auditing standards ifta\irp audit guidance government auditing standards (gao) generally accepted...

Auditing Standards

IFTA\IRP Audit GuidanceGovernment Auditing Standards (GAO)

Generally Accepted Auditing Standards (GAAS)International Standards on Internal Auditing

(ISIA)

1100- Independence & Objectivity

• Organizational– Free from interference in scope of work,

performance and communication

• Individual– Impartial, unbiased, no conflict of

interest

• Impairments– If impaired in fact or appearance = must

disclose

1100- Independence & Objectivity in IFTA\IRP

• Is audit group within Motor Carrier management group? May be impaired

• Does auditor know carrier? May be impaired

• Has auditor or manager designed or specified recordkeeping system for carrier? May be impaired.

1200 Proficiency & Due Professional Care

• Proficiency– Possess knowledge, skills, and

competencies to perform the responsibilities

– Obtain competent advice or assistance– Sufficient knowledge to identify fraud

indicators, but not expertise.– Knowledge of key information technology

risks, controls and audit techniques to perform work.

1200 Proficiency & Due Professional Care

• Due professional care– Reasonably prudent and competent– Exercise due care by considering

• Extent of work needed to accomplish objective• Complexity, materiality, significance of matters• Adequacy & effectiveness of risk management,

control and processes• Probability of significant errors, irregularities,

noncompliance• Cost\benefit analysis of assurances

1200 Proficiency & Due Professional Care

• Continuing professional development– No minimum\maximum hours required

as with GAO or AICPA, but “should enhance knowledge”

1200 Proficiency & Due Professional Care in IFTA\IRP

Knowledge of record requirements, effects of over\understating fuel\miles, equipment norms, trends

1220 considerationsReasonable adjustmentsNot infallible

1300 Quality Assurance & Improvement Program

• QA– Continuously monitor effectiveness

• Internal Assessments– Ongoing reviews of audit activity– Periodic self assessment or others within

organization• External Assessments

– At least every 5 years by qualified, independent reviewer

1300 Quality Assurance & Improvement Program

• Reporting on QA– Results should be communicated to

board

• Use of “Conducted…” statement– Used only if program is in compliance

with all standards

• Noncompliance– Disclosure of areas of non-compliance.

QA in IFTA\IRP

• Formal process of program compliance reviews and peer review

• Informal process using formal guidelines Annual or Biennial

Performance Standards 2000 Managing Audit Activity

• Planning– Risk based planning determines priorities

consistent with goals

• Communication– Audit activity plans and resource requirement

should be discussed & approved with management

• Resource Management– Appropriate, sufficient, and effectively deployed

Performance Standards

• Policies\Procedures– Established policies to guide audit activities

• Coordination– Adequate coverage & no duplication of

effort

• Reporting to Management– Periodic report on purpose, authority,

responsibility, performance, risks, control issues, etc.

Performance Standards in IFTA\IRP

• Audit procedures manuals for both define – Goals– General audit procedures– Several evaluation tools

2100 Nature of Work

• Risk Management – Evaluate effectiveness of risk management

system– Reliability of data– Effectiveness of operations– Safeguarding assets– Compliance with laws, regulations, & contracts– Awareness of other significant risks– Use past experience to evaluate organizations

risks

2100 Nature of Work

• Control– Reliability & integrity of operational

information– Effectiveness & efficiency of operations– Safeguard assets– Compliance with laws, regulations, &

contracts

2100 Nature of Work

• Governance– Promote appropriate ethics & values– Effective performance, management, &

accountability– Communicate risk & control to

appropriate parties– Coordinate activities & communication

of information

Nature of Work in IFTA\IRP

• Risk assessment in selection of carriers for audit

• Required audits maintain controls over programs

• Assure that objectives of the programs are met

• Recommendations to carriers and administrators support program goals

2200 Engagement Planning• Planning considerations

– Objective\scope• Engagement objectives

– Assess risks– Potential for errors, noncompliance

• Engagement scope– Consider ALL systems, records, & properties

• Engagement resource allocation– Staffing based on objectives, complexity, time,

resources• Engagement work program

– Developed to achieve objective– Specific procedures for analysis & recording of info

Engagement Planning in IFTA\IRP

Audit manuals provide basis of planningPre-audit notificationInternal control reviewRecords reviewAnalytical review of carrier reports

2300 Performing the Engagement

• Identifying information– Sufficient, reliable, relevant, useful

• Analysis & Evaluation– Support conclusions

• Recording Information– Controlled access, retention

• Engagement Supervision

Performing the Engagement in IFTA\IRP

• Uniformity• Standard approach• Sampling• Flow of documents• Verification of records• Audit file documentation – generic, • Supervision- how much is enough

2400 Communicating Results

• Criteria for communicating– Overall opinion, conclusions, limitations

• Quality of communications– Accurate, concise, constructive, timely

• Errors & Omissions– Corrected info to all ASAP

2400 Communicating Results

• Engagement disclosure of noncompliance with standards– Standard, reason, impact

• Disseminating results– To appropriate parties– Restricted use of results

Communicating Results in IFTA\IRP

• Standard audit reports– Standards followed

• Required information– Inter-jurisdictional report

• Supplemental information– Supporting schedules, conference notes, contact log

• Required conferences with carrier

2500 Monitoring Progress

• Follow-up process

•2600 Resolution of Management’s Acceptance of Risks