RIAM:SPECIALREVIEWS:Follow Up Audits

From RiskWiki

Jump to: navigation, search

(TO BE FORNATTED)

FOLLOW-UP REVIEWS

A.1 Introduction

Follow Up audits are a major component of the audit process. This activity constitutes a post review of a previous audit and respective recommendations. A Follow Up Audit is not a Post Implementation Review which is a user responsibility and part of normal System Development Methodology practices.

The timing of Follow Up Audits should be within a 6 to 12 month period from issue of the original final report. User Management should be given the opportunity to assess the resources required and respective planning to address audit findings. Internal Audit at the Central Office level will monitor the status of uptake of recommendations in the Annual Audit Plan status reports. This procedure will provide a useful guide to the audit staff responsible for Follow Up Audits in that they will be quickly able to determine the status of recommendations before the Follow Up Audit is initiated.

A major outcome of Follow Up Audits is that Internal Audit can provide accurate advice to senior management and the Executive, including Corporate Audit and Accounting Committee, on progress taken by user management in implementing audit recommendations. The Follow Up Audit activity provides senior management with an independent assurance that identified problems and exposures are being addressed.

Data for Performance Indicators is also drawn from Follow Up Audits as the final report will provide accurate and meaningful measurement of the response and success of Internal Audit's function.


A.2 Focus and Objectives

The focus of Follow Up audits is to revisit the audit area with the objectives of :

¨ assessing whether recommendations from the original audit have been implemented

¨ determining the status of each recommendation

¨ ascertaining the adequacy of new or change in controls regarding recommendations

¨ assessing the efficiency and effectiveness of recommendations addressed by users

¨ reporting on the above

Other activities which may be included in Follow Up audits are establishing the adequacy of compliance with new procedures and control features which are outcomes of audit recommendations.


A.3 Review of Recommendations

The auditor must objectively consider why any recommendations have not been addressed. Included is determining the impact on the operations and environment where the activity takes place. There may be valid reasons for user management in not implementing some recommendations. Audit should assess whether user managements lack of action can be substantiated .

Failure to implement recommendations may be :

¨ lack of user resources and expertise

¨ other competing priorities

¨ legislative change or change in Departmental policies and as a result the recommendation is no longer valid or viable

¨ dependant on other areas to formulate policies/guide-lines which the users rely on in terms of operating procedures (ie, accounting policies or SMFIs)

¨ major organisational change

¨ change in user management

Audits responsibility in regard to the above is to document the reasons for non-implementation of recommendations and any adverse impact or potential exposures.


A.4 Procedures

There are a number of fundamental steps in the Follow Up audit process to ensure that future activity will be on the correct knowledge base. The auditor should review the original report and any existing ANAO report.

Having reviewed the final report and working papers, the auditor should assess whether there have been any major changes in regard to legislation, organisation or Departmental policies and procedures that directly effect the audit area and likelihood of recommendations being addressed. These should be documented.

User management should be formally advised of the Follow Up Audit and date of entry interview. The entry interview should focus on the objectives in that the status of recommendations is to be ascertained and whether user management has adequately addressed audit recommendations from a control perspective. Outcomes from the above should be touched on at this point and user management given the opportunity to respond.

A.5 Reporting

Reports for Follow Up Audits will be along the same lines as stated in the Interviews and Reporting Section of the Conduct Of Audits.



CopyRight Bishop Phillips Consulting Pty Ltd 1997-2012 ( RIAM:SPECIALREVIEWS:Follow Up Audits )
Personal tools