Lecture and handouts prepared by Chuck Campbell
Course Name: Internal Auditing & Controls
Module: 5
Module Title: Examination phase of the
internal audit
MU1 2007-08 Module 5 Part 1 Slide 2
Examination phase of the internal audit
Module 5
This module covers the main aspects of the examination phase of the internal audit. In this module, you will learn how the auditor organizes and carries out the work needed to obtain sufficient, appropriate evidence to assess the quality of management systems and practices in areas selected for audit. You will also be introduced to generalized audit software packages such as ACL and will use this software to obtain evidence for internal audits, including fraud investigations.
Internal Auditing & Controls
Module 5Part 1 Topic 5.1 Overview of the examination phase Topic 5.2 Preparing the audit program Part 2 Topic 5.3 Testing and evidence
Topic 5.4 Developing audit criteria and preparing an audit program – case study
Part 3 Topic 5.5 Computer-assisted audit techniques Topic 5.6 Generalized audit software
MU1 2007-08 Module 5 Part 1 Slide 4
Internal Auditing & Controls
Module 5Part 4 Topic 5.7 Evaluating audit results
Topic 5.8 Completing and reviewing audit files Part 5 Topic 5.9 Fraud and investigations
Topic 5.10 Conducting a fraud investigation Topic 5.11 Fraud in a technological environment Part 6 Module summary – Learning objectives
Recent examination questions
MU1 2007-08 Module 5 Part 1 Slide 5
Internal Auditing & Controls
Module 5
Part 1
Topic 5.1 Overview of the examination phase
Topic 5.2 Preparing the audit program
Steps in the examination phase of
an internal audit
1. Examining and testing operations and transactions by performing the procedures set out in the audit program.
MU1 2007-08 Module 5 Part 1 Slide 7
Steps in the examination phase of
a internal audit
(cont’d)1. Examining and testing operations and transactions by performing the procedures set out in the audit program. 2. Analyzing audit results by comparing audit evidence with audit criteria and establishing the causes for any significant variances.
MU1 2007-08 Module 5 Part 1 Slide 8
Steps in the examination phase of
a internal audit
(cont’d)1. Examining and testing operations and transactions by performing the procedures set out in the audit program. 2. Analyzing audit results by comparing audit evidence with audit criteria and establishing the causes for any significant variances.
3. Completing and reviewing audit files including summarizing audit findings, in preparation for producing the audit report.
Purposes of audit programs
ensuring that audit standards are met
clearly communicating objectives, audit criteria
and procedures
aiding in understanding the activities being
audited
outlining the work to be done and ensuring that
no important steps are overlooked
providing a basis for scheduling and controlling
audit work and time
MU1 2007-08 Module 5 Part 1 Slide 10
Purposes of audit programs
(cont’d)
providing for an orderly review of the work
performed
providing a checkpoint for approval of planned
audit work and subsequent audit review
ensuring that the most efficient procedures are
followed in the proper order to gather sufficient,
appropriate evidence to support the auditor’s
observations
providing supporting evidence for audit findings
MU1 2007-08 Module 5 Part 1 Slide 11
Steps in preparing internal audit
programs
1.
Determine the nature of evidence
required by the audit objectives.
Steps in preparing internal audit
programs
(cont’d)1.
Determine the nature of evidence
required by the audit objectives.
2.
Determine what evidence is appropriate
to achieve the audit objectives.
MU1 2007-08 Module 5 Part 1 Slide 13
Steps in preparing internal audit
programs
(cont’d)1.
Determine the nature of evidence
required by the audit objectives.
2.
Determine what evidence is appropriate
to achieve the audit objectives.
3.
Determine how much evidence is needed
to achieve the audit objectives.
MU1 2007-08 Module 5 Part 1 Slide 14
Steps in preparing internal audit
programs
(cont’d)1.
Determine the nature of evidence
required by the audit objectives.
2.
Determine what evidence is appropriate
to achieve the audit objectives.
3.
Determine how much evidence is needed
to achieve the audit objectives.
4.
Determine the timeliness of the evidence
needed to meet the audit objectives.
Steps in preparing internal audit
programs
(cont’d)1.
Determine the nature of evidence required by
the audit objectives.
2.
Determine what evidence is appropriate to
achieve the audit objectives.
3.
Determine how much evidence is needed to
achieve the audit objectives.
4.
Determine the timeliness of the evidence
needed to meet the audit objectives.
5.
Determine how the required evidence will be
obtained.
MU1 2007-08 Module 5 Part 1 Slide 16
Steps in preparing internal audit
programs
(cont’d)1.
Determine the nature of evidence required by
the audit objectives.
2.
Determine what evidence is appropriate to
achieve the audit objectives.
3.
Determine how much evidence is needed to
achieve the audit objectives.
4.
Determine the timeliness of the evidence
needed to meet the audit objectives.
5.
Determine how the required evidence will be
obtained.
6.
Write the audit program.
MU1 2007-08 Module 5 Part 1 Slide 17
Components of the audit program
Audit objectives summarize why the audit is being
performed.
Components of the audit program
Audit objectives summarize why the audit is being
performed.
Audit criteria are the standards used by the auditor
to assess performance.
MU1 2007-08 Module 5 Part 1 Slide 19
Components of the audit program
Audit objectives summarize why the audit is being
performed.
Audit criteria are the standards used by the auditor
to assess performance.
Audit procedures are the general and specific
techniques performed by the auditors to obtain
sufficient, appropriate evidence to determine if
operations are in accordance with the audit
criteria.
MU1 2007-08 Module 5 Part 1 Slide 20
Examples of audit procedures
Audit procedures include:
inspection of documents (vouching and tracing) analysis
interviews
Examples of audit procedures
Audit procedures include:
inspection of documents (vouching and tracing) analysis interviews replication or reperformance physical observation computation confirmation
MU1 2007-08 Module 5 Part 2 Slide 1
Internal Auditing & Controls
Module 5
Part 2
Topic 5.3 Testing and evidence
Topic 5.4 Developing audit criteria and preparing an audit program – case study
MU1 2007-08 Module 5 Part 2 Slide 2
Appropriateness of internal audit
evidence
In determining the appropriateness of audit
evidence, the internal auditor considers three
factors:
its competence or reliability
Appropriateness of internal audit
evidence
In determining the appropriateness of audit
evidence, the internal auditor considers three
factors:
its competence or reliability
its relevance for the purpose for which it is to be
MU1 2007-08 Module 5 Part 2 Slide 4
Appropriateness of internal audit
evidence
In determining the appropriateness of audit
evidence, the internal auditor considers three
factors:
its competence or reliability
its relevance for the purpose for which it is to be
used
its usefulness in helping the organization improve
and achieve its goals
MU1 2007-08 Module 5 Part 2 Slide 5
Sufficiency of internal audit
evidence
Sufficiency of audit evidence means that the
auditor has examined a large enough
quantity of evidence such that a reasonably
trained person would concur that the
amount of evidence was adequate to
support the audit conclusions reached
Factors in determining sufficiency
of audit evidence
Factors to consider in determining how much evidence is required include:
MU1 2007-08 Module 5 Part 2 Slide 7
Factors in determining sufficiency
of audit evidence
Factors to consider in determining how much evidence is required include:
the risk associated with the activities being audited the materiality or impact of the potential
weaknesses
MU1 2007-08 Module 5 Part 2 Slide 8
Factors in determining sufficiency
of audit evidence
Factors to consider in determining how much evidence is required include:
the risk associated with the activities being audited the materiality or impact of the potential
weaknesses
the nature of the evidence available (the more
persuasive the evidence, the less of it is needed)
Factors in determining sufficiency
of audit evidence
Factors to consider in determining how much evidence is required include:
the risk associated with the activities being audited the materiality or impact of the potential
weaknesses
the nature of the evidence available (the more
persuasive the evidence, the less of it is needed)
the sensitivity of the matter being assessed (more
evidence is needed, for example, for suspected frauds)
MU1 2007-08 Module 5 Part 2 Slide 10
Factors in determining sufficiency
of audit evidence
Factors to consider in determining how much evidence is required include:
the risk associated with the activities being audited the materiality or impact of the potential
weaknesses
the nature of the evidence available (the more
persuasive the evidence, the less of it is needed)
the sensitivity of the matter being assessed (more
evidence is needed, for example, for suspected frauds)
the cost of obtaining the evidence
MU1 2007-08 Module 5 Part 2 Slide 11
Persuasiveness of audit evidence
Evidence is most persuasive when it is:
relevant;
Persuasiveness of audit evidence
Evidence is most persuasive when it is:
relevant;
MU1 2007-08 Module 5 Part 2 Slide 13
Persuasiveness of audit evidence
Evidence is most persuasive when it is:
relevant;
objective;
documented;
MU1 2007-08 Module 5 Part 2 Slide 14
Persuasiveness of audit evidence
Evidence is most persuasive when it is:
relevant;
objective;
documented;
external to the organization;
Persuasiveness of audit evidence
Evidence is most persuasive when it is:
relevant;
objective;
documented;
external to the organization;
derived from a large sample;
MU1 2007-08 Module 5 Part 2 Slide 16
Persuasiveness of audit evidence
Evidence is most persuasive when it is:
relevant;
objective;
documented;
external to the organization;
derived from a large sample;
derived from a random, statistical sample;
MU1 2007-08 Module 5 Part 2 Slide 17
Persuasiveness of audit evidence
Evidence is most persuasive when it is: relevant; objective; documented;
external to the organization; derived from a large sample;
derived from a random, statistical sample; corroborated by evidence from other sources;
Persuasiveness of audit evidence
Evidence is most persuasive when it is: relevant; objective; documented;
external to the organization; derived from a large sample;
derived from a random, statistical sample; corroborated by evidence from other sources; timely;
MU1 2007-08 Module 5 Part 2 Slide 19
Persuasiveness of audit evidence
Evidence is most persuasive when it is: relevant;
objective; documented;
external to the organization; derived from a large sample;
derived from a random, statistical sample; corroborated by evidence from other sources; timely;
authoritative;
MU1 2007-08 Module 5 Part 2 Slide 20
Persuasiveness of audit evidence
Evidence is most persuasive when it is: relevant;
objective; documented;
external to the organization; derived from a large sample;
derived from a random, statistical sample; corroborated by evidence from other sources; timely;
authoritative; direct;
Persuasiveness of audit evidence
Evidence is most persuasive when it is: relevant;
objective; documented;
external to the organization; derived from a large sample;
derived from a random, statistical sample; corroborated by evidence from other sources; timely;
authoritative; direct;
MU1 2007-08 Module 5 Part 2 Slide 22
Connon Chemicals Inc. case study –
1. Decide how you would expect the company to mitigate
each of the risks identified in the planning stage of the audit.
2. For each risk, state the criteria that you would use to
evaluate the company’s efforts to address each identified risk.
3. For each criterion stated, set out one or more steps
that would make up the audit program to obtain and assess evidence as to whether the company is in compliance with the criteria you have determined to be appropriate.
MU1 2007-08 Module 5 Part 3 Slide 1
Internal Auditing & Controls
Module 5
Part 3
Topic 5.5 Computer-assisted audit techniques Topic 5.6 Generalized audit software
Prerequisites to using
computer-assisted audit techniques
The information must be stored in computer
records.
MU1 2007-08 Module 5 Part 3 Slide 3
Prerequisites to using
computer-assisted audit techniques
The information must be stored in computer
records.
Computer software must be available to
perform
the
computer
assisted
audit
techniques
(or
can
be
developed
economically).
MU1 2007-08 Module 5 Part 3 Slide 4
Prerequisites to using
computer-assisted audit techniques
The information must be stored in computer records. Computer software must be available to perform the
computer assisted audit techniques (or can be developed economically).
The auditor must have the technical competence to
perform the audit procedures using the computer assisted audit techniques.
Systems-oriented CAATs
Systems-oriented CAATs are used to:
enable the auditor to directly test system-based
MU1 2007-08 Module 5 Part 3 Slide 6
Systems-oriented CAATs
Systems-oriented CAATs are used to:
enable the auditor to directly test system-based
internal controls;
enable the auditor to check the logic of the
computer systems;
MU1 2007-08 Module 5 Part 3 Slide 7
Systems-oriented CAATs
Systems-oriented CAATs are used to:
enable the auditor to directly test system-based
internal controls;
enable the auditor to check the logic of the
computer systems;
enable the auditor to gain a better understanding of
the computer systems;
Systems-oriented CAATs
Systems-oriented CAATs are used to:
enable the auditor to directly test system-based
internal controls;
enable the auditor to check the logic of the
computer systems;
enable the auditor to gain a better understanding of
the computer systems;
enable the auditor to establish that there have been
MU1 2007-08 Module 5 Part 3 Slide 9
Systems-oriented CAATs
(cont’d)
Examples of system-oriented CAATs include:
test data;
integrated test facilities;
system control audit review files (SCARF);
logic analysis programs;
code comparison programs
.MU1 2007-08 Module 5 Part 3 Slide 10
Data-oriented CAATs
Data-oriented CAATs:
are used to retrieve, select, summarize and process
data for the purposes of establishing its completeness and accuracy;
Data-oriented CAATs
Data-oriented CAATs:
are used to retrieve, select, summarize and process
data for the purposes of establishing its completeness and accuracy;
are used to perform statistical and other analysis on
MU1 2007-08 Module 5 Part 3 Slide 12
Data-oriented CAATs
Data-oriented CAATs:
are used to retrieve, select, summarize and process
data for the purposes of establishing its completeness and accuracy;
are used to perform statistical and other analysis on
audit data;
are usually used to produce substantive audit evidence
(occasionally to test controls);
MU1 2007-08 Module 5 Part 3 Slide 13
Data-oriented CAATs
Data-oriented CAATs:
are used to retrieve, select, summarize and process
data for the purposes of establishing its completeness and accuracy;
are used to perform statistical and other analysis on
audit data;
are usually used to produce substantive audit evidence
(occasionally to test controls);
enable the auditor to gain a better understanding of the
computer systems;
Data-oriented CAATs
Data-oriented CAATs:
are used to retrieve, select, summarize and process
data for the purposes of establishing its completeness and accuracy;
are used to perform statistical and other analysis on
audit data;
are usually used to produce substantive audit evidence
(occasionally to test controls);
enable the auditor to gain a better understanding of the
computer systems;
MU1 2007-08 Module 5 Part 3 Slide 15
Data-oriented CAATs
(cont’d)
Examples of data-oriented CAATs include:
generalized audit software;
system utilities;
custom-written programs;
industry-specific audit programs.
MU1 2007-08 Module 5 Part 3 Slide 16
Functionality of generalized audit
software
Most generalized audit software programs (such as ACL) can do the following:
read data in a variety of formats and file
structures;
merge records from multiple files;
extracts records according to auditor’s
specifications;
sort records according to the auditor’s
specifications;
select samples using statistical or other criteria;
Functionality of generalized audit
software
(cont’d)
Most generalized audit software programs (such as ACL) can do the following:
perform numerical calculations on data; perform statistical analysis on data; perform summation of data;
generate reports in prescribed formats (e.g.,
MU1 2007-08 Module 5 Part 3 Slide 18
An example of the use of ACL
ACL was used to:
select travel and entertainment payments from the
accounts payable master file;
select employees who had the highest total travel and
entertainment costs;
select the highest reimbursements to employees
other than those selected in the previous step;
select transactions from those identified by previous
internal audits as violators of the company’s policies and procedures;
select a random sample of the remaining
reimbursements;
merge data with employee file to obtain employee’s
names and locations;
generate a worksheet containing selected
reimbursements for audit follow-up.
MU1 2007-08 Module 5 Part 3 Slide 19
Steps in using generalized audit
software
1. define the specific audit objectives for the application;
Steps in using generalized audit
software
1. define the specific audit objectives for the application;
2. determine the specific tests to be performed by the software;
MU1 2007-08 Module 5 Part 3 Slide 21
Steps in using generalized audit
software
1. define the specific audit objectives for the application;
2. determine the specific tests to be performed by the software;
3. obtain copies of the data files to be tested;
MU1 2007-08 Module 5 Part 3 Slide 22
Steps in using generalized audit
software
1. define the specific audit objectives for the application;
2. determine the specific tests to be performed by the software;
3. obtain copies of the data files to be tested;
4. verify completeness of data files to be used;
Steps in using generalized audit
software
1. define the specific audit objectives for the application;
2. determine the specific tests to be performed by the software;
3. obtain copies of the data files to be tested;
4. verify completeness of data files to be used;
5. enter the commands into the generalized audit software and run the program;
MU1 2007-08 Module 5 Part 3 Slide 24
Steps in using generalized audit
software
1. define the specific audit objectives for the application;
2. determine the specific tests to be performed by the software;
3. obtain copies of the data files to be tested;
4. verify completeness of data files to be used;
5. enter the commands into the generalized audit software and run the program;
6. check the output and draw audit conclusions.
MU1 2007-08 Module 5 Part 3 Slide 25
Computer illustrations using ACL
You should work through computer illustrations
5-1 to 5-4 to gain some hands-on experience
working with a generalized audit software
package:
5-1: Basic table management using ACL 5-2: Analyzing field contents and sorting a table 5-3: Creating new fields and analyzing a field 5-4: Aggregating the values of a field
(These are found under the ACL computer illustrations link on the navigation pane.)
Internal Auditing & Controls
Module 5
Part 4
Topic 5.7 Evaluating audit results
MU1 2007-08 Module 5 Part 4 Slide 2
Evaluating audit results
1.
The auditor compares the observation with the
audit criteria.
MU1 2007-08 Module 5 Part 4 Slide 3
Evaluating audit results
1.
The auditor compares the observation with the
audit criteria.
2.
The auditor determines the cause and effects of
the identified weakness.
a)the auditor must define the problem and gather evidence as to the cause of the deficiency;
Evaluating audit results
1.
The auditor compares the observation with the
audit criteria.
2.
The auditor determines the cause and effects of
the identified weakness.
a)the auditor must define the problem and gather evidence as to the cause of the deficiency;
b)the auditor must consider the effect of the deficiency on the company’s operations;
MU1 2007-08 Module 5 Part 4 Slide 5
Evaluating audit results
1.
The auditor compares the observation with the
audit criteria.
2.
The auditor determines the cause and effects of
the identified weakness.
a)the auditor must define the problem and gather evidence as to the cause of the deficiency;
b)the auditor must consider the effect of the deficiency on the company’s operations;
c) the auditor must ensure that sufficient evidence is obtained to support the existence of the weakness and its cause and effects.
MU1 2007-08 Module 5 Part 4 Slide 6
Reviewing audit files
Audit working paper files should contain:
a statement of audit objectives;
Reviewing audit files
Audit working paper files should contain:
a statement of audit objectives;
reasons
for
performing
specific
audit
procedures;
MU1 2007-08 Module 5 Part 4 Slide 8
Reviewing audit files
Audit working paper files should contain:
a statement of audit objectives;
reasons
for
performing
specific
audit
procedures;
the basis for sample selection;
MU1 2007-08 Module 5 Part 4 Slide 9
Reviewing audit files
Audit working paper files should contain:
a statement of audit objectives;
reasons
for
performing
specific
audit
procedures;
the basis for sample selection;
documentation of matters examined;
Reviewing audit files
Audit working paper files should contain:
a statement of audit objectives;
reasons
for
performing
specific
audit
procedures;
the basis for sample selection;
documentation of matters examined;
key documentary evidence;
MU1 2007-08 Module 5 Part 4 Slide 11
Reviewing audit files
Audit working paper files should contain:
a statement of audit objectives; reasons for performing specific audit procedures; the basis for sample selection;
documentation of matters examined; key documentary evidence;
audit programs, setting out work done;
MU1 2007-08 Module 5 Part 4 Slide 12
Reviewing audit files
Audit working paper files should contain:
a statement of audit objectives; reasons for performing specific audit procedures; the basis for sample selection;
documentation of matters examined; key documentary evidence;
audit programs, setting out work done; drafts of audit reports;
Reviewing audit files
Audit working paper files should contain: a statement of audit objectives; reasons for performing specific audit procedures; the basis for sample selection;
documentation of matters examined; key documentary evidence; audit programs, setting out work done; drafts of audit reports;
MU1 2007-08 Module 5 Part 4 Slide 14
Reviewing audit files
Audit working paper files should contain: a statement of audit objectives; reasons for performing specific audit procedures; the basis for sample selection;
documentation of matters examined; key documentary evidence; audit programs, setting out work done; drafts of audit reports;
details of discussions with management; management’s response to audit findings;
MU1 2007-08 Module 5 Part 4 Slide 15
Reviewing audit files
Audit working paper files should contain: a statement of audit objectives; reasons for performing specific audit procedures; the basis for sample selection;
documentation of matters examined; key documentary evidence; audit programs, setting out work done; drafts of audit reports;
details of discussions with management; management’s response to audit findings; evidence of adequate review of work done.
internal audit working papers
Working papers should be:
complete and accurate;
MU1 2007-08 Module 5 Part 4 Slide 17
internal audit working papers
Working papers should be:
complete and accurate;
clear and concise;
MU1 2007-08 Module 5 Part 4 Slide 18
internal audit working papers
Working papers should be:
complete and accurate;
clear and concise;
pertinent (relevant);
internal audit working papers
Working papers should be:
complete and accurate;
clear and concise;
pertinent (relevant);
systematically organized.
MU1 2007-08 Module 5 Part 5 Slide 1
Internal Auditing & Controls
Module 5
Part 5
Topic 5.9 Fraud and investigations Topic 5.10 Conducting a fraud investigation Topic 5.11 Fraud in a technological environment
MU1 2007-08 Module 5 Part 5 Slide 2
Responsibility for the deterrence and
detection of fraud
Management
has the primary responsibility
for preventing and detecting fraud.
Responsibility for the deterrence and
detection of fraud
Management
has the primary responsibility
for preventing and detecting fraud.
Internal
auditors
must
have
sufficient
knowledge of fraud to be able to identify
indications that fraud might have occurred.
MU1 2007-08 Module 5 Part 5 Slide 4
Some indicators of potential fraud
control in the hands of few individuals; little
segregation of duties;
unexplained
variances
and
unexpected
performance ratios;
late reporting;
unexplained shortages in physical assets;
MU1 2007-08 Module 5 Part 5 Slide 5
Some indicators of potential fraud
(cont’d)
unusually high number of interbank transfers;
staff not taking vacations;
high staff turnover;
extreme pressure to achieve results;
unexplained extravagant lifestyles.
Steps in a fraud investigation
1. Be alert to the indications of the existence of possible fraud.
MU1 2007-08 Module 5 Part 5 Slide 7
Steps in a fraud investigation
1. Be alert to the indications of the existence of possible fraud.
2. Inform management of suspicious circumstances.
MU1 2007-08 Module 5 Part 5 Slide 8
Steps in a fraud investigation
1. Be alert to the indications of the existence of possible fraud.
2. Inform management of suspicious circumstances.
3. Assist in the investigation, as requested:
a) co-ordinate efforts of all parties working in the investigation;
b) determine appropriate audit procedures;
c) obtain and evaluate audit evidence;
d) determine actual or potential loss;
e) identify specific cause or deficiency that permitted fraud to occur;
f) carry out interviews;
g) respect the legal rights of all employees.
Steps in a fraud investigation
(cont’d)
4.
Reappraise internal controls and audit
procedures.
MU1 2007-08 Module 5 Part 5 Slide 10
Steps in a fraud investigation
(cont’d)
4.
Reappraise internal controls and audit
procedures.
5.
The company must determine the action to
be taken against the perpetrator.
MU1 2007-08 Module 5 Part 5 Slide 11
Steps in a fraud investigation
(cont’d)
4.
Reappraise internal controls and audit
procedures.
5.
The company must determine the action to
be taken against the perpetrator.
6.
Prepare a written report.
Contents of a fraud report
how the fraud was discovered
nature or type of fraudulent activity
identity of perpetrator
dollar amount involved
method of concealment
MU1 2007-08 Module 5 Part 5 Slide 13
Contents of a fraud report
(cont’d)
time period during which fraud occurred
effect on financial statements
recommendations to prevent recurrence
disciplinary or legal action taken
MU1 2007-08 Module 5 Part 5 Slide 14
Types of computer fraud
1.
theft of information
Types of computer fraud
1.
theft of information
2.
theft of assets (with manipulation of
MU1 2007-08 Module 5 Part 5 Slide 16
Types of computer fraud
1.
theft of information
2.theft of assets
3.
malicious destruction of programs and/or data
MU1 2007-08 Module 5 Part 6 Slide 1
Internal Auditing & Controls
Module 5
Part 6
Module summary -- Learning Objectives Recent past examination questions
Module 5 Learning Objectives
1.Outline the main steps in the examination
MU1 2007-08 Module 5 Part 6 Slide 3
Module 5 Learning Objectives
2.Describe the purpose of a internal audit
program and explain its components and
format. (Level 1)
MU1 2007-08 Module 5 Part 6 Slide 4
Module 5 Learning Objectives
3.Explain how evidence is gathered, selected,
and assessed, and the importance of the
decisions involved. (Level 1)
Module 5 Learning Objectives
4.Develop appropriate criteria and prepare an
MU1 2007-08 Module 5 Part 6 Slide 6
Module 5 Learning Objectives
5.Distinguish between systems-oriented and
data-oriented computer-assisted audit
techniques (CAATs). (Level 1)
MU1 2007-08 Module 5 Part 6 Slide 7
Module 5 Learning Objectives
6.Explain and demonstrate how data are
analyzed using generalized audit software such
as ACL. (Level 1)
Module 5 Learning Objectives
7.Assess conditions within an audited unit against
audit criteria, and analyze the cause and effects
of any observed deficiencies. (Level 1)
MU1 2007-08 Module 5 Part 6 Slide 9
Module 5 Learning Objectives
8.Explain the standards for preparing audit
working papers and the importance of the
internal auditor’s role in supervising the
engagement. (Level 2)
MU1 2007-08 Module 5 Part 6 Slide 10
Module 5 Learning Objectives
9.Describe the roles and responsibilities of
management and the internal auditor in the
deterrence and detection of fraud. (Level 1)
Module 5 Learning Objectives
10.Outline the main steps in a fraud investigation
and the auditor’s responsibility in following up
on the results of such an investigation. (Level 1)
MU1 2007-08 Module 5 Part 6 Slide 12
Module 5 Learning Objectives
11.Describe computer fraud and outline current
practices for how internal auditors deal with it
(Level 2); examine how ACL can be used to
conduct a payroll fraud investigation. (Level 1)
MU1 2007-08 Module 5 Part 6 Slide 13
Recent examination questions
Multiple choice questions:
June 2005, Questions 1(c) and 1(d)
Recent examination questions
Multiple choice questions:
MU1 2007-08 Module 5 Part 6 Slide 15
Recent examination questions
Multiple choice questions:
March 2006, Questions 1(e) and 1(f)
MU1 2007-08 Module 5 Part 6 Slide 16
Recent examination questions
Multiple choice questions:
June 2006, Questions 1(e) and 1(f)
Recent examination questions
Multiple choice questions:
MU1 2007-08 Module 5 Part 6 Slide 18
Recent examination questions
GAS output interpretation questions:
March 2006, Question 2
MU1 2007-08 Module 5 Part 6 Slide 18
Recent examination questions
GAS output interpretation questions:
June 2006, Question 2
Recent examination questions
Essay questions
MU1 2007-08 Module 5 Part 6 Slide 20
Recent examination questions
Essay questions:
December 2005, Question 3 (part)
MU1 2007-08 Module 5 Part 6 Slide 21