminary analytical procedures 6. Apply the concept of materiality to the audit 7. Define risk in auditing and the audit risk model Auditing: Principles and Methods 3 8. Consider the impact of engagement risk on acceptable audit risk 9. Discuss the relationship of risks to audit evidence 10. Answer the Review Questions Auditing: Principles and Methods 1. Audit Planning 4 Why is adequate audit planning essential? “The auditor must adequately plan the work and must properly supervise any assistants”. There are three main reasons why the auditor should properly plan engagements: to enable himself to obtain sufficient appropriate evidence, to keep audit cost reasonable and to avoid misunderstanding with the client. Auditing: Principles and Methods 1. Audit Planning 5 An important part of audit planning is assessing acceptable audit risk and inherent risk because it helps determine the amount of evidence that will need to be accumulated and staff assigned to the engagement. Acceptable audit risk is a measure of how willing the auditor is to accept that the FSs...

Words: 5316 - Pages: 22

Premium Essay

Audit

...Exercises, Problems and Simulations | 1. List and describe the activities auditors undertake before beginning an engagement. | 1, 2, 3, 4 | 53, 54, 55, 62, 66 | 2. Identify the procedures and sources of information auditors can use to obtain knowledge of a client’s business and industry. | 5, 6, 7, 8, 9 | 52, 56, 59, 65 | 3. Perform analytical procedures to identify potential problems. | 10, 11, 12, 13, 14, 15 | 47, 48, 49, 51, 58, 63, 64 | 4. List and discuss matters of planning auditors should consider for clients who use computers and describe how a computer can be used as an audit tool. | 16, 17, 18, 19, 20, 21, 22 | 57, 60 | 5. Review audit documentation for proper form and content. | 23, 24, 25 | 50, 61 | SOLUTIONS FOR REVIEW CHECKPOINTS 4.1 A CPA can use the following sources of information to help decide whether to accept a new audit client. Financial information prepared by the prospective client: * Annual reports to shareholders * Interim financial statements * Securities registration statements * Annual report on SEC Form 10K * Reports to regulatory agencies Inquiries directed to the prospect's business associates: * Banker * Legal counsel * Underwriter * Other persons, e.g., customers, suppliers Predecessor auditor, if any, communication, re: integrity of management, disagreements with management ...

Words: 11602 - Pages: 47

Premium Essay

Audit

...that recognizes him as a reliable body. With the growing conscious recognition of the importance of financial data in the ordering of everyday business and economic life, the need of basic economic facts is providing a constantly enlarging opportunity for the accounting profession. The auditors' reports have an especial capacity to fulfill the need for reliable and authoritative financial material not only because of the reputation or prestige of the certified statements, but also because of the significance generally attached by the business man to the functions of the auditor and his reports. These functions, and the scope of these reports, have in the past been definitely related to the character of and changes in business activity. Audits and reviews are basically procedures performed on the financial statements of a company, for the purpose of determining whether the financial statements include any material misstatements. Misstatements are essentially wrong numbers due to numerical errors, fraud, or errors in interpreting the accounting...

Words: 6792 - Pages: 28

Free Essay

Audit

...The reason for IFI or any regulatory body considering the ‘enjoining what is good and forbidding what is evil’ to be one of the basic principles of IFI Shariah Audit is due to ensures acceptance, validity and enforceability of contracts from Shariah point of view. Stating by Islamic Financial Services Board (IFSB), Shariah compliance actually is a central in assuring the integrity and credibility of the Institutions offering auditing. They state that Shariah non-compliance risk is the risk that arises from auditing failure to comply with the Shariah rules and principles determined by the relevant body in the jurisdiction in which the auditing operate. According to these standards, Shariah compliance is critical to audits’ operations and such compliance requirements must permeate throughout the organization and activities. As a majority of the auditors use Shariah-compliant auditing services as a matter of principle, the clients’ perception regarding audits’ compliance with Shariah rules and principles is of great importance to their sustainability. In this regard, Shariah compliance falls within a higher priority category in relation to other identified risks. They accordingly, require that auditing shall have in place adequate systems and controls, including Shariah Board, to ensure compliance with Shariah rules and principles. In other words, it could be said that IFI needs to be responsible for appointing people to carry out the responsibility of enjoining good, whenever...

Words: 1177 - Pages: 5

Premium Essay

Audit

...QUESTION 1 (a) The caller must in good manner, show respect to the CEO and has a talk with the CEO tell the CEO on your professional view that the sales transaction did not meet the revenue recognition criteria specified by GAAP., if they still want to make this kind of transpired transaction, company might get law sue by the bank. Caller also should not continue sign the commitment letter, because if that is a fraud, and she signed the letter, caller is liable to take responsibility about cheating the bank. (b) If the caller conceal her disagreement and continue working in the company, she might face legal liability in future. It is because she is the person who signs the commitment letter. (c) If she resigns immediately, it might affect her future career, other company will loss confident to hire her even banned. Besides that, she had signed some previous financial statement, if that found by the relevant parties, she is liable to face the legal responsibility. (d) Yes. She can refer to the MASB standard 9- Revenue, under the section 15 “sale of goods- revenue from the sale of goods should be recognized when the enterprise has transferred to the buyer the significant risks and rewards of ownership of the goods”. http://www.masb.org.my/images/stories/archive/PERS/!masb9.pdf In this case, the company recorded the revenue from sale transaction which did not occur, so she should remind the company. Question 2 Since she is the person who signs the commitment...

Words: 1432 - Pages: 6

Premium Essay

Audit

...auditors are not independence. The whole audit progress would be argued that the auditor had given the bias opinion to the client if there was no independence. Therefore, the accounting profession such as auditor and qualified accountant has faced the pressure for improving the quality of the audited reports. Jackson, Moldrich and Roebuck (2008) view the audit quality from perceived and actual quality. Actual quality shows the material errors risk level in financial statements and it can be reduced by the auditor. While perceived quality is the users confidence level in financial statements and effectiveness of the auditors in reducing the misstatement in financial statement done by management. However, there are variety of factors might affect the audit quality, but only 4 identified factors which is size of audit firm, auditor’s tenure, auditor’s experience and pricing pressure will be discussed in this paper. 2.1 Independent Variable 2.1.1 Auditor’s Tenure and Audit Quality The studies on auditor tenure cannot be separated with the auditor switching studies which formally known as auditor rotation. Auditor rotation can either is mandatory or voluntary. Voluntary rotation is the clients have option to switch auditors while mandatory rotation is pushes clients to change auditors after a fixed period (Mohamed & Habib, 2013) Previous researches had indicated that auditor’s tenure is related to the impact on audit quality. According to Geiger and Raghunandan...

Words: 3078 - Pages: 13

Premium Essay

Audit

...risk-based audit, adequate planning is of paramount importance as it allows to direct the audit effort towards the areas expected to be most at risk of material misstatement. Additionally, adequate planning helps identify and resolve problems on a timely basis and allows the auditor to organize the engagement, including selecting suitably experienced team members to deal with specific risks, so that it can be performed in an effective and efficient manner. ISA 300 in particular requires setting out an overall audit strategy and a detailed audit plan. The overall audit strategy should indicate the scope of the work, the resources to be allocated to specific high-risk areas in terms of experienced staff or hours and the timing of the work. A more detailed audit plan follows on from the approach identified in the audit strategy and indicates the audit procedures to be performed in respect of specific items in the financial statements and their timing. The audit strategy and the audit plan are not necessarily separate documents or processes as they are strictly interrelated. For example the results of initial risk assessment procedures, like the entity’s business risk assessment or the assessment of internal control, will inform the planning for further audit procedures and, vice versa, the outcome of detailed audit procedures may be so different from what expected at the time of planning to require a modification of the audit strategy and audit plan. As such, the audit strategy and...

Words: 5723 - Pages: 23

Premium Essay

Audit

...Executive summary Table of content (a) Explain the audit risk and each component of the audit risk model and how the audit risk works Audit risk is the auditor might give an incorrect or inappropriate opinion the financial statements. (Taylor, 2008). The audit risk model expresses the relationship among the audit risk components as follows: PDR = AAR IR x CR PDR = planned detection risk AAR = acceptable audit risk IR= inherent risk CR= control risk The four risks in the audit risk model are appropriately important to valuable detailed discussion. All four risks are discussed briefly in this section o provide an overview of the risks. Planned detection risk (PDR) is a measure of that audit evidence for a segment will fail to detect misstatements exceeding an acceptable amount, should such misstatements exists. (James, 2001) PDR is a function of the effectiveness of an audit test and of its application by the auditor. Decreases in PDR will require the auditor to increase the competence and sufficiency of audit evidence collected. (Taylor, 2008). Inherent risk (IR) represents the auditor’s assessment of the susceptibility of an assertion to a material misstatement assuming there are no related internal controls. (Boynton, 2001). If the auditor concludes that there is a high likelihood of misstatements, ignoring internal control, the auditor would conclude that inherent...

Words: 687 - Pages: 3

Premium Essay

Audit

...that recognizes him as a reliable body. With the growing conscious recognition of the importance of financial data in the ordering of everyday business and economic life, the need of basic economic facts is providing a constantly enlarging opportunity for the accounting profession. The auditors' reports have an especial capacity to fulfill the need for reliable and authoritative financial material not only because of the reputation or prestige of the certified statements, but also because of the significance generally attached by the business man to the functions of the auditor and his reports. These functions, and the scope of these reports, have in the past been definitely related to the character of and changes in business activity. Audits and reviews are basically procedures performed on the financial statements of a company, for the purpose of determining whether the financial statements include any material misstatements. Misstatements are essentially wrong numbers due to numerical errors, fraud, or errors in interpreting the accounting...

Words: 6792 - Pages: 28