Chapter 8: Preliminary Survey &

Internal Control Review

ACCT620: Internal Auditing
Otto Chang
Professor of Accounting

Steps for Preliminary Survey

The opening conference

On-site tour
Study of documents on site.
Written description of the auditee
Analytical procedures

The Opening Conference

Objectives of the opening conference:

Elicit a spirit of cooperation

Convey information that will help the audit
Obtain information needed for the audit
Promote a feeling of credibility

Planning the Opening

Conference
Preparing a written agenda:

Introduction of those present at the conference

An outline of the audit assignment
Addressing any audit concerns
Coordination of the audit with auditee
operations
Discussion of the kind of information needed for
the audit and the extent of assistance
Timing and form of the audit report

Establishing an Appropriate
Conference Climate
Foster a professional courtesy

Setting a specific time and place

Conducting it in a quiet setting
Distributing a written agenda before meeting
Taking a confident but respectful manner
Maintaining a relaxed tone of conversation
Projecting an open and cooperative attitude
Keeping the meeting within reasonable time

Building a Feeling of Credibility

Auditor gains credibility from
being associated with the IA profession
their reporting line within the organization
their own demonstration of professionalism

Personal sources of credibility

appropriate dress and grooming, manners
composure, preparation, respect for auditee

Documenting the opening conference

On-site Tour
The objective of the tour is to obtain an
overview of operations
Scan operations for unusual activities,
indication of inefficiency, unused facilities,
idle workers, poor maintenance of machines
Observe the employees attitudes toward
their jobs and how they relate to each other
and to management

Study of Documents
On-site perusal provides updated
information that indicates changes in the
organizational structure, responsibilities,
and operations
Documents studied: description of current
policies and procedures, organizational
charts, operational flow-charts, job
descriptions, performance reports

Written Description of the

Auditee
The descriptions should include:
Objectives of auditee operations
Environmental restrictions such as corporate
policy imposed by top management
Functional components of the organization
Resources (# and classification of employees,
cash flow, PPE, information systems etc..)
Management

Analytical Procedures

Compare current totals with previous period

Compare operating results with budgets
Compare with industry average
Relate financial information to operating data
Compare with similar divisions or department
Compare performance to economic data
Scan for unusual items

Review of Internal Control

The review of internal control includes
A description and analysis
An evaluation
A risk assessment

Description of Control System

Internal Control Questionnaire (ICQ)
Pros: less likely to omit important questions
Cons: tiring, lengthy, response bias toward
yes answer, indirect evidence

Flow charts with narrative descriptions

Two types: horizontal and vertical flowcharts
Running narrative usually included in vertical
flowcharts to describe the other related controls

Procedural Walk-Through
An auditor walks through a process by
Listing the steps to be performed in the process
Providing a check-off column indicating
whether each step has been performed
commenting on whats observed

Advantage of walking through is to obtain

firsthand, comprehensive knowledge of how
a particular process is performed

Documentation Walk-Through
An auditor follows particular operation or
transaction from beginning to end through
documentation
It is one form of vouching transactions to
check whether specific controls are present in
a system
usually limited to only one or two
transactions

Limited Testing of the System

Purpose: to understand how well the system
is operating and if controls are functioning
at various parts of the system
Select a few items (25-30) for examination
Maybe combined with a walk-through
The results are written up as a Memo to
the File and included in the working paper

Extended Testing of the

Information System
If an auditor has any reason to suspect
problems with the information system,
extended testing is justified
Some auditors prefer to prove the integrity of
the system before going further
Normally involves with statistical sampling
so that a certain level of confidence (e.g..,
95%) can be achieved.

Preliminary Evaluation of
Internal Control System
Auditors use internal control matrices to
organize audit results up to this point. It
contains the following columns:
Specific audit objectives
Important results from preliminary survey and
review of internal control
The risks associated with each result
Appropriate controls relevant to each result
Auditors evaluation

Risk Assessment
After internal control evaluation, auditors
reassess the level of risk associated with the
auditees operation. Three things are likely:
The revised risk is low. Auditors should write a
report and go on to higher-risk areas.
Little to gain from further audit. Wrap up and
go to next audit project.
The risk remain high. Expand test of controls.