Please enable JavaScript.
Coggle requires JavaScript to display documents.
Financial Environmental consulting engagements, Unit 1.3 - Coggle Diagram
Financial
Environmental
consulting engagements
F/S and Corp Gov
->IA provide assurance regarding
fin reporting to mgt and the board
A/C transaction (P&L) assertions (obj)
occurrence - tran/ event have been recorded/ disclosed
-> have occurred, and pertained to the entity (GL > shipping doc/ invoice)
completeness - all tran/ event should have been recorded
-> have recorded (customer order, invoice, shipping > GL)
accuracy - amt and other data relating to recorded tran/ event
-> have been recorded appropriately (re-perf cal, reconciliation)
cut-off - tran/ events have been recorded
-> in correct a/c period (delivery notes > invoice)
classification - tran/ events have been recorded
-> in the proper accounts
presentation - tran/ events -> have been app aggregated/
dis-aggregated and clearly described, under applicable fin
reporting framework
A/C balance (B/S) assertions
existence - asset/ liab
-> really do exist with no over/ under statement (physical verification/ confirmation)
right and obligations -> asset/ liab - legal title/ control by the entity
(deeds of title/ loan agreement)
completeness -> no omission/ over/understatement of assets & liab
(review repair & maintenance a/c > capitalization of asset, suppliers' confirmation)
accuracy, valuation and allocation ->assets, liab, equity are valved, recorded
and disclosed appropriate (check voucher, dep rate, recal)
classification - asset/ liab are recorded in proper accounts
(purchase voucher > GL posting account)
presentation - description and disclosure of assets/ liab
-> relevant and easy to understands (comply with a/c std and relevant legislation)
Key Risks affecting reliability & integrity of fin info:
overstate revenue/ asset/ equity
understate expense/ liab
unreasonable a/c estimates (inconsistent with past result)
a/c std no longer valid
Fraud Risk
fraudulent fin report
(intentional misstatements/ omissions - a/c record/ doc/ sign info)
misappropriation of assets
(theft, embezzlement)
Assessment of IC
Implementation std 2120.A1
evaluate risk exposures relating to the org's gov,
operations and info system regarding
achievement of the org's strategic obj
reliability and integrity of fin and operational info
effectiveness & efficiency of operations & programs
safeguards of assets
compliance with laws and regulations, policies,
procedures, and contracts
Effectiveness of control - relative to risks at each level - risk and control matrix
identify obj and related risks
determine sign risk (impact & likelihood)
determine response to sign risks
determine key mgt control
evaluate the adequacy of control design
test adequately designed controls to ascertain whether
they have implemented and are operating effectively
Efficiency of control - costs and benefit of controls
lv of control should be app to the relevant risk
Promote continuous improvement (GRC)
training, on-going monitoring
control (risk) assessment meeting with mgt
identification, evaluation. corrective of IC weakness
inform mgr abt new issues, laws and regulations
monitor relevant tech development
Framework of internal control
Committee of Sponsoring Organizations (COSO)
IC not limited to accounting controls/ fin reporting
other matter: resource protection, operational efficiency and effectiveness, compliance with rules, regulations, org policies
IC - mgt responsibility - participation of all person with the org
control framework - related to business obj & adaptable
IA role
Fin reporting
(with audit committee) appt external auditors (EA)
coordinate audit plans, coverage, scheduling with EA
comm observations to EA and the board
-> a/c policies and policy decisions
-> unusual/ complex fin tran and events
participate review process of fin reporting and disclosure
with board, EA, and senior mgt
evaluate the quality of fin reports
assess the adequacy and effectiveness of the org's IC
monitor mgt's compliance with the org's code of conduct and ethical policies > ensure ethical behavior are promoted and followed (tone of the top)
Governance
review org's policies > compliance with laws and regulations,
ethics, COI and fraud investigations
Corp control
review the reliability and integrity of
->the operating and fin info complied
-> reported by the org
perform analysis of the control over critical a/c policies and estimate
Environmental Engagement
(more popular)
Risk
(environmental, health, safety)
Risk exposure:
org reporting structures (environmental)
likelihood - causing environmental harm,
fines, and penalities
expenditures mandated by gov agencies
history of injuries, deaths, losing customers
episodes of negative publicity and
loss of public image and reputation
Role of CAE
if the risk exposure are not adequately mgr > residual risk
-> change of IA plan and further investigate
work with Chief Environmental Officer (if any),
coordinate the plan for environmental auditing
if environmental audit reporting to someone other than CAE,
CAE review the audit plan & perf of engagem:
-> quality assurance review - risk adequately address
-> conformance with recogn prof audit std, code of ethics
-> independence - sign matters - report up to the board
Types of environment audits
Compliance (overall)
review all environment media the site may contaminate, e.g. air, water, land and wastewater
-> determine whether systems are in place and operating
properly to manage future environment risks
Transactional (ind)
risk exposures for that transaction (e.g. property sale/ puchases)
environmental protection assessment
-> Phase I - qualitative site assessment
-> Phase II - sampling for potential contamination
-> Phase III - confirm the rate and extent of contaminant
migration and the cost of remediation
Treatment, storage, and disposal facility (TSDF)
hazardous mtl (waste) - from acq to disposal - treat, store,dispose
-> all owners in the chain of title may be liable
Pollution prevention audit
how waste can be minimized and pollution can be eliminated at the source
(how org set up the
control
to achieve this aim)
-> test the control
Environmental liability accrual audit (fin)
assess the reasonableness of cost estimates for environmental remediation
Due prof care (expertise/ outsource may involved)
Product audits
pdts are environmental friendly, chemical restrictions * Due Due prof care (expertise/ outsource may involved)
Consulting engagement
advisory & related client service activities
Characteristics
nature and scope
-> agreed with the client
-> intended to add-value and improving GRC (recommendation)
-> decision of implementation - mgt responsibility
delegation of authority
-> the board offer empowerment (COI not involved)
-> stated in IA charter
impairment of objectivity
-> consulting service may enhance the auditor's understanding of busineprocesses/ issued related to an assurance engagement
however, do not necessarily impair the IA/ IA activity's objectivity
Forms of consulting engagement
formal (planned & written agreement)
informal (routine activities):
participation on standing committee, limited-life project,
ad-hoc meeting, routine info exchange
specific (M&A, system conversion)
emergency (supply temp help to meet a special request/ unusual deadline, recovery/ maintenance of operation regarding disaster/ extraordinary business event)
Independence and objectivity
impair: assurance service provided
within 1 yr after
formal consulting engagement
Control to reduce potential threats
define in IA charter
policies and procedures
seg of consulting units from assurance units
rotation of auditors
employ external providers of either service
disclosure in audit report
Decline consulting engagement:
prohibited by charter
conflict with policies and procedures of IA activity
do not add value/ promote best int of the org
Due Professional Care
decline consulting engagement
if IA lack the knowledge, skills, other
competencies needed to perform
due professional care include:
needs and expectations of clients
nature, timing, communication
relative complexity and extent the work needs
to achieve obj
cost vs benefits
record retention - appropriate
if legal, regulatory, tax, a/c matter involved - special treatment required
Type of Consulting engagement
Benchmark
continuous evaluation of the practices of the best org
(
competitive
- same industry,
process
- operations with similar processes regardless of industry,
strategic
- search for successful competitive strategies,
internal
- best practice in the org with other)
Internal Control Training
provide IC training to the employee of the org
(CSA provide training for people in business units, people gain exp in assessing risk and asso ctrl processes with managing those risks)
Due Diligence Auditing
determine the business justification for a major tran
Business Process Mapping (reengineering)
process innovation and core process design ->
develop ctrl that are automated and self-correcting
improve productivity by: simplification, elimination of nonvalue-adding activities, decrease no. of clerical worker
IA may involve function: determine reeng process is supported by senior mgt, recommend areas, develop audit plan for new system
not involve in the implementation of system
System Development Reviews
ensure app IC and audit trails are included in the application:
-> independent, ongoing advice throughout the project
-> identify key risks/ issues - enable project teams to mitigate risks
Proj mgt tech & ctrl should be part of development process
-> mgt should know whether projects - on time, within budgets,
and resources are used efficiently
Design of Performance Measurement Systems (KPI)
-> assurance: IA conduct performance audit
how well an org is achieving its targets for its KPIs
-> consulting: IA work with clients
to improve the performance measured by the KPIs
Unit 1.3