ACCA 上財(cái) 審計(jì) chap

1、Chapter 16 Internal audit and outsourcingTopic listRevision: internal auditOther internal audit issuesOutsourcingOutsourcing specific functionsImpact of outsourcing on an audit Exam guideOutsourcing and internal auditPlanning scenario questionRevision: internal auditnRevision nRole of internal audit

2、nInternal audit relationshipsnManagement: by whom employed and may report tonAudit committee: to whom they reportnExternal auditors: who may use their worknReliance on the work of internal auditors by external auditors (ISA610)nInternal auditors and risk managementnDirectors should identify, control

3、 and monitor risks.nPolicies taken to each risknAccept risk(if it is low impact and likelihood)nReduce risk(by setting up a system of internal control)nAvoid risk(not entering market, accepting contract etc)nTransfer risk(by taking out insurance)nInternal auditors are placed to monitor this process

4、and add value to it.nThe involvement of internal auditors as a monitoring unit is a continual process.Other internal audit issuesnAssurance engagement VS internal auditnDefinitions nInternal audit is in many ways an assurance function.nInternal audit can also be compared to an agreed-upon procedures

5、 assignment, which is not an assurance engagement.nOperational and compliance auditsnDefinitions nDifference in scope: as part of an operational audit, the operational audit undertake a compliance audit, but the scope also includes an assessment of the effectiveness of the procedures that are being

6、audited.nMulti-site operationnPossible audit approaches:nCompliance based audit approach, check the compliance of the branches with the set procedures, then compared the results from branches.nProcess based audit approach, specific key processed are audited.nTwo ways to undertaken: ncyclical:visitin

7、g all the sites within a given timeframenrisk-based: which branches are to be visited based on the risk attached to them.nPractical considerations:nPractical issues to consider:nWhich sites to visitnHow often to visit various sitesnWhether to conduct routine or surprise visits and what mix of these

8、visits.nConsiderations behind which sites to visit nSize of operationnHistory of systems compliancenQuality /experience of staff on sitenPast results of testingnManagement interest in particular sitesOutsourcing nWhy outsourcenKey terms, outsourcing vs insourcingnGeneral reasonsnFinancial efficiency

9、 Greater cost control, reduce number of employees, impacting shape of an entitys financial statementnChange managementnStrategy Can be part of a strategy to refocus on the core competence, or to improve technical services, it can be entering a market in the most low risk way.nOutsource whatnA compan

10、y will outsource functions which are not perceived to be key competencies.nExample of the toy companynWhen considering the extent to which the company wants to adopt outsourcing, it must consider the risk involved and the control which management want to maintain over the function.nAdvantages and di

11、sadvantages of outsourcingAdvantages Disadvantages Cost Lose control of functionSpecialist serviceInitial cost may be substantialIndemnity Managing contract may take disproportionate amount of timeCash flow Limited liability may lead to court action/Should the above realize, the cost will outweigh t

12、he benefitOutsourcing specific functionsnInternal auditnInternal audit is rarely a core competency of a company.nA key advantage of outsourcing is that outsourcing can be used on a short term basis.nDisadvantages nComplications for the external auditorsnCost might be highnOutsourcing finance and acc

13、ounting functionsnAdvantages and disadvantages list in table on p443-444Impact of outsourcing on an auditnUse of service organizationnService organization is an organization that provides services to another organization.nExamples nAuditors need to consider an approach towards the parts of the audit

14、 affected by the service organization.nConsideration of the client auditornThe auditors should determine the significance of service organization activities to the client and the relevance to the audit.nThe client auditor should consider:nNature of the service provided nTerms of contract and relatio

15、nshipnThe internal control interactnEntitys internal control to the service providednThe service organizations capability and financial strengthnInformation about the service organizationnInformation on general and computer systems controlnIf the client auditor conclude that the service organization

16、 are significant, he should obtain a sufficient understanding of the entity and its environment to identify the risk and design further procedures.(ISA 402.7)nIf the information is insufficient, the auditor should consider using the report of service organization auditor.(ISA 402.9)nService organiza

17、tion auditors reportsnTwo types of reportsnReport on suitability of designnReport on suitability of design and operating effectivenessnThe client auditors considerations(ISA 402.11,13,16)nAssess the usefulness and the appropriateness nWhether the tests provide sufficient appropriate evidencenThe auditor of a service organization may be engaged to perform substantive procedures that are of use