Auditing Standards
IFTA\IRP Audit GuidanceGovernment Auditing Standards (GAO)
Generally Accepted Auditing Standards (GAAS)International Standards on Internal Auditing
(ISIA)
1100- Independence & Objectivity
• Organizational– Free from interference in scope of work,
performance and communication
• Individual– Impartial, unbiased, no conflict of
interest
• Impairments– If impaired in fact or appearance = must
disclose
1100- Independence & Objectivity in IFTA\IRP
• Is audit group within Motor Carrier management group? May be impaired
• Does auditor know carrier? May be impaired
• Has auditor or manager designed or specified recordkeeping system for carrier? May be impaired.
1200 Proficiency & Due Professional Care
• Proficiency– Possess knowledge, skills, and
competencies to perform the responsibilities
– Obtain competent advice or assistance– Sufficient knowledge to identify fraud
indicators, but not expertise.– Knowledge of key information technology
risks, controls and audit techniques to perform work.
1200 Proficiency & Due Professional Care
• Due professional care– Reasonably prudent and competent– Exercise due care by considering
• Extent of work needed to accomplish objective• Complexity, materiality, significance of matters• Adequacy & effectiveness of risk management,
control and processes• Probability of significant errors, irregularities,
noncompliance• Cost\benefit analysis of assurances
1200 Proficiency & Due Professional Care
• Continuing professional development– No minimum\maximum hours required
as with GAO or AICPA, but “should enhance knowledge”
1200 Proficiency & Due Professional Care in IFTA\IRP
Knowledge of record requirements, effects of over\understating fuel\miles, equipment norms, trends
1220 considerationsReasonable adjustmentsNot infallible
1300 Quality Assurance & Improvement Program
• QA– Continuously monitor effectiveness
• Internal Assessments– Ongoing reviews of audit activity– Periodic self assessment or others within
organization• External Assessments
– At least every 5 years by qualified, independent reviewer
1300 Quality Assurance & Improvement Program
• Reporting on QA– Results should be communicated to
board
• Use of “Conducted…” statement– Used only if program is in compliance
with all standards
• Noncompliance– Disclosure of areas of non-compliance.
QA in IFTA\IRP
• Formal process of program compliance reviews and peer review
• Informal process using formal guidelines Annual or Biennial
Performance Standards 2000 Managing Audit Activity
• Planning– Risk based planning determines priorities
consistent with goals
• Communication– Audit activity plans and resource requirement
should be discussed & approved with management
• Resource Management– Appropriate, sufficient, and effectively deployed
Performance Standards
• Policies\Procedures– Established policies to guide audit activities
• Coordination– Adequate coverage & no duplication of
effort
• Reporting to Management– Periodic report on purpose, authority,
responsibility, performance, risks, control issues, etc.
Performance Standards in IFTA\IRP
• Audit procedures manuals for both define – Goals– General audit procedures– Several evaluation tools
2100 Nature of Work
• Risk Management – Evaluate effectiveness of risk management
system– Reliability of data– Effectiveness of operations– Safeguarding assets– Compliance with laws, regulations, & contracts– Awareness of other significant risks– Use past experience to evaluate organizations
risks
2100 Nature of Work
• Control– Reliability & integrity of operational
information– Effectiveness & efficiency of operations– Safeguard assets– Compliance with laws, regulations, &
contracts
2100 Nature of Work
• Governance– Promote appropriate ethics & values– Effective performance, management, &
accountability– Communicate risk & control to
appropriate parties– Coordinate activities & communication
of information
Nature of Work in IFTA\IRP
• Risk assessment in selection of carriers for audit
• Required audits maintain controls over programs
• Assure that objectives of the programs are met
• Recommendations to carriers and administrators support program goals
2200 Engagement Planning• Planning considerations
– Objective\scope• Engagement objectives
– Assess risks– Potential for errors, noncompliance
• Engagement scope– Consider ALL systems, records, & properties
• Engagement resource allocation– Staffing based on objectives, complexity, time,
resources• Engagement work program
– Developed to achieve objective– Specific procedures for analysis & recording of info
Engagement Planning in IFTA\IRP
Audit manuals provide basis of planningPre-audit notificationInternal control reviewRecords reviewAnalytical review of carrier reports
2300 Performing the Engagement
• Identifying information– Sufficient, reliable, relevant, useful
• Analysis & Evaluation– Support conclusions
• Recording Information– Controlled access, retention
• Engagement Supervision
Performing the Engagement in IFTA\IRP
• Uniformity• Standard approach• Sampling• Flow of documents• Verification of records• Audit file documentation – generic, • Supervision- how much is enough
2400 Communicating Results
• Criteria for communicating– Overall opinion, conclusions, limitations
• Quality of communications– Accurate, concise, constructive, timely
• Errors & Omissions– Corrected info to all ASAP
2400 Communicating Results
• Engagement disclosure of noncompliance with standards– Standard, reason, impact
• Disseminating results– To appropriate parties– Restricted use of results
Communicating Results in IFTA\IRP
• Standard audit reports– Standards followed
• Required information– Inter-jurisdictional report
• Supplemental information– Supporting schedules, conference notes, contact log
• Required conferences with carrier
2500 Monitoring Progress
• Follow-up process
•2600 Resolution of Management’s Acceptance of Risks
Top Related