Roles and Strategies of a Business Audit
SUMMATIVE ASSESSMENT 2PROJECT1
Write a 3,000 word paper explaining why audits are conducted and what the roles of the various audit team members (including external experts/ specialists) might be.
Explain, in detail, the procedures that would be carried out to organise, complete and report on an audit.
As part of the process, meetings will need to be held. Give examples of the types of meetings that might be held, their purpose and what might be included on the agenda of the meetings.
– What reports might be made as a result of the audit?
– In what format and to whom will reports be presented?
– What legislation, codes of practice and quality standards apply to auditing?
An audit is a systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled.
(planning audit activities)
Two types of audits may be conducted in an organisation:
- Internal:An internal audit is performed by or at the direction of members of the organization (first party). Self-assessment and management review are conducted to ensure that the system is operating as intended; to investigate problems and implement corrective action to prevent recurrence; and to identify opportunities for improvement (processes effectiveness, efficiency, and customer satisfaction).
Internal audit procedures apply to all aspects of the management system such as:
– Standard Operating Procedures
– Quality System Procedures
– Environmental Management System
– Occupational Health and Safety
– Training procedures
– Calibration procedures
– Maintenance procedures
– Emergency procedures
– Records procedures
– Customer complaint procedures
– Other Specifications
Internal audits are conducted to:
– ensure the organisation complies with all regulatory requirements
– ensure the organisation complies with standards – ISO 9001
– check performance to the organizations objectives
– ensure the Quality Management System is effectively implemented and maintained
– identify of problem areas
– look for best practices and opportunities for improvement
– search for preventive action that could be applied in the key areas
– improve customer satisfaction
– enhance employees satisfaction with work
– check performance to the organizations objectives
Internal audit is an appraisal activity established within an entity and functions under the direction of the companys management and board. It is a management tool and forms part of the companys internal control structure. The main focus of an internal audit is to evaluate the adequacy and effectiveness of the companys internal control.
A third party conducts an external audit with a purpose of conformity to a specific standard and legislation.
External audit criteria:
– Standards ISO9001 (The global industry standard that sets out the requirements for a Quality Management System (QMS) to help organizations improve efficiency and customer satisfaction)
– Government regulations
– Government industry codes
– Financial Management System
– Corporate policies
– Market requirements
– Customers requirements
– Product and services requirements
ISO9001 auditing requires auditors to use specific process auditing methods such as tracing, flowcharting and evaluating techniques align with the management system. The top management role is to determine the effective implementation and maintenance of the quality management system.
Auditors play a critical role in ensuring that organisations are confident and informed when making investment decisions.
Quality management principles:
– Process Approach in the design of the standard
The desired result is achieved more efficiently when activities and related resources are managed as a process
– System approach to management
Identifying, understanding, and managing interrelated processes as a system contributes to the organizations effectiveness and efficiency in achieving its objectives
An external audit is undertaken by an auditor who is independent of the entity and has been appointed to express an opinion on the financial statements or other specified accountability matter.
Effective planning of an audit is essential to ensure that auditors focus on the areas of greater risk and carry out their audits efficiently. Generally, the audit plan consists of the following steps:
- Assigning an audit representative and team to oversee the internal audit process
- Defining a clear charter for the internal audit process (policies and procedures)
- Implementing effective communication channels with other auditing such as finance, production process, human resources
- Defining audit schedule/plan
- Defining main activities and processes:
- Audit criteria(e.g., what policies, procedure and instructions are required? What are internal and external requirements?)
- Audit objectives(e.g., improving efficiency, improving processes, compliance with required standards such as ISO9001)
- Audit scope(e.g., what are the boundaries of an audit? what processes are included? what is the audit emphasis?)
- Auditresources(e.g., who will audit? do we have personnel who has appropriate skills and knowledge? Do we need support from any special technical expertise? What support will be required?)
- Relevant documentation and evidence
- Defining departments and activities involved in the audit
- Setting activities and timeframes
- Defining main activities and processes:
- Determining the way of the input collection to management review
- Determining the analysis of audit process and result (report audit results including conclusions and recommendations)
- Planning corrective action (if required)
- Following-up to ensure corrective actions are effective
Appointing an audit representative
An auditor is required to have knowledge and skills in:
– audit principles, procedures and techniques
– the organisation processes including management system, quality system, specific processes, and product or service knowledge
– standards requirements indicated in ISO 19011 and other legislative requirements
– education and experience
– good judgement and communication skills
– planning and effective communication
– investigating and analysing situation
– organising and directing audit team members
– preventing and resolving conflicts and leading team in reaching conclusions
– consolidating inputs and preparing reports
For the success of the audit process appointed personnel l also need to meet the auditing principles and undertake specific audit training to meet those requirements.
The main principles of auditing:
– Ethical conduct
– Fair presentation
– Evaluations based on evidence
– Professional care
Audit Team Members Roles and Responsibilities
All audit members internal and external, expert and specialist should share the following responsibilities:
– Compliance with audit procedures, standards and legislation
– Document audit findings
– Communicate audit findings
– Prepare a final report
– Contribute to team effort by accomplishing related results as needed.
An audit committee plays a pivotal role in the governance framework to provide an organisation with independent oversight and monitoring of the audit processes, including the internal control activities.
The internal audit leaders are responsible for effectively managing the internal audit activity in accordance with the internal audit charter and the mandatory elements of the International Professional Practices Framework. They must ensure that internal audit resources are appropriate, sufficient, and effectively deployed to achieve the approved plan. They are also responsible for assigning areas of responsibility for each team member and identify any specialists and experts that will be needed to accompany the team in the audit process.
Moreover, they need to for develop and maintain effective channels of communication with the key stakeholders which include:
– Front-line employees
– Middle management
– Senior management
– External auditors
– Sourcing partners
The audit team roles and responsibilities are the same for an internal and external auditor and include a range of activities such as:
– Planning and conducting audit
– Attending meetings
– Developing appropriate methodologies and objectives
– Reviewing work processes
– Providing ad hoc advice to managers and staff at all levels
– Performing a risk assessment on key business activities
– Determining appropriate levels of staffing for the audit team
– Determining audit reporting requirements
The management responsible for the area being audited are accountable for elimination any detected nonconformities and their causes to ensure that the audit process is taken without undue delay.
The management and staff responsibility is to focus on the quality of reporting, timely reporting and facilitation of the audit process. They should have a positive and helpful approach to the audit process (e.g., auditors should be provided with all information and explanations that may be relevant to the audit in a timely manner)
Technical experts may be called in to provide specialist knowledge or expertise in what is being audited and to advice on technical matters that would be beyond the knowledge or capabilities of the audit team. They may accompany the team on the audit inspection if required, or be referred to when necessary. Technical experts need to be appropriately accountable for audit quality and follow the required procedures and standards.
Audit Standards and Procedures
Audit procedures indicate ways of applying techniques to a particular part of an audit, for example, the audit objectives required the collection of the data to support a decision, and how to plan and carry out internal audits.
Organisations should establish a manual of policies and procedures that guide internal auditors in their work. The content of these policies should be consistent with relevant standards and cover the following topics:
– Attribute Standards
– Purpose, Authority and Responsibility
– Proficiency and Due Care
– Quality Assurance Performance Standards
– Managing the Internal Audit Activity
– Nature of the Work
– Engagement Planning
– Performing the Engagement
– Communication of Results
– Monitoring Progress
– Resolution of Managements Acceptance of Risk
Code of Ethics
It is a comprehensive statement of the values and principles which should be followed by auditors during the audit process. Auditors should conduct the audit process in a manner which promotes co-operation and good relationship between auditors and other parties involved in the process. They should represent trust, integrity, confidentiality, competence and fairness. All work performed during the audit process must comply with legislative requirements.
Auditors have to adhere to standards of behaviour and should be above of any suspicion and blame. They should be objective in dealing with the issues under the review process. The final report and conclusions should be based on evidence obtained in accordance with the relevant standards. They also need to present competence and apply high professional standards in caring out their work such as honesty, confidentiality, respect and courtesy, due care and diligence.
In documenting the nature, timing, and extent of audit procedures performed, the auditor must to:
– Prepare documentation in a manner that helps to carry out an appropriate audit process (collecting a sufficient and appropriate recordin accordance with applicable legal and regulatory requirements)
– Prepare the audit documentation on a timely basis (as per schedule)
– Document all relevant data and evidence:
- Who performed the audit work
- Identified characteristics of the specific matters/processes/items tested
- Discussions of significant matters with management and others
- Meetings minutes
- How they addressed any inconsistency in forming the final conclusion
Audit Analytical procedure:
Analytical procedures support auditors during obtaining audit evidence. This includes the way they analyse data and evidence (e.g., investigation, identification of fluctuations or relationships that are inconsistent with other relevant information). Examples of the analytical test include:
– Trend analysis,
– Ratio analysis,
– Reasonableness testing
Audit Sampling procedure:
The following policy and procedure set out the factors that must be considered in developing representative samples for audit interviews and worksite sampling. This also stipulates minimum interview and worksite sampling standards required to meet the audit standards. Auditors must use representative sampling that reflects both the size and complexity of the organization being audited.
The quality of communications between directors and audit committees and the auditor is important in supporting audit quality. This communication should include concerns and risks affecting the processes that support the information in the financial report, and how these concerns and risks are being addressed by directors and management and responded to in the audit.
It describes the purpose and the agreed-upon requirements about reporting system (format, timeframe, list of personnel who should receive a copy of the report, evidence required to enable users to understand the nature of the report).
This procedure is developed to ensure all work areas are kept free from hazards or potential hazards that may lead to injury or adverse environmental impact. It also outlines who can conduct an inspection (authorised audit companies, internal audit team), schedule of the audit, protective equipment requirements, how often, evidence and confidentiality requirements, and interview process when applicable.
In a situation when corrective action and follow-up is required supporting procedures may be implemented. The audit leader needs to develop policy which will define the objectives how the follow-up process will be conducted, how it will be scheduled and prioritised, who will be involved and the frequency of the follow-up activity.
The lead auditor is responsible for arranging the opening meeting. A team of auditors meets to examine different processes and areas. The opening meeting conversation should be followed and included in the agenda, such as:
– Introduction of the audit team members (identification/credentials, responsibilities)
– Purpose of the meeting (introduction of the scope of the audit, outline the audit objectives, procedure and standards)
– Audit Plan (audit schedule and timeframes, a short summary of how the audit activities will be undertaken)
– Audit policies and procedures
– Resources (access to information, confidentiality issues, the auditors limited access to certain areas)
– Introduction to methods and techniques (how data will be collected, analysed and reported)
– Communication process and techniques during the audit process
– Logistic process (meeting room locations, necessary equipment and services, working hours)
– Risk management (safety, emergency and security procedures)
– Confidentiality (confidentiality and information security)
– Exit (closing) meeting procedure(final report format
– Ending meeting discussion and questions
– Information about the next meeting schedule
For more complex or external audits daily meetings such as briefings may be required. During a typical briefing meeting the audit team should verify processes, identify any uncovered problems, address a solution to the problems and confirm processes to be completed in the required timeframe.
Once the auditors have completed the audit process, a closing meeting is held with the auditors management and other site representatives involved in the audit. It is recommended that prior to the closing meeting, a pre-closing meeting should be held to allow the auditors to collate all findings, and analyse the evidence (interviews, document checks, employment site tour). The size and formality of the closing meeting depend on the purpose and scope of the process audit. Managers, senior management, and other relevant personnel involved in the decision-making process should be present at the closing meeting to review findings and achieve consensus on the audit outcome. A final report or its draft can be presented at the closing meeting. The management of the audited organisation and other agreed-upon parties are provided with copies of the report.
In the closing meeting, the audit team should provide the final conclusion, provide a briefing on any
areas which require immediate attention, request for any clarification to their evidence if needed and provide a timeframe for completion of the audit report.
Audit Data and Evidence
Internal auditors use many different techniques to gather information:
– By being a part of the organisation where the internal auditors have knowledge and understanding of the way the organisation works
– By observing processes in operation (walking through)
– By completing a survey to gather specific facts from individuals, a group of people or an organisation
– By discussion of specific issues in an informal setting (focus groups)
– By one-to-one interviews with managers, team leaders and employees
There are a variety of techniques to collect and analyse data during the audit process which include: analysis of financial statement, scanning, flowcharting, inspection, electronic data processing, document examination, observation, surveys, sampling techniques, compliance test, interviews and inspections.
Gathered through the audit process data and evidence requires verification. The auditor responsibility is to verify a large amount of information as they can obtain.
The audit ends when the audit plan has been fully completed and the audit report is issued. Audit findings should address any corrective and preventive recommendations which are core to benefiting from the audit process.
Audit summary may include:
– Comments regarding the effective implementation of a process
– Suggestions for improvement in specific areas (e.g., customers service, product or service quality, work processes,)
– Categorisation of the non-compliances with reference to their environmental risk
– Conclusion regarding the conformance of the audited process to the specific requirements and standards (e.g., ISO9001)
In a case when the audit conclusion indicated non-compliances with audit standards a follow-up plan should be defined. The plan needs to specify a course of action to address any non-compliance identified in the audit findings, and to achieve compliance. The action plan can be developed with input from the audit representatives to ensure that the actions required are appropriate and achievable.
Audit reports should include background information, the audit scope, objectives, observations, findings, conclusions, recommendations and agreed management actions. Reports should promote
better practice options and explain why the recommended changes are necessary.
A free-form format audit report is commonly used within small and medium size organisations. This report usually includes a summary of the audit findings with the specification of corrective actions and recommendation.
The report should be concise, informative, constructive and easy to read. It should indicate:
– Audit findings
– Recognition of activities that meet the required standards and outcomes
– Summary of the evidence that was gathered in relation to each standard
– Identification and clear description of any areas and problems that need attention
– Improvement opportunities for consideration
A Corrective Action Report identifies the areas of non-conformity and defines the reasons for the judgement of non-compliance. It also provides recommendations about improvements to be made and timeframes.
Prior the audit process, the report format and timeframes need to be agreed upon, as well as names of those to whom copies of the report should be provided.
Audit Legislation and Standards
The auditing standards require an auditor to comply with relevant ethical requirements, including those about independence, when performing audits, reviews and other assurance engagements.
Audit obligations often depend on national, state or territory legislation and regulatory requirements.
Australian Quality Standards refers to manufacturing industries and revolve around products. These Auditing Standards are legislative instruments under the Legislative Instruments Act 2003
Corporations Act 2001- The Corporations Act establishes a comprehensive statutory regime on auditor regulation, including auditor registration requirements, extensive auditor independence requirements and a strong disciplinary framework.
Assurance Engagements / Compliance Engagements / Quality Control For Firms that Perform Audits and Reviews of Financial Reports and Other Financial Information, Other Assurance Engagements and Related Services Engagements
Compiled Auditing Standard Compliance with Ethical Requirements when Performing Audits, Reviews and Other Assurance Engagements
Public Finance and Audit Act 1983 re an effective system of internal control over financial and related operations
The Australian Securities and Investments Commission (ASIC) is a statutory body established under federal legislation. All the other key bodies performing specified functions in relation to the audit regulatory framework have also been established under the umbrella of the national corporations legislation.
- Australian Government. Australian Skills Quality Authority. Code of Practice.
- The Institute of Internal Auditors. Code of Practice.
- Chartered Institute of Internal Auditors. Code of Ethics.
- Laboratory Quality Management Services P/L. INTERNAL UDITS
- Chartered Institute of the Internal Auditors. How to gather and evaluate information
- EPA Compliance Audit. Handbook.
- I-Auduitor. ISO 9001 A Beginners Guide
- ACCA Think Ahead. Audit Working Papers
- LUTZ Business Insights. HOW AUDITORS USE ANALYTICAL PROCEDURES
- External and Internal Audit
- Government of Western Australia. Requirements for Mandatory Auditors Report. Contaminated Sites Guidelines . November 2016.
- J.P. Russell and Associates. Process Auditing Techniques.
- INTOSAI. Code of Ethics and Auditing Standards.
- IPPF Supplemental Guidance. Global Technology Audit Guide. Understanding and .