explain the chorology of audit in details with examples?
Answers
The purpose of the planning stage is to define the subject and scope of the audit, establish customer expectations, and identify the criteria used to evaluate the audit subject. ... Review of Internal Audit records. Review of external audit files and other appropriate external information.
Answer:
Planning and Fieldwork
The purpose of the planning stage is to define the subject and scope of the audit, establish customer expectations, and identify the criteria used to evaluate the audit subject. In this stage, the auditor should obtain an overall view of the department or function, and the operating context and constraints. Several methods of gathering information may be appropriate including the following:
Initial meeting(s) with the department management and process owners
Internal control questionnaire or surveys of process stakeholders
Review of Internal Audit records
Review of external audit files and other appropriate external information
Audit program and fieldwork
Fieldwork means executing the planned audit, and if required updating the audit plan based on information learned during the course of the audit. During fieldwork the auditor will collect and analyze information in order to prepare a draft report and to regularly update process owners and other stakeholders on the audit’s progress.
Exit Conference and Audit Reports
The Exit Conference is an opportunity for the auditor, department management, process owners, and other stakeholders to review and validate audit outcomes. The Exit Conference should accomplish the following:
Present observations and determine if the current operating context might affect past transactions, e.g., reduce the severity of a finding
Confirm facts, observations, and conclusions, e.g., that the findings are accurate
Validate the root cause leading to findings and present recommendations to eliminate the root cause, and / or achieve control objectives
Estimate the effect of the findings on University operations or its risk management and compliance objectives
Solicit draft management comments on the audit findings and determine if alternative recommendations adequately eliminate the root cause of findings
Define the timeline for issuing the final audit report and implementing recommendations
On a high, level audit reports or supporting work papers should summarize the following information:
Condition: the facts, observations, and conclusions
Criteria: the standard or benchmark to measure a condition against
Root Cause: why the conditions don’t measure up
Effect: what happened or will happen if the condition is not corrected, e.g., how important is this
Recommendation: practical, specific, and implementable to eliminate the root cause, and therefore correct the condition
The actual audit report format should be functional and provide management with an efficient method of reviewing and responding to recommendations therein and to expedite implementation of recommendations. One example of an audit report format is the following:
Executive Summary
Distribution List – who is receiving the report
Introduction – statement of the auditor’s objectives, results obtained, and a summary of department or function audited including key operating context and constraints
Conclusion – the professional opinion of the area under review
Findings and Recommendations – by organizational unit and / or process in sufficient detail to identify the issues and solutions
Management Comments – key summary information necessary to put the finding into context and written agreement that recommendations will be implemented
Status of prior audit recommendations, if any
Appendices and exhibits including statistical summaries of audit test results
After the exit conference, the draft audit report is circulated for review and comment to the process owner and at the Vice President / Senior Vice President levels responsible for the department or function.