Engagement Objectives Criteria Scope

avatar
Created by
Jinny D

Cards (36)

  • what does performance standard 2200 “Engagement Planning” state?
    Internal auditors must develop and document a plan for each engagement, including the engagement’s objectives, scope, timing, and resource allocations. The plan must consider the organization’s strategies, objectives, and risks relevant to the engagement.
  • What four elements does the Standards require to be included in the actual plan?
    • The objectives of the engagement
    • The scope of the engagement
    • The allocation of resources for the engagement
    • The engagement work program
  • performance standard 2210 “Engagement Objectives” standard states: objectives must be established for each engagement.
  • How does the IPPF define engagement objectives?

    Broad statements developed by internal auditors that define intended engagement accomplishments.
  • The audit engagement objectives should be aligned with __ and reflect the _of ___relevant to the activity under review?
    organisational objectives; results, preliminary risk assessment
  • What are the main sources of information for preliminary objective development?
    • Review of internal audit plan.
    • Review of prior engagement results.
    • Discussions with stakeholders.
    • Consideration of mission, vision, and objectives of the area or process under review.
  • What are prior assessment resources?
    • workpaper from previous audit engagements
    • organisation-wide risk assessments
    • fraud risk assessments
    • reports by other assurance and consulting service providers
  • What information do workpapers from previous audit engagements provide?
    These provide information about the processes and controls in place during the last review and any corrective actions taken by management to address previous observations.
  • What information does organisation-wide risk assessments provide?
    These contain the risk priorities to determine whether any of those risks should be included in the current engagement.
  • What information do fraud risk assessments provide?
    These contain fraud occurrences, investigated allegations, and the outcomes.
  • What information do reports by other assurance and consulting service providers provide?
    The work performed by them may allow auditors to avoid duplication of efforts, which is dependent on whether the internal auditor is satisfied that the work performed is relevant and reliable.
  • What information can be obtained from the interview with the personnel who perform the steps in a process?
    They are likely to provide information about how the process actually works, not just the way it was designed to operate. This can be especially valuable for identifying fraud risk.
  • What information can be obtained from the interview with management?
    They can provide information for policies, procedures, and self-assessments, business objectives, and KPIs. This can also help internal auditors identify whether management's understanding of the steps in a process differ from that of the personnel who perform the steps.
  • What information can be obtained from the interview with IT personnel?
    IT personnel help ensure that all applicable systems are considered and may reveal points where controls might be missing, inadequate, or circumvented.
  • What information can legal counsel and compliance officers provide in a interview?
    They may provide information received through whistleblower programs, information regarding unusual events and litigation relevant to the engagement. They may provide insight on how effectively compliance with existing polices and procedures satisfies laws and regulations.
  • Audit objectives often should be phrased in terms of contributing to the organization properly managing the activity’s risks through effective governance, risk management, and control practices.
  • What are the three categories of engagement objectives?
    operations
    reporting
    compliance
  • What are the measures of the engagement objectives for operations?
    profitability; delivery of excellent products and services; reduced produced time, e.g., controls installed in systems to maximise accuracy and efficiency; safeguarding of assets; supporting mission and vision; supporting appropriate work environment for the employees, e.g., if the right personnel have been assigned proper job responsibilities and received appropriate training.
  • What are the measures of the engagement objectives for reporting?
    maintenance of accurate financial records; collection of useful, reliable, and timely information for decision making; external regulatory reporting
  • What are examples of engagement objectives for reporting?
    • Evaluate if the identification and reporting of risks and controls are adequate for the ERM reporting process.
    • Evaluate controls over timely recognition of revenues.
    • Identify and evaluate if the correct reports are given to the proper managers in the organization.
    • Validate the accuracy of reporting by confirming the accuracy of data provided.
    • Evaluate if the personnel responsible for reporting are providing accurate and timely reports.
  • What are the measures of the engagement objectives for compliance?
    Compliance with applicable laws and regulations.
    Compliance with internal policies and procedures.
  • "Evaluate employee perception of the “tone at the top” in the business function being audited" would be an example of which engagement objective?
    compliance
  • To EVALUATE GRC, what are needed?
    Adequate criteria
  • Internal auditors must ascertain the extent to which management and/or the board has established adequate criteria to determine whether objectives and goals have been accomplished. If adequate, internal auditors must use such criteria in their evaluation. If inadequate, internal auditors must identify appropriate evaluation criteria through discussion with management and/or the board.
  • Internal audit criteria are the benchmarks against which the subject matter of the engagement can be assessed.
  • What are three main types of criteria?
    Internal (e.g., policies and procedures of the organization).
    External (e.g., laws and regulations imposed by statutory bodies).
    Leading practices (e.g., industry and professional guidance).
  • What does the performance standard 2200 "engagement scope" state?
    The established scope must be sufficient to achieve the objectives of the engagement.
  • Collectively, what and what define the engagement scope?
    Engagement objectives and procedures
  • The engagement scope helps define the boundaries of the engagement by identifying the activities being reviewed as well as any related activities that are not. It may also describe the nature and extent of audit work and provide additional supportive information.
  • What are the key considerations for setting audit scope?
    Boundaries of area or process
    In-scope versus out-of-scope locations
    Subprocesses
    Components of the area or process
    Time frame
  • Determining scope requires professional judgment based on relevant experience and/or supervisory assistance, as the Standards do not require that any specific areas be included in the scope for all types of engagements.
  • What is the implementation standard 2220.A1 for "engagement scope"?
    The scope of the engagement must include consideration of relevant systems, records, personnel, and physical properties, including those under the control of third parties.
  • The scope of consulting engagements is increasingly created using management input. Because of the emphasis in the Standards on auditor objectivity, this can be done without fear of compromising audit independence.
  • What is a scope limitation?
    A restriction placed on the internal audit activity that precludes it from accomplishing its objectives and plans for an engagement is a scope limitation.
  • What restrictions does a scope limitations have?
    The scope defined in the charter.
    The internal audit activity’s access to relevant records, personnel, and physical properties.
    The approved work schedule or level of effort.
    The performance of necessary engagement procedures.
    The approved staffing plan and financial budget of the audit function.
  • What should a scope statement specify?
    Inclusion and exclusion of areas for review. E.g., The internal audit activity will conduct an "type" assessment of the X department that will take into account "subject matters" from what period.