2500-Fieldwork

 

Definition and Purpose

Fieldwork is the process of gathering evidence for measurement and evaluation.  Audit evidence is obtained by observing conditions, interviewing people and examining records.  Audit evidence must provide the basis for audit opinions, conclusions and recommendations.

 

The purpose of fieldwork is to complete the audit procedures identified in the audit program in response to the audit objectives and in support of the audit conclusions.

 

Fieldwork includes:

 

1.      Gaining an understanding of the activity, system or process under review and the prescribed policies and procedures.

2.      Observing conditions or operations.

3.      Interviewing people.

4.      Examining accounting, business and other operational records.

5.      Analyzing data and information.

6.      Reviewing systems of internal control and identifying internal control points.

7.      Evaluating and concluding on the adequacy (effectiveness and efficiency) of internal controls.

8.      Conducting compliance testing.

9.      Conducting substantive testing.

10.  Determining if observations and recommendations reported in prior audits have been corrected and/or implemented.

 

Following are guidelines and suggestions to consider when performing fieldwork.

 

Human Relations in Auditing

A basic concept of human behavior is that "every individual is different" with different values, goals, ambitions and standards.  The auditor can develop sound relationships and perform better audits if this concept is put to work.  The following suggestions will help.

 

1.      Approach each person contacted during the audit with genuine acceptance of the person as an individual.  Adjust the approach to each individual's operating environment and background.  Has he/she been audited before?  Is he/she familiar with our program and objective?  Does he/she have special problems that the auditing intern should be aware of?

 

2.      Maintain contact with management and keep them informed of developments.  They are interested in what is found.

3.      Demonstrate that questions can be raised and suggestions made that will benefit management.

4.      Consider carefully those items that are worthy of being brought to management's attention.  Relegate items of small consequence to their proper place.

5.      Return files and records promptly and in neat condition.  Set a good example in housekeeping.

6.      Use good feedback in your interview/discussion with the auditee.  Restate to the auditee what you think the auditee said to you.  The auditee confirms it or clarifies.

 

Other Suggestions

·        Keep overall objectives in mind during the audit.  Handle only enough detail to adequately cover these objectives.

·        Use good judgment in determining priorities and the amount of time to be given to various phases of the audit.

·        Keep the time schedule flexible enough so that the job can be done.  When the time is limited, do what can be done and postpone the remainder.  Be considerate of the auditee's timeframes and work schedule.

 

Obtaining Information

Methods for obtaining information about the activity, system of control or process under review include:

 

1.      Interviewing appropriate University personnel.

2.      Reviewing procedure manuals, if available.

3.      Reviewing job descriptions, if available.

4.      Reviewing or preparing flowcharts.

5.      Tracing one or more transactions through related documents (also known as transaction walkthroughs).

6.      Completing internal control questionnaires.

7.      Observing operations.

 

Documenting Information

The auditor’s analysis of the internal control system should be documented.

 

1.      Auditing Procedures--Identify the steps for testing effectiveness of internal controls identified in the auditor’s analysis of the control system.  Each procedure should tie directly to an audit objective and supporting workpapers documenting the test and the test results.

 

2.      Supporting Workpapers--Schedules and memos should document the auditor’s tests of the system of internal control, as well as the other audit procedures.  The workpaper purpose should be directly tied to a specific audit procedure. 

 

3.      Conclusion--The auditor should give an overall conclusion for each of the Audit Steps completed.  The control strengths and weaknesses should be identified in the workpapers.

 

Nature Of Compliance Tests

Compliance tests are concerned with:

 

1.      Were the necessary procedures performed?

2.      How were they performed?

3.      Who performed them?

4.      Were the procedures performed consistently?

 

Some aspects of internal control require procedures that are not necessarily required for the execution of transactions.  This class of procedures includes the approval or checking of documents evidencing transactions.  Tests of such procedures require inspection of the related documents to obtain evidence in the form of signatures, initials, certification stamp and the like to indicate whether and by whom they are performed and to permit an evaluation of the propriety of their performance.

 

Other aspects of internal control require a segregation of duties so that certain procedures are performed independently.  The performance of these duties is largely self-evident from the operation of the department or the existence of its essential records; consequently, tests of compliance with such procedures are primarily to determine whether persons having no incompatible functions perform them.

 

Internal Control Questionnaires (ICQ)

Completion of an ICQ during the fieldwork may assist the auditor in identifying control weaknesses.

 

General and specific questions are advisable in the questionnaire.  When all questions and answers have been evaluated, weaknesses in the adequacy of the systems controls may become apparent.  If any audit procedures identify that initial answers to the ICQ are not accurate, workpaper schedules should document reasons for the difference. 

 

Items to be considered in each questionnaire are organizations, procedures and regulations.  The organization should have adequate segregation of duties.  Procedures should describe the authority and responsibilities, accounting data, data flow and reports.

 

Timing

Internal control procedures that leave an audit trail of documentary evidence of compliance should be compliance tested.  The general sampling concept includes selecting items from the entire set of data executed throughout the period under audit.

 

Internal control procedures that depend on segregation of duties and do not leave an audit trail should be compliance tested differently.

 

1.      Inquiries should relate to the entire audit period.

2.      Observations are confined to the periods that the auditor is present and conducting other parts of the audit.

 

Extent Of Testing

The extent of compliance testing is based upon the results of the Internal Control Evaluation.  Compliance tests are used to determine effectiveness of prescribed controls in order that they may be relied upon to determine the nature, extent and timing of substantive testing.  No audit benefit is derived from applying compliance tests to ineffective internal controls or when costs of compliance testing exceed the benefits.

 

The extent of compliance tests will vary directly with the reliance placed on internal controls, while the extent of substantive tests will vary inversely with the reliance placed on internal controls.

 

In case of very serious internal accounting control weaknesses, it may be impractical to devise adequate substantive tests, thus requiring the auditor to issue an adverse report on the operations of the department being audited.

 

Effectiveness Of Systems Of Control

Although the auditor’s efforts may be directed more toward the internal controls of the University than to the resulting financial statements that are of prime concern to the independent auditor, the fundamental approach for both is the same--a reliance upon an effective system of internal accounting control.

 

The evaluation of internal control is accomplished through compliance and substantive testing.  The purposes for compliance and substantive testing differ and will be achieved during the fieldwork.

 

1.      Compliance Testing--To provide reasonable assurance that the accounting control procedures are being consistently applied as prescribed by policies, procedures, rules and regulations and sound business practice.

 

 

2.      Substantive Testing--To obtain evidence of the validity and propriety of accounting treatment of transactions and balances or, conversely, of errors or irregularities therein.

 

Compliance tests are used to help determine the extent of substantive testing to be performed, as stated in Statement of Auditing Standards.  Such tests are necessary if the prescribed procedures are to be relied upon in determining the nature, time or extent of substantive tests of particular classes of transactions or balances.  The auditor may decide not to rely on the prescribed procedures because he/she concludes:

 

1.      The procedures are not satisfactory for that purpose.

2.      The audit effort required to test compliance with the procedures to justify reliance on them in making substantive tests would exceed the reduction in effort that could be achieved by such reliance.

 

In evaluating internal controls, various methods of sampling are used to form an opinion on the population tested.  The auditor uses sampling to gather information from a limited selection of the entire population for analysis of possible problems, causes and effects, and the materiality of results.  The sampling methodology used should be explained in the audit procedures.

 

Efficiency of Systems of Control

The evaluation of efficiency of the controls is the judgment of the auditor on the cost/benefit of implementing, improving or deleting a control.  Evaluations should be supported where possible by mathematical information on the cost of the control and the benefit derived or potential loss avoided.

 

Audit Finding Workpaper

The purpose of the audit finding workpapers is to gather, in one location, the auditor’s opinions regarding all of the findings made during the audit.  A workpaper should be created whenever an auditor identifies a possible (a) opportunity for operational improvement, (b) discrepancy, (c) error, (d) irregularity, (e) weakness or (f) deviation from internal control standards, regulations or policies.

 

The Finding documents the results of the problem analysis/resolution process.  The form is not a step-by-step recipe for doing the work itself, because problem analysis/resolution is not a linear process (so trying to fit it on a linear form is probably hopeless).  Simply completing the form is not a substitute for critical analysis of the situation.  The auditor should be answering such questions as:

 

1.      Did we understand the situation?

2.      Does the auditee agree that a problem exists?

3.      Do we understand the extent of the problem?

4.      Is there a practical solution to the problem?

5.      Have others, especially those responsible for executing the solution, bought into our recommendations?

 

Since the finding workpapers contain the auditor’s professional analysis of "problem" situations, they are among the most important workpapers created.

 

 

Return to Table of Contents

Return to Office of Internal Audit Main Page