Scribd Logo
Upload

Welcome to Scribd!

  • AUD 571 Answer Sheet On-Line Test 2

    Uploaded by

    siti
    104 views4 pages
    answer sheet

    Original Title

    AUD 571 Answer Sheet on-line Test 2 (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    answer sheet

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    104 views4 pages

    AUD 571 Answer Sheet On-Line Test 2

    Uploaded by

    siti
    answer sheet

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    AUD 571 (INTERNAL AUDITING)

    ON-LINE TEST 2 (10 JUNE 2015)


    Answer sheet
    Name : SITI NORFADILAH BT MOHD RUSLI
    Matric No. : 2011400298
    Question 1
    a) Describe the work that will be performed at the preliminary stage and to what extent it
    will affect the preparation of the audit program.
    The purpose of this stage of the audit process is to conduct an internal risk assessment
    of the area under review. This enables the auditor to identify and focus on the critical
    risks within the area or process under review.
    1. Conduct opening conference
    The internal auditor will schedules an entrance conference with the head of the
    department to discuss the purpose and scope of the audit. The auditor should obtain
    the following information from the management.
    Review and research currents developments, trend, industry
    information related to the business conducted by the
    organization, and other appropriate sources of information to
    determine risks and exposures that may affect the organization
    and related control procedures used to address, monitor and
    reassess the risks.
    Review the corporate policies and board minutes to determine
    the organizations business strategies, risk management
    philosophy and methodology, appetite for risk, and acceptance
    of risks.
    Financial information, organizational chart, policy and
    procedure and other pertinent information
    Obtains any management reports utilized by the department
    Conducts interviews of department personnel to obtain an
    understanding of the processes under review
    Based on the interviews and the process review, auditor will
    develop process flows and identify where the risks lie within the
    process.
    b) i. Reporting of the actual result of audit is important because it will help the auditor to
    make a conclusions on the audit reports. The auditor should be independent from the
    client company, so that the audit opinion will not be influenced by any relationship
    between them. The auditors are expected to give the unbiased and honest opinion on
    the financial statement to the shareholders. The actual result will show that whether
    the company itself have a good performance or not show there will be no conflict of
    interest and influence by other.

    ii.Finding is the fact and figure collected by an auditor to satisfy the objectives of the
    audit while recommendation is the courses of action suggested by the auditor in line
    which the objectives of the audit. During the audit finding, the auditor will discuss and
    obtain all information with the management to assess the risk. While for the
    recommendation, the auditor will suggest the recommendation based on the risk that
    have been assess for management to implement the recommendation have been given
    to ensure the system re effective and efficient.

    iii. Avoidable conflicts are conflicts that exist within the internal audit department and
    process. Conflict will exist when the internal auditors do not understand the internal
    audit process due to ambiguity and uncertainty. When the auditors do not understand it
    might will difficult to deal with the management. Next the auditors fail to think
    strategically and systematically. Sometime, in organization, the auditor might give the
    recommendation without systematically and strategically. The conflict will occur
    because the management will not be satisfied with the auditor. The auditor should
    think critically to give the best recommendation to the management and should use all
    the knowledge and competence to ensure their work is effective and efficient. Lastly is
    there is a lack of understanding on the importance of the internal audit and the trends
    and challenges facing the profession. The management should understand that the
    internal audit is important for assessing the risk and provide the recommendation to
    ensure that the organization change implement the effective system for the
    organization to achieve their goal. The internal audit also is important to prevent the
    fraud that might be happen in the organization. The internal auditor should explain to
    the management about the important of the internal audit.

    Question 2
    a) Audit plan
    Monitor the employees
    As we know, if we prevent from early it better as when the situation become
    worsen it will be hard to overcome. The management can monitor the
    employee by sending an undercover to join the group and if there is suspicious
    plan, the undercover can report about it.For example,the undercover group can
    make their job by join the project manager, office manager and long-time
    employees that have a plan to commit the fraud by
    receipts for
    reimbursements twice.

    Employee education
    The internal auditor can advise the management to give education to the
    employee at least basic fraud awareness or anti-fraud training. When the
    employee take part, they will realize that the action that he does is wrong and
    maybe he will be get punishment. The management should send the entire
    employee to anti-fraud training for ensure that they will not not commit fraud
    again and will work toward the organizational goals.

    Fraud policies
    The auditor should advise the management to have the fraud policies.an
    organization should have a policy stating clearly its stand and actions that
    would be taken against perpetrators of fraud. If the management did not take
    an action, maybe the perpetrators will excited to commit the fraud and will do
    against because there have nobody to take an action against him. When there
    have the policies, the perpetrators will afraid to do the fraud.

    b) Identify and explain why the internal auditors failed to discover these frauds.

    No checks to ensure that only appropriate employees are recruited by taking


    references, checking for criminal convictions, and regulatory body disciplinary
    actions. This means that there has no check to ensure that the employees that
    are hires is the right employee to the company. The management should make
    a research about the employees before hired them.

    No checks over posting access to information technology systems. The auditor


    should check whether the employee misuse the information technology system
    that can allowed them to commit the fraud.

    Lack of the policies regarding the companys values and behavioral standards
    and no published code of conduct. There have no appropriate policies so that
    the employee is excited to do the fraud.

    Company management does not take appropriate actions in response to


    departures from approved policies and procedures or the code of conduct.

    Question 3
    What implications do the above findings have for internal auditors? How would they
    influence the way that an internal auditor plans a computer audit?
    The implication:
    Skill and knowledge of IT and e-commerce environment
    The auditor should be well equipped and be capable to address e-commerce systems,
    security, controls, and provide assurance auditing services. The skill and knowledge of
    IT and auditors capability in e-commerce would be the demands by management
    those charged with governance, and regulatory authorities for improved assurance of
    effective and continues information security.

    Knowledge of the business


    The auditor should have knowledge on the business strategy, activities and industry.
    The auditor also should know whether the entity use the e-commerce strategy or
    outsourcing arrangements. This is to ensure that the auditor can make a effective
    recommendation the entity for implementation. When the auditor have an knowledge
    in the type of the business activities, the auditor can easily to identifies which fraud
    that might be happen for the information technology system and will take an
    appropriate action to improves the control of the technical and procedural controls so
    as to minimize risks and also to ensure compliance with policies, standards,
    procedures and law and regulations.

    Risk identification
    Risk assessments should be performed after the auditors has obtained a clear picture of
    the organizations IT environment. The auditor should develop process to identify
    risks, asses risk, and rank audit subjects using IT risks factors and business risk
    factors. A risk are identified whether through experience or formal assessment,
    suitable risk responses should be determined which may range from not taking any
    action and accepting the risk as a cost of doing business, to applying a wide range of
    specific controls. Based on the risk above, the auditor should identify the nature of the
    business that incurred the high risk. Based on the survey, the auditor should more
    focus on the high risk for example, Business interruption due to network or system
    failure and unauthorized access or changes to data or systems. By assessing the risk,
    the auditor can give a recommendation should be appropriate to the level of the risk
    faced by the organization.

    You might also like