Testing Strategies

Testing is the act of securing suitable evidence to support an audit. It confirms the auditor's initial opinion on the state of internal controls. It is a step in control evaluation, although many auditors test for the sole purpose of highlighting errors or non-adherence with laid down procedure. It depends on the audit objective. The IIA Practice Advisory 2240-1 requires audit procedures to be planned 'Engagement procedures, including the testing and sampling techniques employed, should be...

The Evolution of the Audit Function

It is important to understand the roots of internal auditing and the way it has developed over the years. 1 Extension of external audit Internal audit developed as an extension of the external audit role in testing the reliability of accounting records that contribute to published financial statements. The IIA.UK& Ireland have suggested this link between external and internal audit The nineteenth century saw the proliferation of owners who delegated the day-to-day management of their...

CSRA and Internal Controls

Some see CRSA workshops as ways of developing contingency plans to protect the business interests and for new ventures that are being developed. In fact, many see internal control as mainly relating to disaster recovery and contingency planning, particularly in response to the threat of terrorist attacks. Many risk workshops focus on retaining key staff, and providing back-up arrangements for senior figures or top specialists in the event of an accident or other reasons for their...

Control Framework COSO

Framework Internal Control Coso Model

The wide view of controls means that internal controls cover all aspects of an organization and there is a clear need for a way of pulling together control concepts to form an integrated whole, that is a control framework. The Committee of Sponsoring Organizations COSO of the Treadway Commission devised one such model that has an international recognition as a useful standard. All larger organizations need a formal control framework as a basis for their systems of internal control and IIA...

Investigating Fraud

Although every fraud investigation will be unique, it is nonetheless possible to define certain key stages and devise standardized procedures that may be applied to each one. These may be summarized 1. Allegation received A clear policy should be established. The allegation can come from a variety of sources including Detective controls e.g. a bank reconciliation. Anonymous information by phone or letter. Formal complaint say from a supplier. Concerns expressed by a line manager about their...

Control Framework CoCo

The COSO framework is a powerful tool in that it allows an organization to focus on key structures, values and processes that together form this concept of internal control, far outside the narrow financial focus that used to be the case. The individual is part of the process but it can be hard to get a corporate solution down to grassroots. The criteria of control CoCo is a further control framework that can mean more to teams and individuals and includes an interesting learning dynamic. CoCo...

The Role of the IS Auditor

Computerized Auditing

The role of audit in computerized information systems is vital to the continuing welfare of the organization. The high cost of investing in information technology in terms of set-up costs and its impact on achieving objectives results in an abundance of control implications. The biggest task may be to control this aspect of the organization and, if audit is kept out of these issues, its role will be relegated to minor matters only. The IS auditor may review a system Figure 7.8 , e.g. creditors,...