CHAPTER 7

Compliance & Internal Auditing

TOPICS
Compliance auditing
Internal auditing

2 Auditing-II
TYPES OF AUDITING
Objective Audit Type Standards
Financial Financial AICPA: GAAS
statement statement
audit
Compliance Financial GAO: GASB
Performance

Internal Operational IIA: Internal Auditing

Standards

3 Auditing-II
COMPLIANCE AUDITS:
Government Entities

Also recipients of governmental financial

assistance (SAS 74)
Audit must conform to
 GAAS
 GAO standards
 Single Audit Act

4 Auditing-II
COMPLIANCE AUDITS:
Other Examples

Compliance with:
Minimum wage laws
Employee benefits programs
Commercial bank lending agreements
Special engagements
 Hazardous waste trust fund
 State-sponsored health insurance program

5 Auditing-II
RESPONSIBILITIES
UNDER GAAS
Responsibility for detecting violations of
laws, regulations identical to
responsibility for client error, fraud
 Assess risk of violations creating material
misstatements
 Design procedures to detect anticipated
violations

6 Auditing-II
EFFECTS OF LAWS,
REGULATIONS
Management responsible for identifying
laws, regulations having direct, material
effect on financial statement
Auditor designs procedures to detect
violations

7 Auditing-II
COMPLIANCE & INTERNAL
CONTROL
Compliance audit requires auditor to
 Understand internal controls
 Assess control risk
 Obtain knowledge about design,
performance of internal control policies,
procedures

8 Auditing-II
GOVERNMENT AUDITING
STANDARDS
Written by GAO
GAGAS
 AICPA 10 GAAS
 Standards related to
 Independence & Quality control
 Audit documentation
 Legal, regulatory requirements

9 Auditing-II
GOVERNMENT FINANCIAL
AUDITS: Financial Statement Audits

Financial statement audits determine

whether
 Financial statements fairly presented
 Entity complied with laws, regulations

10 Auditing-II
GOVERNMENT FINANCIAL
AUDITS: Financial-Related Audits
Financial-related audits determine
whether
 Financial reports, related items fairly
presented
 Financial information in accord with
established, stated criteria
 Entity adhered to financial compliance
requirements

11 Auditing-II
GOVERNMENT
PERFORMANCE AUDITS
Economy & efficiency audits determine
whether
 Entity acquires, protects, uses resources
economically & efficiently
 Causes of diseconomies, inefficiencies
 Compliance with laws, regulations related
to efficiency

12 Auditing-II
GOVERNMENT PROGRAM
AUDITS
Program audits determine
 Extent to which program achieves
results, benefits
 Effectiveness of organization,
program, activity, function
 Compliance with laws, regulations

13 Auditing-II
REPORTING ON
COMPLIANCE
Positive assurance on tests for
noncompliance
Description of material instances of
noncompliance, if any

14 Auditing-II
REPORTING ON INTERNAL
CONTROL
Government auditing standards require
report on internal control in all
governmental financial audits to
 Describe costs, benefits, objectives,
limitations of internal control
 State that auditor assessed control risk
 Describe deficiencies in internal control not
considered reportable conditions

15 Auditing-II
SINGLE AUDIT ACT
Audit coverage
 All governmental units that
receive any federal assistance
 Reporting requirements for
governments receiving over
$300,000

16 Auditing-II
SINGLE AUDIT ACT:
Reports
5 additional reports required on
Compliance with General Requirements
Major Program compliance with specific
requirements
Nonmajor Program compliance with
specific requirements
Schedule of Federal Financial Assistance
Internal controls over Federal Financial
Assistance

17 Auditing-II
SINGLE AUDIT ACT:
General Requirements 1
9 general requirements
 Involve significant national policy
 Could materially effect entity’s financial
statements

18 Auditing-II
SINGLE AUDIT ACT:
General Requirements 2
Political activity
Davis-Bacon Act: labor rates
Civil Rights
Cash Management
Relocation assistance, real property acquisition
Federal Financial Reports
Allowable cost/cost principle
Drug-free workplace
Administrative requirements

19 Auditing-II
SINGLE AUDIT ACT:
Specific Requirements 1
Major programs
 Types services allowed, not allowed
 Eligibility
 Matching, level of effort, earmarking
 Reporting
 Special tests & provisions

20 Auditing-II
SINGLE AUDIT ACT:
Specific Requirements 2
When transactions from nonmajor
programs are tested
 Compliance with applicable laws,
regulations
 Allowability program expenditures
 Eligibility

21 Auditing-II
INTERNAL AUDITING
Internal auditing is an independent, objective
assurance, consulting activity designed to add
value, improve organizations operations.
It helps organization accomplish objectives by
bringing systematic, disciplined approach to
evaluate, improve effectiveness of risk
management, control, governance

Institute of Internal Auditors

22 Auditing-II
INTERNAL AUDITING:
Independence, Objectivity

Independence achieved by reporting to

board of directors
Objectivity achieved by appraising
controls, not designing or implementing
them

23 Auditing-II
OPERATIONAL AUDITING
Verification of data
Appraisal of controls
Compliance with policies, plans,
procedures
Protection of assets
Appraisal of performance
Recommendations for operating
improvements
24 Auditing-II
SCIENTIFIC METHOD &
OPERATIONAL AUDITS
Scientific Method Operational Audit Function
Recognize problem Become familiar with activity to be
reviewed
Formulate hypothesis Hypothesis: control operating
properly relevant to objective
Gather evidence to test Select procedures; gather evidence
hypothesis
Evaluate evidence Evaluate evidence
Develop conclusions Report

25 Auditing-II
AUDITOR’S CONSIDERATION
INTERNAL AUDIT FUNCTION
SAS 65
 Guidance on
 Considering work of internal auditors
 Using internal auditors to provide direct
assistance

26 Auditing-II
UNDERSTANDING
CONTROLS: Internal Auditor
Auditor should obtain understanding of internal
audit function as part of assessment of control
risk
 Organizational status
 Adherence to professional standards
 Internal auditor’s audit plan
 Access to records; limitations on scope of activities
 Charter or mission statement

27 Auditing-II
ASSESSING COMPETENCE,
OBJECTIVITY: Internal Auditor
SAS 65 requires independent auditor to
review competence, integrity of internal
auditor
 Education, experience, certification,
continuing education
 Audit policies, programs, procedures
 Practices for assigning internal auditors
 Quality work paper documentation

28 Auditing-II
RELIANCE ON INTERNAL
AUDITORS
Independent auditor can rely on
internal auditor after evaluating his/her
work for
 Understanding internal control
 Assessing risk
 Performing substantive procedures

29 Auditing-II