Compliance Auditing

In: Business and Management

Submitted By diggy
Words 1780
Pages 8
Project: Compliance Auditing | Final DraftAdvanced Auditing | | | | |


I. Compliance Audits a. Objective, Scope, and Methodology b. Regulations II. Features & Benefits a. Assessment of overall security b. Exposures that create the greatest risk c. Internal Controls III. The Compliance Audit Process d. Interviews and Reviews e. Preparation f. Procedural Component IV. Conclusion

Compliance Auditing

Compliance auditing determines whether a process or transaction has or has not followed applicable rules. If rules are violated, the auditor determines the cause and recommends ways to prevent future deviations. The rules being tested can be those created by the organization for itself through corporate by-laws, policies, plans, and procedures; can be those imposed on the organization through external laws and regulations; or can be those external standards that the organization has chosen to follow. In addition Compliance auditors gather evidence regarding fraudulent or abusive activity affecting governmental entities. Their audits are designed to detect and deter the misappropriation of public assets and to reduce future fraud risks. (Associates, 2003)
Compliance auditors must have the skills to research issues effectively using authoritative materials, understand how to apply the knowledge gained to the circumstances being tested, and be able to explain to the organization what compliance means in day-today operations. Reaching a conclusion that an outcome complies or does not comply with a standard is not necessarily simple, especially in domains governed by complex regulations (e.g. occupational health and safety, environmental, employment practices, health care, insurance, federal grants and contracts, employee pensions and benefits, federal tax etc.).…...

Similar Documents


...Audit and Assurance Services Chapter 1 1 Learning Objectives 1. What is auditing?  Distinguish between auditing and accounting.  Importance of auditing in reducing information risk. 2. Distinguish audit services from other assurance and non-assurance services provided by CPAs. 3. Three main types of audits. 4. How to become a CPA?  Identify the primary types of auditors. 2  What is auditing? Evaluating 3 Nature of Auditing Auditing is the accumulation and evaluation of evidence about information to determine and report on the degree of correspondence between the information and established criteria. Auditing should be done by a competent, independent person. 4 Audit Reporting -- (Expressing Opinions) The final stage in the auditing process is preparing the Audit Report, which is the communication of the auditor’s findings to users. 5 Information and Established Criteria To do an audit, there must be information in a verifiable form and some standards (criteria) by which the auditor can evaluate the information. 6 Accumulating Evidence and Evaluating Evidence Evidence is any information used by the auditor to determine whether the information being audited is stated in accordance with the established criteria. Transaction data Client inquiry Written and electronic Communications with outsiders Observations 7 Competent, Independent Person The auditor must be......

Words: 2208 - Pages: 9

It on Auditing

...INFORMATION TECHNOLOGY ON AUDITING” In our modern world today, everything is possible... Everything is faster. But based on this fact, do we really know the influence of evolving “Information Technology” on our society specifically in the dynamics of businesses nowadays? To respond with this, IT has affected many sectors or aspects especially auditing. Audit is an evaluation of a person, organization, system, process, enterprise, project or product to enable the auditor to express an opinion whether the financial statements are prepared, in all material respects, is in accordance with the applicable financial reporting framework. The use of computers in the process of auditing is what we called “Accounting Information System” which is wildly by the auditors today. In a business context, information technology (IT) is defined as "the study, design, development, application, implementation, support or management of computer-based information systems". The prompt growth in information technology (IT) competencies and the longing of businesses of all sizes to obtain competitive advantage have led to a dramatic increase in the use of IT systems to make, process, store and communicate information. Today, employees at all levels use IT systems in their daily activities. Electronic records have replaced traditional paper documents. In fact, there are few companies that don’t rely on IT to at least some extent to achieve their financial reporting, operating and compliance......

Words: 614 - Pages: 3

Auditing It Infrastructures for Compliance

...and combine them into one final report. These reports will consist of: - The two auditing frameworks or hardening guidelines / security checklists used by the DoD. - How a security assessment addressing modern day risks, threats, and vulnerabilities throughout the 7-domains of a typical IT infrastructure can help an organization achieve compliance. - How to gather and obtain needed information to perform a GLBA Financial Privacy & Safeguards Rules compliance audit and what must be covered. - The top workstation domain risks, threats, and vulnerabilities which will not only include possible causes, but mitigations as to prevent these issues from happening. - The top LAN – to – WAN risks, threats, and vulnerabilities which will not only include possible causes, but mitigations as to how we can prevent these issues from happening. - The top Remote Access Domain risks, threats, and vulnerabilities as well as ways to mitigate these types of issues. - The top Systems / Application Domain risks, threats, and vulnerabilities as well as ways to mitigate these types of issues. Part 1: Purpose: The purpose of part 1 for this lab is to develop an executive summary in regards to either the two auditing frameworks or hardening guidelines/security checklists used by the DoD. For this, I have chosen to discuss the two auditing frameworks. Background: A little background about the AF (Auditing Framework) for the DoD is that it provides a foundation for developing and......

Words: 2140 - Pages: 9


...Corporate governance heavily refers to the whole structure of rights, processes and controls established internally and externally over the management of a business entity with the objective of protecting the interests of its stakeholders from any type of loses incurring. To begin with, firstly there are three types of auditors in the corporate governances, internal, external and government auditors. The role of the internal auditors in the corporate governance is to evaluates corporate activities, controls or procedures and ensures that they are adequate and in compliance with senior management's recommendations and human resources guidelines. An internal audit also helps a firm adhere with regulatory standards and industry practices.An internal auditor evaluates a firm's processes, "controls" and mechanisms to ensure that they are "adequate" and "functional". A control is a group of instructions that top management puts into place to avoid losses due to human error, technology breakdowns or fraud. A "functional" control provides corrections to internal problems. A control is "adequate" when it clarifies instructions for job performance and problem reporting. An auditor also ensures that a firm's activities and controls abide by government mandates or industry regulations. (Codjia, 2013) Moreover the role and responsibility of an external auditor is to provide assurance to the general public regarding the truth and fairness of the information presented in the audited......

Words: 2531 - Pages: 11

Auditing Ethics and Compliance experienced in moving toward the solution. Keep a close correlation with how the positive outcome is tied to one of the steps the business took in determining the solution. For example, "Company ABC found that, according to market research, Company XYZ can not only solve the shipping problem now, but is able to handle the expected shipping needs for Company ABC for years to come." |Introduction: The ethics of auditing | Next | Introduction: The ethics of auditing Tom Campbell Accountancy and auditing are complex and technical processes. Ethics, in contrast, might be considered relatively simple. The difficult part of ethics, it may be argued, is not knowing what we ought to do, but getting ourselves, and others, to do the right thing. Truthfulness, honesty, care, loyalty, integrity: we know what they require, but we do not know if and how these requirements can be met. If this is indeed the case, and we want to promote ethical auditing, then we need to attract decent people into the profession, train them well, and not subject them to more temptation than they can cope with. Beyond that, all that is required is a code of ethics laying down minimum standards of professional conduct, with a complaints and disciplinary process to deal with any errant behaviour that comes to the attention of professional bodies, such as CPA Australia and the Institute of......

Words: 5555 - Pages: 23

Auditing It Infrastructures Compliance

...In the given table, you need to fill in the name of the laws, and correspondingly, fill the sector related to each law. You need to provide a rationale of compliance laws with which a public or a private organization may have to comply. |Compliance Laws |Description of Compliance Law |Rationale for Using this Law | | |This act is the result of public company account |Corporate accountability and responsibility act. | | |reform and investor protection act. | | | |This act mandate many reforms to enhance corporate | | |Sarbanes-Oxley Act (SOX) |responsibility, financial disclosure, and prevent | | | |fraud. | | |Health Insurance Portability and |Provides for helping citizens maintain their health |Health care | |Accountability Act (HIPPA) |insurance coverage. |Protection of health insurance coverage | | |Improves efficiency and effectiveness of the American...

Words: 414 - Pages: 2


...disclosures 1-3 1. Risk-free interest rate This is approximately the rate the bank could earn by investing in U.S. treasury notes for the same length of time as the business loan. 2. Business risk for the customer This risk reflects the possibility that the business will not be able to repay its loan because of economic or business conditions such as a recession, poor management decisions, or unexpected competition in the industry. 3. Information risk This risk reflects the possibility that the information upon which the business risk decision was made was inaccurate. A likely cause of the information risk is the possibility of inaccurate financial statements. Auditing has no effect on either the risk-free interest rate or business risk. However, auditing can significantly reduce information risk. 1-4 The four primary causes of information risk are remoteness of information, biases and motives of the provider, voluminous data, and the existence of complex exchange transactions. The three main ways to reduce information risk are: 1. User verifies the information. 2. User shares the information risk with management. 3. Audited financial statements are provided. The advantages and disadvantages of each are as follows: | |ADVANTAGES |DISADVANTAGES | |USER VERIFIES INFORMATION |User obtains......

Words: 3669 - Pages: 15

Auditing and Compliance Lab 4 have better security controls than older browsers. Make users aware of the risks involved and give them examples of the types of attack. Make users aware of the organization’s AUP. Make users aware of the legal issues. Repeat awareness development and training at regular intervals. 13. When auditing an organization for compliance, what role does IT security policies and an IT security policy framework play in the compliance audit? Since IT systems are used to generate, change, house and transport that data, IT personnel have to build the controls that ensure the information stands up to audit scrutiny. Policies determine what data is to be stored, who has access to the data, and how and where it is stored. 14. When performing a security assessment, why is it a good idea to examine compliance in separate compartments like the seven domains of an IT infrastructure? Each domain has different degrees of risk that require different mitigation solutions. Each domain will have different standards to meet compliance requirements. 15. True or False. Auditing for compliance and performing security assessments to achieve compliance requires a checklist of compliance requirements. True...

Words: 1109 - Pages: 5


...should be incorporated into audit planning procedures due to risk of internal control weaknesses (ASA 315, Appendix 1) and non-compliance with existing accounting policies which may give rise to material misstatements (Arens et al. 2013, p. 286). Evidence: * Compare the operation of key internal controls in previous year’s sales cycles with evidence from the current period (Arens et al. 2013, p. 290). * Check past activities and reports from departed executives and make enquiries of existing personnel for evidence of * controls since changed, amended or overridden by management * changes to policies that alter authorisation requirements for financial transactions * segregation of duties * deals authorised by departed executives * reasons for resignation (ASA 500, A22, A23). * Review Board Minutes and additional correspondence for evidence of issues amongst Board members (ASA500, A8). * Conduct an internal control questionnaire to verify completeness and accuracy of sales records and correct classification of transactions (ASA 500, A14; Arens et al. 2013, p. 282, 287). * Examine the summary of significant accounting policies in the notes of financial statements for changes to accounting policies and practices (Elders 2013b, p. 4). * Re-calculate carrying amounts of livestock to check for compliance issues in inventory recognition (ASA500, A19; Binstead & Sprague 2013). EVENT 3: On 2nd August 2013, ‘Elders was......

Words: 1566 - Pages: 7


...CHAPTER 2 OVERVIEW OF AUDITING I. Review Questions 1. One definition of auditing is that it is a systematic process by which a competent, independent person objectively obtains and evaluates evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to interested users. The Philippine Standards on Auditing (PSA) 120 “Framework of Philippine Standards on Auditing” states the objective of an audit as follows: “The objective of an audit of financial statements is to enable the auditor to express an opinion whether the financial statements are prepared in all material respects, in accordance with an identified financial reporting framework.” 2. This apparent paradox arises from the distinction between the function of auditing and the function of accounting. The accounting function is the process of recording, classifying and summarizing economic events to provide relevant information to decision makers. The rules of accounting are the criteria used by the auditor for evaluating the presentation of economic events for financial statements and he or she must therefore have an understanding of generally accepted accounting principles (GAAP), as well as generally accepted auditing standards (GAAS). The accountant need not, and frequently does not, understand what auditors do, unless he or she is involved in doing audits, or has been......

Words: 2252 - Pages: 10

Lab 6: Auditing the Workstation Domain for Compliance

...Lab 6: Auditing the Workstation Domain for Compliance Question 1 – What are some common risks, threats, vulnerabilities commonly found in the Remote Access Domain that must be mitigated through a layered security strategy? a. Some common risks, threats, or vulnerabilities are company laptop stolen, software keyloggers being put on computers and having passwords and user accounts stolen, data leakage, and unauthorized access to the network. Question 2 – File-sharing utilities and client-to-client communication applications can provide the ability to share files with other users (i.e. Peer-to-Peer networking or Sharing). What risk and/or vulnerabilities are introduced with these applications? a. A lot of these are shared through clear text. If a user uses the same password for logging into one of these utilities as they do for their network login or any other data sensitive login the password can be easily compromised. Question 3 – Explain how confidentiality can be achieved within the Workstation Domain with security controls and security countermeasures. a. You can achieve this by using GPO’s and WMI filters. This will help push Workstation security policies to the computers such as if the computer is idle for more than 5 minutes it locks, or access to different parts of the computer like control panel are blocked. Question 4 – Explain how data integrity can be achieved within the Workstation Domain with security controls and security countermeasures. a. Security......

Words: 951 - Pages: 4

Ethics, Compliance Auditing, and Emerging Issues

...Ethics, Compliance Auditing, and Emerging Issues INTERNAL MEMO TO: John Doe CEO FROM: Glen Leonard RE: Ethics Program / Training /Compliance Auditing ------------------------------------------------- DATE: February 22, 2016 This memo serves as notice that we will soon initiate efforts to develop and implement an ethics program as well as the appropriate training and an effective way to monitor those plans. As you are aware, consumers and partners want to work with companies they can trust, and having a program that will build management skills and effectively structure business controls is a great way to become transparent and build that trust. Overall, an effective ethics and compliance program will protect the organization by identifying and preventing inappropriate conduct while promoting adherence to the legal and ethical responsibilities of the organization. The core components of the proposed ethics program will include: * Establishing Standards and Procedures – this will include code of conduct, policies and procedures * Training and Education, to ensure employees are trained on the code of conduct, policies and procedures and other programs and objectives that are relevant to the program * Monitoring, Auditing and Evaluation establishing a system to detect and prevent unethical conduct and to ensure the system is effective and being adhered to. To close, with the establishment of an effective ethics......

Words: 1669 - Pages: 7

Threat to Compliance with Fundamental Principles on Auditing

...Threats to Compliance With The Fundamental Principles 1. Self-interest threat – the threat that a financial or other interest will inappropriately influence the professional accountant’s judgment or behavior. Examples of the circumstances that may create self-interest threat include: a. A direct financial interest or material indirect financial interest in a client b. A loan or guarantee to or from a client or any of its directors or officers c. Undue independence on total fees from a particular client d. Concern about the possibility of losing the engagement e. Having a close business relationship with a client f. Potential employment with a client g. Contingent fees relating to an engagement 2. Self-review threat – the threat that a professional accountant will not appropriately evaluate the results of a previous judgment made or service performed in forming a conclusion about the subject matter of the engagement. Examples of the circumstances that may create self-review threat include: a. A member of the engagement team being, or having recently been, a director or officer of the firm. b. A member of the engagement team being, of having recently been, an employee of the client in a position to exert direct and significant influence over the subject matter of the engagement. c. Performing services for a client that directly affect the subject matter of the engagement. d. Preparation of original data used to generate......

Words: 690 - Pages: 3


...organisations has created the need for a specialist in various business controls: the internal auditor. We can understand better the nature of internal auditing today if we know something about the changing conditions in the past and the different needs these changes created. What is the earliest form of internal auditing and how did it come into existence? How has internal auditing responded to changing needs? As the operations of an organisation become more voluminous and complex, it is no longer practicable for the owner or top manager to have enough contact with all operations to satisfactorily review the effectiveness of performance. These responsibilities need to be delegated. The Development of the Profession of Internal Auditing Internal auditing has evolved from accounting-oriented to a management-oriented profession. At one time, internal auditing functioned as a junior to the independent accounting profession, and attesting to the accuracy of financial matters was the profession's main concern. Now internal auditing has established itself with a far broader focus. Modern internal auditing provides services that include the examination and appraisal of controls, performance, risk and governance throughout public and private entities. Financial matters represent only one aspect of the purview of internal auditing. Requirement to have Internal Audit Activity In January 2004, the US Securities and Exchange Commission (SEC) had approved new......

Words: 6115 - Pages: 25


... AUDITING THEORY TESTBANKS / REVIEWERS 1. When an auditor believes that an understanding with the client has not been established, he or she should ordinarily a. Perform the audit with increase professional skepticism. b. Decline to accept or perform the audit. c. Assess control risk at the maximum level and perform a primarily substantive audit. d. Modify the scope of the audit to reflect an increased risk of material misstatement due to fraud. 2. An auditor should design the written audit program so that a. All material transactions will be selected for substantive testing. b. Substantive tests prior to the balance sheet date will be minimized. c. The audit procedures selected will achieve specific audit objectives. d. Each account balance will be tested under either tests of controls or tests of transactions. 3. Which of the following fraudulent activities most likely could be perpetrated due to the lack of effective internal controls in the revenue cycle? a. Fictitious transactions may be recorded that cause an understatement of revenues and overstatement of receivables. b. Claim received from customers for goods returned may be intentionally recorded in other customer’s accounts. c. Authorization of credit memos by personnel who receive cash may permit the misappropriation of cash. d. The failure to prepare shipping documents may cause an overstatement of inventory balances. 4. Accepting an engagement to examine an entity’s......

Words: 24671 - Pages: 99