Madam Lorna kerubo

TOPIC 6

AUDIT MANAGEMENT

INTRODUCTION

A management audit is an analysis and assessment of competencies and capabilities of a

company's management to carry out corporate objectives. The purpose of a management audit is
not to appraise individual executive performance, but to evaluate the management team in its
effectiveness to work in the interests of shareholders, maintain good relations with employees
and uphold reputational standards.

Audit management is responsible for ensuring that board-approved audit directives are
implemented. Audit management helps simplify and well-organize the work flow and
collaboration process of compiling audits.

Audit management oversees the internal/external audit staff, establishes audit programs, and
hires and trains the appropriate audit personnel. The staff should have the necessary skills and
expertise to identify inherent risks of the business and assess the overall effectiveness of controls
in place relating to the company's internal controls.

Benefits of Audit Management

 Enables systematic and workflow driven audit processes across the enterprise with
standardized data collection to eliminate audit errors and inconsistencies
 Facilitates a closed-loop audit cycle (A term of art referring to the assessment of whether
those issues identified as problems during a clinical audit (the loop) result in measurable
changes in clinical practice.) for recording findings, developing recommendations, and
implementing action plans

 Provides complete visibility into audit processes and metrics for better risk management and
assured compliance

 Strengthens the efficiency of the audit staff, enabling them to be focused on value-oriented
functions such as analyzing and recognizing trends in the audit data
Madam Lorna kerubo

Understanding Audit Management

The Audit Management automates the work streams of internal audit teams, optimizing
resources and productivity, and eliminating recurring audit findings. Audit Management uses
compliance and risk data to scope, plan, and prioritize audit engagements. The on-going review
of policies and procedures, risks, and control breakdowns provide an opportunity for fixing
issues before they become audit failures.

Key activities for Audit Management

Auditors are responsible for the following:

 Review policies and procedures
 Review risks

 Review control design

 Review control test design

 Review control test results

 Test controls

 Issue observations

AUDIT PLAN

Audit planning is a vital area of the audit primarily conducted at the beginning of audit process
to ensure that appropriate attention is devoted to important areas, potential problems are
promptly identified, work is completed expeditiously and work is properly coordinated.

Definition

An Audit plan is the specific guideline to be followed when conducting an audit it helps the
auditor obtain sufficient appropriate evidence for the circumstances, helps keep audit costs at a
reasonable level, and helps avoid misunderstandings with the client.
Madam Lorna kerubo

REASONS FOR AUDIT PLANNING INCLUDE:

 To identify areas of risk of material misstatements

 To design audit procedures to address those risks and to obtain sufficient appropriate
evidence

 To help keep audit costs reasonable

 To avoid misunderstandings with the client

Benefits of Audit Plan

 It helps the auditor obtain sufficient appropriate evidence for the circumstances
 It helps to keep audit costs at a reasonable level.

 It helps to avoid misunderstandings with the client.

 It helps to ensure that potential problems are promptly identified

 It helps to know the scope of audit program by an Auditor.

 it helps to carry out the audit work smoothly and in a well defined manner.

Process of Audit Planning

It includes following procedures

 Knowledge of client's business

 Development of audit strategies or overall plan (who, when and how)

 Preparation of audit programme

Audit Strategy

The auditor should establish an overall audit strategy that sets the scope, timing, and direction of
the audit and guides the development of the audit plan.
Madam Lorna kerubo

In establishing the overall audit strategy, the auditor should take into account:

a. The reporting objectives of the engagement and the nature of the communications
required by PCAOB standards,7
b. The factors that are significant in directing the activities of the engagement team, 8

c. The results of preliminary engagement activities 9 and the auditor's evaluation of the
important matters in accordance with paragraph .07 of this standard, and

d. The nature, timing, and extent of resources necessary to perform the engagement.10

AUDIT PLAN ACTIVITIES:

Determine audit subject. Identify the area to be audited (e.g., business function, system,
physical location).

Define audit objective. Identify the purpose of the audit. For example, an objective might be
to determine whether program source code changes occur in a well-defined and controlled
environment.

Set audit scope. Identify the specific systems, function or unit of the organization to be
included in the review. For example, in the previous example (program changes), the scope
statement might limit the review to a single application, system or a limited period of time.

Perform pre-audit planning. • Conduct a risk assessment, which is critical in setting the
final scope of a risk-based audit. For other types of audits (e.g., compliance), conducting a
risk assessment is a good practice because the results can help the IS audit team to justify the
engagement and further refine the scope and preplanning focus.• Interview the auditee to
inquire about activities or areas of concern that should be included in the scope of the
engagement.• Identify regulatory compliance requirements.• Once the subject, objective and
scope are defined, the audit team can identify the resources that will be needed to perform the
audit work.
Madam Lorna kerubo

FIVE ELEMENTS OF AN EFFECTIVE AUDIT PLANNING PROCESS

1. Research the Audit Area

It is essential to understand the business process or function to be audited. If not familiar with it,
thoroughly research the process or function to fully understand the subject matter. Review
internal procedures, search the internet for resources, and seek help from subject matter experts.

2. Maintain Open Communications Throughout the Planning Process

The sooner the audit team reaches out to the auditee, the better. There is a certain amount of
trepidation involved in any audit. Working with an auditee prior to the audit helps ease concerns
the auditee may have. Communicating in person is always preferable. If this is not possible,
telephone calls are the next best thing. Avoid communicating by email if possible.

3. Conduct Process Walk-Throughs

Armed with a working understanding of the process or function, conduct a face-to-face walk
through with the auditee. Identify key business objectives, methods employed to meet objectives,
and applicable rules or regulations. A walkthrough may include a tour of facilities. You may
gather background information relative to the nature, purpose, volume, size, or complexity of
automated systems, processes, or organizational structure. You might scan documents or records
for general condition. All these activities provide opportunities to interface with the auditee and
build rapport before the formal entrance conference.

4. Map Risks to the Organization, Process, or Function

Madam Lorna kerubo

Ask the auditor what his concerns are, what "keeps him up at night." Through research and
interviews, identify risks to meeting business objectives and controls employed to mitigate those
risks. Rate risks with the audited based on probability of occurrence and potential impact.
Consider control design, gaps, or mitigating factors to determine if the control system effectively
mitigates risks.

5. Obtain Data Prior to Fieldwork

This has become a principal focus for us recently. We emphasize data in our initial requests for
information. We perform data analytics before we begin field work. Identifying anomalies to
confirm a condition or weakness early helps us target testing and optimize sample selections.

AUDIT RISK

Audit risk is the risk that financial statements are materially incorrect, even though the audit
opinion states that the financial reports are free of any material misstatements. The purpose of an
audit is to reduce the audit risk to an appropriately low level through adequate testing and
sufficient evidence. Because creditors, investors, and other stakeholders rely on the financial
statements, audit risk may carry legal liability for a CPA firm performing audit work.

Over the course of an audit, an auditor makes inquiries and performs tests on the general ledger
and supporting documentation. If any errors are caught during the testing, the auditor requests
that management propose correcting journal entries. At the conclusion of an audit, after any
corrections are posted, an auditor provides a written opinion as to whether the financial
statements are free of material misstatement. Auditing firms carry malpractice insurance to
manage audit risk and the potential legal liability.

TYPES OF AUDIT RISKS

The two components of audit risk are the risk of material misstatement and detection risk.
Assume, for example, that a large sporting goods store needs an audit performed, and that a CPA
firm is assessing the risk of auditing the store's inventory.
Madam Lorna kerubo

Top 3 Types of Audit Risks

Inherent Risks

Inherent risk is the risk which could not be prevented due to uncontrollable factors and it is also
not found in Audit.

Example: transactions involving high-value cash amount carry more inherent risk than the
transaction involving high-value cheques.

Sources of Inherent Risk:

1. Complex business transactions involving derivative instruments.
2. Transactions requiring the high level of judgment which may lead to risk of not being
identified.

3. Industry having frequent technological developments may expose the firms to technology
obsolescence risk.

4. A company which has already misreported certain figures in past may be more likely to
misreport it again.

Control Risks

Control Risk is the risk of error or misstatement in financial statements due to the failure of
internal controls.

Sources of Control Risk:

1. Failure of audit risk management to instill proper and effective internal control for
financial reporting.
2. Failure to ensure proper segregation of duties among people responsible for financial
reporting.

3. The non-existence of the culture of proper documentation and filing.

Madam Lorna kerubo

Detection Risks

Detection risk is the risk that the auditor’s procedures do not detect a material misstatement. For
example, an auditor needs to perform a physical count of inventory and compare the results to
the accounting records. This work is performed to prove the existence of inventory. If the
auditor's test sample for the inventory count is insufficient to extrapolate out to the entire
inventory, the detection risk is higher

Detection risk can also be de defined as the risk of failure on part of Auditor to detect any errors
or misstatements in financial statements thereby giving an incorrect opinion about financial
statements of the firm.

Minimizes Audit Risk?

1. Having a strong Audit team that has sufficient knowledge of the business and
transactions involved.
2. Sufficient time is provided to the team to analyze financials.

3. Ensuring strong engagement with the audit risk management of the client firm to
understand business philosophy and practices.

4. Ensuring proper and adequate sampling techniques.

5. Accurate assessment of clients internal control systems to know whether the control is
strong or weak.

6. Proper audit planning and selection of Audit procedure.

Audit program (audit plan)

An audit program, also called an audit plan, is an action plan that documents what procedures an
auditor will follow to validate that an organization is in conformance with compliance
regulations.

The goal of an audit program is to create a framework that is detailed enough for any outside
auditor to understand what official examinations have been completed, what conclusions have
Madam Lorna kerubo

been reached and what the reasoning is behind each conclusion. The framework should explain
the audit's objectives, its scope and its timeline. The audit program should also describe how
working papers -- the documented evidence of the audit -- will be collected, reviewed and
reported.

Objectives of audit programs

When developing an audit program, the internal auditor and its associated audit team should start
with outlining the audit's objectives, goals and obligations.

Audit program objectives help direct planning of the audit report and are based on the policies,
procedures and guidelines unique to the company. These objectives may relate to and outline
how the auditors will maintain efficiency, professionalism and a specific code of conduct during
audit procedure.

In addition to relevant regulatory compliance mandates, objectives for audit programs should
consider aspects such as management priorities, business intentions, system requirements,
business structure, legal and contractual mandates, the expectations of customers and other
interested parties, potential risk management vulnerabilities, and any corrective action taken
based on previous audits.

Preparing an audit program

Audit program details are specific to individual organizations based on their unique needs, but
audit plan preparation will consider the audit's relevant regulatory deadlines, staff requirements
and reporting structure, and overall goals. In particular, these goals will consider how the
company will maintain regulatory compliance via risk assessment and management procedures.
The audit program should also include a timeline detailing when specific aspects of the audit
program should take place and how they should be prioritized.

Audit program planning is usually a continual and iterative process. During audit planning and
development, companies can build on lessons learned from previous audits by implementing
newly learned best practices that alleviate risk and maintain compliance. Audit development
Madam Lorna kerubo

guidelines and best practices vary by industry, but local and regional auditing certifications are
available, as are internationally recognized audit certifications. These certifications include
Certified Internal Auditor and Certified Information Systems Auditor, and membership in the
International Register of Certificated Auditors.

TYPES OF AUDIT PROGRAMS

1. Fixed Audit Program

Generally, auditor prepares audit program on the suggestions and recommendation of assistant
staffs but such program cannot be changed during the course of audit which is known as fixed
audit program. Such program, due to pace of time or change in the situation and size of the client
needs to change even though it cannot be changed. Fixed audit Program can be used in all the
organizations.

Advantages of Fixed Audit Program

* Fixed audit programs are prepared once and program is used in all the organization. So, it
saves time and cost.

* All the works are completed within the stipulated time because auditor does not change such
program on the request of assistant staff.

* Audit program fixes the responsibility of assistant staffs. So, they know their responsibility and
complete their work in time which helps to prepare and present report in time.

Disadvantages Of Fixed Audit Program

* Such program is rigid. So, it cannot be used in all organizations because nature and size of all
the businesses do not remain same.
Madam Lorna kerubo

* Same program will not be useful in the big and small organizations.

* Fixed audit program is unscientific and impracticable because it does not incorporate the
changes caused by time and situation.

* Fixed audit program harasses the staffs because intelligent staffs cannot use their skill and
knowledge.

2. Flexible Audit Program

An audit program which can be changed as per the need, time, nature of business and auditing
standard is known as flexible audit program. Such program should be reviewed on the
recommendations and suggestions of assistants. Such change can be made due to change in
number of work, nature of business, change in management and their feelings. It is just taken as
helping part but assistants can use their knowledge, caliber and intelligence.

Advantages OF Flexible Audit Program

* Auditing remains effective because it can be changed if the change is made in the nature and
size of business.

* Assistant staffs remain happy because such programs are prepared incorporating to the
problems of assistant staffs.