The work entitled "Audit Procedure from the identification of risks in the processes" aims to present a work methodology that allows determining which are the risks that limit the quality of the processes of the internal audit activity in the Ministry of the Iron and Steel Industry, allowing their adequate management from the improvement of the planning and execution of control actions according to the standards established in the country.
Using as general methods the analysis and synthesis, as well as the induction and deduction for the use and interpretation of the resolutions, standards and procedures established for the internal audit, the main concepts of the interrelation between the internal audit and the internal audits are explained and developed. risks associated with this, taking into account the stages of control actions, as well as the limitations and scope of the proposed methodology. Then the conclusions are presented with the assessment of the effectiveness of the proposed methodology, the importance, feasibility, and viability of its application and updating.
Summary
The work titled “Procedure of Audit starting from the identification of risks in the processes» has as objective to present a work methodology that allows to determine which they are the risks that limit the quality of the processes of the activity of internal audit in the Ministry of the Sidero-mechanics and recycle Industry, allowing the appropriate administration of the same ones starting from the improvement of the planning and execution of actions of in agreement control to the norms settled down in the country.
Using as general methods the analysis and synthesis, as well as the induction and deduction for the use and interpretation of the resolutions, norms and established procedures for the internal audit, are explained and they develop the main concepts of the existent interrelation between the internal auditing and the risks associated to this keeping in mind the stages of the control actions, as well as the limitations and reach of the proposed methodology. Then the conclusions are presented with the valuation of the effectiveness of the proposed methodology, the importance, feasibility, and viability of their application and upgrade.
Introduction
The new requirements to strengthen the internal audit process within companies have generated a significant change in management and expectations about its operation and its role within the organization.
The internal audit activity has come to occupy an important place in the modern company. Current demands, economic and social evolution, and the introduction of new methods of administration and management of companies, have favored the management to feel the need to find an objective element that provides them with more information.
At present, the functions of the internal audit are required in a clear sense of complement and support to the management work, so that they contribute, more and more, to the fulfillment of the objectives and goals foreseen in the organization, to the point of not conceiving an organization that intends to advance with firm steps towards success, without the activity of well-organized internal audit.
The new image of internal auditing requires that all members of the organization see it as an activity created to add value, improve the operations of the organization and not as a negative and supervisory instrument.
In this way, the Internal Audit Units constitute a direct advisory body, capable of providing timely and relevant knowledge of the checks carried out to the professionals that comprise it, with a view to supporting the execution process of the the same, hence the knowledge of the risks related to the activity carried out is of vital importance for the achievement of quality in the exercise.
Problem formulation
There is no specific procedure that guarantees improvements in the quality of the execution of control actions carried out by the audit system belonging to the Ministry of the Sidero-Mechanical Industry, which allows efficient risk management.
General objective:
Propose a work methodology that allows determining which are the risks that limit the quality of the processes of the internal audit activity in the Ministry of the Sidero-Mechanical Industry, allowing their adequate management from the improvement of planning and execution of control actions according to the standards established in the country.
Specific objectives:
1. Prepare the theoretical framework for the study derived from the consultation of updated national and international literature on the subject under investigation.
2. Prepare the strategy of the audit process and propose the methodology that allows identifying the risks related to the activity in all its processes.
Research questions
1. What are the main advantages of improving the planning and execution of audits based on the proper identification of risks?
2. Are the risks identified?
3. To what extent are the procedures derived from current legislation applied to measure the impact of decisions in relation to the quality of the service provided?
4. Is the risk-quality ratio considered for the development of the actions?
Work hypothesis
Taking into account the revised theoretical criteria and the practical experiences obtained, the following work hypothesis was formulated:
If a methodology is obtained that allows the efficient identification of risks, then there will be a better analysis in the execution of control actions, depth and relevance of the processes, contributing to the improvement of the quality of the audit work.
Development
1. Risks. Your Relationship with the Internal Audit.
The development of any activity is subject to risks, the audit is not exempt from them, since from the objective evaluation of the evidence, to provide an independent conclusion that allows qualifying compliance with the policies, regulations, standards, legal provisions or other requirements. legal, regarding a system, process, sub-process, activity, task or other matter of the organization to which they belong, it depends on the adequate supervision carried out by the designated personnel in each of the stages and sub-processes with this account, of this the quality of the execution will ultimately depend.
In the Economic Resolution of the Fifth Congress of the Communist Party, it is stated: (…) “an indispensable condition in this entire process of transformation of the business system will be the implementation of strong financial restrictions that make the control of the efficient use of resources internal to the management mechanism and do not rely solely on external checks "
Evidence of this is the new approach used by the Office of the Comptroller General of the Republic where it defines internal control as "the process integrated into operations with a focus on continuous improvement, extended to all activities inherent to management, carried out by management and the rest of the staff; It is implemented through an integrated system of rules and procedures, which help to anticipate and limit internal and external risks, provide reasonable security for the achievement of institutional objectives and adequate accountability ”.
Definitions of risk, its relationship with uncertainty
Gabriel Capote stated, "The implementation in an entity or organization of an Internal Control or internal verification system, as it is also known, will limit the commission of fraud and appropriations and would specify the powers of certain executives and managers, allowing to avoid and detect arbitrariness, improper decisions, incompetence and other more serious acts. "
Mayra Carmona, considers that: “Specifying the risks for each operational cycle and fundamental area, taking into account their characteristics, allows the auditor to make decisions and establish their strategy in the audit process for the evaluation of Internal Control.
On the other hand, in 2008, the defunct Ministry of Audit and Control establishes: "Any evaluation and qualification system, in particular the audit, requires a risk analysis…". The evaluation of Internal Control must be carried out according to a list of predetermined aspects, classified as very important, in accordance with the principles, procedures and methods of Internal Control, defining to what extent non-compliance with any of them affects the results obtained in the entity.
The word risk conveys an impression of insecurity and uncertainty, since there is the possibility that the result or consequence of a scenario at a given moment is favorable or not.
Uncertainty lies in the impossibility of predicting or forecasting the outcome of a situation at a certain time, for its part, risk is synonymous with uncertainty, both are characterized by the difficulty of being able to predict what will happen.
It is clear, then, the close relationship that exists between risk and uncertainty since it is closely linked to each other and therefore it is to understand the impossibility of eliminating it. In this way, it is determined that the only way to deal with it is by managing it, distinguishing the sources from which it comes, measuring the degree of exposure assumed and choosing the best available strategies to control it, but how to identify it and relate it to the internal audit.
1.1.1 Risk Management. Importance for the internal audit.
Risk identification is the process that allows determining what can happen, why and how to define and record, in details, the failures or causes that are located in the execution of each of the tasks designed to guarantee the execution of an action. Therefore, the risk in the audit process is defined as "the probability of non-compliance of the functions, events or situations in the work of the internal auditors, which may contribute to the failure to achieve the goals designed in carrying out the process", and it is proposed in this research to make the evaluation for each sub-process of the audit, which allows a quick and timely detection, and preventive action to anticipate its occurrence.
The issue of risk management is today a concern of senior business management, gaining popularity and becoming an essential tool for decision making. Risk management has come to occupy an important place in the modern company, contributing, more and more, to the fulfillment of the objectives and goals set in the organization. To be successful, any entity must have well-organized risk management.
Juan López García states: Risk management is the discipline that combines the financial, human, material, and technical resources of the company to identify and evaluate potential risks and decide how to manage them with an optimal cost-benefit combination.
Risk management in a broad framework implies that strategies, processes, people, technologies and knowledge are aligned to handle all the uncertainty that an organization faces.
Internal auditors must evaluate the quantity and quality of risk exposures related to the administration, custody and protection of the organization's available resources, operations and information systems, taking into account the need to guarantee objectives at a reasonable level.
The author considers that risk management is necessary to guarantee the successful fulfillment of each one of the audit processes; it also ensures that its quality depends on the adequate identification of the risks that may exist when deviating the logical sequence of each of the processes that comprise it.
The auditor performs tasks in which risks of non-execution are assumed, fundamentally related to the extent and intensity of the tests, both compliance and substantive, associated with the risk that significant errors or deviations remain undetected in the review. it is done, due to poor planning.
The risk, of course, tends to be minimized when the effectiveness of the procedures applied and the supervisions carried out increases. To manage audit risks, a study based on activities and tasks for each stage must be started; and based on this, identify possible risks and measure their impact in the year, which will allow for quality improvements.
The need to evaluate the risks of detection in the auditor's work will help to carry out an adequate planning, the domain to be achieved is important in the performance of different tasks at each stage, in which due attention will be paid to compliance with the plan planned to minimize the impact of risks and guarantee the quality required in the development of work.
The new term risk in the internal audit activity brings questions and concerns in relation to the work carried out so far, but in a few words this is nothing more than the situations that may hinder the normal development of the activity processes and prevent the achievement of the objectives.
In order to manage auditing risks, it is important that the audit and control departments and the internal auditors subordinate to them become aware of the importance of the process based on the continuous training of personnel, considering the following aspects:
- Conceptualize Internal Audit as a process, with a systemic conception.
- Link the risks with the different stages, as a principle of the quality of the audit.
- The timely identification of these from the supervisions carried out in the field or by third parties.
- Study the risks, which allow anticipating and anticipating, as well as allowing improvements in the quality of the exercise.
- Having a set of techniques, tools and procedures that constitutes a guide for the auditor's work, thereby reducing the impact of risks and improving the quality of the service.
Due to the impact produced today by the occurrence of risks in the internal audit activity, a General Work Procedure is proposed for the auditors of the system from the identification of the risks derived from the deficiencies detected in the supervisions carried out, the which will contribute to:
- the design of an Organizational Execution System for each of the stages of the audit.
- The training of professionals in theoretical-practical training, it must guarantee quality in the exercise of their functions.
- Maintaining surveillance of the possible commission of risks in the systematic development of the audit exercise.
- monitoring compliance with the exercise by each professional.
In order to obtain results, those responsible are required to be defined.
Responsible parties: Audit department, supervisor, group leader, and auditor.
Stage I. Preliminary Exploration.
Based on the fact that the exploration is the stage where the auditor will identify with the activity carried out by the entity, it includes obtaining verbal and written information on general background, legal basis, organization, including the review of available and relevant information (reports of previous audits, working papers, legal provisions or other documentation contained in the control actions file), in order to achieve a general understanding of the levels of authority and responsibility, the purposes pursued by the entity, methods and general processes.
It also makes it possible to assess the degree of reliability of internal control (accounting and administrative), select the operations that will allow examining the financial statements and define the methods used by management to supervise operations, including the function of internal auditing, if there is one.. All of the above will contribute to the development of a more efficient and rational work plan for each auditor, which will ensure that the actions carried out are carried out with the proper quality and economy, thus promoting the success of their execution.
As a result of the exploration, the group leader may suggest to the supervisor to vary or not the objective of the action or its scope. It is possible that, for certain reasons, it is not necessary to develop any of the topics set out in the work order or include another that due to its importance or significance may provide an unexpected result in the entity, a matter that must be recorded in a document signed by the group leader, approved by the acting supervisor and filed in the audit file.
In general, the depth and quality with which this process was carried out will depend on:
- Knowledge of the critical areas or areas existing in the entity, understood as: those that, due to the importance of the production, commercialization or services process, cause greater risks in the development of their work, linked to them the different operations that perform.
- Obtain the necessary evidence to gather the elements that allow an adequate planning of the work to be carried out, with economy, efficiency, effectiveness and rationality.
- Direct planning towards the issues of greatest interest, in accordance with the planned objectives.
- Know in detail the characteristics of the entity to be audited and determine the importance of the matters to be examined.
- Make the selection and adjustments to the methodology and programs to be used.
- Assess the internal control environment (accounting and administrative)
Risks
1. Conception of planning for unnecessary exams.
2. Extension of future tests due to poor mastery of the control environment.
3. Ignorance of a history of deficiencies or alleged criminal acts as a result of previous audits.
4. Inability of the auditor to identify the operational nature of the business, its organization, location of its facilities, sales, productions, services provided, financial structure, purchase and sale operations and other matters that could be significant.
5. Inadequate planning of the work to be carried out and / or not directing it towards the issues that are of greatest interest in accordance with the planned objectives.
Stage II. Planning.
The activities related to this stage must conceive how to comply with the program designed by the Audit Department, in accordance with the group of auditors assigned to carry out the activity, and taking into account the conditions and particularities of the entity in question.
The audit procedures are not standardized; and those that are used are selected because they have particular significance in meeting the work objectives.
When the audit is properly planned, the overall strategy for the examination is developed. It is important for the auditor to be thoroughly familiar with the entity. Adequate planning must be well documented and include the audit program, with a description of the procedures to be followed in its development, to achieve the proposed objectives.
The information system of the audited entity and the internal accounting controls have an important impact on the design of the audit program. The auditor must avoid the inclination to follow a procedure just because it appears to be a generalized program; This is used as a guide only; You must ensure that you have not overlooked any important revision procedures, either by adapting the general program or a custom-made one.
After determining the time to be used in the execution of each check or verification, the overall or general audit plan is drawn up, which will be included in a document containing at least:
- Definition of the topics and the tasks to be carried out.
- Name of the specialist or specialists who will intervene in each one.
- Expected start and end date of each task. In this case, it is considered from the exploration to the conclusion of the work.
The individual work plan of each specialist must be drawn up, considering the name of the specialist, definition of the topics and each of the tasks to be executed, the start and end date of each task, always leaving space to record the actual period of execution, as well as the incidents in each task / specialist or the subject as a whole.
Risks
1. Extension of tests without meeting the objectives necessary to carry out the ordered audit.
2. Absence of the general strategy for the examination.
3. Inability to create or adapt the audit program.
4. Insufficiencies and failures in the preliminary exploration.
5. Total ignorance of the activity to develop.
6. Inexperience in the application of the ordered audit program.
Stage III. Execution.
During execution, the auditor must ensure compliance with the auditing standards, and knowledge and control of the activity carried out by the entity to which he is subordinate; since the quality of the service to be provided and the possible risks in meeting the proposed objectives depends on it.
The evidence examined by the auditor consists of a wide variety of information and data to support the reports prepared. The definition is not restrictive as to the nature of the evidence reviewed; Rather, it implies that the auditor has to use his professional judgment in selecting the appropriate sample, he will consider any element that allows him to make an objective evaluation and express an opinion of a professional nature, considering the following elements: criterion, condition, cause and effect.
Criterion: The criteria used by the auditor in assessing reasonableness are of utmost importance in some areas, many are based on common sense and well known or commonly applied prudent practices.
When choosing criteria, it is essential that the auditor apply his professional judgment regarding the appropriateness of the same, in relation to its application to the specific entity under audit.
Some possible sources of criteria are: current provisions, internal standards, policies, procedures, management opinions, contract stipulations, auditor experiences with similar entities or activities; often the best criterion is simply a better way to carry out a task to achieve an end.
Condition: constitutes a situation that exists and that has been determined and documented during the Internal Audit.
Effect: refers to the identification of what the consequences of deviations are, that is, the economic impact calculated by the internal auditor related to the audit finding subject to review and analysis.
Cause: it refers to the reasons why the deviations identified with respect to the applicable criteria occur.
The role of the auditor is to determine the degree of correspondence between the evidence of what actually occurred and the reports that have been presented of those events, the results derived from the analyzes carried out by them must ensure the objectivity of the information presented.
The audit is designed to obtain sufficient, relevant and competent evidence to be included later, in the reports, so it must be considered that when executing the work, the internal auditors must consider:
- The objectives of the activity that is being reviewed and the means by which its performance is controlled;
- The significant risks of the activity, its objectives, resources.
- The adequacy and effectiveness of the risk management and Internal Control systems of the activity.
- Opportunities to introduce significant improvements in the risk management and internal control systems of the activity.
Preparation of work papers
The working papers that are prepared by the auditors make up the documentary evidence of compliance with the actions provided for in the planning, and support the results of the examination carried out, therefore the evidence must be clear, relevant and competent, which facilitate the substantiation of the findings.
The working papers must be headed according to their content and contain all the information related to the selected sample, they must contain:
Use the appropriate work paper for each issue, columnar paper, those that allow greater clarity of the statements or analyzes that are carried out, the heading at the top, located in the center or left side, the period, the methodology and the source used depending on the type of paper used and the way it will be filed, with the following information:
Entity: (name of the agency object of the audit)
Subject: (name of the worksheet or objective, referring to the account or procedure being reviewed.)
Period: (date or period being reviewed)
Methodology: (refers to the procedures, program to be used to achieve the objectives)
Source: (refers to the documentation provided by the entity related to the information being reviewed, the evidence of the origin of the information, so that the value of the evidence is set)
- In the upper right, the identification of the pt, date and initials of the acting auditor.
PT: (Identifies the Job Paper that is enabled)
Auditor: (Auditor's Initials)
Date: (Date the Job Paper is enabled)
- Summarize the results of the checks carried out, at the bottom and, if not possible, on the attached sheet.
- Consign in each finding that requires it, the regulation or procedure that is breached, correctly expressing the mathematical information it contains.
- Write legibly, clearly and neatly, write in a style that allows anyone authorized to read it and interpret its content.
- Correctly use marks, stripes and double stripes.
- Properly fold the worksheets.
- Use cross references to the findings that are related to each other.
- Do not include, on the same sheet, notes or comments on different matters.
- Leave a record of the review in the work papers, by signing who did it and the date it was carried out.
- Use plecas as indentation, when making the work papers corresponding to notes, to identify the results of the checks carried out; also reflect the origin of these, as a cross reference between them.
The depth, quality and certainty with which the working papers prepared by the auditor and their content are presented will reflect the degree of competence, experience and knowledge of the auditor.
It is important to remember that it will be the maturity of the auditor's judgment (obtained from experience), which will allow him to achieve sufficient moral certainty to determine that the fact has been reasonably proven.
When planning the internal audit, the auditor defines the objectives, scope and methodology, aimed at achieving those achievements; and it is precisely in this process, where they will be fulfilled; as it must identify the most important issues that will be taken into account and that respond to the specific needs of the competent authority.
Index and Organization of the working papers.
The Auditor must indicate the work papers during the audit, since in this way it facilitates the search for any data or information that he wishes, while the work is being carried out. These must be organized by accounts of the Financial Statements, which have been the subject of checks and verifications.
Example: audited accounts corresponding to Cash in Cash and Bank issues.
"PT: E-1/1; PT: B-1/10 ……
All work paper related to an account or group of accounts, a particular topic, must be assigned a letter according to the corresponding group, separating it with a dash (-) from the number that corresponds to the PT, the amount of corresponding pages separated by a hyphen (/) to the topic from the summary sheet that will be elaborated.
The working papers must be prepared in such a way that they show:
- If there was a systematic review of the development of the audit work by the group leader and supervisor.
- Sufficient information that allows the auditors who will take a new action to the entity, understand the main indications made, without requiring additional explanations.
- the veracity and accuracy of the calculations contained therein.
- The objectives, programs, guides and the methodology used in the audit, including the methods and criteria used to determine the samples.
- the scope and limitations of the checks and investigations carried out to protect the degree of responsibility assumed by the auditor.
- explanation or meaning of the marks or symbols used to reference a criterion or a particular finding.
Auditor's marks.
They are the symbols that are used in order to indicate in the work papers, the analysis carried out by the auditor, in checks and verifications carried out on books, forms and other documents that they examine, allowing the supervisor, group leader or other officials authorized to know what actions were carried out. It is mandatory to record in the P / T the marks that the auditor uses and their significance. Below is a group of brands as an example of which the auditor can use.
Source: Prepared by the author.
The scope refers to the limit of the internal audit, that is, the degree of extension of the tasks to be executed; it can include areas, issues and periods; It also includes the general procedures that the internal auditor will apply in her work to obtain information and the analytical methods that she will use to achieve the planned objectives.
The audit is designed to obtain sufficient, relevant and competent evidence to be later included in the reports, so the following execution risks can be defined:
1. Ignorance of the auditing standards, when conducting the examination.
2. Insecurity about the responsible and competent person about the reasoning of the different financial statements.
3. Ignorance to certify the validity and integrity of the evidence.
4. Insufficiency of the sample taken to support the results of the examination carried out and the fulfillment of the programmed objectives.
5. Deficiencies in the application of reliable techniques in the evaluation of the evidence.
6. Inaccuracy in identifying the level of materiality and probable risk of evidence.
7. Inability of documentary evidence to clearly express the scope of the checks carried out.
8. Lack of definition of the findings and lack of reasoning to support the result of the examination, the conclusion and the recommendation, and to demonstrate the nature and scope of the work carried out.
9. Imprecision to delimit the matters that are pertinent and important.
10. Insecurity in the presentation of verifications and their results, when expressing them in an incomprehensible and general way, limitation, so that a third party is able to substantiate conclusions and recommendations through their review.
11. Incompatibility between risk and work objectives during the action; as well as inadvertent of other risks.
12. Abandonment of a continuous monitoring process, when detecting an irregularity, such as unsigned documents, unacceptable accounts, aging balances, there being a risk of not detecting the commission of a criminal act.
13. Impossibility to detect deficiencies, by ignoring logical sequences of the investigation process.
Stage IV. Report making.
Of the fulfillment of the previous stages, (preliminary exploration, planning and execution) in time and with the required quality; compliance with the next stage will depend: preparation of the report.
An adequate preparation of the report must include:
- The objectives of the internal audit, its scope and methodology.
- The significant findings and their conclusions.
- The declaration of completion in accordance with the rules, These are needed to:
- Communicate the results to officials corresponding to the empowered management levels.
- reduce the risk of the results being misinterpreted; and
- facilitate follow-up to determine if appropriate corrective measures have been taken.
Each report must:
1. be as concise, but at the same time clear and complete enough to allow understanding.
2. Present the facts accurately, truthfully, and fairly.
3. Present comments, conclusions, and recommendations objectively, using language as clear and simple as the subject allows.
4. Include only comments and conclusions based on real facts, which will be supported by sufficient documented evidence in the working papers to prove, when necessary, the substantiation of the issues included in it, as well as its accuracy and reasonableness.
The format of the Audit Reports and general content criteria, in Cuba, are established in Resolution 350/07 of the Ministry of Audit and Control, which were considered by the author of this investigation in the preparation of the following Basic Guide to Job. Defines the treatment for its preparation and issuance, considering the following format:
- Header
- Introduction
- Conclusions
- Results
- Recommendations
- Farewell
- Annexes
In the Internal Organization, certain rigor and discipline must be maintained due to the participation of several auditors, and an adequate presentation and a generalized style must be observed; since each section is made up of certain homogeneous information with the same purpose, either for identification or for exposure.
For all the above, to maintain homogeneity in the presentation of these, the following aspects should be considered:
- Use 8.5 "x 11" (Letter) sheets in the report, in Arial 11 font printed on one side and one space, leaving a space between paragraphs, or between them and the subtitles.
- Write the titles with capital letters and they are highlighted in bold, justified and aligned to the left, - In the conclusions, only those findings that, due to their importance, transcend the results of the action, should be presented, indicating them with a plate or script.
- In the Results use a hyphen, as an indentation in the text of the Report, whenever it is necessary to indicate a given deficiency.
- Use the acronym CUP or CUC to refer to the type of currency to which it refers, leave a space between it and the number. The numbers are made with space between millions and thousands and, if at the end of the line they do not fit, the space is eliminated.
- Number the sheets consecutively and bind on the left margin.
- Write the full names of the accounts, according to the Organization's Account Classifier according to that established in the current legislation.
- Sign only the chief auditor of the audit, stating his registration number and position, he must also record his half signature on each page of said Report in the left margin.
- Prepare the report impersonally, so it is not addressed to any person, so that it can be forwarded to third parties.
- List those responsible and each one of the facts, even if they are repeated, when drafting the act of declaration of administrative responsibility; the time in the position of each of them must be reflected according to appointment or contract. (It should be noted that although the internal auditors do not rate the actions that execute this step, it should not be ignored)
Once the draft report has been completed and delivered, to whom it may concern, the auditor continues with the organization of the working papers, to begin the collation of the audit file, with the aim of:
- Provide the auditor with knowledge about the preparation and presentation of the audit report.
- Adopt measures so that the significant findings of the working papers correspond with the note sheets and results of the report, and express the reasoning to achieve a consistent evaluation.
- Ensure that the preparation of the report contains the necessary information and clearly states the results of the audited entity.
- Correctly evaluate the exposed results.
- Facilitate the monitoring of deficiencies to adopt appropriate corrective measures.
The quality of its presentation depends on the fulfillment of the program, the depth of the investigation and the recognition of the findings in the corresponding working papers, where the problems encountered, the non-compliance of the procedure and the solution thereof are clearly exposed; It will depend on not questioning yourself as to:
1. Neglect in the working papers corresponding to notes to the report, of reasoning to support the significant findings by the results of the verifications.
2. Non-compliance with the audit objectives, its scope and methodology.
3. Incorrect evaluation of the exposed results, due to not taking into account the established legislation.
4. Undefined responsibilities for breaches that affect the good running of the organization.
5. Insufficient follow-up necessary to determine if appropriate corrective measures are taken.
6. Uselessness of the content of the Report by those responsible and interested, at the time and relevant matter.
7. Absence of the directors and authorized officials, in the discussion of the results of the Report.
Creation of the File.
Once the draft report is finished, the acting auditor begins the organization of the audit file, as a continuity of the process.
In Cuba, Decree Law 159, of 1995, establishes: “The management or administration of all state entities and natural and legal persons of the non-state sector are obliged to set up a Single File that contains the reports showing the results of the audits, inspections, checks and fiscal verifications carried out on the entity ”.
Once the Audit is completed and the corresponding report has been prepared, the working papers are organized to be recorded in the permanent file, and will serve to be consulted in future actions.
The preparation of the file requires an adequate organization and execution of the different actions in each of the audit processes.
After being arranged in the index, the working papers are ready for storage. A satisfactory storage procedure is one that protects against hazards, such as fire, theft, and ensures that working papers can be found quickly and consulted when necessary.
Some working papers that are not accessible are obviously of little use; so the auditor, after finishing the process, can destroy those working papers that have no value in relation to the report.
Due to the characteristics of the audit files and the varied information that they store, the way in which they must be filed is subject to controversy, below is one of the variants that can be used to file the documents in an orderly fashion, with the objective of standardizing and organizing the documentation logically and functionally.
- Identification face
- Index
- Proof of delivery of the final report
- Copy of the final report
- Final Notification Act of the audit
- Report of the audit information to workers, managers and officials
- Draft report
- Work order
- Presentation letter
- Declaration of Non-Impediments Act
- exploration
- Planning
- Results of supervision work in the field and table. Archive according to the documentation collected in the course of the checks and investigations carried out, organized by account and grouped by subject.
- Notification Act and partial analysis of deficiencies.
- Work papers
- Request certificate
- Occupancy document documents
- Certificate of return of occupied documents
- Declaration minutes
- Balance sheet
- Statement of income
- Cost Statement of production and / or Merchandise Sold
- Adjustments seats
- Other documents
The last steps of an audit are those referred to the gathering of information and analysis of the final report and, later, the preparation of the plan of measures to eradicate the deficiencies detected.
All the documents that make up the file are numbered consecutively on each sheet from the order conceived in the document control sheet of the aforementioned file. The papers made up of columnar sheets are folded so that their identification is easy.
Each file has its cover, which is titled in the upper center: AUDIT FILE; in subsequent lines and several spaces, it is exposed:
- Category.
- Work order number
- Name of the audited entity.
- Body to which it is subordinate
- Type of audit.
- Start and end date of the audit.
- Participating auditors and their positions.
The files are controlled by means of the Registry of Control Actions executed, they are filed according to the number of the corresponding work order, they are conserved and guarded as established.
If a new action has not been executed during said term, the files must be kept until another is executed. Those that, due to their classification, require special conservation, are filed in accordance with the provisions for each case, specifically.
This is classified as the audit is cataloged, in accordance with the provisions of the State Secret Law and its regulations or other legal provisions. The category or classification that is granted is recorded in the upper right margin of the cover of each file, where the number of the copy and the number of each sheet must also be recorded.
All stages of the audit are closely related to a process that involves directing the efforts of the auditors involved, instructing them, keeping them informed about significant problems encountered; In addition, it involves reviewing the work carried out and providing training in the field, which we will address in the next section.
3.3.1 Supervision.
An extremely important technical process involved in any of the stages is supervision, it consists of directing and controlling the internal audit from its inception until the presentation of the report at the competent level, it implies determining if the planned objectives are being achieved, and directing the efforts of internal auditors towards compliance.
Supervision must be exercised at all levels or categories of personnel involved in the audit work and in inverse proportion to the experience, technical preparation and professional capacity of the supervised auditor, avoiding errors such as:
- Omission of the evidences that support the development of each one of the processes.
- Non-compliance in the preparation of the audit work papers.
- Completion of extemporaneous tasks.
- Inadequate organization of the file of work papers.
- Impossibility for a third party to check the Report and the correspondence with the examinations.
In the event that the audit is so complex that it requires the services of several auditors, the supervisor will establish a command line with an auditor as supervisor, designating, for this activity, the one with the greatest experience and professional capacity.
Adequate supervision should ensure that:
- All members of the audit group have understood, clearly and satisfactorily, the audit plan, and that they do not have personal impediments that limit their participation in the work.
- The audit is carried out in accordance with the auditing standards and practices for this activity.
- The audit plan prepared for this purpose is complied with and the planned procedures are applied, considering the authorized modifications.
- The work done by the group leader is reviewed by the supervisor.
- The working papers contain evidence that adequately supports the conclusions, recommendations and opinions, as well as the points reflected in the final report.
Supervision normally has two levels of execution: the one that corresponds to the one that is carried out systematically by the group leader as the different processes progress in order to guarantee that the working papers are legible and understandable, and the one that undertakes the management official designated as supervisor, always leaving marks of his review in the work papers and the issuance of the model "Supervision Act", which will express the technical insufficiencies or failures detected and the recommendations derived from them.
It is true that when supervision is carried out before the completion of any process, it contributes to improving the quality of the next one, if the recommendations issued by the supervisor are followed; not so when it is only carried out at the end of the audit, compliance with each of the parts that make up the process will allow the risk to be assessed; these are mentioned below:
- Auditors' impediments that limit a clear and precise understanding of the stage being supervised.
- Breach of the recommendations left in previous supervisions.
- Inadequate selection of the optimal moment for supervision, according to the requirements of the audit and / or the auditor performing the work.
- Inability of the supervisor to assess the development of an activity and / or audit.
Other elements of quality control that must be carefully protected in the audit functions are:
- The due degree of independence of the auditors.
- The proper assignment of staff members to the audit teams.
- Ensure that staff have the appropriate degree of education and experience required for each task.
- Methods that allow auditors to seek technical assistance, advice and advice on accounting and auditing at higher levels of knowledge through people with greater competence, judgment and authority.
This process is of vital importance, as it constitutes a reliable endorsement to evaluate the results of the auditor's work, a process not identified as one of the stages of the audit, but which the author considers essential to correct the training and professional preparation of the internal auditor. from which the following objectives are derived:
- Evaluate the work of the personnel who directly work in an audit, at the end of it.
- Identify the strengths and weaknesses of employees, so that their training and development needs can be determined.
- Assess deeply and fairly each of the indicators that are analyzed.
- Consider, in accordance with the weaknesses and existing problems, the needs for improvement, if the work result shows it.
This evaluation is carried out:
- To the acting auditors, by the group leader.
- To the group leader, by the acting supervisor.
- To the supervisor, by the head of the organizational unit.
This process is also subject to risks, listed below:
- Incorrect evaluation.
- Unfair evaluation that negatively influences individual results.
- Failure to comply with the evaluation, which prevents the evaluated person from becoming aware of the limitations that are indicated.
Conclusions
• Adequate risk management will guarantee improvements in the quality of the internal audit processes.
• The identification of risks is intended to guide the internal auditor's work to determine with greater certainty the deficiencies that the organization has, which contributes to the reduction of their impact.
• Resolution 60/11 of the Office of the Comptroller General of the Republic does not offer a methodology that facilitates the identification of risks for the directors and auditors of the national system.
• The internal audit must be conceived as a preventive activity, aimed at creating value.
• The General Application Procedure constitutes a tool that allows the professionals of the activity to manage the risks associated with each stage, under the conception of an integrating process.
recommendations
• This research is recommended as a training material and work tool for system auditors.
Bibliography
- Almelia, B. Control and Internal Audit of the Company. First edition. College of Economists of Spain, De. Madrid. 1987
- White, EL. Sampling with computer support in the audit. Audit and Control Magazine (Havana) Number 7 December 2002.
- Blanco, EL The Internal Control in the computer systems of small and medium-sized companies. Audit and Control Magazine (Havana) Special issue. November 2003.
- Boullosa, T. A, Lage, J. J, Hernández M. E, Modeling and theoretical models in science. A concretion in the internal audit with a risk approach. Magazine Contributions to the Economy. Malaga University. Spain. July 2009.
- Cashin, JA Neuwert, PD and Levy JF Encyclopaedia of Auditing. Barcelona: Editorial Group.
- Castillo Martínez, G.., Risk-based audits: a new challenge. Audit and Control Magazine. Number 16. City of Havana. Cuba. 2007.
- Office of the Comptroller General of the Republic. Regulation of Law 107/10.
- Freu, Baun. Theory of the 5Cs. Fundamental characteristics of an Auditor. Audit and Control Magazine. Number 14. August. Havana city. Cuba. 2005.
- Gómez Avilés, B Quality management. Concepts, terminology and approaches. Cuba.. 2002.
- González, GI Summary of the First Conference on Internal Control. Internal Control as a profession: Methods and disciplines. Available at: http://ocu.ucr.ac.cr/boletin 2-2002-artiulo6.htm 2002, among others that will emerge in the course of the investigation.
- Torrente, T. and B. Chacón: The Internal Control. An effective instrument for administration, Auditoria y Control magazine, no. 7, December 2002.
Footnotes:
1. Capote C G. Internal Control and Control. Audit and Control Magazine. Number 7. Havana. Cuba. 2000.
2. Carmona M. The role of auditing in continuous management improvement processes. Audit and Control Magazine. Number 8. Havana. Cuba. 2003. p.34
3. Ministry of Audit and Control. Resolution No. 353. Audit Qualification Methodology. Cuba 2008.
