Logo en.artbmxmagazine.com

Audit risk management

Anonim

The objective of this chapter is to prepare the theoretical framework of a research on Internal Audit with a Risk approach, which firstly addresses the importance of Internal Audit, continuing with issues related to risk management, where the interrelation of the risk is briefly expressed. risk management with the Internal Audit and finally, arriving at the conclusions derived from the study of the bibliography consulted, and the author's criteria based on the study and analysis carried out in the entity under study for more than three years.

Introduction

The objective of this chapter is to prepare the theoretical framework of the investigation, where the importance of Internal Audit is first addressed, continuing with issues related to risk management, where the interrelation of risk management with Internal Audit is briefly expressed, and finally, finally arriving at the conclusions derived from the study of the bibliography consulted, and the author's criteria based on the study and analysis carried out in the entity under study for more than three years.

1. Internal Audit

1.1. Historical development of the Audit in Cuba

In Cuba, the development of the Audit had its specific characteristics. As the country was a Spanish colony until 1898 and Spain was one of the least capitalist countries in Europe, the Audit did not settle until the 19th century, influencing this in its colonies. That is why it is not until the 20th century, with the North American intervention in the Cuban economy, the introduction of large capitalist companies, mainly in the sugar industry, public services, agriculture, banking and others that a level of complexity is created. that arises the need for qualified accounting technicians and auditors to meet the needs of controlling economic and financial resources.

During the republican or pseudo-republic era, financial audits, which responded to the interests of the North American headquarters and were carried out by independent auditing firms, as well as the practice of fiscal audits and internal audits. In the revolutionary era, it was framed in two stages, the one before 1990, where the audits were mainly aimed at the practice of state financial audits, tax inspections and internal audits, and the second stage from 1990, when approved in the Second Congress of the Communist Party of Cuba, among the fundamental objectives of the five-year period "to exploit to the maximum the possibilities of the Audit and Verification System for the budgeted companies and units."

On August 16, the State Finance Committee issued Resolution # 49 of 82, which was repealed by Resolution # 44 of December 27, 1990, which established the rules that governed the State and private Audit and with the Participation of Cuban firms of independent auditors, tax audits and internal audits, until finally Decree Law # 159, which governs so far, was approved.

1.2. Definition

In the study carried out on Internal Audit, various definitions of various textbook authors are observed, including:

Walter B. Meigs

The audit consists of a thorough investigation of the accounting records and other evidence that supports those financial statements. Through the study and evaluation of the company's internal control system and through the inspection of documents, observation of assets, inside and outside investigations and other audit procedures. (one)

Third Edition Audit

The audit is a systematic process for obtaining and objectively evaluating the evidence related to reports on economic activities and other related events. The purpose of the process is to determine the degree of correspondence of the information content with the evidence that gave rise to it, as well as to determine whether said reports have been prepared observing established principles for the case. (two)

CE COFIS Self-Study Manuals

“A systematic process that consists of obtaining and objectively evaluating evidence on the claims related to acts or accounts of an economic-administrative nature, in order to determine the degree of correspondence between the claims and the established criteria, and then communicate the results to interested people. It is practiced by qualified and independent professionals, in accordance with technical and legal norms and procedures established for this purpose. ” (3)

Audit (Single Volume) CP. Antonio de Miranda Estrada

"It is the branch of accounting science that aims to review, check, examine, study and analyze the accounting books and documents of any type of organization using its own methods and arts, in order to present the facts and economic and financial situations ”. (4)

According to the author, when analyzing the ways of executing the audit, either as a system, in the former and as processes in the latter, we find that “some define as actions all the work carried out in the execution of the audit exercise, and they treat it and describe it as necessary acts to develop it, others consider it as steps, others as stages to be completed, but none determine the complete exercise of this process, which is so laborious for the responsibility of the exercise that is assumed, let's see.

Walter B. Meigs

“The Audit process; Even though the specific audit processes vary from job to job, the fundamental steps underpinning the audit process are essentially the same in almost all jobs. These fundamental steps are ”(1)

1. Review and prepare a written description of the internal control system

2. Test the operation of the internal control system.

3. Evaluate the effectiveness of internal control.

4. Prepare a report for the administration.

5. Complete the audit to carry out tests to verify and justify.

6. Issue the opinion.

And it also says; “That the sequence of these steps provides a logical framework for the audit process. Auditors do not, however, need to complete each of these tasks before moving on to the next; Several stages of the process can be undertaken at the same time. Of course, the audit opinion cannot be issued until all audit work is completed. (one)

Third Edition Audit

While auditing standards are the guidelines for controlling the quality of the examination and the quality of the report, the audit procedures describe the set of techniques applied to perform the audit. The auditing standards are clearly established and no deviation from them is allowed. In contrast to this, audit procedures have to be tailored specifically, in accordance with the professional judgment of the auditors. (two)

CE COFIS Self-Study Manuals Volume I

In summary, the stages of the audit are the steps of the process that define its conception and in its logical development and interrelation, guarantee the fulfillment of the proposed objectives. (3)

1. Stages of the audit

2. Planning

3. Supervision and Monitoring

4. Legal provisions and other regulations

5. Management controls

6. Evidence

7. Analysis of the Financial Statements

Audit (Single Volume) CP Antonio de Miranda Estrada

Steps that comprise an audit. (4)

1. Issuance of the Work Order

2. Discussion of the Work Order and the Adopted Program

3. Review of the permanent information file, if applicable.

4. Perform the Audit.

5. Preparation of the statements, annexes and draft of the Report.

6. Signing and sending the corresponding levels.

7. Definitive file of the Reports and working papers.

It is the opinion of the author of this research that in order to carry out this process, which is defined by most of the authors, it must be taken into account that every process carried out implies a systemic and stepped development, guaranteed with quality, efficiency, efficiency and economy, because if it is taken into account, that the Audit is a process, dedicated to executing services, to add values ​​consequently from the development of different tasks and activities, these must be systematically carried out in a value chain and gradually be executed through threads that identify the logical continuity of the audit process, to finally provide the expected quality of service.

When carrying out the study of professional practice, it is necessary to guarantee the successful fulfillment of each one of the subprocesses, affirmation based on the study and analysis carried out in the entity under study for more than three years, violating the subprocess considerably affects successful compliance of the audit service and therefore the quality of the service expected. It is necessary to maintain the performance of the function based on the Value Chain, which is presented as follows:

  • Preliminary exploration, Planning, Execution, Report, Preparation of the File, Supervision and Evaluation of the professionals.

The link in the chain of execution of audits is the application of what corresponds to each sub-process of the service that is provided or executed, in order to guarantee efficient verification to the entity in question and provide the resulting information with the required quality. on the result of the checks carried out.

Internal Audit in Cuba is defined according to Decree Law 159 On Auditing as: “The control that is developed as an instrument of the administration itself and consists of an independent assessment of its activities, which includes the examination of the Internal Control systems, accounting and financial operations and the application of the corresponding administrative and legal provisions in order to improve the control and degree of economy, efficiency and effectiveness in the use of resources, prevent the improper use of these and contribute to strengthening of the discipline in general (5)

In Cuba, new demands to strengthen processes, operations and activities within companies have made a significant change in Internal Audit and its role within the organization, to such a point that in November 2004 the Ministry of Audit and Control (MAC) issues a new Resolution establishing specific rules for Internal Audit. Considerations that make us reflect and recognize that this activity in our country is being treated with a modern approach and adapted to current requirements are added to the aforementioned definition of Decree Law 159 On Auditing.

The Audit is defined as: “a systematic process, practiced by the auditors in accordance with established standards and technical procedures, consisting of obtaining and objectively evaluating the evidence on the claims contained in legal acts or events of a technical, economic, administrative and others, in order to determine the degree of correspondence between these statements, the current legal provisions and the established criteria. ”(6)

Internal Audit is one that is practiced as an instrument of the administration itself in charge of the independent assessment of its activities.

Therefore, Internal Audit must function as an activity designed to add value and improve the operations of an organization, as well as contributing to the fulfillment of its objectives and goals; providing a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, control and direction processes.

As it has been possible to appreciate the considerations that are added to the conception of Internal Audit in Cuba they go one step further by describing it not only as an independent but also an objective function. It is about dispelling the old image of the auditor as a judge when affirming that it is an activity not of inspection, but rather of consulting, it is conceived that the activity adds value since all activity that the company carries out must be aimed at adding value Lastly, it is a real success to include in the new definition an approach to evaluate and improve the effectiveness of the control, risk management and governance processes, since Internal Audit must be more integrated into these processes in order to help the company to meet its objectives and take on new challenges.

It is insisted that, regardless of the supervision exercised by the internal auditor on the fulfillment of the responsibilities delegated by management to its executives, and the constant verification of compliance with the internal control systems in force, it is part of his responsibility to Obtaining sufficient and competent evidence that allows him to rule on the accuracy of the economic and financial situation presented by the entity and whose results show the financial statements that are periodically issued.

It is considered that an internal auditor can become the eyes and ears of the management of the company, taking into account, not only his qualification and moral ethics, but because he is an officer who over time manages to obtain a high command of all and each of its functions of the entity where it works, allowing it to become an advisor to or of business management executives.

Fernández (1993) defines Internal Audit as:(..) ”The eyes of the company's management, projected on all its dependencies and organizations, to permanently capture and inform it, of its situation and of possible problems that may exist. ” (7)

As it has been possible to appreciate the considerations that are added to the conception of Internal Audit in Cuba they go one step further by describing it not only as an independent but also an objective function. It is about dispelling the old image of the auditor as a judge when affirming that it is an activity not of inspection, but rather of consulting, it is conceived that the activity adds value since all activity that the company carries out must be aimed at adding value Lastly, it is a real success to include in the new definition an approach to evaluate and improve the effectiveness of the control, risk management and governance processes, since Internal Audit must be more integrated into these processes in order to help the company to meet its objectives and take on new challenges.

The prominent Canadian specialist in public sector control Radburn (2002), on the First Day of Internal Control expressed: “The important thing is that Internal Audit should act as a flashlight to protect and guide managers through the evaluation of controls and activities and the recommendation of improvements ”. (8)

Taking into account the evolution that the Internal Audit that has been experienced in Cuba includes in the Resolution 100/04 of the MAC new objectives that expand the framework of the internal auditor towards other areas of importance for the company.

The practice of Internal Audit is a profession supported by different organizations in the international arena. Among the most recognized by the profession are: the International Institute of Internal Auditors, and the Institute of Internal Auditors of Spain.

Virginia Pérez, considers “that one of the aspects that has raised the most voices in these institutions has been related to the norms and guidelines that must be followed in this type of audit, since these norms are the criteria by which it is evaluated and judged the effectiveness of an Internal Audit department and try to indicate how Internal Audit should be practiced in any type of organization ”. (9)

It is the author's criteria that specific tasks can be exposed and related, without a doubt these will always depend on the ordered Audit and the Program that the auditor must apply.

The use of audit programs by the auditor, facilitates the performance of the work in an orderly manner, serves as a guide to avoid incurring omissions or repetitions of procedures, allows better supervision as well as saving the auditor time in his work.

These are made up of the sum of all the audit procedures applied within the process of obtaining evidence, generally they are designed within the first stage of audit planning, it is based on three essential factors:

  • Risk assessment: The risk inherent in the work and that of committing human error. Materiality: audit programs must be prepared for each area or topic. Control: The necessary tools must be applied to avoid any type of deviation or failure.

The internal auditors must be zealous in the elaboration of the Programs, the characteristics of their work perhaps allow the reiteration of Themes in different units of the organization itself.

Where would be the problem?

The repetition in the application manages to specialize the auditor, but must always assume that the conditions cannot be the same, for which the observation and study of the new entity require special care, that although in equal lines of work the administration characteristics, custody and conditions will always be different, and you must try to ensure that your service is performed with quality; It is a new client, a service that although the same Theme works, will have a different organization, conceived and designed by another administration.

In Cuba, the Ministry of Audit and Control defines the functions and tasks of internal auditors, through Resolution No. 100/2004.

1.3. Internal Auditor Ethics

Internal auditors must know that in their performance they have an obligation to abide by the code of professional ethics that for the purpose of the profession is dictated by society.

Experience has shown that adherence to the highest standards that can be established is not in itself sufficient. Cashin, Neuwert and Levy, since 1985, considered that the public should associate the auditor's image with that of “higher than normal morale,” for that reason the auditor should never allow his personal interests to conflict with those of On the other hand, its clients, the auditor should not carry out immoral or illegal acts that could damage the prestige of the profession. (10)

General ethics includes the norms by which an individual decides his conduct. In general, the demands imposed by society, the moral duties and the effects of the actions themselves are considered.

The International Institute of Internal Auditors in its Code of Ethics states “It is necessary and appropriate to have a Code of Ethics for the profession of internal audit, since this is based on the trust that is given to its objective assurance on risk management, control and government ”(11).

Organizations dedicated to Auditing must have a Code of Ethics. Auditor ethics is a special case of general ethics, as a professional, the person receives specific guidelines of conduct that describe the standards of behavior expected to be observed by internal auditors, as well as the principles that are relevant to the profession and internal audit practice. The auditor's ethics are based on the generally accepted fundamental principles, which are the following:

  • Integrity, Objectivity, Confidentiality, Professional Competence, Professionalism, Independence, Observance of regulatory provisions, and Professional Training.

Knowledge and compliance with the code of ethics by the internal auditor is fundamental and represents much more than a statement of responsibility; it constitutes a working tool. Through its compliance, the auditor declares to the public that his profession is interested in protecting his interests and benefiting society, since trust is required in this profession not only in the auditor's technical ability but also in its integrity. The work of the internal auditor will have no value if the members of the organization to which it belongs, do not have faith in their reports and do not hesitate to accept them.

1.4. Quality in Audit

Cuba has not been oblivious to all the transformations that have taken place in the business field worldwide, but developing its own economic model and its strategies, without taking into account the recipes of the current world that travel from one part to the other to underdeveloped countries and of economy absolutely dependent on the developed ones.

Auditing is an important part of management control. When an evaluation of the results of this is required, the work of the auditors can be used to provide reasonable assurance that management controls are functioning properly.

Quality is essential in the development phase of an audit system, since it offers reasonable assurance that the audit service maintains the capacity to carry out its functions efficiently and effectively, and thus achieve a high level of credibility and confidence in the face of management, auditors and society. Another important aspect to question in audits is that it is perceived as an entity dedicated only to inspection (and sometimes even with a police perspective), and not to advice with the aim of protecting and improving the operation of the organization. It is necessary to conform a new vision of audits with a systemic approach, in order to locate it as a component of said system, in charge of protecting the proper functioning of the internal control system (subsystem at company level),but also to safeguard the proper functioning of the company for the purposes of its survival and achievement of the proposed goals.

In the new vision of auditing, it must be integrated into Total Quality Management, making full use of the different instruments and management tools in order to achieve higher levels in the provision of its services.

It is the author's opinion that at the present time it is necessary to streamline the work of the audits, making the quality standard play an important role; the work should be aimed at determining whether:

  • The audit organization supervises; Generally Accepted Auditing Standards are met; the reports are made with quality and documents that support it also have this quality; The quality of the audit service must be subject to rigorous and systematic control and whether the auditors are evaluated at the end of each audit.

Therefore, the quality review in each Supervision is imposed, either by the Group Leader or by the Supervisor, without this being limited only to these, in a certain way it can be carried out by the Auditor, it would be very feasible to achieve improvements in your work, and why not in your personal evaluation. The Audit Departments, the Supervisor, the Group Leader and the acting Auditor would then be responsible.

In the Economic Resolution of the Fifth Congress of the Communist Party it is stated: management and do not rely solely on external checks… "(12)

A palpable example of this is the implementation of Resolution 297 (2003) of the Ministry of Finance and Prices (MFP), in which Internal Control is defined as: “the process integrated to the operations carried out by the management and the rest of the personnel of an entity to provide reasonable assurance of the achievement of the following objectives: (13)

  • Reliability of information, Efficiency and effectiveness of operations, Compliance with laws, regulations and established policies, Control of resources of all kinds, available to the entity. ”

The Internal Control system, established in the entity, must be studied and evaluated at the beginning of any audit or special audit study by the internal auditor, with the aim of verifying its compliance, validity and sufficiency as well as to determine the nature, extent and Timeliness of the tests to which the audit procedures must be specified. The results will provide the auditor with the basis for making recommendations, for correcting deviations, or for making improvements to insufficient controls.

The auditor must ensure that the internal control design is the control measure created by the organization to achieve its adequacy and the reasonableness of the operations that are recorded to account for the corresponding accounting year and that once users have completed a period established Both external and internal wait to analyze the performance of business operations.

The auditor must carry out a detailed exploration of the Organization subject to Audit, knowledge of the entity's operations will depend on it, this will minimize the risk that in its review it does not detect deficiencies in the Internal Control System.

According to Dr. Carmona (2003), “(…) the organization's risk map is actually drawn up, so that if the control procedures are not complied with in those areas of greater risk, the danger to the organization of that the objectives are not reached or that important errors occur. Therefore knowing these risks is important for the auditor and especially for management. It alerts them: it is not that the company does not work with risks, but that they must be managed. ” (14)

The internal auditor must have full command of the activities carried out by the entity object of the audit service and clearly know the tasks of the audit, the functions of his position, and of course the risks that he must presumably assume and in which he must work to minimize or avoid them, in order to reduce the impact they may have.

2. Risk Management in Auditing

The profound changes that occur today, their complexity and the speed with which they occur, are the roots of the uncertainty and risk that organizations face. Mergers, global competition and technological advances, deregulations, and new regulations, increased demand from consumers and inhabitants, the social and environmental responsibility of organizations as well as, transparency create an operating environment, each day more risky and complicated, in addition new challenges to deal with arise as a result of the problems that arise in organizations that operate outside the law or ethical conduct.

Risk management in a broad framework implies that strategies, processes, people, technology and knowledge are aligned to handle all the uncertainty that an organization faces.

On the other hand, risks and opportunities always go hand in hand, and the key is to determine the potential benefits of these on the risks.

It is important in every organization to have a tool that guarantees the correct evaluation of the risks to which the processes and activities of an entity are subject and through control procedures, its performance can be evaluated.

All organizations are exposed to it regardless of their nature, size, and business name.

Internal Audit as an activity designed to add value and improve the operations of an organization, must contribute to the fulfillment of its objectives and goals; providing a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, control and direction processes.

The Audit services include the objective evaluation of the evidence, carried out by the auditors, to provide an independent conclusion that allows us to qualify compliance with the policies, regulations, rules, legal provisions or other legal requirements; regarding a system, process, thread, activity, task or other matter of the organization to which they belong.

Unlike some authors, who define the execution of audits by stages, it is the author's criteria, that it is an activity dedicated to providing services to add values ​​consequently depending on the efficiency and effectiveness in the development of different tasks. and activities which must be systematically carried out in a chain of values ​​that gradually must be taken into account through sub-processes that identify the logical continuity of the process, to finally provide the expected quality of service.

Seeing the need in the business environment for this type of tools and taking into account that, one of the main causes of problems within threads is the inadequate forecasting of risks, it is therefore necessary to study the Risks that may appear in each thread. Audit, this will serve as a support to prevent their proper performance.

In this sense, it is necessary to take into account the following:

  • The evaluation of the risks inherent in the different sub-processes of the Audit. The evaluation of the threats or causes of the risks. The controls used to minimize the threats or risks. The evaluation of the elements of the risk analysis.

Generally speaking of Risk and Risk concepts in the evolution of Internal Control Systems. However, the Risks are present in any system or process that is executed, whether in production or service processes, in financial and market operations, for this reason it can be stated that the Audit is not exempt from this concept.

Various authors write on the subject, and only go as far as the audit process in their affirmation, they do not describe the process.

Risks in the Audit process should be managed down to the sub-process level, or as it is commonly called, to its stages or actions. The auditor has to carry out tasks or verifications, in which risks are assumed that these are not carried out in the proper way, of course, these Risks cannot be defined in the same way that risks are defined for Internal control. The auditor's criteria in relation to the extent and intensity of the tests, both compliance and substantive, are associated with the risk that significant errors or deviations remain undetected in the company's accounting and not those that do not arrive. to be detected by the auditor in his sampling tests. Risk tends to be minimized when the effectiveness of the applied audit procedures increases.

The risk of orderly work is the risk that the auditor expresses an inappropriate conclusion.

The auditor then plans and performs the work in such a way as to reduce to an acceptable level the risk of expressing an inappropriate conclusion. In general, these risks can be represented by the components associated with the audit;

Inherent risk - the risks associated with the nature of the topic; Control risk - the risk that controls on the subject do not exist or operate ineffectively; and, Detection risk - the risk that the auditor's procedures do not detect the important aspects that may affect the topic.

Risk is a real-world condition in which there is an exposure to adversity, made up of a combination of environmental circumstances, where there is a possibility of loss.

The author appreciates that the bibliographies consulted contain different Risk criteria, but none of them studies, much less delves into the subject of Risks assumed by the different tasks to be carried out in the Audit process, an aspect of vital importance to guarantee the quality of it.

It also observes from the case studies analyzed, that when the specific tasks and activities of the Audit process are not known, the final results do not correspond to those expected by those who order the Audit, having as a cause, the lack of foresight of the tasks to be carried out in the Audit process and, of course, the measures to avoid committing errors and failures that put at risk the systemic and staggered compliance of this process.

It also considers that risks from any Audit sub-process, without a doubt, deteriorate the quality of its service, since it is usual for Units dedicated to the audit service, much less those destined for Internal Audit services, to work towards diagnose and evaluate the possible risks in the execution of the different threads that intervene in an Audit service.

It confirms that it is not possible to diagnose risks from a table, since this cannot be schematic, much less be a formula to substitute. A study must be carried out in each organization and the strategy of the chain of values ​​of the latter must be drawn up and the type of service to be performed. For this, it would be necessary to know how the value chain is working in that organization, since it is essential to maintain the achievement of the tasks and fulfill and enforce the maintenance of the logistical flow of the Audit sub-processes, since one depends on the other.

In order to carry out this process, which is defined by most of the authors, it must be taken into account that every process carried out implies a systemic and gradual development, guaranteed with quality, efficiency, effectiveness and economy.

And it defines that “Auditing is a process, dedicated to executing services, to add values ​​consequently from the development of different tasks and activities, these must be systematically carried out in a value chain and gradually be executed through sub-processes that identify the logical continuity of the process audit, to finally provide the quality of the expected service ”.

When carrying out the study of professional practice, it is necessary to guarantee the successful fulfillment of each one of the sub-processes, the author's affirmation, based on the study and analysis carried out in the entity under study for more than three years, violating a sub-process affects considerably the successful fulfillment of the audit service and therefore the quality of the service expected.

It is necessary to maintain the performance of the function based on the Value Chain of the Audit process, which is guaranteed with the execution of the following threads:

1. Preliminary exploration

2. Planning

3. Execution

4. Report

5. Preparation of the File

6. Supervision

7. Evaluation of the professionals

Below is a diagram to demonstrate the interrelation of the different internal audit sub-processes, following the organization model based on the value chain of the audit process to be carried out by the internal auditors.

SHAPE \ * MERGEFORMAT

Illustration No. 2. Source of Own Preparation

The link in the chain of execution of audits is the application of what corresponds to each sub-process of the service that is provided or executed, in order to guarantee efficient verification to the entity in question and provide the resulting information with the required quality. on the result of the checks carried out.

Supervision of audits is essential in the process of prevention and control of the tasks and activities to be carried out during the execution of the audits and the risk factors therein; It is a vital tool in the effective fulfillment of each thread and the fulfillment of the specific programs of application to guarantee the due control and location of the resources of the system in question and in the evaluation of the efficiency of the prevention and control programs.

Thus it becomes an important element of the evaluation function, especially in measuring impact and is essential for the development of appropriate policies.

This thread is the only one that does not have a defined moment for its execution, since it can be carried out: at the beginning, in the execution or at the end of the Audit, and if necessary in all and during any thread, considering that the logical continuity of each of the threads, since one depends on the other, and without a doubt, it is not advisable to violate the execution time of subsequent ones, since finally the risks of making mistakes would be more costly.

Risk identification is the process of determining what can happen, why and how to define and record in detail the failures or causes in which the risks are located. Failures are defined as the probability of non-compliance with the functions, events, or situations that may contribute to the achievement of the goals designed in the execution of the audit process, and it is proposed that this investigation be done by each sub-process of the Audit, this allows for quick and timely observation.

Then, we would have to manage the risks in the Value Chain of the Audit process, for which it is necessary to consider compliance with the following actions.

Illustration No. 3. Source of own elaboration.

Furthermore, the author specifies that to manage audit risks, the work objectives of the Audit Organization must be defined, to achieve the preparation of Audit Execution Plans by the personnel designated for it. From the knowledge of the objectives, the activities are planned, which could be for an audit unit, "Types of Audit to be carried out" creating a Control environment to carry out this process.

Based on the knowledge of the activities, the Tasks for the process must be defined, which must be determined by each Audit sub-process.

By determining the tasks for each sub-process, the risks are identified and, of course, they would be located for better management in each sub-process, allowing effective surveillance for the auditor and the acting supervisors.

Risks must be evaluated taking into account the evaluation criteria set out above and exposed periodically.

To achieve improvements in the quality of the Internal Audit process, it is necessary to develop a risk management strategy, since the actions of the execution of the audits cannot depend on the will and knowledge of the exercise by the auditor, this would affect the quality of their execution and therefore the impossibility of managing the risks of the tasks to be performed. This reason forces the design of an Organization Model where verification, analysis and evaluation procedures are defined, which will make it possible to standardize the work of professionals and therefore a more accurate measurement of the final result in the execution of audits.

It is necessary to maintain a cycle of Supervision and Monitoring in the execution of the audits, which can be at the beginning, during and at the end, and as stated above, "and if necessary in all and during any subprocess". The results of these supervisions must be reported and controlled, and this will allow:

  • Exercise an assessment by managers on the degree of compliance with the policies outlined Behavior to reduce risks and detect the presence of possible risks Knowledge of new events that jeopardize compliance with planned tasks

And finally, the success of compliance with the risk management cycle will depend on the achievement of continuous improvements in the exercise of the audit process.

Then the cycle would be represented as follows:

Illustration No. 4. Source of own elaboration

It is also the author's criterion that the monitoring of the identified risks requires adequate control by the personnel designated for it, which must leave documentary evidence of the supervision carried out, and in which, without being schematic, consider at least the following aspects:

  • Objectives to be met in supervision The risk to be controlled Actions that must be taken to minimize or reduce the risk, and which the supervised person must focus on.

For this, a Standard is suggested, which if necessary can obtain more information.

Objectives

Risks

Points where to focus the actions

It is advisable to prepare an Action Plan on the points in which the person in charge of the supervised area should work.

Risk Measurement and Assessment

The author observes that, when conceiving the possible Risks in the execution of the different Audit sub-processes of an internal or external organization, their evaluation should be carried out, in order to know the Impact, and the treatment it requires, as well as the Probability of Occurrence. This would give us the possibility of knowing in advance the valuation and devising plans that contribute to the reduction of losses, which in audit techniques, would be the extension of unnecessary tests, and the expense of additional time invested, which would imply the requirement of differentiated treatments, and of course financial losses.

If the necessary measures are taken to reduce the occurrence, one would be talking about reducing losses in the Audit. This chapter addresses the need to assess accounting control risks, which will help the auditor make proper planning.

It would then be necessary to design or implement an internal procedure that minimizes the financial impact that may occur, which could be excessive expenses for: food, lodging, salaries, transportation, office supplies, communication, and others.

In the following Chapter, the Internal Audit organization model with a risk approach is designed, which will enable the reader to better understand the Topic and, of course, acquire skills in risk management in the audit process.

Bibliographic references

1) (Walter B. Meigs. Principles of Auditing / Volume I. Available Library of the MONTH. January 1977.

2) Collective of Authors. Audit. (Third edition). Available Library of the José Martí University Center. Sancti Spíritus. Reg. 783

3) Collective of Authors. Self-study manuals. Diploma in General Auditing. Volume I.

4) CP. Antonio de Miranda Estrada. Audit Professor. IEUH. 1974.

5) Ministry of Finance and Prices. Decree Law 159 On Auditing. Cuba. 1995.

6) Ministry of Audit and Control. Resolution 100. Internal Auditing Standards. Cuba. 2004.

7) Fernández Milián, E. Business Audit. Institute of Accounting and Accounts Auditing. 2nd. Edition. P-197. Madrid. 1993.

8) Radbun. FW. Building Environment to improve Management. Control in the public sector. First Day of Internal Control. Available in:. 2002. (Consulted January 2005).

9) Virginia Pérez. Internal audit in Spain a conceptual approach. Sevilla University. Available at: (Consulted in February 2005).

10) Cashin, JA; Neuwert, PD and Levy JF Encyclopedia of the Audit. Barcelona: Grupo Editorial Océano, 350 p. 1985.

11) International Institute of Internal Auditors. Code of ethics. The IIA Board of Directors. 2000.

12) Communist Party of Cuba. Economic Resolution of the V Congress of the Communist Party of Cuba. Granma Newspaper.. Tabloid, 4 p. Havana. Cuba. 1997

13) Ministry of Finance and Prices. Resolution No. 297 ”Implementation of internal control systems. Annex: Definition of Internal Control. Components content, standards. Cuba. 2004.

14) Carmona, Mayra. The role of auditing in processes of continuous management improvement. Audit and Control Magazine. Number 8. Havana. Cuba. 2003.

Bibliography consulted

  • Carmona, Mayra. 2003. The role of auditing in continuous management improvement processes. Audit and Control Magazine (Havana) Number 8 April 2003, 21p.Cook, JW; Winkle GM 1994. Audit. Mexico: Latin American Printer and Publisher. 3rd Edition, 20 p. Collective of authors. CECOFIS. Diploma in General Auditing. Self-study manual. Volume 1 and 2 of the 2001 Cuba. Ministry of Audit and Control. 2003. Resolution No. 40. Procedure for the preparation, control and information of the annual audit plan. Cuba. Ministry of Audit and Control. 2004. Resolution No. 100. Internal Auditing Standards. Annex I. Regulations on the activity of Internal Audit. Annex II.Cuba. Ministry of Audit and Control. 2004. Resolution No. 102. Methodology for the evaluation and qualification of audits. Annex I. Cuba.Ministry of Finance and Prices. 2003. Resolution No. 297. Annex: Definition of Internal Control, Content of the components, standards. Cuba. Ministry of Finance and Prices. 1995. Decree Law 159 On Auditing. Cuba. Communist Party. Economic Resolution of the V Congress of the Communist Party of Cuba. 1997. Granma Newspaper, Havana, November 7, Tabloid, 4 p. Evans, James R. and Lindsay, William M. Administration and Quality Control. International Thomson Editores. México, 2000Fernández Millán, W. 1993. Business Audit. Madrid: Accounting and Accounts Auditing Institute. 2nd. Edition, p-197. Gómez Avilés, Bismayda. Quality management. Concepts, terminology and approaches. Cuba, 2002González, GI 2002. Summary of the First Day of Internal Control. Internal Control as a profession: Methods and disciplines.Available at: http://ocu.ucr.ac.cr/boletin2-2002-artiulo6.htm (Consulted: March 2005) Hamilton Alexander Institute, Key to the financial and operational improvement of Internal Audit: USA, 1982. Hevia, E 1999. Modern Concept of Internal Audit. Double Part Magazine. Spain: Number 139.Iturriaga, JA 2003. A spy in companies. The Internal Audit Department has become one of the best guarantees of transparency. Available in:. (Consultation: In Mexico December 2004) León, LM 2003a. Internal audit. A systemic approach and continuous improvement. Gestiopolis.com. Available at: http://wwwgestiopolis.com/recursos/documentos/fulldocs/ger1/auditerlefco.htm (Consultation: In Mexico December 2004).Manual for the exercise of Internal Audit in the entities and bodies subject to the supervision of the Office of the Comptroller General of the Republic of Costa Rica. 1989. Available at: http://support.casals.com (Consulted February 2005). Internal Audit Manual. 2003. Republic of El Salvador. Internal Audit Department. Available at: http://www.cortedecuentas.gob.sv/newpage.htm, (effective May 2005) Auditor's Manual. 2001. Havana: Ministry of Audit and Control. unpaged.Meings, WB 1977. Principles of Auditing. Volume I. Sixth edition, Padilla, ZJ 2002. The responsibility of control. Costa Rica university. Comptroller. Bulletin 2. Article 6. Available at: http://ocu.ucr.ac/boletin2-2002-articulo6.htm (Consultation: May 2005). Quiroc, MC 2003. Risk management and Internal Audit. Costa Rica university.University Comptroller. Bulletin 1-2003. Article 9. Available at: http://ucu.ucr.ac.cr/boletin1-2003.article9.htmQuiroc, MC Risk Management and Internal Audit. Costa Rica university. University Comptroller. 2003. Bulletin 1-2003. Article 9. Available at:: http://ucu.ucr.ac.cr/boletin1-2003.article9.htm (Consulted: February 2005). Reyes, PA 1992. Modern Administration. Editorial Limusa. Mexico. p-25.Rosés, F. 2000. The risk map allows you to see the threats that the company has. Available at: (Consultation: October 22, 2004) Siguenza, JM 1995. Audit and Annual Accounts Manual. Study Center. Madrid. Editorial Ramón Areces, 2nd edition, p -269.Slosse, CA; Gordiez, JC; Giordano Silvia et al. 1999. Audit a new business approach. Buenos Aires. MACHI editions. 2nd edition. p- 41, 105.Valderrama, J. 1997.Institute of Sworn Censors of Accounts Auditors of Spain. Auditing Standards. Madrid: 4th edition, 217 p.Valero, Belkis., Aguiar, Nancy. 2002. Proposal to improve compliance with the observations and recommendations established in the Internal Audit reports at the Andes Trujillo Corporation. Diploma work (in option to the Title of Graduate in Public Accounting). Venezuela. Available at: http: // www gestiopolis.com/recursos/documentos/fulldocs/fini/auditnancy.htm (Consultation: 1 December 2004). Villareal P. 1987. III meeting of the Institute of Internal Auditors of Mexico. Conference "Assessment of risk exposure." Productivity: Management commitment. Magazine of the Mexican Institute of Internal Auditors June 1988. Zayas, E. 1990. The process of Decisions and Problem Solving. Series: Management Issues.No. 004.ISTH. Holguin.
Audit risk management
Administration

Editor's choice

Features of radical innovation

Features of radical innovation

Characteristics of the best companies to work mept

Characteristics of the best companies to work mept

Characteristics of probability and non-probability samples

Characteristics of probability and non-probability samples

Features of one to one or one to one marketing

Features of one to one or one to one marketing

Roots and beacons of the leader's light

Roots and beacons of the leader's light

Characteristics of the microentrepreneur

Characteristics of the microentrepreneur

© Copyright en.artbmxmagazine.com, 2024 October | About site | Contacts | Privacy policy.