<<

. 43
( 82 .)



>>

Exhibit 6.5 (Continued)

reporting, as well as the related AICPA Statements on Auditing Standards (SAS).
GAGAS prescribe general standards and additional field work and reporting stan-
dards beyond those provided by the AICPA when performing financial audits. (See
chapters 3, 4, and 5 for standards and guidance for auditors performing a financial
audit in accordance with GAGAS.):

Attestation Engagements
Attestation engagementsc concern examining, reviewing, or performing agreed-
2.07
upon procedures on a subject matter or an assertiond about a subject matter and re-
porting on the results. The subject matter of an attestation engagement may take
many forms, including historical or prospective performance or condition, physical
characteristics, historical events, analyses, systems and processes, or behavior. At-
testation engagements can cover a broad range of financial or nonfinancial subjects
and can be part of a financial audit or performance audit. Possible subjects of at-
testation engagements could include reporting on:
a. an entity™s internal control over financial reporting;
b. an entity™s compliance with requirements of specified laws, regulations, rules,
contracts, or grants;
c. the effectiveness of an entity™s internal control over compliance with specified
requirements, such as those governing the bidding for, accounting for, and re-
porting on grants and contracts;
d. management™s discussion and analysis (MD&A) presentation;
e. prospective financial statements or pro-forma financial information;
f. the reliability of performance measures;
g. final contract cost;
h. allowability and reasonableness of proposed contract amounts; and:
i. specific procedures performed on a subject matter (agreed-upon procedures).
2.08 Attestation engagements are performed under the AICPA™s attestation standards, as
well as the related AICPA Statements on Standards for Attestation Engagements
(SSAE). GAGAS prescribe general standards and additional field work and report-
ing standards beyond those provided by the AICPA for attestation engagements.
(See chapters 3 and 6 for standards and guidance for auditors performing an attes-
tation engagement in accordance with GAGAS.)

Performance Audits
2.09 Performance audits entail an objective and systematic examination of evidence to
provide an independent assessment of the performance and management of a pro-
gram against objective criteria as well as assessments that provide a prospective
focus or that synthesize information on best practices or cross-cutting issues. Per-
formance audits provide information to improve program operations and facilitate
decision making by parties with responsibility to oversee or initiate corrective ac-
tion, and improve public accountability. Performance audits encompass a wide va-
riety of objectives, including objectives related to assessing program effectiveness
and results; economy and efficiency; internal control;e compliance with legal or
other requirements; and objectives related to providing prospective analyses, guid-
ance, or summary information. Performance audits may entail a broad or narrow
scope of work and apply a variety of methodologies; involve various levels of
Components of the Corporate Audit Plan 213



analysis, research, or evaluation; generally provide findings, conclusions, and rec-
ommendations; and result in the issuance of a report. (See chapters 3, 7, and 8 for
standards and guidance for auditors performing a performance audit in accordance
with GAGAS.)
2.10 Program effectiveness and results audit objectives address the effectiveness of a pro-
gram and typically measure the extent to which a program is achieving its goals and
objectives. Economy and efficiency audit objectives concern whether an entity is ac-
quiring, protecting, and using its resources in the most productive manner to achieve
program objectives. Program effectiveness and results audit objectives and economy
and efficiency audit objectives are often interrelated and may be concurrently ad-
dressed in a performance audit. Examples of these audit objectives include assessing
a. the extent to which legislative, regulatory, or organizational goals and objectives
are being achieved;
b. the relative ability of alternative approaches to yield better program performance
or eliminate factors that inhibit program effectiveness;
c. the relative cost and benefits or cost effectiveness of program performance;f
d. whether a program produced intended results or produced effects that were not
intended by the program™s objectives;
e. the extent to which programs duplicate, overlap, or conflict with other related
programs;
f. whether the audited entity is following sound procurement practices;
g. the validity and reliability of performance measures concerning program effec-
tiveness and results, or economy and efficiency; and:
h. the reliability, validity, or relevance of financial information related to the per-
formance of a program.
2.11 Internal control audit objectives relate to management™s plans, methods, and pro-
cedures used to meet its mission, goals, and objectives. Internal control includes the
processes and procedures for planning, organizing, directing, and controlling pro-
gram operations, and the system put in place for measuring, reporting, and moni-
toring program performance. Examples of audit objectives related to internal
control include the extent that internal control of a program provides reasonable as-
surance that
a. organizational missions, goals, and objectives are achieved effectively and effi-
ciently;
b. resources are used in compliance with laws, regulations, or other requirements;
c. resources are safeguarded against unauthorized acquisition, use, or disposition;
d. management information and public reports that are produced, such as perfor-
mance measures, are complete, accurate, and consistent to support performance
and decision making;
e. security over computerized information systems will prevent or timely detect
unauthorized access; and
f. contingency planning for information systems provides essential back-up to
prevent unwarranted disruption of activities and functions the systems support.
2.12 Compliance audit objectives relate to compliance criteria established by laws, reg-
ulations, contract provisions, grant agreements, and other requirementsg that could
affect the acquisition, protection, and use of the entity™s resources and the quantity,
quality, timeliness, and cost of services the entity produces and delivers. Compli-
ance objectives also concern the purpose of the program, the manner in which it is
to be conducted and services delivered, and the population it serves.


(continued)
214 An Overview of Audit Planning



Exhibit 6.5 (Continued)

2.13 Audit organizations also undertake work that provides a prospective focus or may
provide guidance, best practice information, and information that cuts across pro-
gram or organizational lines, or summary information on issues already studied or
under study by an audit organization. Examples of objectives pertaining to this
work include
a. assessing program or policy alternatives, including forecasting program out-
comes under various assumptions;
b. assessing the advantages and disadvantages of legislative proposals;
c. analyzing views of stakeholders on policy proposals for decision makers;
d. analyzing budget proposals or budget requests to assist legislatures in the bud-
get process;
e. identifying best practices for users in evaluating program or management system
approaches, including financial and information management systems; and
f. producing a high-level summary or a report that affects multiple programs or en-
tities on issues studied or under study by the audit organization.

Nonaudit Services Provided by Audit Organizations:
2.14 Audit organizations may also provide nonaudit services that are not covered by
GAGAS.h Nonaudit services generally differ from financial audits, attestation en-
gagements, and performance audits in that auditors may (1) perform tasks re-
quested by management that directly support the entity™s operations, such as
developing or implementing accounting systems; determining account balances;
developing internal control systems; establishing capitalization criteria; processing
payroll; posting transactions; evaluating assets; designing or implementing infor-
mation technology or other systems; or performing actuarial studies or (2) provide
information or data to a requesting party without providing verification, analysis, or
evaluation of the information or data, and, therefore, the work does not usually pro-
vide a basis for conclusions, recommendations, or opinions on the information or
data. These services may or may not result in the issuance of a report. In the case
of nongovernment auditors who conduct audits under GAGAS, the term nonaudit
services is synonymous with consulting services.
2.15 GAGAS do not cover nonaudit services described in this chapter since such ser-
vices are not audits or attestation engagements. Therefore, auditors should not re-
port that nonaudit services were conducted in accordance with GAGAS. However,
audit organizations are encouraged to establish policies for maintaining the quality
of this type of work, and may wish to disclose such policies in any product result-
ing from this work, any other professional standards followed, and the quality con-
trol steps taken.
2.16 Importantly, although GAGAS do not provide standards for conducting nonaudit
services, auditors providing such services need to ensure that their independence to
provide audit services is not impaired by providing nonaudit services. (See chapter
3, general standards on independence.)


a
The three authoritative bodies for establishing accounting principles and financial reporting
standards are the Federal Accounting Standards Advisory Board (federal government), the
Governmental Accounting Standards Board (state and local governments), and the Financial
Accounting Standards Board (nongovernmental entities).
Components of the Corporate Audit Plan 215


b
Special reports apply to auditors™ reports issued in connection with the following: (1) financial
statements that are prepared in conformity with a comprehensive basis of accounting other than
generally accepted accounting principles; (2) specified elements, accounts, or items of a financial
statement; (3) compliance with aspects of contractual agreements or regulatory requirements related
to audited financial statements; (4) financial presentations to comply with contractual agreements or
regulatory requirements; or (5) financial information presented in prescribed forms or schedules that
require a prescribed form of auditors™ report.
c
For consistency within GAGAS, the word “auditor” is used to describe individuals conducting and
reporting on attestation engagements.
d
An assertion is any declaration or set of declarations made by management about whether the
subject matter is based on or in conformity with the criteria selected.
e
The term “internal control” in this document is synonymous with the term management control and,
unless otherwise stated, covers all aspects of an entity™s operations (programmatic, financial, and
compliance).
f
These objectives focus on combining cost information with information about outputs or the benefit
provided and outcomes or the results achieved.
g
Compliance requirements can be either financial or nonfinancial in nature.
h
If audit organizations provide nonaudit services, audit organizations need to consider whether
providing these services creates a personal impairment either in fact of appearance that adversely
affects their independence for conducting audits.

Source: Comptroller General of the United States, Government Auditing Standards 1994 Revision
(Washington, D.C.: U.S. General Accounting Office, 2003), pars. 2.01 to 2.16.


cordance with generally accepted auditing standards and determine whether the fi-
nancial statements are presented in conformity with generally accepted account-
ing principles. For example, the external auditors will examine the entity™s
statement of income, balance sheet, statement of cash flows, and the notes to the
financial statements. Moreover, the auditors™ examination will include a review of
the system of internal controls (tests of controls) and substantive testing of trans-
actions and records based on their professional judgment. The independent audi-
tors must plan their audit engagement and document their audit plan. The audit
plan in Exhibit 6.6 is an example. Note that the audit plan will vary from company
to company; thus it may require expansion or contraction of certain areas in actual
practice.16
Although the year-end financial audit is associated with the independent ac-
counting firm, management may request interim financial audits from the internal
auditing group. For example, management may request an internal financial audit
of the financial statements at the end of a specified period, such as a month or
quarter of the year. Internal auditors will conduct their examination and express
their opinion on the statements. Such statements will be used within the entity, not
distributed to the external users of accounting information. Furthermore, the in-
ternal auditors may conduct a review of the system of internal control to determine
their effectiveness. Also, they may review management™s actions toward the pro-
tection and security of the entity™s assets. Finally, as a result of their financial
audit, the internal auditors may be requested to engage in special assignments,
such as the implementation of a fraud prevention program involving various
branches or warehouse locations.


16
Exhibit 6.6 is a simplified version intended to stress the time budget aspects of the audit plan.
Exhibit 6.6 Financial Audit Plan
216



Time Summary Form
Client: ___________________________________ Financial Statement Date: _________________
Budgeted Time
Asst. I/C Mngr. Ptnr. Tot. Assist.
Planning & administration ___________ ___________ ___________ ___________ ___________ ___________
Internal control structure ___________ ___________ ___________ ___________ ___________ ___________
Cash ___________ ___________ ___________ ___________ ___________ ___________
Investments ___________ ___________ ___________ ___________ ___________ ___________
Receivables ___________ ___________ ___________ ___________ ___________ ___________
Inventories ___________ ___________ ___________ ___________ ___________ ___________
Other assets ___________ ___________ ___________ ___________ ___________ ___________
Property & equipment ___________ ___________ ___________ ___________ ___________ ___________
Notes & loans payable ___________ ___________ ___________ ___________ ___________ ___________
Payables & accruals ___________ ___________ ___________ ___________ ___________ ___________
Income taxes ___________ ___________ ___________ ___________ ___________ ___________
Other liabilities ___________ ___________ ___________ ___________ ___________ ___________
Equity ___________ ___________ ___________ ___________ ___________ ___________
Revenues ___________ ___________ ___________ ___________ ___________ ___________
Expenses ___________ ___________ ___________ ___________ ___________ ___________
Commitments, contingencies, & subsequent events ___________ ___________ ___________ ___________ ___________ ___________
Related parties ___________ ___________ ___________ ___________ ___________ ___________
Trial balance & adjustments ___________ ___________ ___________ ___________ ___________ ___________
Supervision & review
Management letter
Report preparation ___________ ___________ ___________ ___________ ___________ ___________
Totals ___________ ___________ ___________ ___________ ___________ ___________
___________ ___________ ___________ ___________ ___________ ___________
Source: George Marthinuss and Larry L. Perry, Comprehensive Engagement Manual, Vol. 3, Chapter. 11 (New York: AICPA, 1992), pp. 11“14. Copyright (c) 1992 by the American
Institute of Certified Public Accountants, Inc. Reprinted with permission.
An Overview of Audit Planning




*Attach memorandum explaining significant variances.
Sources and Suggested Readings 217


Operational audits are usually performed by the internal
Operational Audits
auditing staff. The primary purpose of such audits is to review and appraise the ac-

<<

. 43
( 82 .)



>>