Diploma in international auditing international standards on auditing - iqn
Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted...
Transcript of Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted...
Auditing Standards
IFTA\IRP Audit GuidanceGovernment Auditing Standards (GAO)
Generally Accepted Auditing Standards (GAAS)International Standards on Internal Auditing
(ISIA)
1100- Independence & Objectivity
• Organizational– Free from interference in scope of work,
performance and communication
• Individual– Impartial, unbiased, no conflict of
interest
• Impairments– If impaired in fact or appearance = must
disclose
1100- Independence & Objectivity in IFTA\IRP
• Is audit group within Motor Carrier management group? May be impaired
• Does auditor know carrier? May be impaired
• Has auditor or manager designed or specified recordkeeping system for carrier? May be impaired.
1200 Proficiency & Due Professional Care
• Proficiency– Possess knowledge, skills, and
competencies to perform the responsibilities
– Obtain competent advice or assistance– Sufficient knowledge to identify fraud
indicators, but not expertise.– Knowledge of key information technology
risks, controls and audit techniques to perform work.
1200 Proficiency & Due Professional Care
• Due professional care– Reasonably prudent and competent– Exercise due care by considering
• Extent of work needed to accomplish objective• Complexity, materiality, significance of matters• Adequacy & effectiveness of risk management,
control and processes• Probability of significant errors, irregularities,
noncompliance• Cost\benefit analysis of assurances
1200 Proficiency & Due Professional Care
• Continuing professional development– No minimum\maximum hours required
as with GAO or AICPA, but “should enhance knowledge”
1200 Proficiency & Due Professional Care in IFTA\IRP
Knowledge of record requirements, effects of over\understating fuel\miles, equipment norms, trends
1220 considerationsReasonable adjustmentsNot infallible
1300 Quality Assurance & Improvement Program
• QA– Continuously monitor effectiveness
• Internal Assessments– Ongoing reviews of audit activity– Periodic self assessment or others within
organization• External Assessments
– At least every 5 years by qualified, independent reviewer
1300 Quality Assurance & Improvement Program
• Reporting on QA– Results should be communicated to
board
• Use of “Conducted…” statement– Used only if program is in compliance
with all standards
• Noncompliance– Disclosure of areas of non-compliance.
QA in IFTA\IRP
• Formal process of program compliance reviews and peer review
• Informal process using formal guidelines Annual or Biennial
Performance Standards 2000 Managing Audit Activity
• Planning– Risk based planning determines priorities
consistent with goals
• Communication– Audit activity plans and resource requirement
should be discussed & approved with management
• Resource Management– Appropriate, sufficient, and effectively deployed
Performance Standards
• Policies\Procedures– Established policies to guide audit activities
• Coordination– Adequate coverage & no duplication of
effort
• Reporting to Management– Periodic report on purpose, authority,
responsibility, performance, risks, control issues, etc.
Performance Standards in IFTA\IRP
• Audit procedures manuals for both define – Goals– General audit procedures– Several evaluation tools
2100 Nature of Work
• Risk Management – Evaluate effectiveness of risk management
system– Reliability of data– Effectiveness of operations– Safeguarding assets– Compliance with laws, regulations, & contracts– Awareness of other significant risks– Use past experience to evaluate organizations
risks
2100 Nature of Work
• Control– Reliability & integrity of operational
information– Effectiveness & efficiency of operations– Safeguard assets– Compliance with laws, regulations, &
contracts
2100 Nature of Work
• Governance– Promote appropriate ethics & values– Effective performance, management, &
accountability– Communicate risk & control to
appropriate parties– Coordinate activities & communication
of information
Nature of Work in IFTA\IRP
• Risk assessment in selection of carriers for audit
• Required audits maintain controls over programs
• Assure that objectives of the programs are met
• Recommendations to carriers and administrators support program goals
2200 Engagement Planning• Planning considerations
– Objective\scope• Engagement objectives
– Assess risks– Potential for errors, noncompliance
• Engagement scope– Consider ALL systems, records, & properties
• Engagement resource allocation– Staffing based on objectives, complexity, time,
resources• Engagement work program
– Developed to achieve objective– Specific procedures for analysis & recording of info
Engagement Planning in IFTA\IRP
Audit manuals provide basis of planningPre-audit notificationInternal control reviewRecords reviewAnalytical review of carrier reports
2300 Performing the Engagement
• Identifying information– Sufficient, reliable, relevant, useful
• Analysis & Evaluation– Support conclusions
• Recording Information– Controlled access, retention
• Engagement Supervision
Performing the Engagement in IFTA\IRP
• Uniformity• Standard approach• Sampling• Flow of documents• Verification of records• Audit file documentation – generic, • Supervision- how much is enough
2400 Communicating Results
• Criteria for communicating– Overall opinion, conclusions, limitations
• Quality of communications– Accurate, concise, constructive, timely
• Errors & Omissions– Corrected info to all ASAP
2400 Communicating Results
• Engagement disclosure of noncompliance with standards– Standard, reason, impact
• Disseminating results– To appropriate parties– Restricted use of results
Communicating Results in IFTA\IRP
• Standard audit reports– Standards followed
• Required information– Inter-jurisdictional report
• Supplemental information– Supporting schedules, conference notes, contact log
• Required conferences with carrier
2500 Monitoring Progress
• Follow-up process
•2600 Resolution of Management’s Acceptance of Risks