You are on page 1of 20

CHAPTER 21

INTERNAL, OPERATIONAL AND GOVERNMENTAL
AUDITING
Learning Check
21-1.

a.

Internal auditing is a management, rather than an accounting, function. Internal
auditing is an important part of the monitoring component of an entity's internal
controls established by management. It is an independent appraisal function
established within an organization to examine and evaluate its activities as a service
to the organization.

b.

The scope of internal auditing extends to all of an entity's activities. The primary
beneficiary of internal auditing is the entire organization.

21-2. a.

b.

To become a certified internal auditor (CIA), an individual must pass the CIA
examination and have a minimum of two years of experience as an internal auditor
or the equivalent.
To retain the certificate, the CIA must comply with the Institute of Internal Auditor's
(IIA) practice standards and code of ethics and meet continuing professional
education requirements.

21-3. a.

The objective of internal auditing is to assist members of an organization in the
effective discharge of their responsibilities. This includes promoting effective control
throughout the organization at reasonable cost.

b.

Disagree. The scope of internal auditing includes all of the following that
encompasses compliance and operational audits as well as financial statement audits:
 Reviewing the reliability and integrity of financial and operating information and
the means used to identify, measure, classify, and report such information.
 Reviewing the systems established to ensure compliance with those policies,
plans, procedures, laws, and regulations that could have a significant impact on
operations and reports, and determining whether the organization is in
compliance.
 Reviewing the means of safeguarding assets and, as appropriate, verifying the
existence of such assets.
 Appraising the economy and efficiency with which resources are employed.

Solutions Manual to Modern Auditing: Copyright 

2005, John Wiley and Sons, Inc.

21-1


21-4. a.

Reviewing operations or programs to ascertain whether results are consistent
with established objectives and goals and whether the operations or programs are
being carried out as planned.
Two primary sets of standards in the new IIA Professional Practices Framework are:
 Attribute Standards that address the characteristics of organizations and
individuals performing internal audit services.
 Performance Standards that describe the nature of internal audit services and
provide quality criteria against which the performance of these services can be
measured.
In addition, detailed Implementation Standards that explain how to apply the
attribute and performance standards to specific types of services (e.g., a compliance
audit, a fraud investigation, a control self-assessment project).

b.

There are four categories of attribute standards as follows:
 Purpose, Authority, and Responsibility: The purpose, authority, and
responsibility of the internal audit activity should be formally defined in a
charter, consistent with the Standards, and approved by the board.
 Independence and Objectivity: The internal audit activity should be
independent, and internal auditors should be objective in performing their work.
 Proficiency and Due Professional Care: Engagements should be performed
with proficiency and due professional care.
 Quality Assurance and Improvement Program: The chief audit executive
should develop and maintain a quality assurance and improvement program that
covers all aspects of the internal audit activity and continuously monitors its
effectiveness. This program includes periodic internal and external quality
assessments and ongoing internal monitoring. Each part of the program should
be designed to help the internal auditing activity add value and improve the
organization’s operations and to provide assurance that the internal audit activity
is in conformity with the Standards and the Code of Ethics.
There are seven categories of performance standards as follows:
 Managing the Internal Audit Activity: The chief audit executive should
effectively manage the internal audit activity to ensure it adds value to the
organization.
 Nature of Work: The internal audit activity should evaluate and contribute to
the improvement of risk management, control, and governance processes using a
systematic and disciplined approach.
 Engagement Planning: Internal auditors should develop and record a plan for
each engagement, including the scope, objectives, timing and resource
allocations.
 Performing the Engagement: Internal auditors should identify, analyze,
evaluate, and record sufficient information to achieve the engagement's
objectives.

Solutions Manual to Modern Auditing: Copyright 

2005, John Wiley and Sons, Inc.

21-2



Communicating Results: Internal auditors should communicate the
engagement results.
Monitoring Progress: The chief audit executive should establish and maintain a
system to monitor the disposition of results communicated to management.
Management’s Acceptance of Risks: When the chief audit executive believes
that senior management has accepted a level of residual risk that may be
unacceptable to the organization, the chief audit executive should discuss the
matter with senior management. If the decision regarding residual risk is not
resolved, the chief audit executive and senior management should report the
matter to the board for resolution.

21-5. The IIA's concept of independence differs from the AICPA's because internal auditors are
employees of the companies they audit. Independence for the internal auditor is achieved
through organizational status and objectivity. Independence is enhanced when the director of
internal auditing (1) is responsible to an individual with sufficient authority to ensure broad
audit coverage and adequate consideration of audit recommendations and (2) has direct
communication with the board of directors or audit committee.
21-6. a.

Agree. Operational auditing is a systematic process of evaluating an organization's
effectiveness, efficiency, and economy of operations under management's control
and reporting to appropriate persons the results of the evaluation along with
recommendations for improvement.

b.

This is true in that the scope pertains to the organization's operations or activities.
Normally, however, operational auditing pertains to a nonfinancial activity such as
matching, production, and so on.

a.

The phases of an operational audit are: (1) selecting the audit, (2) planning the audit,
(3) performing the audit, (4) reporting the findings to management, and (5)
performing follow-up.

b.

The principal differences between an operational audit and a financial statement
audit are
Phase
Operational Audit
Financial Statement Audit
Initial
Select auditees
Accept client
Reporting
To management
To stockholders
Post-reporting
Perform follow up
None

21-7.

21-8. a.

The auditor's responsibility in selecting the auditee is to identify the activities that
have the highest audit potential for improving the effectiveness, efficiency, and
economy of operations. The auditor discharges this responsibility through a
preliminary study (or survey) that includes
 Reviewing background file data on each audited.
 Touring the auditee's facilities to ascertain how it accomplishes its objectives.

Solutions Manual to Modern Auditing: Copyright 

2005, John Wiley and Sons, Inc.

21-3





b

Studying relevant documentation about the auditee's operations such as policies
and procedures manuals, flowcharts, performance and quality control standards,
and job descriptions.
Interviewing the manager of the activity (often called the entry interview) about
specific problem areas.
Applying analytical procedures to identify trends and unusual relationships.
Conducting mini audit probes (or tests) to confirm or clarify the auditor's
understanding of potential problems.

The auditor's responsibility in reporting the findings is to issue an audit report that
contains
 A statement of the objectives and scope of the audit.
 A general description of the work done in the examination.
 A summary of the findings.
 Recommendations for improvement.
 Comments of the auditee.
The auditor's findings should basically result in constructive criticism.

21-9. In performing operational audits, independent CPAs should follow the practice standards for
MCS engagements established by the Management Consulting Services Executive
Committee. In addition, the CPA must comply with Rule 201, General Standards of the
AICPA's Code of Professional Conduct. Guidance for performing operational audits may
also be found in Statements on Standards for Management Consulting Services.
21-10. a.
b

21-11. a.

Governmental auditing includes all audits made by government audit agencies and
all audits of governmental organizations.
Three types of government audits are identified in Government Auditing Standards:
 Financial audits are primarily concerned with providing reasonable assurance
about whether financial statements are presented fairly in all material respects in
conformity with generally accepted accounting principles (GAAP), or with a
comprehensive basis of accounting other than GAAP.
 Attestation engagements concern examining, reviewing, or performing agreedupon procedures on a subject matter or an assertion about a subject matter and
reporting on the results.
 Performance audits entail an objective and systematic examination of evidence
to provide an independent assessment of the performance and management of a
program against objective criteria as well as assessments that provide a
prospective focus or that synthesize information on best practices or cross-cutting
issues.
The U.S. General Accounting Office (GAO) establishes audit standards for audits of
government organizations, programs, activities, functions, and of government funds
received by nongovernment organizations.

Solutions Manual to Modern Auditing: Copyright 

2005, John Wiley and Sons, Inc.

21-4

b.

Generally accepted government auditing standards (GAGAS) include the GAAS
standards of field work and reporting. The general category of GAGAS also include
standards that are similar to the GAAS general standards.

21-12. a.

The categories of GAGAS are: (1) general standards; (2) field work standards for
financial audits; (3) reporting standards for financial audits; (4) general, field work
and reporting standards for attestation engagements; (5) field work standards for
performance audits, and (6) reporting standards for performance audits.

b.

The general standards apply to all government audits. The specific standards in this
category are
 Independence.
 Professional judgment.
 Competence.
 Quality Control and Assurance.

21-13. a.

The supplemental field work standards that apply to a financial statement audit are
 Auditor communication.
 Considering the results of previous audit and attestation engagements.
 Detecting Material Misstatements Resulting from Violations of Contract
Provisions or Grant Agreements, or from Abuse.
 Developing Elements of a Finding.
 Audit documentation.

b.

21-14. a.

The supplementary reporting standards require additional reporting as indicated
below:
 Reporting auditors’ compliance with GAGAS.
 Reporting on internal control and on compliance with laws, regulations, and
provisions of contracts or grant agreements.
 Reporting deficiencies in internal control, fraud, illegal acts, violations of
provisions of contracts or grant agreements, and abuse.
 Reporting views of responsible officials.
 Reporting privileged and confidential information.
 Report issuance and distribution.
The nature of each paragraph of the auditor's unqualified report on compliance with
applicable laws and regulations when no material instance of noncompliance is
found is as follows:
 A title that includes the word independent.
 An introductory paragraph similar to the introductory paragraph in the
standard audit report.
 A scope paragraph that explains that the examination was conducted in
accordance with attestation standards established by the American Institute of
Certified Public Accountants and, accordingly, included examining, on a test
basis, evidence about the entity's compliance with those requirements and

Solutions Manual to Modern Auditing: Copyright 

2005, John Wiley and Sons, Inc.

21-5


b.

performing such other procedures as the practitioner considered necessary in
the circumstances and that the practitioner believes the examination provides
a reasonable basis for his or her opinion.
An opinion paragraph that contains the practitioner’s opinion on whether the
entity complied, in all material respects, with specified requirements (or
whether management’s assertion about compliance with specified
requirements is fairly stated, in all material respects) based on established or
agreed-upon criteria.
A paragraphs that restricts the use of the report.

The requirements for reporting on internal control under GAGAS requires auditors to
report deficiencies in internal controls that they consider to be significant
deficiencies in internal control.

21-15. The objectives of The Single Audit Act are to
 Improve the financial management of state and local governments with respect to federal
financial assistance programs.
 Establish uniform requirements for audits of federal financial assistance provided to state
and local governments.
 Promote the efficient and effective use of audit resources.
 Ensure that federal departments and agencies, to the maximum extent practicable, rely
on and use audit work done pursuant to the requirements of the Single Audit Act.
21-16. a.

Under the Single Audit Act, state and local governments that receive $500,000 or
more in federal financial assistance in any fiscal year, either directly from a federal
agency or indirectly through another state or local government entity, are required to
have an annual single audit pursuant to the Act.

b.

Policies, procedures, and guidelines to implement the Single Audit Act are prescribed
by the Director of the Office of Management and Budget (OMB).

c.

A cognizant agency is a federal agency that has the responsibility for implementing
the requirements for single audits for a particular state or local government. It
represents the collective interests of all federal government agencies in the results of
the audit.

21-17. a.
b.

The two main components of a single audit are (1) the financial statement audit and
(2) the audit of federal financial assistance.
Standards applicable to the first component are contained in GAAS and GAGAS.
Additional requirements pertaining to the second component are contained in the
Single Audit Act and in OMB Circular A-133. Further guidance can be found in
 OMB Compliance Supplement for Single Audits of State and Local Governments.
 AICPA Statement of Position 92-9, Audits of Not-for Profit Organizations
Receiving Federal Awards.

Solutions Manual to Modern Auditing: Copyright 

2005, John Wiley and Sons, Inc.

21-6



AU 801, Compliance Auditing Applicable to Governmental Entities and Other
Recipients of Government Financial Assistance.
AT 101, Attestation Standards.
AT 601 Compliance Attestations.

21-18. The purpose of the auditor’s consideration of internal control used in administering federal
programs is to obtain an understanding of internal control over Federal programs sufficient
to plan the audit to support a low assessed level of control risk for major programs. In
general, the auditor shall also plan to test the system of internal control over major programs
to support a low assessed level of control risk for the assertions relevant to the compliance
requirements for each major program.
21-19. a.

The auditor should test compliance with general requirements applicable to all
federal financial assistance programs and specific requirements applicable to major
federal financial assistance programs and should (a) report on compliance with
general requirements applicable to federal financial assistance programs, (b) provide
an opinion on compliance with specific requirements applicable to each major
federal financial assistance program, and (c) provide a schedule of findings and
questioned costs.

b.

Specific requirements of federal financial assistance programs pertain to the
following matters:
 Types of services allowed or not allowed, which specifies the types of goods or
services that entities may purchase with federal assistance.
 Eligibility, which specifies the characteristics of individuals or groups to which
entities may give financial assistance.
 Matching, which specifies amounts entities should contribute from their own
resources toward projects for which financial assistance is provided.
 Reporting, which specifies other reports entities must file.
 Special tests and provisions, which might include such requirements as holding
hearings regarding the proposed use of funds and deadlines for expending funds.

c.

The materiality of any findings of noncompliance is evaluated in the context of the
program to which the findings relate rather than to the auditee's overall financial
statements.

21-20. The reports required under the Single Audit Act that are not required by GAAS or GAGAS
are those pertaining to the federal financial assistance component of a single audit as
follows:
 An opinion as to whether the Schedule of Expenditures of Federal Awards is presented
fairly in all material respects in relation to the financial statements taken as a whole.
 A report on internal control related to the financial statements and major programs.
 A report on compliance with laws, regulations, and the provisions of contracts or grant
agreements: where noncompliance could have a material effect on the financial
statements.
Solutions Manual to Modern Auditing: Copyright 

2005, John Wiley and Sons, Inc.

21-7

A Schedule of Findings and Questioned Costs.

Comprehensive Questions
21-21. (Estimated time - 35 minutes)
Policy
No.
1.
2.

3.

4.
5.
6.
7.

8.

9.

a. Specific Standard
1200 Proficiency and Due Professional Care:
Engagements should be performed with proficiency
and due professional care.
2200 Engagement Planning: Internal auditors should
develop and record a plan for each engagement,
including the scope, objectives, timing and resource
allocations.
or
2300 Performing the Engagement: Internal auditors
should identify, analyze, evaluate, and record
sufficient information to achieve the engagement's
objectives.
2300 Performing the Engagement: Internal auditors
should identify, analyze, evaluate, and record
sufficient information to achieve the engagement's
objectives.
1200 Proficiency and Due Professional Care:
Engagements should be performed with proficiency
and due professional care.
1200 Proficiency and Due Professional Care:
Engagements should be performed with proficiency
and due professional care.
1100. Independence and Objectivity: The internal audit
activity should be independent, and internal auditors
should be objective in performing their work.
2300 Performing the Engagement: Internal auditors
should identify, analyze, evaluate, and record
sufficient information to achieve the engagement's
objectives.
2500 Monitoring Progress: The chief audit executive
should establish and maintain a system to monitor
the disposition of results communicated to
management.
2200 Engagement Planning: Internal auditors should
develop and record a plan for each engagement,
including the scope, objectives, timing and resource
allocations.

Solutions Manual to Modern Auditing: Copyright 

b. General Standard
Attribute Standard
Performance Standard

Performance Standard

Attribute Standard
Attribute Standard
Attribute Standard
Performance Standard

Performance Standard

Performance Standard

2005, John Wiley and Sons, Inc.

21-8

Policy
No.

a. Specific Standard

b. General Standard
Or

2300 Performing the Engagement: Internal auditors
should identify, analyze, evaluate, and record
sufficient information to achieve the engagement's
objectives
2400 Communicating Results: Internal auditors should
communicate the engagement results.
2000. Managing the Internal Audit Activity: The chief
audit executive should effectively manage the
internal audit activity to ensure it adds value to the
organization.
1200 Proficiency and Due Professional Care:
Engagements should be performed with proficiency
and due professional care.
1300. Quality Assurance and Improvement Program: The
chief audit executive should develop and maintain a
quality assurance and improvement program that
covers all aspects of the internal audit activity and
continuously monitors its effectiveness. This
program includes periodic internal and external
quality assessments and ongoing internal
monitoring. Each part of the program should be
designed to help the internal auditing activity add
value and improve the organization’s operations and
to provide assurance that the internal audit activity is
in conformity with the Standards and the Code of
Ethics.
1200 Proficiency and Due Professional Care:
Engagements should be performed with proficiency
and due professional care.
1000 Purpose, Authority, and Responsibility: The purpose,
authority, and responsibility of the internal audit
activity should be formally defined in a charter,
consistent with the Standards, and approved by the
board.

10.
11.

12.
13.

14.
15.

Performance Standard
Performance Standard

Attribute Standard
Attribute Standard

Attribute Standard
Attribute Standard

21-22. (Estimated time - 25 minutes)
a.

Attribute standards 1100 states: “Independence and Objectivity: The internal audit
activity should be independent, and internal auditors should be objective in
performing their work.”

Solutions Manual to Modern Auditing: Copyright 

2005, John Wiley and Sons, Inc.

21-9

b.

The IIA's standards of independence are different from the AICPA standards because
internal auditors are employees of the companies they audit and they communicate
the results of their audit to the board of directors and to one or more levels of
management. Internal auditors are expected to be independent of the activities they
audit. In addition, they are required to be objective in performing their audits.
Objectivity is determined primarily on the organizational structure to which they report.
When internal auditors report to the board of directors, their objectivity is
significantly enhanced.

c.

A series of performance standards related to the performance of audit work. The
specific standards are summarized in the following table.
2000
2100
2200
2300
2400
2500
2600

Managing the Internal Audit Activity: The chief audit
executive should effectively manage the internal audit activity to
ensure it adds value to the organization.
Nature of Work: The internal audit activity should evaluate and
contribute to the improvement of risk management, control, and
governance processes using a systematic and disciplined approach.
Engagement Planning: Internal auditors should develop and
record a plan for each engagement, including the scope, objectives,
timing and resource allocations.
Performing the Engagement: Internal auditors should identify,
analyze, evaluate, and record sufficient information to achieve the
engagement's objectives.
Communicating Results: Internal auditors should communicate
the engagement results.
Monitoring Progress: The chief audit executive should establish
and maintain a system to monitor the disposition of results
communicated to management.
Management’s Acceptance of Risks: When the chief audit
executive believes that senior management has accepted a level of
residual risk that may be unacceptable to the organization, the chief
audit executive should discuss the matter with senior management.
If the decision regarding residual risk is not resolved, the chief
audit executive and senior management should report the matter to
the board for resolution.

Parts d and e: Research Questions: If student visit the Institute of
Internal Auditor Website(www.theiia.org), looks under guidance, and then
under professional practice framework, the student can find more of the
details behind IIA performance standards.
d.

Today the primary standard that relates to internal audit planning is performance
standards 2200: “Engagement Planning: Internal auditors should develop and

Solutions Manual to Modern Auditing: Copyright 

2005, John Wiley and Sons, Inc.

21-10

record a plan for each engagement, including the scope, objectives, timing and
resource allocations.’
Additional specific standard relating to engagement planning are as follows:
2201: Planning Considerations
In planning the engagement, internal auditors should consider:

The objectives of the activity being reviewed and the means by which the
activity controls its performance.

The significant risks to the activity, its objectives, resources, and operations
and the means by which the potential impact of risk is kept to an acceptable
level.

The adequacy and effectiveness of the activity’s risk management and control
systems compared to a relevant control framework or model.

The opportunities for making significant improvements to the activity’s risk
management and control systems.

2210: Engagement Objectives
Objectives should be established for each engagement.
2220: Engagement Scope
The established scope should be sufficient to satisfy the objectives of the
engagement.
2230: Engagement Resource Allocation
Internal auditors should determine appropriate resources to achieve engagement
objectives. Staffing should be based on an evaluation of the nature and complexity of
each engagement, time constraints, and available resources.
2240: Engagement Work Program
Internal auditors should develop work programs that achieve the engagement
objectives. These work programs should be recorded.
e.

Today the primary standard that relates to internal audit communications is
performance standard 2400: “Communicating Results: Internal auditors should
communicate the engagement results.”
Additional specific standard relating to communicating results are as follows:

Solutions Manual to Modern Auditing: Copyright 

2005, John Wiley and Sons, Inc.

21-11

2410: Criteria for Communicating
Communications should include the engagement’s objectives and scope as well as
applicable conclusions, recommendations, and action plans.
2420: Quality of Communications
Communications should be accurate, objective, clear, concise, constructive,
complete, and timely.
2430: Engagement Disclosure of Noncompliance with the Standards
When noncompliance with the Standards impacts a specific engagement,
communication of the results should disclose the:

Standard(s) with which full compliance was not achieved,

Reason(s) for noncompliance, and

Impact of noncompliance on the engagement.

2440: Disseminating Results
The chief audit executive should disseminate results to the appropriate parties.
21-23. (Estimated time - 30 minutes)

Research Question: If student visit the Institute of Internal Auditor
Website(www.theiia.org), looks under guidance, and then under
professional practice framework, the student can find more of the details
behind IIA performance standards.
Finding
#1 - The branch seems to have too many tellers.

Performance Standards
2110: Risk Management
The internal audit activity should assist the
organization by identifying and evaluating
significant exposures to risk and contributing to
the improvement of risk management and
control systems.

#2 - No security officer has been appointed and
camera surveillance seems to be insufficient.

2120: Control
The internal audit activity should assist the
organization in maintaining effective controls by
evaluating their effectiveness and efficiency and
by promoting continuous improvement.

#3 - Although the association does not have a
specific dress code, the attire of the branch

No Standard

Solutions Manual to Modern Auditing: Copyright 

2005, John Wiley and Sons, Inc.

21-12

personnel appears to be too casual, even after
considering a recent directive to conserve energy
during the summer months. (Dress code does not
apply to any work standard.)
#4 - Some of the branch loan officers appear to
2110: Risk Management
lack adequate qualifications.
The internal audit activity should assist the
organization by identifying and evaluating
significant exposures to risk and contributing to
the improvement of risk management and
control systems.
#5 - Some customers are not charged penalties
for late payments on loans.

2110: Risk Management
The internal audit activity should assist the
organization by identifying and evaluating
significant exposures to risk and contributing to
the improvement of risk management and
control systems.

#6 - Granting new home mortgages seems to be
encouraged in spite of an association policy to
discourage expanded activity in this area.

2110: Risk Management
The internal audit activity should assist the
organization by identifying and evaluating
significant exposures to risk and contributing to
the improvement of risk management and
control systems.

21-24. (Estimated time - 25 minutes)
a.
The purpose of operational auditing is to evaluate and to improve the effectiveness,
efficiency, and economy of operations. Those audit objectives that relate to the above
purposes are appropriate for operational auditing.
 Security of assets, including computer information, is appropriate for operational
auditing since these items relate directly to effectiveness, efficiency, and
economy of operations.
 Compliance with applicable laws and company policies is an essential part of
operational auditing. Inadequate compliance with company policies may hinder
the achievement of company goals and objectives.
 Reliability of financial records would have little impact on the efficiency and
effectiveness of operations and, therefore, could be considered an inappropriate
operational audit objective.
 Effectiveness of performing assigned responsibilities is an essential objective of
operational auditing; it encompasses the economical use of resources and the
ability to achieve organizational goals.
 Determination of the value of the spare parts inventory is not an appropriate
objective for an operational audit as the value of this inventory has no bearing on
the efficiency of the Customer Service Department.

Solutions Manual to Modern Auditing: Copyright 

2005, John Wiley and Sons, Inc.

21-13

b.

The basic procedures for performing an operational audit would include the
following elements:
 Plan the work to be performed during the operational audit, including
o The determination of the goals and objectives of the company and the
segment under audit, and the identification of the specific strategies,
policies, plans, and procedures
that management has established to achieve its objectives.
o The determination of audit objectives and review programs.
 Gather evidence to support the extent to which the segment being audited is
meeting its operating objectives.
 Evaluate the evidence gathered as it relates to the operating goals and objectives
to
determine the nature of the segment's strengths and weaknesses and formulate the
recommendations to be made to management.
 Report to management the results of the operational audit and the
recommendations to address findings of deficiencies.
 (A fifth step, follow-up, could be added to this answer.)

21-25. (Estimated time - 30 minutes)
a.

1.

2.

The similarities in the phases of an operational audit and a financial statement
audit are planning the audit and making the examination. The differences in
the phases are:
Phase
Operational Audit
Financial Audit
Initial
Select auditee
Accept client
Reporting
To management
To stockholders
Post-reporting
Perform follow up
None
Making a preliminary study (or survey) pertains to selecting the auditee. The
objective of the study is to identify activities that have the highest audit
potential in terms of improving the effectiveness, efficiency, and economy of
operations. The understanding of potential auditee is obtained by
 Reviewing background file data on each auditee.
 Touring the auditee's facilities to ascertain how it accomplishes its
objectives.
 Studying relevant documentation about the auditee's operations such as
policies and procedures manuals, flowcharts, performance and quality
control standards, and job description.
 Interviewing the manager of the activity (often called the entry interview)
about specific problem areas.
 Applying analytical procedures to identify trends and unusual
relationships.
 Conducting mini audit probes (or tests) to confirm or clarify the auditor's
understanding of potential problems.

Solutions Manual to Modern Auditing: Copyright 

2005, John Wiley and Sons, Inc.

21-14

b.

3.

In the examination, the auditor makes an extensive search for facts pertaining
to the problems identified in the auditee during the preliminary study. The
operational auditor relies primarily on inquiry and observation in making the
examination. However, he may also use analysis to determine the degree to
which the auditee is meeting specified objectives. The work done, the
findings and the recommendations should be documented in the working
papers.

4.

The audit report in an operational audit is likely to vary for each auditee. The
report should contain
 A statement of the objectives and scope of the audit.
 A general description of the work done in the examination.
 A summary of the findings.
 Recommendations for improvement.
 Comments of the auditee.

5.

Practice standard 440, Following Up, states that internal auditors should
follow up to ascertain that appropriate action is taken on reported audit
findings. This standard not only requires follow up, it also requires internal
auditors to determine the appropriateness of the action taken by the auditee.
The failure to receive an appropriate response should be communicated to
senior management.

If Janet were a CPA in public practice, she would have to follow the practice
standards for MCS engagements established by the Management Advisory Services
Executive Committee of the AICPA and Statements on Standards for Management
Advisory Services issued by this committee. In addition, she would have to comply
with Rule 201, General Standards, of the AICPA's Code of Professional Conduct.

21.26. (Estimated time - 25 minutes)
a.

1. GeneralCompetence
2. Field work-Audit
Documentation
3. ReportingReporting on internal
control
4. Field workConsidering the
Results of Previous
Audits
5. Reporting-Report
issuance and

6. General-Competence

11. ReportingReporting Compliance
with GAGAS
7. Reporting-Reporting 12. Generalon internal control and on Independence
compliance
8. Field work-Detecting 13. Field workmaterial misstatements
Detecting Material
Misstatements
9. General-Quality
14. Reporting-Report
Control and Assurance
Issuance and
Distribution
10. Field work-Audit
Documentation

Solutions Manual to Modern Auditing: Copyright 

15. Reporting-Report
Issuance and

2005, John Wiley and Sons, Inc.

21-15

distribution

Distribution

b.

GAGAS includes the field work and reporting standards required under GAAS. In
addition, the general category of GAGAS is similar to the general standards of
GAAS. As additional GAAS standards are issued they will be incorporated into
GAGAS unless the GAO excludes them by formal announcement. Independent
auditors who are members of the AICPA must follow GAGAS in government audits
or be in violation of the AICPA Code of Professional Conduct.

c.

In a financial statement audit, reports should be issued on (1) the financial
statements, (2) compliance with applicable laws and regulations, and (3) internal
control.

21-27. (Estimated time - 30 minutes)
1.

The Single Audit Act provides that any state or local government receiving $500,000
or more in federal financial assistance, either directly from a federal agency or
indirectly through another state or local government in any fiscal year, must have an
annual audit.

2.

Section I (a) of the Act states that the objectives of the Act are to
 Improve the financial management of state and local governments with respect to
federal financial assistance programs.
 Establish uniform requirements for audits of federal financial assistance provided
to state and local governments.
 Promote the efficient and effective use of audit resources.
 Ensure that federal departments and agencies, to the maximum extent
practicable, rely on and use audit work done pursuant to the requirements of the
Signal Audit Act.

3.

The Director of the Office of Management and Budget (OMB) prescribes policies,
procedures, and guidelines to implement the Act. He also designates cognizant
agencies to monitor compliance with the Act.

4.

A cognizant agency is a federal agency that has the responsibility for implementing
the requirements for single audits for a particular state or local government. It
represents the collective interests of all federal government agencies in the results of
the audit. The responsibilities of the agency include providing technical advice and
liaison to state and local governments and independent auditors.

5.

The audit objectives of the Act are to determine whether
 The financial statements of the government, department, agency or establishment
present fairly its financial position and the results of its financial operations in
accordance with generally accepted accounting principles.

Solutions Manual to Modern Auditing: Copyright 

2005, John Wiley and Sons, Inc.

21-16


The organization has internal controls to provide reasonable assurance that it is
managing federal financial assistance programs in compliance with applicable
laws and regulations; and
The organization has complied with laws and regulations that may have material
effect on its financial statements or on each major federal assistance program.

6.

The reports required under the Act consist of the reports specified under GAGAS
plus the following reports on the entity's federal financial assistance program:
 A report on a supplementary schedule of the entity's federal financial assistance
programs, showing total expenditures for each federal assistance program.
 A report on compliance with laws and regulations identifying all findings of
noncompliance and questioned costs.
 A report on internal controls used in administering federal financial assistance
programs.

7.

The required reports may be issued simultaneously or separately. It also is possible to
merge the reports into three-financial, compliance, and internal control. The reports
are a matter of public record. OMB Circular A-133 requires that the reports shall be
made available by the state or local government for public inspection within thirty
days after completing the audit.

21-28. (Estimated time - 10 minutes)
a.

Under the Single Audit Act, the auditor is required to determine whether the
organization has complied with laws and regulations that (1) may have a material
effect on its financial statements and (2) pertain to each major and such additional
nonmajor federal financial assistance programs as required to cover at least 50
percent of the total federal financial assistance program expenditures.

b.

(1) For each major federal financial assistance program, the auditor has the
responsibility to test compliance with nine general requirements. (2) For nonmajor
programs, the responsibility for testing is limited to transactions selected by the
auditor as part of the procedures applied to obtain an understanding of the internal
control structure, test controls, and assess control risk.

Cases
21-29. (Estimated time - 30 minutes)
a.

Objectivity means that the internal auditor must have, and maintain, an unbiased and
independent viewpoint in the performance of audit tests, evaluation of the results,
and issuance of the audit findings. Objectivity would not exist if the internal auditor
were to audit his/her own work. Objectivity implies no subordination of judgment to
another and a lack of influence by others over the internal auditor.

Solutions Manual to Modern Auditing: Copyright 

2005, John Wiley and Sons, Inc.

21-17

b.

c.

1.

Objectivity is not impaired. Development of written policies and procedures
to guide Lajod's Staff is a responsibility of the internal audit staff. The
internal auditors are responsible for the independent evaluation and
verification of a proper system of internal control.

2.

Objectivity is impaired. The preparation of bank reconciliation's is an internal
check
over cash. In order to maintain objectivity, the auditor should not perform
assignments that are included as part of the independent evaluation and
verification of a proper system of internal control. Separation of duties should
be maintained.

3.

There are two activities involved in Item 3. Objectivity is not impaired in the
review of the budget for reasonableness if the internal auditor has no
responsibility for establishing or implementing the budget. However,
objectivity is impaired when the internal auditor makes managerial decisions
concerning performance in the review of variances.

4.

Objectivity is impaired in that the internal auditor will be called upon to
evaluate the design and implementation of the system in which the auditor
played a significant role. Testing of the internal controls would not impair
objectivity because this activity is necessary for determining the adequacy of
the internal controls.

5.

Objectivity is impaired. The internal auditors should not be involved in the
record keeping process.

1.

2.

Yes, the reporting relationship results in an objectivity problem. The
Controller is responsible for the accounting system and related transactions.
The internal audit staff is responsible for independent and objective review
and examination of the accounting system and related transactions.
Independence and objectivity may not exist because the internal audit staff is
responsible for reviewing the work of the Corporate Controller, the person to
whom it reports.
No, the responses for Requirement B would not be affected by the internal
audit staff reporting to the Board of Directors rather than the Controller. In
order to maintain objectivity, the internal audit staff should refrain from
performing non-audit functions such as management decision-making, design
and installation of systems, record keeping, etc. Ideally, the internal audit
staff should perform only audit functions to avoid being called upon to
evaluate its own performance. This is true without regard to organization
reporting relationships.

Solutions Manual to Modern Auditing: Copyright 

2005, John Wiley and Sons, Inc.

21-18

Professional Simulation
Research
Reporting
Situation
Your have been asked to research the requirements associated with examination procedures applied
to R.E. Fine’s compliance with state laws regarding the handling of hazardous waste materials.
Jennifer recognizes that to express an opinion on an entity's compliance with specified criteria the
firm needs to plan an engagement to accumulate sufficient evidence about the entity's compliance
with specified requirements. Cut and paste the appropriate sections of professional standards that
explain what should be covered in planning such an attestation engagement.
AT 601.41-.44 explicitly provide guidance on planning an attestation engagement to examine
compliance with laws and regulations. These paragraphs are presented below.

Planning the Engagement
General Considerations
.41

Planning an engagement to examine an entity's compliance with specified requirements
involves developing an overall strategy for the expected conduct and scope of the
engagement. The practitioner should consider the planning matters discussed in section
101.42–.47.

Multiple Components
.42

In an engagement to examine an entity's compliance with specified requirements when the
entity has operations in several components (for example, locations, branches, subsidiaries,
or programs), the practitioner may determine that it is not necessary to test compliance with
requirements at every component. In making such a determination and in selecting the
components to be tested, the practitioner should consider factors such as the following:
a.
The degree to which the specified compliance requirements apply at the component
level
b.
Judgments about materiality
c.
The degree of centralization of records
d.
The effectiveness of the control environment, particularly management’s direct
control over the exercise of authority delegated to others and its ability to supervise
activities at various locations effectively
e.
The nature and extent of operations conducted at the various components
f.
The similarity of operations over compliance for different components

Solutions Manual to Modern Auditing: Copyright 

2005, John Wiley and Sons, Inc.

21-19

Using the Work of a Specialist
.43

In some compliance engagements, the nature of the specified compliance requirements may
require specialized skill or knowledge in a particular field other than accounting or auditing.
In such cases, the practitioner may use the work of a specialist and should follow the
relevant performance and reporting guidance in AU section 336, Using the Work of a
Specialist.

Internal Audit Function
.44

Another factor the practitioner should consider when planning the engagement is whether
the entity has an internal audit function and the extent to which internal auditors are
involved in monitoring compliance with the specified requirements. A practitioner should
consider the guidance in AU section 322, The Auditor's Consideration of the Internal Audit
Function in an Audit of Financial Statements, when addressing the competence and
objectivity of internal auditors, the nature, timing, and extent of work to be performed, and
other related matters.
Reporting
Research

Situation

Independent Accountant's Report
We have examined R.E. Fine and Company’s compliance with state laws regarding the handling of
hazardous waste materials during the for the year ended December 31, 20X8. Management is
responsible for R.E. Fine and Company’s compliance with those requirements. Our responsibility is
to express an opinion on R.E. Fine and Company’s compliance based on our examination.
Our examination was conducted in accordance with attestation standards established by the
American Institute of Certified Public Accountants and, accordingly, included examining, on a test
basis, evidence about R.E. Fine and Company’s compliance with those requirements and
performing such other procedures as we considered necessary in the circumstances. We believe that
our examination provides a reasonable basis for our opinion. Our examination does not provide a
legal determination on R.E. Fine and Company’s compliance with specified requirements.
In our opinion, R.E. Fine and Company’s complied, in all material respects, with the
aforementioned requirements for the year ended December 31, 20X8.
[Signature]
[Date]

Solutions Manual to Modern Auditing: Copyright 

2005, John Wiley and Sons, Inc.

21-20