AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL...
Transcript of AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL...
![Page 1: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/1.jpg)
AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016
1
![Page 2: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/2.jpg)
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING**
• Standards and Implementation Guidance (Practice Advisories)
• ST 2400 Communicating Results
• PA 2400-1 Legal Considerations
• ST 2410 Criteria
• PA 2410-1 Criteria
• ST 2410.A1 Audit Opinion/Conclusions
• ST 2410.A2 Satisfactory Performance
• ** Assurance standards
2
![Page 3: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/3.jpg)
STANDARDS AND PA’S
• ST 2410.A3 3rd Parties
• ST 2420 Quality
• PA 2420-1 Quality
• ST 2421 Errors and Omissions
• ST 2430 Conformance with Standards
• ST 2431 Non-conformance
• ST 2440 Dissemination
• PA 2440-1 Dissemination 3
![Page 4: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/4.jpg)
STANDARDS AND PA’S
• PA 2440-1 Sensitive Information
• ST 2440.A1 Due Consideration
• ST 2440.A2 3rd Parties
• PA 2440.A2-1 3rd Parties
• ST 2450 Overall Opinion
• www.theiia.org
4
![Page 5: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/5.jpg)
GLOSSARY
• Assurance – objective assessment of evidence; nature and scope determined by internal auditor
• Consulting – advisory services performed at the request of management
• Engagement – specific internal auditor assignment, task, or review activity
• CAE – Chief Audit Executive
5
![Page 6: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/6.jpg)
COMMUNICATE RESULTS
• ST 2400 Internal Auditors MUST communicate the results of audits
• ST 2410 Reports MUST include the audit objectives, scope and applicable conclusions, recommendations and action plans
6
![Page 7: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/7.jpg)
AUDIT REPORT FORMAT
• Objectives
• Scope
• Conclusions
• Recommendations
• Action Plans
7
![Page 8: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/8.jpg)
TEMPLATE • Number:
• Date:
• To:
• From:
• Subject:
• AUDIT OBJECTIVE:
• SCOPE:
• CONCLUSION:
• RECOMMENDATIONS:
• ACTION PLAN: 8
![Page 9: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/9.jpg)
PA 2410-1
Audit reports might include
• Background information
• Summaries
• Status of recommendations from prior reports
• Scheduled audit or unplanned audit
• Client accomplishments
9
![Page 10: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/10.jpg)
OBJECTIVE AND SCOPE
• AR# 2016-32
• Date: September 23 2016
• To: John Doe, VP Finance
• From: Pat Richey, Director Internal Audit
• Subject: Home Equity Loans
• AUDIT OBJECTIVE: To determine that home equity loans comply with the credit union’s Lending Policy and procedures
• SCOPE: Internal Audit reviewed a random sample of 25 home equity loans closed in the 2nd quarter of 2016
10
![Page 11: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/11.jpg)
OBSERVATIONS
• OBSERVATIONS:
Appraisals: 4 of the 25 loans reviewed……………..
Incomplete Loan Files: Documents were missing in 3 of the 25
loan files reviewed
• CONCLUSION:
• RECOMMENDATIONS:
• ACTION PLANS: 11
![Page 12: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/12.jpg)
OBSERVATIONS
• OBSERVATION #1 Appraisals
• CRITERIA: The way it should be
• CONDITION: The way it is
• CAUSE: The reason for the difference between the way it should be and the way it is
• EFFECT: The “so what”, “why should I care”
12
![Page 13: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/13.jpg)
CONCLUSIONS
• AUDIT OBJECTIVE: To determine that home equity loans comply with the credit union’s Lending Policy and procedures
• OBSERVATIONS: Overall, home equity loans comply with the credit union’s Lending Policy and procedures. However, Internal Audit noted the following issues:
Appraisals:
Incomplete Loan Files:
13
![Page 14: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/14.jpg)
RECOMMENDATIONS
• OBSERVATIONS:
Appraisals: Blah, blah, blah,…… Internal Audit recommends xxxxx
Incomplete Loan Files: Blah, blah, blah……….. Internal Audit
recommends yyyy
• RECOMMENDATIONS
1. xxxxxxxxx
2. yyyyyyyy 14
![Page 15: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/15.jpg)
CLIENT’S VIEWS
• Due Date for Management Response: 9/30/2016
• Management Response:
1. Agree
2. Agree
• Implementation Date: 10/31/2016
15
![Page 16: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/16.jpg)
MANAGEMENT RESPONSE
• Agreement on the audit results
• Agreement on the plan of action
• Disagreement on the audit results
• Disagreement on the plan of action
• Management’s comments may be included as appendix, in body of report, or in cover letter
16
![Page 17: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/17.jpg)
SENSITIVE INFORMATION
• Privileged, proprietary, or improper/illegal acts
• Disclose in a separate report
• If the conditions involve senior management, report to the Board
17
![Page 18: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/18.jpg)
INTERIM REPORTS
• Written or oral; formal or informal
• When issues need immediate attention
• Keep management informed of progress
• Preliminary Drafts
• Final Reports
18
![Page 19: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/19.jpg)
SIGNED REPORTS
• A signed report is issued after audit completion
– the internal auditor’s name is manually or
electronically signed in the report or cover letter
- if reports are distributed electronically, a signed version
is kept on file by internal audit
19
![Page 20: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/20.jpg)
ST 2410.A1 OPINION OR CONCLUSION
• Final reports MUST contain the internal auditor’s opinion or conclusion
• The opinion/conclusion MUST take into account the expectations of senior management, the board and other stakeholders
• The opinion/conclusion MUST be supported by sufficient, reliable, relevant and useful information
20
![Page 21: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/21.jpg)
RATINGS
• Audit opinions may be ratings, conclusions or other description of the results
• 17-page Practice Guide “Formulating and Expressing Internal Audit Opinions”
21
![Page 22: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/22.jpg)
ST 2410.A2 SATISFACTORY PERFORMANCE
• Internal Auditors are ENCOURAGED to acknowledge satisfactory performance in audit reports
22
![Page 23: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/23.jpg)
ST 2410.A3 OUTSIDE PARTIES
• When releasing audit results to 3rd parties, the communication must include limitations on distribution and use of the results
23
![Page 24: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/24.jpg)
ST 2420 QUALITY
• Accurate
• Objective
• Clear
• Concise
• Constructive
• Complete
• Timely 24
![Page 25: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/25.jpg)
INTERPRETATION AND PA 2420-1 ACCURACY
• Care and precision
- gathering data
- evaluating evidence
- summarizing
• Free from errors and distortions
• Faithful to underlying facts
25
![Page 26: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/26.jpg)
OBJECTIVE
• Standards 1100, 1120, 1130 are related to the objectivity of the internal auditor (attribute standards)
• Fair, impartial, unbiased, fair-minded, balanced
• Without prejudice or partisanship
• Exclude personal interests
• Avoid undue influence of others
26
![Page 27: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/27.jpg)
CLEAR
• Easily understood
• Logical
• No jargon, technical language
• Significant and relevant information in context
27
![Page 28: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/28.jpg)
CONCISE
• To the point
• Avoid elaboration, superfluous detail, redundancy, wordiness
• Make each sentence meaningful and succinct
28
![Page 29: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/29.jpg)
CONSTRUCTIVE
• Content and tone
• Focus on the credit union’s objectives
• Leads to improvement
• Useful, helpful
• Positive
• Well-meaning
• Consistent with the credit union’s style and culture 29
![Page 30: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/30.jpg)
COMPLETE
• All essential, significant and relevant information to support conclusions
30
![Page 31: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/31.jpg)
TIMELY
• Avoid undue delay
• Opportune, expedient
• Depends on significance of the issues
31
![Page 32: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/32.jpg)
ST 2421 ERRORS AND OMISSIONS
• If final audit report contains a significant error or omission the CAE MUST communicate corrected information to all parties who received the original audit report
32
![Page 33: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/33.jpg)
ST 2430 CONDUCTED IN CONFORMANCE
• Internal auditors may report that their audits are “conducted in conformance with the International Standards for the Professional Practice of Internal Auditing” only if the results of the Quality Assurance and Improvement Program support that statement
33
![Page 34: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/34.jpg)
ST 2431 NON-CONFORMANCE
When non-conformance with the Definition of Internal Auditing, the Code of Ethics or the Standards impacts a specific audit, audit reports MUST disclose
- the principle or rule of conduct of the Code of Ethics or Standards with
which full conformance is not achieved
- reasons for non-conformance
- impact of non-conformance on the audit and the audit report
34
![Page 35: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/35.jpg)
ST 2440 DISSEMINATING RESULTS
• The CAE MUST communicate results to appropriate parties
35
![Page 36: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/36.jpg)
REPORT ISSUANCE
• The CAE reviews and approves the final audit report before issuance
• The CAE decides to whom and how the audit report will be disseminated
• The CAE can delegate these responsibilities, but retains overall responsibility
36
![Page 37: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/37.jpg)
PA 2440-1 WHO
• Discuss conclusions and recommendations with appropriate levels of management BEFORE the CAE issues the final report
• Appropriate level varies by credit union and nature of audit report
• Individuals who are knowledgeable of detailed operations
• Those who can authorize the implementation of corrective action
37
![Page 38: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/38.jpg)
HOW
• During the course of the audit
• Post-audit exit meetings
• Preliminary draft report
- Avoid misunderstandings or misinterpretations of fact
- Opportunity for management to clarify issues and
express views
38
![Page 39: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/39.jpg)
ST 2440.A1 DUE CONSIDERATION
• The CAE is responsible for communicating final audit results to parties who can ensure that the results are given due consideration
39
![Page 40: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/40.jpg)
FINAL AUDIT REPORT
• Distribute to management of the audited area
• Distribute to those who can take corrective action or ensure corrective action is taken
• Can send summary report to higher-level persons
• When required by the internal audit charter or credit union policy, communicate to other interested or affected parties such as external auditors and the board of directors
40
![Page 41: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/41.jpg)
ST 2440.A2 OUTSIDE COMMUNICATIONS
• Prior to releasing results to parties outside the credit union, the CAE MUST
- assess the potential risk to the credit union
- consult with senior management and/or legal counsel
- restrict the use of the audit results
41
![Page 42: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/42.jpg)
CREDIT UNION POLICY
• Authorization required for reporting information outside the credit union
• Process for seeking approval
• Guidelines for permissible and non-permissible information that may be reported
• Outside persons authorized to receive information and the types of information they may receive
• Related privacy regulations, regulatory requirements and legal considerations
42
![Page 43: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/43.jpg)
REQUEST FOR INTERNAL AUDIT REPORT
• Internal auditor needs to determine whether it is suitable for dissemination outside the credit union
• May be possible to create a special-purpose report to make the report suitable for dissemination
43
![Page 44: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/44.jpg)
WRITTEN AGREEMENT
• With intended recipient concerning the information to be reported
• Internal auditor’s responsibilities
• Copyright issues
• Intended use of information
• Limitations on further distribution or sharing
44
![Page 45: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/45.jpg)
ST 2450 OVERALL OPINIONS
• An overall opinion – a conclusion addressing, at a broad level, the governance, risk management and/or control processes of the credit union
• Professional judgement of the CAE based on the results of a number of individual audits for a specific time interval
• When an overall opinion is issued, it must take into account the expectations of senior management, the board, and other stakeholders
• The opinion must be supported by sufficient, reliable, relevant and useful information
45
![Page 46: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/46.jpg)
OVERALL OPINION
• The report will identify
- the scope, including the time period to which the opinion pertains
- scope limitations
- considerations of all related projects including the reliance on other
assurance providers
- the risk or control framework or other criteria used as a basis for the overall
opinion
- overall opinion, judgement or conclusion reached
- reasons for an unfavorable overall opinion 46
![Page 47: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/47.jpg)
PA 2440-2 SENSITIVE INFORMATION
• Critically sensitive information that is substantial to the credit union
• Poses significant material consequences
• Exposures, threats, uncertainties, fraud, waste, mismanagement, illegal activities, abuse of power, misconduct or other wrongdoings
• Adversely impacts the credit union’s reputation, image, competitiveness, success, viability, investments, earnings
47
![Page 48: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/48.jpg)
NORMAL CHAIN OF COMMUNICATIONS
• ST 2060 The CAE reports periodically to senior management and the board of directors on internal audit activity
48
![Page 49: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/49.jpg)
UNACCEPTABLE RISK
• ST 2600 –when management accepts a level of risk that may be unacceptable to the credit union, the CAE MUST communicate the matter to the Board
49
![Page 50: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/50.jpg)
LAWS AND REGULATIONS
• Typical chain of communication scenario may be accelerated for certain types of sensitive issues because of laws and regulations
• Some laws pertaining to whistleblowing actions protect citizens if they come forward
• Be aware of the laws and regulations of various jurisdictions in which the credit union operates
50
![Page 51: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/51.jpg)
WHISTLEBLOWING
• Communicating information to persons outside the normal chain, or even outside the credit union
• Does the CAE trust the credit union’s policies and mechanisms to investigate allegations of illegal or other improper activity and to take appropriate action?
• Does the CAE fear retribution?
• Does the CAE have evidence about an illegal or improper activity that jeopardizes the health, safety or well-being of people in the credit union or the community?
51
![Page 52: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/52.jpg)
WHISTLEBLOWING
• Evaluate alternative ways of communicating the risk the CAE sees to persons outside the normal chain
• Proceed with caution
• Examine the pros and cons of each potential action
• Legal counsel can assist internal auditors
52
![Page 53: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/53.jpg)
IIA’S CODE OF ETHICS
• Internal auditors do not disclose information without appropriate authority unless there is a legal or professional obligation to do so
• Internal auditors shall uphold the law and make disclosures expected by the law and the profession
• Internal auditors shall respect and contribute to the legitimate and ethical objectives of the credit union
53
![Page 54: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/54.jpg)
PROFESSIONAL DUTY
• Carefully evaluate all evidence and reasonableness of conclusions
• Decide whether further actions are needed to protect the credit union’s interests
• Discussions with experts may provide a different perspective, and opinions about potential impact
• The manner used to resolve situation may create reprisals and liability
54
![Page 55: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/55.jpg)
PA 2400-1 LEGAL CONSIDERATIONS
• ATTORNEY-CLIENT PRIVILEGE
• Consult legal counsel in matters involving legal issues
• Requirements vary significantly in different jurisdictions
55
![Page 56: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/56.jpg)
NON-COMPLIANCE
• Exercise caution when communicating noncompliance with laws, regulations and other legal issues
• Develop policies and procedures regarding the handling of those matters
• Have a close working relationship with legal counsel and compliance areas
56
![Page 57: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/57.jpg)
DISCOVERABLE EVIDENCE
• Internal auditor’s need to prepare audit records VS legal counsel’s desire to not leave discoverable evidence that could harm the credit union in legal matters
• Do internal audit’s facts and analyses negatively impact the credit union from a legal perspective?
• Proper planning and policy making so that internal audit and legal counsel are not at odds with one another
• Foster an ethical and preventative perspective throughout the credit union
• Sensitize and educate management about the established policies
57
![Page 58: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/58.jpg)
ATTORNEY-CLIENT PRIVILEGE
• Legal system that protects information and work performed for, or communicated to an engaged attorney
• Some courts have recognized a privilege of critical self-analysis that shields materials like audit work papers from discovery
• Does confidentiality of self-analysis outweigh the public interest?
58
![Page 59: AUDIT COMMUNICATIONS - ACUIA...AUDIT COMMUNICATIONS ACUIA SEPTEMBER 23 2016 1 . INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING** •Standards and Implementation](https://reader034.fdocuments.in/reader034/viewer/2022042412/5f2bb03331b9924b002852f3/html5/thumbnails/59.jpg)
2014 IIA GENERAL AUDIT MANAGEMENT CONFERENCE
• Go to legal counsel BEFORE beginning an audit, if the auditor is concerned there might be issues uncovered
• The attorney can issue a letter of privilege and the audit work products are protected
• Review the annual audit plan with counsel to determine in advance if any audits needs this protection
59