《内部审计与外部审计的作用课件》由会员分享,可在线阅读,更多相关《内部审计与外部审计的作用课件(33页珍藏版)》请在金锄头文库上搜索。
1、 Role of Internal and External Audit内部审计与外部审计的作用内部审计与外部审计的作用Federal Reserve System1Outline of the Discussion提纲提纲 n nSpecific roles of internal and external auditSpecific roles of internal and external audit 内部审计与外部审计的作用内部审计与外部审计的作用n nInteraction with external auditInteraction with external audit 与外部
2、审计的互动与外部审计的互动n nEffectiveness of the internal audit functionEffectiveness of the internal audit function 内部审计的有效性内部审计的有效性n nAnalysis of the quality of audit workAnalysis of the quality of audit work 审计质量分析审计质量分析n nLeveraging off internal and external auditLeveraging off internal and external audit 充
3、分发挥内部审计与外部审计的作用充分发挥内部审计与外部审计的作用2Role of Internal Audit 内部审计的作用内部审计的作用n nIndependent Independent review review assessment assessment of of the the effectiveness effectiveness of of internal controlsinternal controls 对内部审计的有效性进行独立评估对内部审计的有效性进行独立评估n nDetail Detail oriented oriented approach approach ba
4、sed based on on sufficient sufficient transaction testingtransaction testing 以充分交易测试为基础的细节检查以充分交易测试为基础的细节检查n nAudit Audit coverage coverage is is based based on on entity-wide entity-wide and and business business line risksline risks 审计内容应以公司整体风险和业务环节风险为基础审计内容应以公司整体风险和业务环节风险为基础3Role of External Aud
5、it外部审计的作用外部审计的作用n nOpines on the appropriateness of financial statementsOpines on the appropriateness of financial statements 对财务报表是否适宜发表意见对财务报表是否适宜发表意见n nMacro level approach Macro level approach 宏观的方法宏观的方法n nEmphasis Emphasis on on an an analysis analysis of of financial financial risk risk and an
6、d financial financial conditioncondition 重点是金融风险分析和财务状况分析重点是金融风险分析和财务状况分析n nLegal Legal requirements requirements will will impact impact the the type type of of audit audit work work performedperformed 法定要求会影响审计工作的类型法定要求会影响审计工作的类型4Role of External Audit, cont.外部审计的作用(续)外部审计的作用(续)n nSample Sample ty
7、pes types of of statements statements produced produced for for financial financial institutionsinstitutions 给金融机构出具的各种审计报告样本给金融机构出具的各种审计报告样本uuAudited Audited financial financial statements statements - - holding holding company company or or bank or individual branch or balance sheet onlybank or in
8、dividual branch or balance sheet only 经经审审计计的的财财务务报报表表控控股股公公司司、银银行行、分分行行或或资资产产负债表负债表uuDirectors audit Directors audit 董事审计董事审计uuManagement letter Management letter 致管理层的信致管理层的信uuStatement on internal controls Statement on internal controls 对内部控制的意见对内部控制的意见5New Rules for External Auditors对外部审计师的新规定对外
9、部审计师的新规定n nSarbanes-Oxley Sarbanes-Oxley (Public (Public Companies Companies and and Public Public Banking Banking Organizations) Organizations) SarbanesOxleySarbanesOxley规则(上市公司和银行)规则(上市公司和银行)uuLead and concurring partners - rotate every five years Section 206 Lead and concurring partners - rotate
10、every five years Section 206 牵头合伙人和其他合伙人每五年轮换一次牵头合伙人和其他合伙人每五年轮换一次第第206206节节uuCPA CPA firm firm cannot cannot audit audit a a client client for for one one year year if if a a CEO, CEO, CFO, CFO, controller controller or or chief chief accounting accounting officer officer was was employed employed b
11、y by the the firm firm and and participated participated in in the the audit in any capacity - Section 206audit in any capacity - Section 206 如如果果注注册册会会计计师师事事务务所所参参与与审审计计的的职职员员中中有有人人曾曾经经担担任任审审计计对对象象的的首首席席执执行行官官、财财务务总总监监、司司库库或或会会计计总总监监,则则事事务务所所一一年年内内不不能能对对该机构进行审计该机构进行审计第第206206节节uuCPA firm cannot pro
12、vide audit and non-audit services - Section 201CPA firm cannot provide audit and non-audit services - Section 201 注册会计师事务所不能提供的审计服务和非审计服务注册会计师事务所不能提供的审计服务和非审计服务第第201201节节uuaudit audit services services include include bookkeeping, bookkeeping, financial financial systems systems design design and an
13、d implementation implementation appraisal appraisal or or valuation valuation services, services, actuarial actuarial services, services, internal internal audit audit outsourcing outsourcing services, services, management management functions functions or or human human resources, resources, legal
14、legal or or expert expert services services not not related to the audit.related to the audit. 审审计计服服务务包包括括:记记帐帐、财财务务体体系系设设计计和和评评估估、精精算算服服务务、内内部部审审计计外外包包、管管理或人力资源、与审计无关的法律或专家服务理或人力资源、与审计无关的法律或专家服务6Evaluation of Internal Audit 内部审计评估内部审计评估n nDetermination Determination of of the the overall overall e
15、ffectiveness effectiveness of of the the internal audit functioninternal audit function 内部审计部门整体效能的确定内部审计部门整体效能的确定uuIndependence Independence 独立性独立性uuMission Mission 职责职责uuResources/qualifications/skills Resources/qualifications/skills 人力人力/ /资格资格/ /技能技能uuInteraction with Senior Management Interacti
16、on with Senior Management 与高级管理层的交流与高级管理层的交流7Audit Committee审计委员会审计委员会 n nNew New rules rules on on experience experience of of Audit Audit Committee Committee members members (qualified (qualified financial financial professional) professional) and and supervision of the audit departmentsupervision
17、 of the audit department 对对审审计计委委员员会会成成员员的的资资历历(合合格格的的财财务务专专业业人人员)及对审计部门的监管的新要求员)及对审计部门的监管的新要求8Audit Committee Structure 审计委员会的结构审计委员会的结构 n nComposed entirely of independent directorsComposed entirely of independent directors 全部由独立董事组成全部由独立董事组成n nResponsibilities include Responsibilities include 职责包
18、括职责包括: :uuAppoint & compensate outside auditorAppoint & compensate outside auditor 指定外部审计师,确定其报酬指定外部审计师,确定其报酬uuPre-approve external audits workPre-approve external audits work 对外部审计报告进行预审对外部审计报告进行预审uuProcedures Procedures for for addressing addressing complaints complaints about about accounting acc
19、ounting and audit issuesand audit issues 制定会计和审计方面的投诉的解决程序制定会计和审计方面的投诉的解决程序uuRetain Retain and and compensate compensate independent independent counsel counsel to to carry carry out dutiesout duties 有独立的咨询师履行职责,并收取报酬有独立的咨询师履行职责,并收取报酬9Independence独立性独立性n nKey factor in evaluating independence - repo
20、rting lineKey factor in evaluating independence - reporting line 独立性评估的关键因素独立性评估的关键因素报告渠道报告渠道uuDomestic Domestic - - Audit Audit Committee Committee of of the the Board Board of of DirectorsDirectors国内银行国内银行董事会的审计委员会董事会的审计委员会uuUS US branches branches and and agencies agencies of of foreign foreign b
21、anks banks - - head head office audit departmentoffice audit department 外资银行在美国的分行和代理行外资银行在美国的分行和代理行总行审计部门总行审计部门 FFAdministrative reporting line to Senior ManagementAdministrative reporting line to Senior Management 向高级管理层报告的行政渠道向高级管理层报告的行政渠道10Independence, cont.独立性(续)独立性(续)n nWays to evaluate audit
22、 independence Ways to evaluate audit independence 评估审计独立性的方法评估审计独立性的方法n nRole of the Audit Committee Role of the Audit Committee 审计委员会的作用审计委员会的作用uuapproves approves the the annual annual plan, plan, salary, salary, budgets budgets and and sign-off sign-off on on annual annual appraisal of the audito
23、rappraisal of the auditor 批准年度计划、工资、预算,签署对审计师的年度考核批准年度计划、工资、预算,签署对审计师的年度考核uuregularly meets with General Auditor regularly meets with General Auditor 定期与总审计师会面定期与总审计师会面n nRole of management Role of management 管理层的作用管理层的作用uuprovide all relevant documents provide all relevant documents 提供所有相关文件提供所有相关文
24、件uukeep audit informed of major issueskeep audit informed of major issues 让审计人员了解所有重要事件让审计人员了解所有重要事件uuensure that audit is invited to all major committee meetingsensure that audit is invited to all major committee meetings 确保审计人员参加委员会的所有重要会议确保审计人员参加委员会的所有重要会议11Required CEO and CFO Certifications首席执行
25、官和财务总监必须申明的事项首席执行官和财务总监必须申明的事项n nCEO CEO and and CFO CFO must must certify certify annual annual and and quarterly quarterly reports reports and and attestations includeattestations include 首席执行官和财务总监必须保证年报和季报以及证明中:首席执行官和财务总监必须保证年报和季报以及证明中:uuThere are no material misstatements or omission There are
26、no material misstatements or omission 材料真实完整材料真实完整uuControls Controls over over financial financial reporting reporting were were reviewed reviewed within within 90 90 days days and are effectiveand are effective 对财务报告管理的评估完成的时间在对财务报告管理的评估完成的时间在9090天内,目前依然有效天内,目前依然有效uuAny Any significant significant
27、 deficiencies deficiencies or or material material weaknesses weaknesses in in internal internal controls or fraud were disclosed to CPA firm and Audit committeecontrols or fraud were disclosed to CPA firm and Audit committee 内内部部控控制制中中的的重重大大缺缺陷陷或或欺欺诈诈行行为为都都已已告告知知注注册册会会计计师师事事务务所所和审计委员会和审计委员会uuAll Al
28、l material material off-balance off-balance sheet sheet transactions transactions and and other other relationships relationships with unconsolidated affiliates or persons were disclosedwith unconsolidated affiliates or persons were disclosed 所所有有重重要要的的表表外外交交易易及及与与未未整整合合的的附附属属机机构构的的关关系系都都已已得得到到披披露露1
29、2Mission职责职责n nAudit Charter Audit Charter 审计规则审计规则uuRoles, reporting lines and responsibilitiesRoles, reporting lines and responsibilities 作用、报告渠道和职责作用、报告渠道和职责FFemphasize institutions ability to manage riskemphasize institutions ability to manage risk 关注公司管理风险的能力关注公司管理风险的能力FFinclude audits methodol
30、ogy and approachinclude audits methodology and approach 包括审计的方法和具体操作包括审计的方法和具体操作FFdescribe reporting lines describe reporting lines 规定报告渠道规定报告渠道uuFull access to all information Full access to all information 可以获得所有信息可以获得所有信息13Audit Resources审计的人力资源管理审计的人力资源管理n nSufficiency of resources Sufficiency o
31、f resources 人员充足人员充足n nQualifications of staff Qualifications of staff 人员的资格条件人员的资格条件uusufficient staff with expertise in technical areassufficient staff with expertise in technical areas 充足的人员,具备足够的专业知识充足的人员,具备足够的专业知识n nAppropriate skill level and trainingAppropriate skill level and training 良好的技能水
32、平与培训良好的技能水平与培训uurecommended recommended one one week week of of training training per per year year for for each auditoreach auditor 建议所有审计人员每年接受建议所有审计人员每年接受1 1个星期的培训个星期的培训14Interaction with Senior Management与高级管理层的交流与高级管理层的交流n nLevel within the organization commensurate with riskLevel within the or
33、ganization commensurate with risk 职位应与风险相称职位应与风险相称n nAppropriate interaction with Senior ManagementAppropriate interaction with Senior Management 与高级管理层进行恰当的交流与高级管理层进行恰当的交流n nPrompt resolution of issues by managementPrompt resolution of issues by management 管理层迅速解决问题管理层迅速解决问题uucritical component cri
34、tical component 非常关键非常关键15Quality 质量质量 Timeliness 及时及时n nAudit approach/risk assessment methodologyAudit approach/risk assessment methodology 审计方法审计方法/ /风险评估方法风险评估方法n nAnnual audit plan Annual audit plan 年度审计计划年度审计计划n nAudit programs Audit programs 审计程序审计程序n nAudit reports and work papers Audit repo
35、rts and work papers 审计报告和工作底稿审计报告和工作底稿n nAudit exception follow-up Audit exception follow-up 审计特例跟踪审计特例跟踪16Selected Types of Audit Coverage审计范围的类型审计范围的类型n nFull scope audits Full scope audits 全面审计全面审计n nLimited scope - Limited scope - 部分审计部分审计uuTarget/spot/risk audits Target/spot/risk audits 专项审计专项审
36、计/ /现场审计现场审计/ /风险审计风险审计uuSurprise audits Surprise audits 突击审计突击审计uuConversion/system development auditsConversion/system development audits 转换审计转换审计/ /系统开发审计系统开发审计uuData center and application reviewsData center and application reviews 信息中心与应用评价信息中心与应用评价n nSpecific Specific audit audit reviews revie
37、ws would would be be supplemented supplemented by by continuous continuous monitoring monitoring 审计检查将辅以持续监控审计检查将辅以持续监控17Internal Audit Approach内部审计方法内部审计方法n nEstablish auditable entities Establish auditable entities 确定审计对象确定审计对象 - - uue.g. e.g. identify identify all all legal legal entities, entiti
38、es, departments, departments, corporate corporate functions, geographic locations, committees functions, geographic locations, committees 如如:确确定定所所有有的的法法人人实实体体、部部门门、职职能能部部室室、各各地地机机构、各委员会构、各委员会n nAnalyze Analyze the the risk risk of of all all auditable auditable components components using using est
39、ablished risk factorsestablished risk factors 运用已确定的风险因子分析各审计对象的风险运用已确定的风险因子分析各审计对象的风险n nDetermine the appropriate risk Determine the appropriate risk 恰当地评定风险程度恰当地评定风险程度 - - uu1-very 1-very low low risk risk 很很低低; ; 2-2-low low risk risk 低低; ; 3- 3- medium medium risk risk 一一般般; 4-; 4-high risk high
40、 risk 高高; 5-; 5-very high risk very high risk 很高很高18Risk Assessment Methodology风险评估方法风险评估方法n nIdentification Identification of of key key risks risks within within the the institution institution separate from managementseparate from management 独立于管理层,识别机构的主要风险独立于管理层,识别机构的主要风险n nFormat of the method
41、ology Format of the methodology 主要方法主要方法: :uuRisk-based Risk-based 风险为本风险为本uuQualitative/quantitative factors Qualitative/quantitative factors 定性定性/ /定量因素定量因素uuCombination of risks and other factorsCombination of risks and other factors 综合考虑风险和其他因素综合考虑风险和其他因素19Sample Factors Risk Assessment风险评估风险评估因
42、素例举因素例举n nBASIC RISKS BASIC RISKS 基本风险基本风险n nCredit risk Credit risk 信用风险信用风险n nMarket risk Market risk 市场风险市场风险n nLiquidity risk Liquidity risk 流动性风险流动性风险n nOperations risk Operations risk 操作风险操作风险n nReputational risk Reputational risk 信誉风险信誉风险n nLegal risk Legal risk 法律风险法律风险n nFraud risk Fraud ri
43、sk 欺诈风险欺诈风险n nTrading risk Trading risk 交易风险交易风险n nCredit and sales risk Credit and sales risk 信贷与销售风险信贷与销售风险n nControl environment Control environment 控制环境控制环境n nReporting risk Reporting risk 报告风险报告风险n nRevenue or expense volatilityRevenue or expense volatility 收入或支出的波动性收入或支出的波动性n nError impact Err
44、or impact 差错影响差错影响n nNature of process Nature of process 程序的性质程序的性质20uuTransactional Transactional values/volumesvalues/volumes 交易价值交易价值/ /交易量交易量uuQuality of managementQuality of management 管理质量管理质量uuReliance on dataReliance on data 对数据的依赖度对数据的依赖度uuAccess to physical assetsAccess to physical assets实
45、物资产的有权使用实物资产的有权使用uuEconomic or political Economic or political trendstrends 经济或政治趋势经济或政治趋势uuStaff quality and changesStaff quality and changes 人员素质与变动人员素质与变动uuDegree of management Degree of management judgment and quality of judgment and quality of supervisionsupervision 管理层判断能力与监管管理层判断能力与监管质量质量uuPr
46、oduct changesProduct changes 产品变化产品变化uuLegal/regulatory impactLegal/regulatory impact 法律法律/ /监管影响监管影响Sample Factors Risk Assessment风险评估风险评估因素例举因素例举21Annual Audit Plan年度审计计划年度审计计划n nBased upon the risk assessment methodologyBased upon the risk assessment methodology 以风险评估方法为基础以风险评估方法为基础n nNormally pa
47、rt of a multi-year cycle - three to five yearsNormally part of a multi-year cycle - three to five years 通常是多年周期(通常是多年周期(3 3到到5 5年)的一部分年)的一部分n nApproved Approved by by the the Audit Audit Committee Committee or or head head office office audit audit department annually with updates approved quarterly
48、department annually with updates approved quarterly 每每年年由由审审计计委委员员会会或或总总行行审审计计部部门门批批准准,更更新新调调整整每每季审批季审批uujustification for delaying or eliminating auditsjustification for delaying or eliminating audits 推迟或取消审计的理由推迟或取消审计的理由 22Annual Audit Plan, cont.年度审计计划(续)年度审计计划(续)n nFormat for the plan Format for
49、 the plan 计划格式计划格式uuInclude all auditable entities Include all auditable entities 列出所有审计对象列出所有审计对象uuProvide details on coverage for each business unit Provide details on coverage for each business unit 详细列出针对每个业务部门的审计内容详细列出针对每个业务部门的审计内容uuIdentify work by categories - e.g.,Identify work by categories
50、 - e.g., administration, audit administration, audit time, continuous monitoring, special projectstime, continuous monitoring, special projects 分类确定具体工作分类确定具体工作如行政事务、审计时间、持续如行政事务、审计时间、持续监控、特别计划监控、特别计划23Audit Programs审计程序审计程序n nDetailed programs for each auditable areaDetailed programs for each audit
51、able area 针对所有审计领域制定详细审计程序针对所有审计领域制定详细审计程序n nCompleted Completed during during the the first first audit audit and and subsequently subsequently updatedupdated 在整个审计过程中不断完善在整个审计过程中不断完善n nCoverage of key risks and controls in the areaCoverage of key risks and controls in the area 应涵盖该领域的主要风险和控制措施应涵盖该
52、领域的主要风险和控制措施24Audit Documentation审计文件审计文件n nPlanning memo 准备备忘录n nScope document 审计范围文件n nSummary of issues 问题总结n nReport to management 向管理层报告25Audit Reports and Work Papers审计报告与工作底稿审计报告与工作底稿n nAudit Reports Audit Reports 审计报告审计报告n nDetailed analysis Detailed analysis 详细分析详细分析uuexecutive summary exe
53、cutive summary 执行总结执行总结uudetailed scope of planned audit detailed scope of planned audit 计划内审计的具体范围计划内审计的具体范围 uudescription of the work performed description of the work performed 所进行工作的描述所进行工作的描述uuanalysis of conditions and/or ratinganalysis of conditions and/or rating 情况和情况和/ /或评级分析或评级分析26n nAudit
54、 Work Papers Audit Work Papers 审计工作底稿审计工作底稿uurecord of work performed record of work performed 记录所做工作记录所做工作uuproper documentation and cross-referencingproper documentation and cross-referencing 准确记录及交叉引用准确记录及交叉引用uuanalysis including sample methodologyanalysis including sample methodology 分析工作方法分析工作方
55、法uuretention requirements retention requirements 保留要求保留要求Audit Reports and Work Papers审计报告与工作底稿审计报告与工作底稿27Audits Exception Follow-up审计特例跟踪审计特例跟踪n nTracking Tracking system system or or method method - - mainly mainly spreadsheet spreadsheet or or automatedautomated 跟踪系统或方法跟踪系统或方法主要采用电子表格或自动化方法主要采用电子
56、表格或自动化方法n nMay identify issues by high, medium or lowMay identify issues by high, medium or low 对问题的确定采用高、中、低三档对问题的确定采用高、中、低三档n nSignificant items cleared in a timely manner (30-60 days)Significant items cleared in a timely manner (30-60 days) 及时解决重要问题(及时解决重要问题(30-6030-60天)天)n nImportance of managem
57、ent response or lack of a responseImportance of management response or lack of a response 管理层反馈的重要性管理层反馈的重要性28Audit Outsourcing审计的外包审计的外包n nThe The performance performance of of internal internal audit audit activities activities by by an an external external party such as a CPA firm.party such as a
58、 CPA firm. 内内部部审审计计活活动动由由公公司司外外部部人人士士进进行行,如如注注册册会会计计师师事事务所务所n nOther terms used: cosourcing, contractingOther terms used: cosourcing, contracting 其他常用术语:外包、签约其他常用术语:外包、签约n nIssues Issues 问题问题:uuIndependence, Independence, conflict conflict of of interest, interest, control control of of the the work
59、, work, understanding of the corporate culture,& continuityunderstanding of the corporate culture,& continuity 独独立立性性、利利益益冲冲突突、工工作作控控制制、对对公公司司文文化化的的理理解解、连连续性续性29Overall Evaluation of Internal Audit内部审计的总体评价内部审计的总体评价n nPositive Positive evaluation evaluation - - can can rely rely upon upon the the wo
60、rk work of of internal internal audit in the risk-focused examination processaudit in the risk-focused examination process 正正面面评评价价在在风风险险为为本本的的监监管管过过程程中中,内内部部审审计计的的工工作值得信赖作值得信赖n nInternal Audit Issues - included in the examination reportInternal Audit Issues - included in the examination report 内部审计
61、问题内部审计问题在检查报告中已经论述在检查报告中已经论述n nAnnual Annual basis basis - - analyze analyze changes changes in in audit audit including including risk risk assessment and planassessment and plan 年年度度比比较较分分析析审审计计过过程程中中风风险险评评估估方方法法和和审审计计规规划划的变化的变化30Leveraging off Internal Audit充分发挥内部审计的作用充分发挥内部审计的作用n nDetermine wher
62、e reliance can be placed by areaDetermine where reliance can be placed by area 确定内部审计的哪些部分可以信赖确定内部审计的哪些部分可以信赖n nReview Review audits audits work work in in specific specific areas areas where where examiners intend to place relianceexaminers intend to place reliance 认真研究检查人员倾向于相信的审计工作认真研究检查人员倾向于相信的审
63、计工作n nDetermine Determine in in which which areas areas internal internal audit audit staff staff is is not not qualified to reviewqualified to review 确定内部审计人员没有资格评估的部分确定内部审计人员没有资格评估的部分31Relying upon External Audit对外部审计的依赖对外部审计的依赖n nNature Nature of of the the work work performed performed should sh
64、ould be be specified specified in in a a contract/agreement.contract/agreement. 应在合同或协议中明确工作性质应在合同或协议中明确工作性质uuFinancial audits Financial audits 财务审计财务审计uuOther control reviews Other control reviews 其他控制评估其他控制评估uuOutsourcing or Cosourcing Outsourcing or Cosourcing 完全外包还是部分外包完全外包还是部分外包uuReview Review
65、external external audits audits analysis analysis of of risk risk and and management lettermanagement letter 对外部审计的风险分析和致管理层信函进行评价对外部审计的风险分析和致管理层信函进行评价32Case Study案例研究案例研究n nDescription of a Specific Audit EnvironmentDescription of a Specific Audit Environment 对特定审计环境进行描述对特定审计环境进行描述n nIs the Audit Coverage AppropriateIs the Audit Coverage Appropriate 审计范围是否恰当审计范围是否恰当? ?n nSuggestions Suggestions for for Improvements Improvements to to the the Audit Audit FunctionFunction 改进审计职能的建议改进审计职能的建议33
