Question

In: Finance

What if a significant portion of the data is overseas and beyond the auditors’ jurisdiction or...

What if a significant portion of the data is overseas and beyond the auditors’ jurisdiction or audit universe

Solutions

Expert Solution

With overall objectives to review and improve internal controls as well as to promote the effectiveness and efficiency of operations, an internal audit function is presented with a wide variety of areas and activities to include in its internal audit reviews. It can concentrate on reviews of financial process internal controls, all worldwide operational areas in the enterprise, safety and security issues, information technology (IT) systems–related controls, or any of a series of other areas. Given the broad scope of enterprise operations, management, and audit committees demand for internal audit attest services, most internal audit functions find that there are just too many areas to include within internal audit’s planning and performance scope given staff skill, budget, and timing constraints. Internal audit functions need to establish their own basis point or foundation to define the areas within their scope that they may consider for internal audits. This list of potential areas to audit is often called the audit universe.

An audit universe is the aggregate of all areas that are available to be audited within an enterprise. To define its audit universe, internal audit should review or understand the number of potential auditable entities in terms of both the business units or areas of operations within the enterprise and the number of auditable units or activities within and across those business units. These auditable entities can be defined in a number of ways, such as by function or activity, by organizational unit or division, or perhaps by project or program. Some examples of auditable activities include:

  • Policies, procedures, and practices both on an enterprise level and specific to locations, such as at international units
  • Manufacturing, distribution, or supply chain units
  • Information systems on infrastructure and specific application levels
  • Major contracts or product lines
  • Social media activities, such as the use of Facebook or Twitter and others, that are common to enterprise personnel
  • Functions such as purchasing, accounting, finance, marketing, and others

This list highlights some of the major processes that help drive the enterprise. Some may be centrally directed, while others are unique to a specific auditable entity. The idea is to define these in a manner such that specific internal audits can be planned and executed.

Every organisation is different with regards to structure, processes and risk maturity.
While an audit universe can be consistent with a risk-based approach, internal audit should not take
for granted that listing all auditable areas to form an audit universe will always be necessary or the
right thing to do. It would be beneficial to review, on a regular basis, whether you currently have or
decide to develop an audit universe, the purpose and value an audit universe adds to the planning
process and the outcomes.

Develop the Audit Universe
– Audit Universe – The sum of all auditable units.
– Auditable Unit – Parts of the organization that
are exposed to sufficient risks where controls
should be reviewed.
– Develop the methodology for gathering
information (I.e. who IA talks to, what
information is gathered and how risk is
identified.)
– The initial audit universe need not be complete
but should be verified and completed through
the risk assessment process.

Types of units: projects, IT systems, business
functions, departments, business processes and
sub processes, primary assets such as: physical,
financial, human, intangible
 Criteria for selecting Auditable Units
– Contribute to the organizations goals
– Sufficiently large to noticeably impact the
organization
– Sufficiently important to justify the cost of
control

Define the Objectives Universe

What are the key objectives for each
Auditable Unit?
– Risks only exist in the context of the
achievement of an objective. If you don’t
know what the objective is you can’t
identify the risk.

Categories of Objectives
 Achievement of the organization's strategic
objectives.
 Reliability and integrity of financial and
operational information.
 Effectiveness and efficiency of operations.
 Safeguarding of assets.
 Compliance with laws, regulations, policies,
procedures and contracts.

If you don’t identify it you can’t measure,
prioritize or manage it.
– Requirements for successful risk identification:
 Thorough understanding of operations of
Auditable Units.
 A process through which to generate a
reasonable list of possible risks. Common
methods include a combined use of:
– Risk framework
– Management questionnaires
– Management interviews

-Environmental Analysis: Risk from the
perspective of changes to the external
environments and their effects on
management processes and controls.
Environmental analysis works best in
service-oriented processes and those that
are highly regulated or competitive,
although nearly every auditable unit is
affected by environmental risk to some
extent.

Examples of Environmental Analysis:
 Physical environment such as location,
weather, access.
Economic environment such as
finances, interest rates, general
economy.
Governmental regulation such as laws,
policies, regulations, real or impending.
Competition
 Suppliers
Technology

The audit universe document is a general description of all of the audit units that an enterprise internal audit function may review or perform. It is a plan that defines the breadth and scope of an internal audit function’s activities. To some extent, if questioned after the fact why an internal audit group has never scheduled a review in some area, they can point out that the area was not included in annual internal audit plans but, more important, was never defined as part of their internal audit universe description. The universe is the big-picture map covering internal audit’s territories and boundaries. It should be used as a basis for communication with the audit committee and for planning ongoing internal audit activities.

The audit universe document is not something that should be changed on a constant and regular basis whenever there is some small enterprise change. However, internal audit should have processes in place to keep its audit universe current and updated with perhaps regular quarterly or annual update reviews. This is often a good time for the CAE to explain to the audit committee any changes in internal audit’s scope and operations. An effective audit universe defines internal audit annual planning and becomes a vehicle to describe an internal audit function’s activities.


Related Solutions

A.   Apply the rules of jurisdiction to the facts of this case and determine what jurisdiction(s)...
A.   Apply the rules of jurisdiction to the facts of this case and determine what jurisdiction(s) would be appropriate for Margolin’s lawsuit against Funny Face and Novelty Now, respectively. Consider federal court, state court, and long arm principles in your analysis. B.   Assume all parties agree to pursue alternative dispute resolution (ADR). Analyze the advantages and disadvantages of two types of ADR appropriate for this case. Be sure to define the characteristics of each in your answer. C.   Applying what...
Suppose you are the manager of a public utility that supplies electricity to a significant portion...
Suppose you are the manager of a public utility that supplies electricity to a significant portion of your geographic region. You preside over electrical generation facilities that can produce electricity using either natural gas or oil, or some combination of both. In the past several years, you have been faced with skyrocketing, then plummeting, natural gas prices, and now think you face the possibility of more of the same, coupled with the probability of similar volatility in oil prices. Having...
what are the opportunities and threats that emerge for accountants and auditors from big data and...
what are the opportunities and threats that emerge for accountants and auditors from big data and other development in industrial revolution 4.0
1. Auditors must obtain evidence that there are no significant amounts of unregistered withdrawals of property,...
1. Auditors must obtain evidence that there are no significant amounts of unregistered withdrawals of property, plant and equipment. A- Describe two ways in which auditors obtain evidence that there are no significant amounts of unregistered property withdrawals (land). B- Describe three ways in which auditors obtain evidence that there are no significant amounts of unregistered equipment withdrawals. NOTE: Could you please don't use your handwriting to answer this question to be easy for me to solve...Thanks
The postal service of St. Vincent, an island in the West Indies, obtains a significant portion...
The postal service of St. Vincent, an island in the West Indies, obtains a significant portion of its revenues from sales of special souvenir sheets to stamp collectors. The souvenir sheets usually contain several high-value St. Vincent stamps depicting a common theme, such as the life of Princess Diana. The souvenir sheets are designed and printed for the postal service by Imperial Printing, a stamp agency service company in the United Kingdom. The souvenir sheets cost the postal service $0.85...
The postal service of St. Vincent, an island in the West Indies, obtains a significant portion...
The postal service of St. Vincent, an island in the West Indies, obtains a significant portion of its revenues from sales of special souvenir sheets to stamp collectors. The souvenir sheets usually contain several high-value St. Vincent stamps depicting a common theme, such as the life of Princess Diana. The souvenir sheets are designed and printed for the postal service by Imperial Printing, a stamp agency service company in the United Kingdom. The souvenir sheets cost the postal service $0.75...
Britton Woods was the last time a significant portion of the globe participated in a gold-based...
Britton Woods was the last time a significant portion of the globe participated in a gold-based fixed exchange rate system. Some economists and politicians, (Ron Paul, for example), believe that some type of gold standard should be reinstituted today. Do you agree with that position? Why or why not?
Intangible assets can make up a significant portion of a company's balance sheet. One of the...
Intangible assets can make up a significant portion of a company's balance sheet. One of the issues with intangible assets is determining the value and useful life so that their cost can be allocated among the asset's life. What are some methods companies use to determine the value and useful life of an intangible asset?
1: What is the name of the court of general jurisdiction in the state of Washington?...
1: What is the name of the court of general jurisdiction in the state of Washington? 2: What is the name of the trial court in the federal system? 3: When does a lawsuit begin under Washington law? 4: Explain ADR and why do businesses prefer these methods? 5: Identify the four elements of negligence. 6: What is defamation? Name 2 types of defamation. 7: What is meant by strict liablity? In what circumstances is strict liability applied? 8: What...
Pinto Limited has recently been subject to significant competition from overseas manufacturers with much lower costs....
Pinto Limited has recently been subject to significant competition from overseas manufacturers with much lower costs. To combat this, Pinto is considering a project that will see it move into a new product market considered riskier than its current operations. The CEO has asked you to undertake a financial analysis of the proposed project and present your recommendations in a short memo. As part of your financial analysis you will calculate NPV, IRR, payback period, discounted payback period and profitability...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT