Iia CIA v5-0 Part1 Sectioniii

www.LearnCIA.
com
III – 1
v5.0
Section III: Conducting Internal Audit
Engagements—Audit Tools and Techniques
• Chapter A: Data Gathering and
Process Mapping
• Chapter B: Evaluating Relevance,

Sufficiency, and Competence of
Evidence
• Chapter C: Data Analysis and

Interpretation
• Chapter D: Documentation/Workpapers
• Chapter E: Data Reporting
www.LearnCIA.com
Part 1, Section III (Page 1-165) III – 2
v5.0
Chapter A
www.LearnCIA.com
Part 1, Section III, Chapter A (Page 1-166) III – 3
v5.0
Why Conduct a Preliminary Survey?
Main Purposes Realistic Outcomes
• To become familiar with the Clarification of:

activities, risks, and controls • Purpose of the internal audit
• To identify areas for
• Engagement objectives, scope,
engagement emphasis
and timing
• To invite comments and
• Processes to be audited
suggestions from engagement
clients • Area objectives, related risks, and
controls
• Internal audit resources to be used
• Relevant standards
www.LearnCIA.com
Part 1, Section III, Chapter A, Chapter Introduction (Page 1-166) III – 4
v5.0
Preliminary Survey Element:
Prior Audit Reports and Relevant Documents
Description Considerations
Study of permanent file— Can include documentation
prior audit work papers, in any format.
findings, reports, replies,
auditor comments,
photographs, other related
information.
www.LearnCIA.com
Part 1, Section III, Chapter A, Topic 1 (Page 1-168) III – 5
v5.0
Practice Question
The evaluation of internal controls for a co-sourced payroll
function is part of the regular rotation. In addition to the
permanent files from past internal audits, which of the
following should be reviewed?
I. Literature on industry practices
II. Statements of authority
III. Performance reports
IV. Third-party audit reports of the payroll provider
A. I and II only
B. I and III only
C. I, III and IV only
D. I, II, III and IV
Answer: D
All of these are appropriate for review.
www.LearnCIA.com
v5.0
Third-Party Confirmation
Obtaining direct written verification of the

accuracy of information from independent third
parties.
Positive Confirmation Negative Confirmation
Asks recipients to respond Asks recipients to respond only

regardless of whether or not they when they believe the information
believe the information is correct is incorrect
www.LearnCIA.com
v5.0
Checklists
• Reminder lists used to • Different formats are
establish and maintain possible.
order during an • Guide the internal audit
engagement. activity and help fulfill
• Support important engagement scope.
administrative tasks and
help to establish
consistency and
completeness.
www.LearnCIA.com
v5.0
Discussion Question
What are some appropriate ways to use
a checklist for data gathering?
Sample Answers:
• As a reminder of questions to ask
• As a quick method of gathering information
from a respondent
• As a control to be sure that all correct
activities are performed
www.LearnCIA.com
v5.0
Yes/No Questionnaires
Advantages: Branch: Supervisor:
• Easy to administer. Area: Date completed:
• Uniform information for
Question Yes No Comments
comparisons.
1. Are all credit sales approved by the Credit
• Can go to large numbers of Department before shipping?
informants anywhere. 2. Is the Credit Department independent of the
• Results can be aggregated sales department?
3. Are sales priced on the basis of approved price
and analyzed easily.
lists?
4. Are prenumbered sales invoice forms used?
Disadvantages: 5. Are all sales invoice forms properly
• Not appropriate for all types controlled?
of situations or issues. 6. Are prenumbered shipping orders used to
authorize shipments to customers?
• Not suited for gathering in-
depth knowledge.
• Can’t observe the
respondents.
www.LearnCIA.com
v5.0
Internal Control Questionnaires (ICQs)
Principles Benefits/Concerns
• Pre-constructed array of + Efficient and easy to
questions used to elicit administer
key information about + Provide a checklist to help
internal control with further evaluation
• Start with a known or – Limited to questions with
desired answer and then yes/no answers
seek specific comments – Do not provide for in-depth
• May be completed by the investigation
auditor or directly by the – Require knowing what the
business area procedures should be
www.LearnCIA.com
v5.0
Interviews
Structured discussion to: Can be helpful with subsequent
• Secure management analytical reviews, testing, and
perspective. benchmarking
• Clarify information about the
area to be audited.
• Collect additional necessary
information.
• Provide an observation of
activities to be audited.
• Facilitate a high-level dialogue.
www.LearnCIA.com
v5.0
Successful Interview Elements
• Planning
• Opening
• Conducting
• Closing
• Documenting
• Evaluating
www.LearnCIA.com
v5.0
Discussion Question
What are some effective ways to open
an audit interview?
Sample Answer:
• Step 1: Start on time.
• Step 2: Build rapport with a warm introduction.
• Step 3: Get the interviewee’s name right.
• Step 4: After the warm-up, state objectives and purpose.
• Step 5: Continue building rapport.
www.LearnCIA.com
v5.0
Closing the Interview
• Don’t go past promised deadline.
• Ask for permission to wrap up and to reschedule
if questions remain.
• Summarize key points from
notes.
• Describe the next step.
• Provide contact information.
• Thank the interviewee.
www.LearnCIA.com
v5.0
After the Interview
NOTES
Document Evaluate
• Put notes in final written form. • Meet all objectives and record
• Do it right away. all required information?
• Surprises?
• Right balance of open and
closed questions?
• Organized questions?
• Right time and place?
• Rapport?
• Objectives and purpose
explained?
www.LearnCIA.com
v5.0
Discussion Question
What are some hallmarks of active
listening?
Sample Answers:
• Eye contact
• Facial expressions showing interest
• Brief silences to allow for more information
• Paraphrasing
www.LearnCIA.com
v5.0
Open vs. Closed Questions
To invite descriptions, opinions, narratives,

Open etc.
Questions Example: “Please describe your unit’s step-
by-step recycling procedure.”
To uncover facts in brief statements; to get to

Closed yes or no.
Questions Example: “How often do employees skip a
step in the approved process?”
www.LearnCIA.com
v5.0
Walk-Throughs
Walk-Through Potential Potential
Reveals . . . Root Causes Recommendation
Employee is not executing • Employee has incomplete • Recommend better training on
control. understanding of control control.
procedure or its purpose. • Report issue to local
• Employee is deliberately omitting management.
control due to time, cost, or other
motives.
Employee performs control • Employee does not usually • Discuss potential problem with
correctly despite evidence of perform control and is doing it only local management.
when observed.
control failures.
Employee is attempting to • Employee has incomplete • Implement better training or

execute control but is not understanding of procedure or is management discipline.
deliberately modifying it. • Recommend that control be
following proper procedure. • Procedure does not work well in revised or redesigned with
practice despite being theoretically worker input to be more effective
sound. and/or efficient.
www.LearnCIA.com
v5.0
Practice Question
Which of the following are appropriate to include
when summarizing preliminary survey results?
I. Significant engagement issues
II. Engagement objectives and procedures
III. Evidence of regulatory compliance
IV. Potential excess controls
A. I and II only
B. II and III only
C. I, II and IV only
D. I, III, and IV only
Answer: C
While important information, evidence of regulatory compliance would be
more pertinent during the engagement.
www.LearnCIA.com
v5.0
Using Observation to Gather Data
O O e d ed
fa bse fa bse e rv er
v
ct rv ct rv s s
s ed s ed Ob cts Ob cts
fa fa
Regulations
Client’s Study and
and Experience
claims preparation
Standards
Meaningful observations are facts put in context by the

disciplined, experienced observer.
www.LearnCIA.com
v5.0
Discussion Question
What are some drawbacks or pitfalls to
watch for when using observation as an
audit tool?
Sample Answers:
• Observations are generally weak evidence and need
backup.
• Being observed may change the behavior of the audit
client, leading to wrong conclusions.
www.LearnCIA.com
v5.0
Planning Considerations
Performance Standard 2201,
“Planning Considerations”
“In planning the engagement, internal auditors must consider:

• The strategies and objectives of the activity being reviewed and the means
by which the activity controls its performance.
• The significant risks to the activity’s objectives, resources, and operations
and the means by which the potential impact of risk is kept to an acceptable
level.
• The adequacy and effectiveness of the activity’s governance, risk
management, and control processes compared to a relevant framework or
model.
• The opportunities for making significant improvements to the activity’s
governance, risk management, and control processes.”
www.LearnCIA.com
v5.0
Engagement Objectives
• Address the risks associated with the

activity under review.
Implementation • For planned engagements, the objectives
Guide 2210, proceed and align to those initially identified
during the risk assessment process.
“Engagement
Objectives” • For unplanned engagements, the objectives
are established prior to the start and are
designed to address the specific issue that
prompted the engagement.
www.LearnCIA.com
v5.0
Consideration of Management’s
Risk Assessment
The internal auditor will want to take into
account:
• The reliability of management’s assessment of
Implementation risk.
Guide 2210, • Management’s process for monitoring, reporting,
“Engagement and resolving risk and control issues.
Objectives” • Management’s reporting of events that exceeded
the limits of the organization’s risk appetite and
management’s response to those reports.
• Risks in related activities relevant to the activity
under review.
www.LearnCIA.com
v5.0
Use of a Risk Control Matrix
Steps: Benefits
1 Identify business objectives. + Focuses the audit on the
2 Identify risks to business objectives. areas of greatest risk
+ Documents the complete
3 Rate each risk in terms of likelihood
thought process from risk
and significance.
identification to audit
4 Identify the controls. program development
5 Evaluate the adequacy of controls. + “Teaches” the risk
assessment thought
6 Test the effectiveness of controls.
process
Arrive at the final opinion on + Facilitates participatory
7 adequacy and effectiveness of auditing
controls.
www.LearnCIA.com
v5.0
Discussion Question
When an internal auditor reports the
results of statistical sampling in the
form “We are 95% confident that
the error rate in the population is 6%,
plus or minus 3%,” what exactly does that
mean?
Answer: This means that for a randomly selected
sample from an entire population (e.g., a group of
transactions), there is a 95% chance that the error
rate is between 3% and 9%.
www.LearnCIA.com
v5.0
Discussion Question
Which of the following considerations
would necessitate an increase in sample
size? Which would allow for a smaller
sample?
Answer: Larger Smaller
1. Increase confidence level from
X
90% to 95%.
2. Increase range of error from

 2.5% to  5%. X
3. Increase population size from
150,000 to 500,000. X
www.LearnCIA.com
v5.0
Statistical Sampling
Advantages Disadvantages
+ May yield desired results from – Can be costly and time-

minimum number of items consuming
+ Yields quantified data – May require training and
+ Includes measures of sampling software costs
risk, confidence level, and – May preclude experienced
precision auditors’ insights
+ Is adaptable to computer
testing
+ Lends credibility to audit
conclusions/recommendations
www.LearnCIA.com
v5.0
Discussion Question
What are the differences, if any, between
unsystematic (haphazard) sampling and
judgmental sampling?
Sample answer:
Some, but not all, judgmental sampling is unsystematic.
Unsystematic sampling makes no attempt either to
randomize samples (such as picking every tenth item
from the population) or to select samples according to
the auditor’s best judgment (such as excluding certain
items as obviously unrepresentative).
www.LearnCIA.com
v5.0
Nonstatistical Sampling
Advantages Disadvantages
+ Flexibility – Results not statistically valid

+ Use of internal auditor’s – No objective measure of
judgment sampling risk provided
+ Allows reasonable reliability at – Chance of wrong sample size
reasonable cost – Effectiveness depends upon
auditor’s skill
www.LearnCIA.com
v5.0
Attributes Sampling
When to use To estimate the number of times a
certain characteristic may occur in
a population
Size of sample Based on judgment about
probability that errors (or other
characteristics) will occur or based
on statistical tables
Statistical table • Population size
specifications • Confidence level
• Precision
• Expected rate of errors
www.LearnCIA.com
v5.0
Variables Sampling
When to use Specifications for
variables sampling statistical tables
When size matters; • Population size

(e.g., amount of a • Confidence level
discrepancy) • Precision
• Standard deviation
Reminder: Reminder:
Use attributes sampling when For attributes sampling, error rate
number matters, not size. is a specification, not standard
deviation.
www.LearnCIA.com
v5.0
Variables Sampling Types
Three common types:
• Mean-per-unit estimation
• Difference estimation
• Ratio estimation
www.LearnCIA.com
v5.0
Other Variations of Sample Selection
Choose among several methods of a sample
that includes enough items of the right type to
yield a credible result:
• Random sampling of the entire population
• Stratified random sampling
• Interval sampling
• Cluster sampling
• Haphazard sampling
• Stop-and-go sampling
www.LearnCIA.com
v5.0
Stratified Random Sampling
• Widely varied populations can
be subdivided into more Stratum 2
Billionaires
coherent units before
selecting random samples.
• Can be used to separately
evaluate each category since
each has different controls/ Stratum 1
Ordinary accounts
risks.
www.LearnCIA.com
v5.0
Cluster Sampling
Samples made up of preexisting clusters such as
file drawers, boxes, rooms, etc.
A–Z
A–Z
A–Z
taxes A–Z
Size 9
A–Z
A–Z
A–Z
taxes
A–Z
A–Z
www.LearnCIA.com
v5.0
Discussion Question
When is it appropriate to use the two
types of attribute sampling below?
Answer:
Use stop-and-go Use discovery
sampling when: sampling when:
You think you may You need to find
get reasonable only one instance;
results from a e.g., suspected
small sample. fraud.
www.LearnCIA.com
v5.0
Map Processes
Documentation of Could be used to document
operational processes: tour/walk-through
• Flowcharts
• Narratives
• Block diagrams
www.LearnCIA.com
v5.0
Map Process—Flowcharts
Principles:
• Graphical representation of actual or ideal path.
• Illustrate the relationship of various steps and
control points.
• Identify what the process does or should do.
• Internal auditors may review existing flowcharts
or prepare new ones.
www.LearnCIA.com
v5.0
Standard Flowchart Symbols
www.LearnCIA.com
v5.0
Discussion Question
Identify the flowchart formats described
below as horizontal, vertical, or both.
Answers:
Both 1. Uses a rectangle to indicate a process and a diamond
to indicate a choice point
Horizontal 2. Emphasizes the flow of the steps in the overall
process, moving from left to right
Both 3. May use footnotes to direct the reviewer to narratives
describing the process steps
Vertical 4. Emphasizes process flow and leaves considerable
room outside the diagram for descriptions of the steps
www.LearnCIA.com
v5.0
Benefits/Concerns for Flowcharts
+ Provide a clear picture of how a process
works.
+ Provide a common reference point and
standard language.
–Must be accurate and kept current.
–Should avoid unnecessary complexity.
www.LearnCIA.com
v5.0
Map Process—Narratives
• Provide a step-by-step + Can provide more detailed
picture in a single information than flowcharts.
document without the use + Are flexible and facilitate
of detailed symbols or open-ended questioning.
keys.
• Identify key controls and – May not be complete
enough.
cases of under- or over-
control and processing – Lack of standardization can
redundancy. lead to omissions or difficult
interpretation.
www.LearnCIA.com
v5.0
Map Process—Block Diagrams
• Pictorial representations + Quick and simple to
of a process or activity construct; may be used in
• Include a series of boxes lieu of flowcharts
and connecting lines to + Can show the flow of
indicate association and information and
organizational arrangements
direction/order
+ Useful for high-level
representations
– Not appropriate for
detailed analysis
www.LearnCIA.com
v5.0
Chapter B
www.LearnCIA.com
Part 1, Section III, Chapter B (Page 1-211) III – 46
v5.0
Types of Audit Evidence
• Physical evidence
Examples: stored media, security system in operation
• Documentary evidence
Examples: letters, memos, e-mails, invoices
• Representations or testimonial evidence
Examples: responses to inquiries supported by
documentation
• Analytical evidence
Examples: computations, reasoning, analytical audit tests
www.LearnCIA.com
Part 1, Section III, Chapter B, Topic 1 (Page 1-212) III – 47
v5.0
Discussion Question
Match the type of legal evidence on the
left with its description on the right.
B Secondary A. Generally documentary

A Best B. Copy or oral evidence of document
C. Eyewitness testimony, for example
D Conclusive
D. Leads to only one conclusion
G Hearsay E. Proves an intermediate fact
F Opinions F. Usually admissible only when
provided by experts
E Circumstantial G. Secondhand; generally ruled
C Direct inadmissible in court
www.LearnCIA.com
v5.0
Other Concerns About Evidence
• What is the source of the evidence?
• Will the evidence be available when I need it for

testing?
• Can I use the evidence without violating
confidentiality (Code of Ethics)?
• Will I have access to the evidence without
interference?
www.LearnCIA.com
v5.0
Persuasive Evidence
Sufficient Reliable Relevant Useful
Should be Must come Must be Should be
enough from credible pertinent to germane to
evidence; source. audit objective organization.
different but and logically
related support
pieces of internal
evidence auditor’s
should conclusion or
corroborate advice.
each other.
www.LearnCIA.com
v5.0
Evidence-Gathering Techniques
What are appropriate times to use:
• Inquiry?
• Observation?
• Inspection?
• Vouching?
• Tracing?
• Re-performance?
• Analytical procedures?
• Confirmation?
www.LearnCIA.com
v5.0
Chapter C
www.LearnCIA.com
Part 1, Section III, Chapter C (Page 1-219) III – 52
v5.0
Data Analysis and Interpretation
Involves comparing
information gathered during
an engagement to the
expectations regarding that
information.
www.LearnCIA.com
Part 1, Section III, Chapter C, Chapter Introduction (Page 1-219) III – 53
v5.0
Embedded Audit Modules
Benefits Drawbacks
• Instantaneous review of • Can be difficult to install within

transactions (if desired); checks or along with other software
incoming data against set
criteria
• No need for sampling if
embedded module checks the
total population
• More reliable information for
management’s Sarbanes-Oxley
reporting
www.LearnCIA.com
Part 1, Section III, Chapter C, Topic 1 (Page 1-221) III – 54
v5.0
Discussion Question
What are some of the audit tasks that
generalized audit software (GAS) can
perform?
Sample Answers:
• Read digital “read only” files (to audit, not to alter).
• Examine particular records according to auditor-defined criteria
(in other words, performing targeted data extraction).
• Test calculations or make independent calculations.
• Analyze, summarize, or re-sequence data.
• Test the effectiveness of controls.
www.LearnCIA.com
v5.0
Discussion Question
What are some benefits of generalized
audit software and some obstacles to
adopting it?
Sample answer:
Benefits Obstacles to adopting GAS
• Scrutiny of all transactions, not just • IS staff reluctance to try new
a sample software
• Targeting of specific transactions • Blocking of access to production
within huge populations data by staff concerned that GAS
• Much shorter audit durations will interfere with production
• Uniform interface for all tasks software
• Facilitation of reviews through • Additional costs for training and
maintenance of test logs new software
www.LearnCIA.com
v5.0
Audit-Related Spreadsheet Capabilities
• Linking spreadsheets
• Creating and running MS Excel can generate
different charts from data
macros in a table.
• Converting data to charts 18,000
16,000
and graphs 14,000
12,000
• Performing analytical 10,000
8,000
Budget
Actual
operations
6,000
4,000
2,000
• Performing addition and 0

1 2 3 4 5 6 7 8 9 10 11 12
other mathematical
functions
www.LearnCIA.com
v5.0
Normal Distributions and the Bell Curve
The individual
values in any
large-scale
population tend to
be distributed
symmetrically
around a midpoint
(m).
-3s -2s -1s m +1s +2s +3s
www.LearnCIA.com
v5.0
Measures of Central Tendency
Mean Median Mode
Average Midpoint Most Frequent

The simple average, The exact midpoint The number that
computed by adding of a distribution, with occurs most frequently
all the numbers in a an equal number of in a series.
series of n samples items below it and
and dividing by n. above it.
1+2+3+3+3+4+5
=3 1-2-3-3-3-4-5 1-2-3-3-3-4-5
7
www.LearnCIA.com
v5.0
Outliers
Term used to
describe a value that
lies toward the
extreme end of a
sample.
34.13% 34.13%
13.59% 13.59%
0.1% 0.1%
2.14% 2.14%
-3s -2s -1s m +1s +2s +3s
www.LearnCIA.com
v5.0
Variance
Variance (s2) measures how far each number in the set is from
the mean. It is calculated by taking the differences between
each number in the set and the mean, squaring the differences
(to make them positive) and dividing the sum of the squares by
the number of values in the set.
Note: Square
root of variance
(s2) is standard
deviation (s).
s2 = 75.69
www.LearnCIA.com
v5.0
Statistical Process Control
Assignable
variation
UCL
6
Batches
3 and 7 are Mean Natural
“out of control” 4 variation
LCL
2 Assignable
variation
1 2 3 4 5 6 7 8 9 10
www.LearnCIA.com
v5.0
Analytical Reviews
• Examine relationships Monetary amounts, inventory
among information. quantities, ratios, and
• May examine financial or percentages are typical
nonfinancial, quantitative measures.
or qualitative information.
• Used in different phases of
engagements.
www.LearnCIA.com
v5.0
Discussion Question
The heart of analysis is comparison. What are
some types of comparisons used to analyze
and interpret audit evidence?
Sample answer:
• Comparison of current to prior period
• Comparison of current period to budget or forecast
• Comparison of financial data to nonfinancial data
• Study of relationships among elements of information (e.g., interest
expense to debt balance)
• Comparison of one organizational unit’s performance to another unit’s
• Comparison of organization to industry benchmark
www.LearnCIA.com
v5.0
Discussion Question
Assumed: Variety of techniques for gathering
data; solid basis for determining conclusions.
Question: What are some conditions the
internal auditor discovers by using analytical
procedures?
Sample answer:
• Unexpected differences or absence of expected differences
• Errors or omissions
• Noncompliance
• Illegal acts
• Unusual events/transactions
www.LearnCIA.com
v5.0
Other Analytical Considerations
• Significance of area being examined
• Assessment of risk in area being examined
• Availability and reliability of information
• Prediction of analytical results
• Availability and comparability of information
regarding industry in which organization
operates
• Extent to which engagement procedures support
results
www.LearnCIA.com
v5.0
Discussion Question
(Variance Analysis)
What are the unreasonable Budgeted Actual
Period Expense Expense
relationships in the chart? January $9,000 $8,500
February 10,000 8,500
Answer: Divergence is especially
March 10,500 8,500
large in July and December. April 10,500 9,500
May 10,500 10,500
18,000
June 10,000 12,000
16,000 July 10,000 16,000
14,000
August 12,500 13,000
September 13,000 11,000
12,000
10,000
Budget
8,000
Actual October 12,500 9,000
6,000 November 9,500 8,000
4,000
December 9,000 12,500
2,000
0
1 2 3 4 5 6 7 8 9 10 11 12
Total 127,000 127,000
www.LearnCIA.com
v5.0
Trend Analysis
Trend analysis looks for
Monthly auto sales

changes in a series of Model Y—Convertible
Model X—SUV
historical data. A typical
use of trend analysis is
to track changes in
financial data through
periods
of time—monthly,
quarterly, and annually.
Jan Feb Mar Apr May Jun
www.LearnCIA.com
v5.0
Discussion Question
Provide some examples of trend
analysis.
Sample answer:
Trends analyzed include revenues, expenses,
same-store sales, store openings.
Trends in ratios are also subject to analysis.
www.LearnCIA.com
v5.0
Ratio Analysis
• Ratios are mathematical

relationships among
numbers that compare
A
relationships at specific
point in time. B
• Ratio analysis computes Ratio of A to B where A is
any quantity of interest and
and interprets these ratios. B is any other related
quantity.
www.LearnCIA.com
v5.0
Nonfinancial Ratios
• Compare relationships between two measurable
and correlated business elements
• Make data comparable or common size
• Often used as KPIs to measure and manage
achievement of objectives and mitigation of key
risks
www.LearnCIA.com
v5.0
Financial Ratios
How They Work General Types Users
By comparing Activity, liquidity, Auditors,
relationships of leverage (debt), managers,
various financial profitability investors, lenders
statement items to
assess
organizational or
unit performance
www.LearnCIA.com
v5.0
Activity Ratios
Ratio What It Measures
Inventory Turnover Number of times during the year inventory is
replaced
Days’ Sales Outstanding Effectiveness in collecting receivables (small
is good)
Accounts Payable Number of times company’s accounts are
Turnover generated/ paid in year
Fixed Assets Turnover Efficiency in use of fixed assets to generate

sales
Total Assets Turnover How well assets are being used to produce
revenues
www.LearnCIA.com
v5.0
Liquidity Ratios
Current Ratio Measures potential to pay down current
liabilities; larger number indicates more
assets available to pay debts
Quick Ratio Like current ratio except current assets
exclude inventory as least liquid (least
available) current asset
Net Working Capital Not a ratio; subtracts current liabilities from
current assets to gauge potential to pay
debts
www.LearnCIA.com
v5.0
Leverage (Debt) Ratios
Debt Ratio All the organization’s debt to all of its assets;
provides a general measure of its ability to
repay creditors.
Debt to Equity Ratio Measures an organization’s proportion of
liabilities (what is owed) to equity (residual
ownership of assets).
Times Interest Earned Measures the organization’s ability to service
Ratio all of its liabilities. Indicates the number of
times a company can cover fixed obligations
with earnings before interest and taxes.
Fixed Payment Coverage Measures an organization’s ability to pay
Ratio fixed obligations within a set period of time.
www.LearnCIA.com
v5.0
Discussion Question
Leverage (Debt) Ratios
Ratio Is Higher or Lower Better?
Debt Ratio Answer: Lower. A higher ratio
generally indicates greater debt
relative to assets and more risk.
Debt to Equity Ratio Answer: Lower, generally. But the

organization should carry some
reasonable debt relative to equity.
Times Interest Earned Answer: Higher. A higher ratio indicates

Ratio greater ability to cover obligations with
earnings (EBIT).
Fixed Payment Answer: Higher. A higher ratio
Coverage Ratio indicates greater ability to cover fixed
obligations within a set time.
www.LearnCIA.com
v5.0
Profitability Ratios
Gross Profit Margin Effectiveness of pricing and cost control
Operating Profit Margin Operational efficiency
Net Profit Margin Effective management of debt, taxes,

operations, pricing, cost controls
Return on Investment (ROI) Effective use of assets to generate profits
Return on Equity (ROE) Success in generating net profits relative to
equity
Return on Capital Effectiveness in using debt and equity to
generate earnings
Earnings per Share Company’s value to investors
www.LearnCIA.com
v5.0
Discussion Question
Identify the analytical review technique
described in the example.
Answers:
Ratio analysis 1. Examines sales of inventory across four
quarters
Variance analysis 2. Compares the liquidity position of different

divisions
Variance analysis 3. Evaluates retention goals with employee

turnover statistics
Trend analysis 4. Compares data from repetitive audits

www.LearnCIA.com
v5.0
Discussion Question
Give a brief definition of regression
analysis.
70,000
Sample answer: 60,000
Statistical technique Sales 50,000

Revenues
used to measure the (USD) 40,000
amount of change in 30,000

20,000
one value in relation to
10,000
a change in another.
0 20 40 60 80 100 120 140
Marketing
Expenditures (USD)
www.LearnCIA.com
v5.0
Discussion Question
Regression analysis traces
the impact of one condition
(independent variable) on
90,000 Scatter diagram
another condition
Fraud Losses (USD 000)

(dependent variable). 75,000
Which is the independent 60,000
variable in the scatter 45,000

diagram?
30,000
15,000
Answer: Security
0 200 400 600 800 1,000 1,200
expenditures (x axis) is the Security Expenditures
independent variable. (USD 000)
www.LearnCIA.com
v5.0
Simple Regression Analysis
The simple regression equation allows the internal
auditor to study the relationship of two variables:
one dependent variable and one independent
variable.
Y = a + bX
Where:
Y = dependent variable
X = independent variable
a = value of Y when X is 0; a constant
b = increase in Y for each unit of increase in X
www.LearnCIA.com
v5.0
Multiple Regression Analysis
Y = a + b1X1 + b2X2 +…+ bnXn
The multiple regression equation allows the

internal auditor (or anyone else mathematically
inclined) to study the relationship of the dependent
variable with more than one independent variable.
www.LearnCIA.com
v5.0
Discussion Question
What are some limitations of regression
analysis?
Sample answer:
• Can show correlation but not causation.
• Cannot be the basis for concluding that change in
the independent variable caused change
in the dependent variable. Other variables
may have been involved.
www.LearnCIA.com
v5.0
Pareto Analysis
• Based on the 80/20 rule:

80% of problems, outputs or
rewards of a process tend to be 20%
caused by just 20% of the total
causes, inputs, or effort.
80%
• Used to prioritize 80%
recommendations on just those
key activities, controls or other
20%
changes that are likely to create INPUTS OUTPUTS
the greatest effect.
www.LearnCIA.com
v5.0
Benchmarking
• Compares performance • Numerous sources
measures against those • Choice influenced by:
of an internal or external – Ease of access to the
group information
• Determines areas for – Caliber of information
potential improvement sought
and identifies best
practices
www.LearnCIA.com
v5.0
Classifications of Benchmarking
Internal Compares similar information within process or entity.
Competitive Compares measures with similar measures of direct

competitors.
Industry Compares processes to those with similar processing
in same industry.
Functional Compares organizations with related functions in the
same technical area.
Generic Compares process in one operation against process
with similar features in another industry.
Best-in-class Compares measures with those of organizations that
are leaders in their industry.
www.LearnCIA.com
v5.0
Discussion Question
Identify the benchmarking classifications
described below.
Answers:
Competitive 1. Compares management career paths
between two computer manufacturers
Internal 2. Compares domestic and international
operations
Functional 3. Compares disaster recovery plans for a
television station and a newspaper
4. Compares internal performance to
Best-in-class industry leader
www.LearnCIA.com
v5.0
Chapter D
www.LearnCIA.com
Part 1, Section III, Chapter D (Page 1-265) III – 88
v5.0
Standard 2330
Performance Standard 2330,
“Documenting Information”
Internal auditors must document sufficient, reliable, relevant, and

useful information to support the engagement results and conclusions.
2330.A1: The CAE must control access to engagement records and

obtain the approval of senior management and/or legal counsel
prior to releasing records.
2330.A2: The CAE must develop retention requirements consistent
with organization guidelines and regulatory requirements.
2330.C1: The CAE must develop policies for retention and release of
records (internal and external).
www.LearnCIA.com
Part 1, Section III, Chapter D, Chapter Introduction (Page 1-266) III – 89
v5.0
Discussion Question
What are the purpose of workpapers?
Answers include the following:
Support engagement Facilitate third-party

communications. reviews.
Aid engagement planning, Engagement Provide basis for quality

performance, and review. workpapers assurance and
improvement program.
Document
Demonstrate compliance
achievement of
with regulatory/legal
engagement
requirements.
objectives.
www.LearnCIA.com
Part 1, Section III, Chapter D, Chapter Introduction (Page 1-266) III – 90
v5.0
Documenting the Engagement
• The organization, design, and content of

engagement workpapers depend on the
engagement’s nature and objectives and the
Implementation organization’s needs.
Guide 2330,
• Most organizations develop unique workpaper
“Documenting requirements for assurance and consulting
Information” engagements.
• Workpaper formats or templates iImprove
efficiency and consistency of the engagement
process
www.LearnCIA.com
Part 1, Section III, Chapter D, Topic 1 (Page 1-268) III – 91
v5.0
Necessary Workpaper Contents
• Should contain all the work done during
the engagement.
• Should document the audit’s objectives
and methods so thoroughly that a new Engagement
auditor added to the project at any workpapers
point could fully comprehend the
engagement from the workpapers and
bring the audit to a successful
conclusion.
www.LearnCIA.com
v5.0
Workpaper Format
 Engagement identification;
description of contents or purpose
 Signature or initials of internal auditor
Engagement and date
workpapers  Index or reference number
 Explanation of verification symbols
(tick marks, etc.)
 Clear identification of data sources
 Summaries
www.LearnCIA.com
v5.0
Practice Question
Who is responsible for control of workpapers?
A. Internal audit staff
B. Senior management
C. The CAE
D. The board
Answer: C
Because the chief audit executive (CAE) is responsible for such
coordination and for developing the internal audit activity’s policies and
procedures, it is logical for the CAE to develop guidelines and
procedures for completing workpapers for various types of engagements.
www.LearnCIA.com
v5.0
Engagement Supervision
Span of CAE engagement Supervisory responsibility
n
it o
n a
ng atio ss ng s ic
-u
p
ff ope
d
i d
au ren
e a
at her
i ta sis g un
nn par r D Da aly din m ll ow a l
St eve
a
Pl pre
F a at an Fi
n m o
aw g Co F d
Assures that engagement has been carried out

y
according to high quality standards, objectives

yy
m E
/m A
/y
achieved, staff evaluated for professional development.

dd C
www.LearnCIA.com
v5.0
Elements of Proper Engagement Supervision
• Trained auditor—knowledge, • Communications are accurate,
skills, and competencies to objective, clear, concise,
perform. constructive, and timely.
• Proper instructions during the • Engagement objectives are
planning and approval of met.
engagement program. • Opportunities for developing
• Program is completed and auditors’ knowledge, skills, and
modified using accepted competencies.
practices.
• Work papers support
observations, conclusions, and
recommendations.
www.LearnCIA.com
v5.0
Chapter E
www.LearnCIA.com
Part 1, Section III, Chapter E (Page 1-277) III – 97
v5.0
Interim Reporting
Use interim reports to:
REPORTS
• Communicate information that requires

immediate attention.
• Communicate a change in engagement scope
for the activity under review.
• Keep management informed of engagement
progress when engagements extend over a long
period.
www.LearnCIA.com
Part 1, Section III, Chapter E, Topic 1 (Page 1-278) III – 98
v5.0
Practice Question
Internal auditors are responsible for all of the
following when providing compliance assurance
EXCEPT
A. understanding all current regulations and legislation.
B. monitoring compliance activities.
C. providing insights into the ramifications of
noncompliance.
D. informing senior management of indications of
significant noncompliance.
Answer: B
Management and the internal audit activity both have important roles. It is
management’s responsibility to implement policies and monitor
compliance.
www.LearnCIA.com
v5.0
Providing Control Assurance
• Many individual assessments must be

aggregated to evaluate effectiveness of
organization’s control process.
Implementation
• Three key considerations are:
Guide 2130,
– Were significant discrepancies or weaknesses
“Control” discovered from the audit work performed and
other assessment information gathered?
– If so, were corrections or improvements made
after the discoveries?
– Do the discoveries and their consequences lead
to the conclusion that a pervasive condition exists
resulting in an unacceptable level of business
risk?
www.LearnCIA.com
v5.0
Discussion Question
The audit committee reports to senior
management and the board on the state of the
risk management and control processes, usually
once a year.
A. True
B. False
Answer: False
The CAE is responsible for the report, which should refer to major work
performed by internal audit and to other important sources of
information that were used to formulate the overall assurance
judgment.
www.LearnCIA.com
v5.0
Providing Control Assurance
Implementation Standard
2210.A3
“Adequate criteria are needed to evaluate governance,

risk management, and controls. Internal auditors must
ascertain the extent to which management and/or the
board has established adequate criteria to determine
whether objectives and goals have been accomplished.
If adequate, internal auditors must use such criteria in
their evaluation. If inadequate, internal auditors must
identify appropriate evaluation criteria through
discussions with management and/or the board.”
www.LearnCIA.com
v5.0
Discussion Question
Findings should be based on solid facts.
What are the five parts of a finding?
Internal Audit Finding
Answer: Criteria Condition Cause Effect Recommendation

Facts
Facts
Facts
Facts
Facts
Facts
www.LearnCIA.com
v5.0
Opinions
• When an overall opinion is issued, it must take into account the
expectations of senior management, the board, and other
stakeholders and must be supported by sufficient, reliable, relevant,
and useful information.
• Interpretation for Standard 2450 states that the communication will
identify:
– Scope, including time period to which opinion pertains.
– Scope limitations.
– Consideration of all related projects, including reliance on other assurance
providers.
– Risk or control framework or other criteria used as basis for overall opinion.
– Overall opinion, judgment, or conclusion reached.
• The reasons for an unfavorable overall opinion must be stated.
www.LearnCIA.com
v5.0
Engagement vs. Overall Opinions
Engagement Overall Opinions
The rating, conclusion, and/or The rating, conclusion, and/or other

other description of results of an description of results provided by the
individual internal audit CAE addressing, at a broad level,
engagement, relating to those governance, risk management,
aspects within the objectives and and/or control processes of the
scope of the engagement. organization. An overall opinion is
the professional judgment of the
CAE based on the results of a
number of individual engagements
and other activities for a specific time
interval.
www.LearnCIA.com
v5.0
Opinions on the Adequacy of
Internal Controls
Opinion Description Meaning
Positive Provides highest level Controls are satisfactory or
assurance of assurance. unsatisfactory, effective or
ineffective, meet expectations or
don’t meet expectations, etc.
Negative Indicates no evidence Provides limited assurance that
assurance of inadequate internal sufficient evidence was gathered to
controls. determine whether controls were
inadequate.
Qualified Provides an opinion Controls were satisfactory, with the
with qualifications that exception of (for example) accounts
contradict the overall payable controls, which require
opinion. significant improvement.
www.LearnCIA.com
v5.0
Recommendation Considerations
• The course of action that is most practical
and economical in correcting the disparity
• The objectives that should be kept in mind
when recommending corrective action
• The considerations for management in
setting forth an improved course of action
• The open choices and how they measure up
when compared with the objectives
• The best choice with the least unsatisfactory
side effects
• The mechanism that should be suggested to
control the corrective action after it is taken
www.LearnCIA.com
v5.0
End of Section III
Questions?
www.LearnCIA.com
Part 1, Section III (Page 1-289) III – 108
v5.0

Iia CIA v5-0 Part1 Sectioniii

Uploaded by

Copyright:

Available Formats

Iia CIA v5-0 Part1 Sectioniii

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Iia CIA v5-0 Part1 Sectioniii

Uploaded by

Copyright:

Available Formats

www.LearnCIA.

• Chapter B: Evaluating Relevance,

• Chapter C: Data Analysis and

• Chapter E: Data Reporting

• To become familiar with the Clarification of:

Obtaining direct written verification of the

Positive Confirmation Negative Confirmation

Asks recipients to respond Asks recipients to respond only

To invite descriptions, opinions, narratives,

To uncover facts in brief statements; to get to

Employee is attempting to • Employee has incomplete • Implement better training or

Meaningful observations are facts put in context by the

“In planning the engagement, internal auditors must consider:

• Address the risks associated with the

2. Increase range of error from

+ May yield desired results from – Can be costly and time-

+ Flexibility – Results not statistically valid

When size matters; • Population size

B Secondary A. Generally documentary

• Will the evidence be available when I need it for

• Instantaneous review of • Can be difficult to install within

and graphs 14,000

• Performing analytical 10,000

• Performing addition and 0

-3s -2s -1s m +1s +2s +3s

Mean Median Mode

Average Midpoint Most Frequent

Monthly auto sales

• Ratios are mathematical

Fixed Assets Turnover Efficiency in use of fixed assets to generate

Debt to Equity Ratio Answer: Lower, generally. But the

Times Interest Earned Answer: Higher. A higher ratio indicates

Operating Profit Margin Operational efficiency

Net Profit Margin Effective management of debt, taxes,

Variance analysis 2. Compares the liquidity position of different

Variance analysis 3. Evaluates retention goals with employee

Trend analysis 4. Compares data from repetitive audits

Statistical technique Sales 50,000

amount of change in 30,000

Fraud Losses (USD 000)

Which is the independent 60,000

variable in the scatter 45,000

Y = a + b1X1 + b2X2 +…+ bnXn

The multiple regression equation allows the

• Based on the 80/20 rule:

Competitive Compares measures with similar measures of direct

Internal auditors must document sufficient, reliable, relevant, and

2330.A1: The CAE must control access to engagement records and

Support engagement Facilitate third-party

Aid engagement planning, Engagement Provide basis for quality

• The organization, design, and content of

Assures that engagement has been carried out

according to high quality standards, objectives

achieved, staff evaluated for professional development.

• Communicate information that requires

• Many individual assessments must be

“Adequate criteria are needed to evaluate governance,

Internal Audit Finding

Answer: Criteria Condition Cause Effect Recommendation

• The reasons for an unfavorable overall opinion must be stated.