Ch.

1
What makes a good auditor and why?
Chapter one gives us the characteristics of a good auditor as being:
1.
Independence: The auditor should not be afraid to report on the activities of the
managers that they are auditing while making audit reports available to the public. If the report is
not made available to the public or the entity, there should be valid reasons for not doing so.
2.
Objectivity: An auditor must not let their personal feelings or opinions shape their
judgment in actions they take to properly come to a conclusions in the auditing process. This
would mean the auditor would not let their decisions in the audit be clouded by any preconceived
ideas of individuals, groups, organizations, or the role of the business.
3.
Professional Skepticism: When an auditor is presented with evidence, they should
doubt its legitimacy until persuaded that it is valid. This would mean that the auditor would audit
certain issues that seem like they could be a potential problem. An auditor would need to follow
their gut on researching certain topics. When something seems wrong or illegal then there is a
chance that it is wrong or illegal.
4.
Communicator: An auditor needs to be able to speak, listen and write well. Also,
they must be able to build trust throughout the organization to reduce resistance. This will also
increase the speed and the amount of information given to lead to a successful audit. Sometimes
it is best to listen more and speak less.
5.
Innovative Ability: Auditors need to have continuous learning in order to be
innovative enough to add value to the business or organization. For them to be able to give better
ways of doing business, an auditor must be knowledgeable of the latest technology, management
thinking, and the issues confronting policy makers.
6.
Ethics: Auditors should set the example for others to follow. Their decisions do have
consequences and therefore, they should have high morals because their actions impact others.
Being trustworthy while having confidence is key to being successful in an audit with a complex
problem. It is most important for them to have appropriate standards of personal and professional
honesty and sincerity while respecting the rights, values, and contributions of other people. Treat
others as you want to be treated.
In addition to these characteristics, a good auditor would also have the appropriate education and
an auditing certification. The auditor is completely responsible for ensuring that an audit is
effective in serving its purpose. If the auditor has the characteristics listed above, then the audit
should be a success. Management and the auditee can only do so much to ensure the audits
success. The auditor is the one who will make or break the outcome of the audit. The auditor
should consistently apply his or her knowledge and skills while being prepared with background
information of a business before the audit process even begins. A good auditor will be able to
identify both strengths and weaknesses in a positive manner that will be beneficial to the auditee
and management.
What are some of the distinguishing characteristcs between government and private
sector accountability?
Management is accountable for its action in both government and private sectors. Also, the
Standards for the Professional Practice of Internal Auditing apply to internal auditors for both the
government and private sectors, but the Government Auditing Standards only applies to federal
auditors. Listed below are some of the distinguishing characteristics between government and
private sector accountability.
1. Governmental sectors purpose is to carry out governmental functions by promoting the
general welfare. Private sectors primary purpose is to benefit and financially enrich one or more
specific individuals, through operating the entity in a manner to increase the value of their assets.

This means that the primary beneficiaries of the governmental entity are the public while the
primary beneficiaries of the private entity are its owner(s). Governmental sectors regulate the
private sectors within its jurisdiction to make sure that certain standards are upheld for the
well-being of the public.
2. The balance sheet and income statement are powerful tools of accountability for the private
sector because they are operating for profit. The governments set goals and how they can be
successfully reached are the governments powerful tools of accountability.
3. A private sector business will go out of business once it is not profitable. Once a government
program outlives its usefulness, they are cancelled. Because of this, auditors serve several
purposes in the accountability process, such as ensuring appropriate internal controls are
successfully in place, reporting to the public on activities of government managers, reporting to
other levels of government on use of funds, and reporting on the results of operations and
financial position of the government.
4. Private sectors do not have any particular geographic constraints or commitments like
governmental sectors do. A private entity can relocate their business to a different state or
country while bringing the assets, jobs, and revenue with them to the new site.
5. Private sectors usually operate with objectives that can be clearly measured in a model of
economic efficiency. The government sector cannot always do this because certain goals cannot
always be measured based on establishing one program or factor. However, the government has
an annual performance report review to see if the performance goals were or were not met and
the reasoning. Each year these results areas compared to the goals and the results from the
three previous years.
6. The private sector operates without the checks and balances of the government sector, but the
SEC requires them to disclose financial and other information to the public to provide investors of
knowledge for making judgment on the risk of investment.
7. Government entities are lawfully required to conduct their business through open, transparent
processes to ensure accountability to the citizens.

What is the meaning of independence from the perspective of the government auditor and
why is independence so important?
The key principle for government auditors is the principle of serving the public interest
and honoring the public trust. For them to be successful in this, they must have independence.
Independence from the perspective of the government auditor is the ability to exercise objective
and impartial judgment on all issues associated with conducting the audit and reporting on the
work. Independence is important to auditors and audit organizations because without
independence, their options, findings, conclusions, judgments, and recommendations will all be
impartial and viewed in a negative light. Once a third party concludes that an auditor is not
independent, their audit would hold no merit. Auditors independence should last the period of
the professional engagement.
An auditor, whether government or public, must be independent in all matters of audit
work. This would include independence of mind and appearance. Independence of mind would
mean they would not let their personal feelings or opinions shape their judgment in the actions
they take to properly come to a conclusions in the auditing process. Meaning, the auditor would
not let their decisions in the audit be clouded by any preconceived ideas of individuals, groups,
organizations, or the role of the business. Independence of appearance would refer to a third party
having no reason or circumstances in which they would claim an audit organization to be
compromised. This means that as the auditor, they would assess the professional qualifications
and independence of that specialist prior to use. For example, auditors would be threatening their

independence if they or a member of their audit team had a direct financial interest in the audited
entity. This would also apply in the case of using another auditors completed audit work, which is
related to the current audit objectives, to avoid duplication efforts. If a specialist is used during an
audit, they should be independent as well.
The auditor should not be afraid to report on the activities of the managers that they are
auditing while making audit reports available to the public. If the report is not made available to
the public or the entity, there should be valid reasons for not doing so.
Government auditors are paid by the government. Usually, they are independent from
management. They will chose the audit program, function, or activity and may not need
managements approval to do the audit. Sometimes, government auditors may even have
subpoena power to force the managements compliance of the audit and may report it to the
public. With this independence, the government auditor can take an objective view and lay it all
out on the table.
It is the responsibility of the audit organization to establish policies and procedures on
independence to warrant assurance that the audit organization and its employees are independent
and comply with legal and ethical requirements. Also, these standards are put in place to help to
identify and evaluate any circumstances that would create threats to the independence. By
recognizing these situations, the auditing company can either eliminate the treats or reduce them
by applying safeguards. If the threat is big enough, the auditing company may need to withdrawal
from the audit entirely.
Professional judgment is key to auditors independence. Auditors must use their
professional judgment in applying conceptual framework to determine independence in certain
situations. This would include anything that would be a threat to the appearance of independence.
In compliance with GAGS, the audit organization will need to have an external peer review
performed by reviewers independent of their organization while being reviewed at least once
every 3 years.
Ch. 2
Why do we need auditing standards?
Auditing standards have been known to be broad-based. They set the general tone and direction
of the audit profession. Having audit quality is critical for financial markets to run smoothly. Audit
standards are important to establishing a stability in the audit market while balancing audit prices.
In addition, audit standards also prevent audit quality from decreasing below a given point.
Auditing standards are needed to provide a foundation and framework for performing audits that
will help to improve operations and services. Having auditing standards as a foundation for the
credibility of auditors work is important, especially in emphasizing how essential the
independence of the audit organization and its individual auditors is. In addition, auditing
standards foundation is needed to emphasize the importance of the exercise of professional
judgment in the performance of work and the preparation of related reports; the competence of
staff, and quality control assurance as well. These standards are also needed to ensure that
the right route is taken in making the necessary decisions to help build a better future outcome for
the entity. According to the Yellowbook, auditing standards provide the foundation for auditors to
lead by example in areas such as independence, transparency, accountability, and quality.
Yellowbook also describes how the GAGAS encompasses requirements and guidance dealing
with ethics, independence, auditors professional judgments and competence, quality control,
performance of the audit, and reporting.
As previously mentioned, the standards assist auditors in accurately obtaining and
assessing evidence that is used to report valid results that can lead to changes which lead to
improving business operations. This is because the audit standards now encourage reporting on
accomplishments. Several organizations have developed their set of standards which are set by
different groups that apply to them, usually in accordance to their location. Overall, audit
standards are needed to provide a minimum guidance for auditors to use for determining the
extent of audit steps and procedures that should be applied to reach the goal of the audit

objective. The audit standards are the criteria in which the quality of the audit results are
measured and assessed. Lastly, audit standards are needed because they provide assurance to
managers that an auditor is following a set framework to ensure precision, consistency and
validation of the audit, while audits provide a form of assurance to your managements, in addition
to taxpayers, stock holders, and donors that your entity is in compliance with certain laws and
regulation.
Why has performance audit grown worldwide?
At first, internal audit was only used in accordance with accounting records and transactions that
resulted in entries into the books of account. The standards used by internal auditors eventually
became recognized as useful in areas inside and outside of accounting. In 1960, when the
Institute of Internal Auditors added that internal auditors should be concerned with any phase of
business activity where management could be served. Soon following (1968), the Internal
Auditing in Federal Agencies document was made to include this revision as well. In addition to
these revision, in 1972, the Yellowbook was formed and this created a governmental auditing
standard and objective for the nations auditors. In the same year, the International Organization
of Supreme Audit Institutes (INTOSAI) adopted the Lima Declaration of Guidelines on Auditing
Precepts. The goal was to improve government accounting throughout the world while
recognizing that each countries needs and priorities varied. As a result of these various efforts,
performance audit increased in both quantity and quality. Performance audit became popular in
various governments causing auditors to become more specialized. Overall, the advancements of
the process of performance audit has caused it to grow worldwide. These advancements include
refining the concept and identifying the element of internal control, improvements in
management process through emphasis on managing for results and performance
measurements, adoption of computer-based audit techniques, and adaption of risk assessment
techniques to auditing. the growth in performance auditing as something that occurred out of
necessity due to a rising need for public accountability as governments continued to grow.
-------The standards came out of a need for greater responsibility and transparency for
government operations through such audits, rather than the audits becoming more frequent
because of popularity. Audits are necessary, standards are necessary

Define the term performance audit and describe the subject matter of the four broad
objectives embraced by performance auditing.
According to GAOs Yellowbook, performance audits are defined as audits that provide
findings or conclusions based on an evaluation of sufficient, appropriate evidence against
criteria. Chapter 2 of the Government Performance Audit in Action defines performance audit as
engagements that provide assurance or conclusions based on an evaluation of sufficient,
appropriate evidence against stated criteria, such as specific requirements, measure, or defined
business practices. Performance audits are used by managers to give them an objective analysis
of information that will help them improve performance and operations, reduce costs, facilitate
decision making by those responsible to correct these actions like managers. In addition, in most
ways, the definition of internal audit and performance audit seem the same. The major difference
between the two lies with who the auditors are accountable to. In an internal audit, the auditor
reports to the corporation while, in a performance audit, the auditor would be accountable to the
citizenry.
There are four broad objectives in accordance with performance audits. These are 1)
program effectiveness and results, 2) economy and efficiency, 3) internal control, and/or 4)
compliance with legal and other requirements. Program effectiveness and results are usually
interrelated with economy and efficiency objectives. Program effectiveness and results audit
objectives generally measures the degree to which a program is achieving its goals and objectives
while economy and efficiency audit objectives address the costs and resources that are used to
reach desired results. To achieve those desired results, an entity should be acquiring, protecting
and using its resources in the most productive way. The third objective, internal control, relates to
the act of assessing an entitys internal control systems for the ability to meet mission, goals, and

objectives. For the entity to be able to meet such missions, goal, and objectives, they must have
reasonable assurance in the management plans, methods, and procedures. Internal control
objectives could be relevant when coming to a conclusion of why a programs performance has
been unsatisfactory. For example, if a company did not comply with certain laws and regulations,
they would be seen as having insufficient internal controls. In the past, it was unlikely that
management would set performance related internal controls. It was not until the importance of
performance measures had been made that entities started to improve on these matters. The last
objective is compliance with legal and other requirements. This objective relates to
managements ability to abide by the requirements establish by laws, regulations, contracts,
and/or grant agreements. These requirements can be either financial or nonfinancial. Since the
objectives are interrelated, compliance with a particular or regulatory requirement may lead to an
increased economy and help to produce a desired result.
Lastly, the Yellowbook adds another objective of performance audits as being important,
the prospective analysis audit objective. While it is usually not classified as being one of the
broad objectives embraced by performance audit, I thought it should be mentioned. Prospective
analysis audit objectives relates to concluding information that is based on assumptions about
events that may occur in the future, along with possible actions that the entity may take in
response to the future events. An example of this would include: providing conclusions based on
current and projected trends and future possible impact on government programs.
Ch. 3
Why is the Treadway Commission so important?
The Treadway Commission, or the National Commission on Fraudulent Financial Reporting, was
formed in 1985 and funded by the AICPA, AAA, FEI, IIA, and NAA. It was used to study private
sector financial reporting in the U.S while trying to pinpoint the factors leading to fraud in financial
reports and ways to reduce its frequency. In addition, the Treadway Commissions'
recommendation focused on various components, such as: (1) the tone set by top management,
(2) the internal accounting and audit functions, (3) the audit committee, (4) management and
audit committee reports, (5) the practice of seeking second opinions from independent public
accountants, and (6) quarterly reporting. A major recommendation, that the Commission made,
was that there would be cooperation in developing guidance on internal controls by the
organizations that funded them. Because of this recommendation, in 1985, the Committee of
Sponsoring Organizations (COSO) of the Treadway Commission was formed; and, in 1992, they
created the report called Internal Control-Integrated Framework. This report, also called the
COSO report, defined the elements of internal control and much so that it great impacted the
audit process. COSO defines internal control, in the report, as "a process developed by
management to provide reasonable assurance regarding the achievement of objectives in the
following areas: (1) effectiveness and efficiency of operations; (2) reliability of financial reporting;
and (3) compliance with applicable laws and regulations." It also notes that there are five
interrelated components to having an effective internal control system and, at some point, they
should all be reviewed in an audit. These five interrelated components are (a) the control
environment, (b) the assessment of risk, (c) the specific control activities, (d) the information and
communication system, and (e) the system for monitoring performance. The influence that this
report had on corporate governance and on internal auditing was immensely importance, but it
was not always effective like they hoped it would be. Most importantly, the Treadway Commission
is needed for its issuance of a framework for identify, assessing, and managing risks. In our
textbook it states that their report, the COSO report, "provides a management framework, key
principles and concepts, a common language, and other direction and guidance to help managers
and auditor better understand this topic." The Treadway Commission established a general
internal control model that companies and organizations could use to assess their control
systems.
From 1987-1997, COSO supported follow-up research that investigated fraudulent financial
reporting. The COSO report pointed out that both upper management participation in the fraud

and the presence of a weak audit committee and board of directors are common factors in
fraudulent activities. This information made companies want to conduct studies as well. After I did
a little research, I found that Ernst & Young issued a general international fraud study report in
2000. It stated that 82 percent of employees committed frauds with management being involved
in one third of those. A 1999 COSO study also stated that fraudulent reporting is usually
committed by improperly recognizing revenues and improperly making valuations of assets. For
example, Enron made misstatements of assets and liabilities by using special purpose entities to
make it where certain activities were not listed on their balance sheet. WorldCom capitalized
expenses as assets improperly.
In 2013, an updated version of the report was created. This new framework reflects the
technology and globalization better, but still uses the original five components as the foundation
for the updated version. However, they added seventeen specific principles that spread across
those five main components of internal controls. This is one of the most important additions; and
these articulated principles were added for an auditor to use for checking on the efficiency of the
internal controls. Overall, the Treadway Commission is so important because of the studies they
have done in financial reporting while looking into factors that lead to fraud and fraud reduction
methods. The framework that they created was commonly used throughout for defining the
elements of internal controls and identifying, assessing, and managing the risks involved.
Why are there limitations on internal control?
Many people may view internal control as being able to ensure that an entity will not fail and will
always achieve its goals successfully. It is almost like they see it as a cure for all current and
potential business problems, but they are mistaken. There are limitations on internal control for
various reasons, but, mainly because, there needs to be regular monitoring of the efficiency of
internal control systems. By having these limitations, it shows that an internal control system is
not guaranteed. There are various elements that can factor into a delinquency on the competence
of the controls and this shows that no internal control system can provide absolute assurance. It
can only provide reasonable assurance that management objectives will be achieved. Chapter 3
of our reading states that "this assurance can be maintained if (a) management continuously
monitors the effectiveness of the controls in place, taking into consideration the costs and
benefits associated with those controls and (b) auditors provide independent assessments that
the control system is working". These limitations help to make certain that good internal controls
are in place and that things within the entity occur as they should. In addition, these limitations
also make sure that public organizations are operated in the most economical and effective way
and in accordance to the highest ethical standards. To ensure this, many states legislatures and
local governments enacted stricter conflict-of-interest laws, codes of ethics, mandatory
information disclosure acts for public employees, freedom-of-information statutes, and
open-meeting laws.
A level of confidence in financial information reported on the financial statements is provided by
having internal controls. Internal controls restrict individual employee access to influencing the
figures or distorting the financial data. Internal controls are essential for accounting employees
who work with the company's financial information on a regular basis. However, internal controls
are not surefire and that is why there are limits to internal control policies and procedures put into
effect by companies. Additionally, human error, misunderstandings, fatigue and stress are all
examples of human error. These human errors and system omissions, lack of
training/communication, lack of management support, resource constraints, or lack of system
flexibility play a major role in reasons why limitations are needed. For example, a breakdown of
internal control systems could be the result of an employee not being knowledgeable about
certain aspects of their job. This could be minimized by having training when starting the job and
follow up training throughout time. Moreover, the cost of implementing a specific control should
not exceed the expected benefit of the control. An organization that produces dependable
financial reporting and noticeably complies with the laws and regulations that apply to it are said
to have effective internal controls. Some limitation are inherent in all internal control systems, like
judgment, breakdowns, management override, and collusion. This means that failure could result

in even an effective system of internal controls. As previously states, reasonable assurance does
not provide absolute assurance.

Describe why an internal control system can only provide reasonable assurance, rather than
absolute assurance, that an organization will achieve its objectives.
No internal control system can provide absolute guarantee that there will be no material
misstatements; however, they can provide reasonable assurance. Absolute assurance is not
achievable because of the nature of audit evidence and the characteristics of fraud. Thus, an audit
conducted in accordance with GAAS may not detect a material misstatement. Reasonable
assurance is provided by having managers take certain steps by using common control techniques
to make sure that program objectives are achieved. Having reasonable internal controls also
provides management with the appropriate balance between risk of certain business tactics and
the level of control that is required to make sure those business needs are met. The book uses this
example: you cannot be absolutely sure, no matter how good your internal control system may
be, that all pilferage will be prevented. But you can be reasonably sure that large amounts of
pilferage will be either prevented or detected in a timely manner, provide you put in place a good
security system, check to see whether it works, and periodically compare the amounts that are
supposed to be on hand with the amounts actually on hand. Lastly, the cost of a control should
not exceed the benefit to be derived from it. There are various elements that can factor into a
delinquency on the capability of the controls and this shows that no internal control system can
offer absolute assurance. It can only deliver reasonable assurance that management objectives
will be achieved. Chapter 3 says that "this assurance can be maintained if (a) management
continuously monitors the effectiveness of the controls in place, taking into consideration the
costs and benefits associated with those controls and (b) auditors provide independent
assessments that the control system is working". Cost/benefit realities, collusion among
employees, judgment, breakdowns, management override, and external events beyond an
organizations control are just some of the reasons why internal control cannot provide reasonable
assurance. These inherent limitations mean that failure could result in even an effective system of
internal controls.
In addition, the COSO report answers this question best.
Internal control is a process, effected by an entitys board of directors, management, and
other personnel, designed to provide reasonable assurance regarding the achievement of
objectives relating to operations, reporting, and compliance. It also goes on to say that
the term reasonable assurance rather than absolute assurance acknowledges that
limitations exist in all systems of internal control, and that uncertainties and risks may
exist, which no one can confidently predict with precision. Absolute assurance is not
possible. Reasonable assurance does not imply that an entity will always achieve its
objectives. Effective internal control increases the likelihood of an entity achieving its
objectives. However, the likelihood of achievement is affected by limitations inherent in
all internal control systems, such as human error and the uncertainty inherent in
judgment. Additionally, a system of internal control can be circumvented if people
collude. Further, if management is able to override controls, the entire system may fail. In
other words, even an effective system of internal control can experience a failure.
Ch. 4
How does the control environment affect your daily life?
It is important to note that the control environment sets the tone of an organization and sets the
foundation for the other components of internal control. Furthermore, it provides structure and
regulation within the company. Factors of the control environment are important to it influencing
employees every day life and setting the tone for the organization, such as integrity, ethical
values and competence of the entity's people; management's philosophy and operating style; the
way management assigns authority and responsibility, and organizes and develops its people;

and the attention and direction provided by the board of directors." By having a good control
environment, managers send the message that internal controls apply to everyone in the
business and are also an essential part of operations. By having a weak control environment,
there can be an overwhelming effect on the way other controls work and this all starts with the
tone at the top and is followed by the employees ability to follow it. A negative tone (control
environment) set by a manager can be as small as when a manager takes various extended
cigarette breaks on the clock and his employees believing it was okay for them to do it as well.
This may anger those employees who do not smoke and make them not perform work to their
fullest potential.
What is the significance of assessing risk in the internal control process?
COSO says that every entity faces a variety of risks from external and internal sources that must
be assessed. The likelihood that an incident will arise that negatively influences the ability to
reach objectives is the definition of a risk. Risk assessment obligates an organization to
determine the prominent risks that are essential to reaching their goals and objectives first, and
then analyzing them. Objectives are identified by management within various divisions that
correspond to operations, reporting, and conformance of clearly recognizing and analyzing risks
to the objectives. Before implementing any tactics to attain a certain objective, a manager must
think about the variety of potential strategies and then assess the risks inherent in each. Every so
often, the manager ought to re-examine the risk and make revisions as conditions change. Both
the internal and external sources might cause risk to emerge and make internal control
ineffective. Risk assessment and internal control work together because risk assessment impacts
the nature and degree of the controls and plans implemented to handle such risks.
A number of the governments actions are susceptible to considerable risk because the
government exists to protect the health, safety, and welfare of its citizens. The method for
discovering risks may vary. In addition, an update to the directory of risks may be made because
of new policies that are presented or because of information that appears in audit reports or
additional agency reviews. Throughout the risk assessment process, the manager needs to focus
on the probability that something will go wrong and the effect of it going wrong. If there is a high
probability for something to go wrong and there is a high chance for potential impact, then you will
want to dedicate more of your resources to that. If the likelihood is low and the impact is
negligible, the area warrants a relatively smaller share of resources. Risks and opportunities go
hand-in-hand with each other and managers need to realize that. By not identifying opportunities
to improve operations, reaching a businesss objectives can be affected just as much as failing to
identify risks would. Lastly, not counting audits required by state regulations, activities that have
elevated levels of residual risk are usually chosen for audits.

The control environment is often described as "the tone at the top." Describe what that
phrase means, as well as its implications for establishing the scope of a performance audit.
(8/10 never discussed how the tone from the top effects the audit scope).
The Treadway Commission refers to the tone at the top as by saying:
"The tone set by top managementthe corporate environment or culture within which
financial reporting occursis the most important factor contributing to the integrity of the
financial reporting process. Notwithstanding an impressive set of written rules and procedures, if
the tone set by management is lax, fraudulent financial reporting is more likely to occur."
The tone at the top is the idea, the approach, and the beliefs the board of directors exhibit
throughout the business. It is the most important element of the control environment. An example
must be set by management because whatever tone they set will have a trickle-down effect on the
rest of the employees. The managements tone will usually effect if the employees will be more
inclined to uphold certain values or not. In addition, the company should have communication
throughout it with reward to preferable performance. Management can take the necessary steps to
create and maintain a good ethical environment within the company by conveying to employees
what is expected of them, leading by example, providing a secure system for reporting

infractions, and providing incentives for integrity. This will encourage other employees to act in
the same manner of demonstrating honesty and integrity. Having a good tone at the top would
mean having consistency among statements, assertions and explanations of the management and
its actions. By having these key elements, they form the pieces of the tone at the top. Some see
the tone at the top as a part of the internal control environment, while others see it as equal to the
internal control environment. The starting point of every audit or risk assessment is typically the
tone at the top.
By having a good tone at the top, fraud can be prevented by a well-working internal
control system and can also have a positive influence on the financial results of a business.
Therefore, it is necessary to include it in the audit scope. Businesses with an effective corporate
governance policy function better than those that do not. The tone at the top is almost invisible to
an outside auditor. Because of this, an auditor would find it valuable to add a baseline, which
would be the tone at the tops starting point for improvement. Assurance of an ethical and
successful tone at the top is needed not only by the public, but also by their board, shareholders,
and investors. Because an internal auditor can offer independence and objectivity, they could
potentially be asked to assess the reliability of the assurance that management provides.
Furthermore, it is key to scope what is critical to your business before giving assurance on it.
Before developing on the core themes, this scope should start with them. For example, the central
theme for a financial services company could start with the ethics of the organization. The best
way to preserve an organizations good reputation is by having the right tone at the top.
Ch. 5
Why would an audit organization have an annual audit plan?
An annual audit plan is critical for meeting the goals, objectives, and mission of the audit
organization and irreplaceable to keep the audit organizations financial house in order.
Furthermore, it will ensure compliance with applicable laws and regulations. Through the annual
audit plan, it can assess efficiency, economy, effectiveness, and program accomplishments. The
annual audit plan is usually developed from an audit risk assessment. Hence, it helps to prevent,
detect, and deter fraud and abuse while helping to determine the audit level of priority for a select
program or function. It is driven by risk assessment results and Internal Audit resources with the
intention of addressing the highest risk areas given the resources available to the audit
department. The annual audit plan goal is to identify practical step change solutions that can
contribute towards maximizing the value that organizations can derive from their investments in
managing risks.
An annual audit plan is created by managers because of the scarcity of resources. The scope
of an audit can be established with the help of the audit plan by pinpointing the program or
function that needs to be audited. And the resources needed to do so. Annual audit plan
benefits the organization through various ways. Such ways include (1) establishing what
agencies, programs, contracts or other areas will be highlighted for audits on an annual basis; (2)
authorizing an effective allocation of limited audit resources; (3) specifying a flexible foundation
for managing audit employees; (4) projecting an estimated timetable for starting and finishing
audits for the year; (5) eliminating the possibility for overlapping audits within the audit division
and with other audit organizations; (6) providing an recognizable basis for the role of the audit
division and justification for procuring budgetary funds.
What are some benchmarks that can be used in determining program effectiveness?
Please be specific.
Benchmarks are used as a measurement for performance by using a specific indicator that will
result in a "metric of performance" that is then compared to others. Benchmarking would be
further explained as taking a measurement of internal processes against an external standard. It
is one of a manager's best tools for deciding whether the company is performing certain functions
and activities efficiently, whether its costs are parallel to those of competitors, and whether its
internal activities and business processes need to be improved. By running a financial analysis,
you would be able to make a comparison of the results in order to assess a firm's overall

competitiveness, efficiency and productivity. Some items that are used for comparison could be
"how material are purchased, suppliers are paid, inventories are managed, employees are
trained, or payrolls are processed; how fast the company can get new products to market; at how
the quality control function is performed; at how customer orders are filled and shipped; and at
how maintenance is performed." An example of a benchmark might be the act of simultaneously
examining similar operations at two or more entities thus giving an auditor the opportunity to
compare each of them and identify the best practices. The most common divisions to be
measured in benchmarking are quality, time, and cost. Usually, companies will take benchmarks
on with a view toward all of improvements that may be offered. I found such improvements or
benefits to include "reducing labor cost, streamlining the work flow through redesigned business
processes and common administrative systems, improving data center operations through
consolidation and downsizing, cooperative business and information technology planning,
implementing new technology, outsourcing some assignments and functions, redesigning the
development and support processes, and restructuring and reorganizing the information
technology functions. "
After extensive research, I found that there are various types of benchmarks and they are
driven by motivating factors which involves different comparisons. For example, some of the
major types of benchmarks include metric benchmarks (uses reference points of quantitative
measures for comparison), best-practice/process benchmarks (focuses on identifying outstanding
techniques), information technology (like data processing, systems analysis, programming,
end-user support, and networks), infrastructure benchmarks (networks and data/information),
application benchmarks (system analysis, development and maintenance programming, and
functionality), and strategy benchmarks (skills assessment, information technology strategy,
business-technology alignment, and description of roles and responsibilities). Most often, proven
business best practice benchmarks will be used to accelerate the development of solutions and
link them to solutions to the overall business strategies. This well help to assure effective and
efficient execution of the best-practice-based process for improvement. For instance, these would
include process elimination, improved planning, and performance management. The chapter
refers to short-term and long-term targets and the performance of similar-type entities as being
possible benchmarks that are used to evaluate the performance of an entity (performance
measurement systems). Other types of benchmarking are to internally or administratively set
standards or to examine records for similar organization and set competitive standards. An
organization can determine whether or not a program is meeting its objectives once a benchmark
has been set.
In addition, there are many motivators that drive the various types of benchmarks like cost,
quality, competition, and goal setting (which are motivators for application and infrastructure
benchmarks). An advantage of benchmarking is that it facilitates the process of change, clearly
laying out the types of solutions external organizations have used and providing a global
perspective on how part of the company affects the whole. Furthermore, it helps to focus on
improvement in the areas that can make actual gains, which converts into added value to the
company and also its employees.

Describe the purpose of making a preliminary survey. Discuss how making a preliminary
survey relates to the preparation of the audit program.
By making and doing a preliminary survey, you are planning the audit. Furthermore, your
purpose in doing so is for the preliminary survey to help assist the preparation of an audit
program. The audit program is "a statement of major audit objective and/or areas of audit
concentration, and major audit steps within each objective or major audit area." By doing a
preliminary survey, it allows you to get basically acquainted with the "entity's goals and
objectives, management control environment, control practices, reporting system, and risk
assessment process". According to the Department of Internal Auditing at Georgia Tech's
website, typical steps taken during the preliminary survey of the area under review in order to
become familiar with the policies and procedures which may impact the area being audited are
(1) gain understanding of existing procedures through observation, by discussions with staff, or
review of documentation; (2) identify existing internal and accounting controls applicable to the

area being audited; (3) establish the scope of the audit based on information obtained and risk
assessment; (4) review applicable policies and/or procedures; and (5) prepare an audit program
which outlines the nature and the extent of audit tests that will be performed.
Whether the entity, program, or function has been audited before will partially determine
the scope of the preliminary survey. If there had been a previous audit then the auditor should
review the permanent file and devote the preliminary survey to making updates to the permanent
file. The preliminary survey will reveal the changes in entity policies and practices which is
where updates to the permanent file will need to be made. In addition, the auditor will also need
to assess whether there has been a change in key personnel and, if so, decide whether the change
has affected the control environment.
The preliminary survey will also include getting familiar with the entity's basic policies
and controls. A key purpose of audit is to verify that the stated control or system element does
actually exist and is working the way it should. Before doing so, you should already have a good
understanding of the entity's mission, goals, and objectives, which will help you focus on what to
expect in that part of the preliminary survey (like possible risk). The chapter states that to plan a
performance audit, you must: "(a) understand the missions, objectives, and goals of the agency,
program, or function being audited; (b) assess the risk of ineffective or inefficient performance;
and (c) prepare audit program that helps you reach conclusions about the entity's performance."
Before any of this is done, a preliminary survey has to be done first. The preliminary survey is
used to help you reach some possible conclusions about the entity's control environment and its
other internal controls. However, these conclusions will not be your final conclusions . Additional
work will need to be done like gathering evidence.
The section of the preliminary survey that involves getting familiar with basic policies
and controls has a purpose of helping you make a preliminary assessment of risk so that the major
areas of audit emphasis can be selected. Although this is not a major part of the preliminary
survey, since detailed audit programs can be prepared while working in the individual selected
audit areas, the policies and controls that are risky should be extensively reviewed and
questioned. In addition, a brief "walk-through" of the entity's facilities (observing the employees,
their general attitude, security measures, and the nature of facilities) should be included in the
preliminary survey to help in preparing the audit program. The auditor should also meet
important managerial personnel to get a acquainted with the entity's control systems and get a
general understanding of those controls. Getting copies of important control system related
documents, like policy manuals and managerial reports, will help you plan the audit steps. At this
stage the goal should be to know a vast array of information about "the entity's goals and
objectives, the control environment, the major strategies and controls, and the monitoring system
in order to select areas for audit concentration."
Once the preliminary survey is complete, the auditor would be ready to complete the rest
of the steps in the annual audit such as assessing audit risk, establish the major audit objectives,
listing the major audit areas, and estimating the amount of time to spend in satisfying major
objectives and performing each major audit area. Because of the preliminary survey, you may
decide to devote limited effort to a particular area when preparing the audit and in the gathering
data stage of the audit.
As listed above, in the preliminary survey, the internal auditor becomes acquainted with
the auditee to help in deciding how much reliance can be placed on the internal control systems.
By doing so, it allows the auditor to initially determine whether to extend or limit audit tests. In
close, the preparation of the audit program is the next step after completing the preliminary
survey, in order to determine the extent of audit tests to be performed during fieldwork.
Ch. 6
Why should the audit report be in writing?
Audit reports should be written for the purpose of: 1. communicating the results of audits to

officials at various levels of government, 2. making the results less susceptible to

misunderstanding, 3. making the results available for public inspection where applicable, and 4.
facilitating follow-up to determine whether appropriate corrective actions have been taken. In
addition, GAS and the Standards for the Professional Practice of Internal Auditing requires a
written report of the audit results. By having the written reports, it can help ensure public
accountability and an auditor will know that all the elements that are needed/required to be in the
audit report are included. The audit report will set out the findings in an appropriate form that is
easy to understand and free from vagueness or ambiguity. Information should only be included
that is supported by competent and relevant audit evidence (independent, objective, fair and
constructive). By having recommendations written, it is easier for the entity to look back to see
how they should take action and where the actions recommended are appropriate. If an audit
report is not done in writing the next best thing would be to have an oral report with written
documentation and the worst option, rather than not report at all, would be to have only an oral
report. The possibility of human error and misinterpretation are subject to any oral report. In
conclusion, the audit reports in writing are overall the most competent because they are more
reliable than any oral representation.------- Oral presentation can be video tapes, making it
position to distribute and documented for future reference. Just as you will need a good writer
from present a good audit report an astute and eloquent speaker can deliver an oral audit report.
The only issue with that is, it will not need the requirement of Government Auditing Standard as
well as Standard for Professional Practice of Internal Auditors. With the oral presentation
wouldn't we miss out on some of the feedback of the people not able to make it. I think it is
important for everyone to hear the information and respond in the closing conference. I have
had some experience with receiving and responding to draft reports. Sometimes we get a
couple of drafts before the final version. Sometimes several agencies have to respond to an
audit so it can take 6 months or more after an audit to get through all the drafts iterations and get
to the final.Oral reports should serve to supplement written reports - versus take there place. Oral
reports could be used to introduce a report and its' findings or it could be used to address
emergency issues. In addition, an oral report could be also transcribed into meeting notes instead
of being video recorded. Although with meeting notes you face misinterpretations or
misunderstandings.
What type of tone should an audit report have?
In the chapter, it is said that evidence must be presented in an unbiased manner (objective) so
report users can be persuaded by the facts. The report should be fair and not misleading; results
should be placed in the proper perspective. The tone should be such as to encourage
decision-makers to act on the findings and recommendations. The GAS says the report should
be balanced with what you say and how you say it, or with content and tone. The tone of an audit
report is very tricky. It can easily make or break how the audience/management reacts to it. In
addition, being unbiased is very hard if there is error/risk due to management performance.
Finding the right tone for a situation of that matter is hard because you do not want to come off
too lenient or too tough. A high quality audit report would bring about both clarity for the audit
committee members and nuance for the auditee. The overall best route to take would be one that
1. says what you have to say, 2. is written clearly, concisely and understandably, 3. is concluded
sensibly, 4. involves the auditees in validation and recommendation, and 4. drops information that
is irrelevant. By doing each of these, the audit report will be shorter, lighter, concise, and more
appreciated by the audience.

Why are management comments of the audit findings included in the audit report?
By having management comments of the audit findings included in the audit report, the
auditor is ensuring that a report is fair, complete, and objective. Managements input is also
important to show that recommendations are reasonable and free of any errors or
misrepresentations. By doing so, the report is not only showing the auditors opinions and views,
but also the opinions and views of those responsible for making the future changes for the entity
(management). Management is usually asked to not only comment on the audit findings but also
on conclusions and recommendations and tell what corrective actions they plan to take. If

management decides not to implement corrective actions suggested in the recommendations, they
should otherwise describe the alternative steps they will take to address the issues that led to the
audit findings. In addition to this, management should include an estimate of the date for when
the corrective action will be complete. The auditor should review that the time frame for
corrective action is reasonable. In addition, there are chance that management may have opposing
comments to the reports findings. In this situation, an auditor may agree and then modify the
report accordingly; or the auditor may believe the comments are not valid and then the auditor
would state the reasons for the disagreement in a fair and objective manner.
Ch. 7 & 8

Describe the basic objectives of a good inventory management system, covering both
availability of inventory and physical accountability for inventory.
Maintaining good inventory management principles/procedures will ensure the
efficiency and timely deliver of high quality inventory data. There must be controls in place to
obtain an appropriated justification for items in inventory which must be documented. The two
basic objectives of inventory management are supply control and inventory control. Supply
control covers the availability of inventory to meet anticipated program needs. Inventory
control covers accountability for items received and various other aspects of physical
accountability. These functions require effective operating-type and sage guarding controls.
The chapter states that to determine the best way to evaluate whether the basic
objectives are being achieved you must ask these questions:
a. Supply control: for program effectiveness, "(1) are supplies available when
needed?"; and for efficiency, "(2) are supplies stocked in quantitative greatly
beyond immediate need, needlessly increasing inventory carrying costs and risks
of obsolesces? To make sure supply controls are effective, you must analyze
records for specific items of stock while showing quantities available in relation
to past and projected future use. The main objective of inventory management
is to maintain inventory at appropriate level to avoid excessive or shortage of
inventory because both the cases are undesirable for business. Therefore,
having effective supply control ensures that sufficient quantities of supplies and
materials will be on hand to meet program needs while also not having the
stock being high and carrying unnecessary inventory carrying costs. By keeping
the right amount of inventory on hand you are ensuring availability of supplies
and materials at the lowest possible carrying costs. To have a good inventory
management system, you must know when to order and how much to order.
b. Inventory control: "Is everything that is supposed to be in inventory actually
on hand and in condition suitable for use? Inventory shortages could result from
weakness in security, record-keeping, or storage procedures." To make sure
inventory controls are effective, you must physically count the stock and
physically observe security this ensures that quantities received are accurately
recorded, accounted for until used, stored in an accessible manner, and kept
sage from loss due to theft, damage, and deterioration. To have an effective
inventory control, you must have cost-effective receiving, storing, and
accounting systems with periodic physical counts of inventories, comparison of

those counts with perpetual inventory records, and tracking down the causes of
disparities between the two.
Without good inventory management controls, program performance can be
undermined and result in extensive loss from poor controls over the acquisition and storage of
inventory. A good inventory management system would keep investment in inventory at
optimum level; reduce the losses of theft, obsolesces and wastage, etc.; and make arrangement
for sale of slow moving items. Some additional idea for a good inventory management system
would be having well organized location names; location labels that are easy to read; unique,
short, and unmistakable item numbers; units of measure; a good starting point; software that
tracks all inventory activity; good policies; and employees who know and follow the good
policies.
Describe the major risks of loss (either from direct loss or from the failure to earn revenues)
inherent in the management of accounts receivable, cash, and investments.
"Weak procedures and lack of discipline can cause inordinate delays in converting
accounts receivable into a form of investment. And the honest but unwary employee can easily
cause the loss of huge amounts of funds by making foolish investments." Furthermore, to
prevent delays in converting accounts receivable into a form of investment or cash, procedures
and controls can be developed to ensure that. The procedures and controls can consist of
"accurate bills being sent out timely to all persons who are supposed to be billed; accountability
maintained over all outstanding receivable until the cash is collected or appropriate authority is
received to reduce or write off the receivable; follow-up for non-payment is prompt and
effective; and payment remittances are deposited promptly."
Because cash has a value as a medium of exchange and a time value, the government
can lose money by it being stolen or by the delays in investing cash. To prevent future lost, the
government would use cost/beneficial safeguarding-type controls to provide reasonable
assurance against loss due to theft and would use operating-type controls to help the
investment manager earn interest on cash by maximizing the amount of cash available for
investment. Because an auditor could be embarrassed by the failure to detect theft of cash, they
should be concerned with both administrative controls regarding forecasting and timely deposit
of cash and safeguarding controls designed to prevent theft or to detect it quickly. Effective cash
forecasting and certain investment techniques would bring about a balance between the two. In
cash forecasting, serious loss can happen if you are investing for period beyond the point that
cash is needed.
For investments, they all will involve a risk to some degree and whatever the investment
yields will directly relate to the assumed risk. Managers sometimes think that investment gains
are a tempting alternative to raising governmental revenues through taxation, but they do not
realized that the potential for loss through risky investment ventures is just as great as the
potential for gain. In addition, deposits are subject to credit risk and U.S. Treasuries and
corporate equities are subject to market risks. The objectives of investment management are (1)
"controlling risk-assessing how much risk to take in a given situation and knowing the degree of
risk inherent in each potential type of investment" and (2) "to ensure that investment practices
entail the exercise of prudence and due professional care." The chapter gives the various types

of risks that might result in unwarranted loss such as:

"Market risk relates to uncertainty surrounding an investment's ability to maintain its
market value during the period the investment is held. Market risk can be affected by
many factors such as the type of security held and the length of the period for which it is
held.
Credit risk is the risk that the other party to the investment transaction might not fulfill
its contractual obligations. Credit risk can be reduced by various means such as
obtaining collateral and having the collateral held by the investor's agent.
Liquidity risk is the risk that the investment cannot be sold timely at a fair price to meet
the investor's operational needs. Investing in long-term debt securities when cash is
needed in the short term may increase the yield, but expose the investor to losses if
rising interest rates cause prices to decline just when the cash is needed.
Operational risk is the risk of loss resulting from weak internal controls, human error,
or management failure. The failure of management to assess the other risks related to
investments and the lack of investment oversight are common causes of major
investment losses."
Ch. 9
Discuss the basic procurement objectives and possible sub-objectives in a centralized
purchasing system that the procurement manager might establish at a local school
district.
The best way to describe the basic objectives or goals in any procurement is to say that your
objective or goal is to obtain the right product, in the right quantity, at the right time, from the right
source, at the right price. However, what is right is determined on the entity and its
circumstances.
Right product: This would mean that the product is meeting the reasonable (not wanted)
needs of the user or the consumer in terms of functionality and quality. A sub-objective in the
centralized purchasing system for the local school district may be that they have a ranked list of
alternative items choices for each product needed. The type of product needed would be put in
order to what is most reasonable and the most reasonable choice would be picked to purchase
when available. Let's take the book's example of bulbs for instance. LED bulbs may be the best
option, but CFL bulbs are just as sufficient because they are cheaper and last long.
Right quantity: This would mean that the amount of supply items or services being bought
take into consideration such factors as procurement administrative time and delivery time,
storage costs, alternative uses of funds, ordering costs, and vendor discounts for quantity
purchases. A sub-objective in the centralized purchasing system for the local school district may
be to create a ranking system that describes storage ability. For example, milk needs to be
ordered for childrens lunches and so does pencils for the faculty. Milk expires quickly and must
be refrigerated so you may not order as much inventory as pencils because pencils do not expire.
In addition, pencils can be stores easier because of their size.
Right time: This would mean that the delivery of the supply item is done in sufficient time so
the service that it is needed for will not be disrupted or that the service procured will be provided
in sufficient time so that time deadlines will be met. A sub-objective in the centralized purchasing
system for the local school district may be to create a system that is used to determine when to
order certain items based on existing inventory. When an inventory comes below a certain point,
the system would alert you that it is time to order more products. For example, a teacher may
need to get a product from the supply closet, but first, she must put into a computer based
program that she is taking out however many of that product. Then she would get a printed slip to
actually get the product from the closet. That way there is a way to easily keep up with what
inventory exist. In addition, taking inventory on a regular basis is important to know when it is the
right time to order. Some products may need to be inventories more often than others.
Right source: This would mean that the vendor selected to provide the item of supply or

service that is responsible. By responsible, this is referring to being capable of delivering

products or services in accordance with quality specifications and delivery requirements. Right
sources also refers to the vendor having business integrity and meeting all legal requirements
imposed on them. A sub-objective in the centralized purchasing system for the local school
district may be to have a vendor grading system. For example, an order is made with a certain
vendor and they do not make their delivery on time or items in your order are back-ordered or
missing; therefore, they would receive a low number on the grading scale. That way you know
what vendor is the most reliable. This list would be needed in a various situations. For instance,
scantrons are needed for an upcoming standardized test. The district usually orders from a
vendor up north, but they are snowed in. How do you know who else would be best to order
from? The vendor grading would make for the decision to be done quickly.
Right price: This would mean that the lowest price possible is the price that is paid for the
item or service procured. This price should be consistent with specifications regarding quality and
functionality and delivery requirements. A sub-objective in the centralized purchasing system for
the local school district may be to have a price log for item prices at certain vendors (which could
also be tied to the vendor grading). It should be noted if a certain vendor does not have
consistent prices. If a vendors prices change regularly, the school district may not want to use
them or, if the school district likes the company, their prices may need to be updated on the
pricing logs regularly.
What audit steps would you perform to evaluate the contract bidding process?
I. Pre-Bid Stage:
A. First step would be to review procedures by obtaining a copy of the entitys procurement
policy and various sample contracts and bids including:
Bid Solicitation: Is there an up-to-date bidder list that is maintained? Are they attempting
to expand it based on review of advertisement in trade publication and contact with other
governmental jurisdictions? Is there an attempt to find out why those bidder list are not bidding
and is the performance of contractors on previous contracts noted on the lists? On those previous
contracts, were bids solicited through means most likely to ensure adequate competition? Does it
appear as if sufficient time was allowed for contractors to prepare bids, considering complexity
and size of the procurement?
Vendor Selection: I would check to see make sure there are no undisclosed relationships
to the organization or its officers and employees. In addition, vendor selection should be checked
for such items as due diligence to ensure financial stability, proper licenses, and insurance
coverage. The entitys procurement policy and book of standards should prohibit antitrust
activities and the restraint of free competitive bidding.
Adequacy and Effect of Competition: Was the contract awarded to the lowest responsible
and responsive bidder? How many bids were received and for what amounts were bid? Does the
bidding pattern over several years indicate evidence of collusive bidding? Is adequate justification
provided if awards are made to a bidder other than the low one?
II. Bidding Stage:
A. Security & Handling: Check to see if bids are time and date-stamped and if they are being
kept in a secure location pending bid opening. Also, the audit should make sure bids are opened
formally and recorded. The proposal document should have appropriate references to applicable
state and federal law which deals with bidding crimes. In addition, were there any other federal,
state, RFP/IFB compliance requirements, or other that this is subject to? There should also be a
statement in which there is a witness to the signatures.
B. Submission of Bid: Is there a procurement schedule that tells what steps that are to be
performed for procurement? There should also be a freeze design for the contract before these
bids are solicited. Were the proposals solicited from a sufficient number of qualified contractors to
ensure the procedure was fair to potential suppliers and that quality services at a fair price were

likely to be obtained. In addition, did the request for proposals generate a reasonable number of
proposals from qualified contractors? How many proposals were received and what amounts
were proposed?
C. Choosing Bid: The process for choosing the bid was best for selecting the best and most
responsible bid/bidder and the contract was awarded to the best bidder/bid. If not, there should
be a very reasonable cause given for choosing otherwise.
D. Bid Reconciliation: This would compare the bid to the final contract to ensure that it says
what was promised in the contract. This would be the first step in getting what was promised to
the delivery stage. If this is not the case, this may lead to uncovering fraud or contract changes.
The fundamental promises shall remain intact or there may be a deficiency within the bidding
process.
E. Contract Compliance: This would ensure that all key contract objectives are met. First, all
contractual terms should be highlighted including identifying the risk that the contract poses.
Then, audits steps should be define that will ensure the contract is running like it should. For
example, auditing for IT standards, auditing payments, or auditing for trade/volume discounts.
The procurement department and management should be asked if they thought any fraud was
involved in the process. Furthermore, did the procedures for evaluating the contract appear to
result in an honest evaluation and in the award of the contract to the entity that made the most
advantageous proposal to the government agency, considering quality of service as well as
price?
F. Award: There should be a policy in which a contract may be awarded when only one bid is
received that is reliable. A policy of not awarding a contract on which a single bid is received
encourages the submission of complementary bids. There should be a a file of completed bid
responses and notification of the award.

Discuss why preparing complete and unambiguous specifications is important in procuring

the construction of a governmental office building. (9/10)
The nature and quality of the specification can notably influence the price paid, the degree to
which competition is achieved, and the capability to hold the contractor liable for performance. It is
important in procuring the construction because problems in the specification process can create
construction delays and large cost overruns. In addition, there can be delays in completing contracts,
disputes over intent, lack of contractor accountability, and other administrative headaches. By failing to
detect corruption in a timely manner, it can result in paying for undelivered supplies. Failure to select the
right source may jeopardize achievement of an agency mission. Also, it is important for buyers to state
the specifications clearly in the contract and to have sufficient inspection procedures to guarantee receipt of
products or services of the quality ordered. All of this would hold supplier and contractors accountable.
Furthermore, having a standardization of specification could result in major cost savings. If they are
obligated to buy the same type of item, where appropriate, there would be no unnecessary ordering cost or
the increased prices that are due to the failure and inability to acquire vendor discounts for quantity
purchases. When using the IFB, detailed written specifications are needed to ensure that all contractors are
bidding on the same item. For construction contracts, using specifications that are complete and accurate
before the contract is awarded is the best way to avoid change orders.
Some risks involved in the specification phase of the procurement phase are as follows:
1. Failure to full express requirement or failure to freeze design. This problem, which may occur in
construction and in systems installation contracts, expose the entity to delivery delays and change orders.
Change order can be costly because price changes are negotiated under conditions that place the buyer in a
weak bargaining position.
2. Failure to standardize requirements among users of similar-type products within the entity, resulting in
excessive procurement administration costs and higher prices; also, establishing requirements for a higher
level of quality than actually needed to do the job.
3. Establishing specifications or conditions that factor a particular supplier or contractor, thereby

weakening competition and probably increasing prices.

To avoid problems in preparing specifications before soliciting proposals to perform contracts,
these controls and strategies are some examples of what should be used: Research value analysis and
standardization, planning and coordination, freezing requirements before solicitation, writing
specifications in a way that enhances competition and reduces cost.
Ch. 10
Why should accurate records be required at the State Department of Transportation for the
maintenance and repair of state-owned vehicles?
By having an effective control over the scheduling of maintenance projects, management will be
able to notice forthcoming problems. With accurate records, the records and reports can provide
evidence that can be analyzed to see where the maintenance problems arise from. In addition to
recording specific maintenance and repair projects, they should be evaluated and prioritized as
well. By having maintenance priorities within an entity, it calls for considering public safety, ability
to provide desired service level, the potential for further damage if the situation causing the need
for a repair project is not promptly fixed, and other matters. State-owned vehicles require routine
preventive maintenance and these details, along with repairs, should be kept in detailed asset
maintenance and repair histories records. These records should show acquisition date, nature of
manufacturer warranty, date, type, and cost of repair activity. These records serve managerial
control purposes such as: 1. By keeping track of dates, they help schedule preventive
maintenance; 2. By keeping track of age, costs and type of repair, they aid in determining
whether it is time to replace assets rather than to keep repairing them; 3. By showing type of
frequency of repair, they help determine whether supplier warranties about assets and their
components should be enforced; and 4. By showing type and cost of maintenance and repair
costs, they help call attention to possible maintenance inefficiencies. When referring to
maintenance accounting and reporting, the chapter states that agencies should report regularly
on the condition of the state-owned vehicles to management and to the public. Agencies should
also estimate the cost of need maintenance by establishing asset condition standards and
determining costs to return the assets to acceptable condition based on the standards. They
should report the performance implications - the risks to safety and likely economic losses - of not
doing necessary maintenance. Lastly, by using their reporting system that covers the efficiency
and effectiveness of capital asset maintenance, management will use these records to respond
promptly to emerging problems. Having a good performance measurement system is key to
providing the basis for much of managements reporting needs. In addition, these reports will help
provide information in the event of future audits.
Describe the objectives of an audit of the effectiveness of the city's pothole repair program
and what steps would you take to accomplish those objectives.
The first objective would be to determine if the city has used all reasonable means to identify
potholes. The next objective would be to see if street repair crews repair potholes in the most
effective and efficient manner. The third objective would be to see if street repair crews are
deployed in the most efficient and effective manner. The last objective would be to determine
whether traveling crews provide the City with the most efficient use of resources to fill potholes. I
would identify the best practiced used by other pothole repair programs. To achieve the audit
objectives, I would interview management and observe operations through ride-alongs and
auditor observations. You could even perform a mileage analysis by reviewing a sample of the
daily routes. Next, I would conduct interviews with departmental personnel and examine and
analyze the management information system reports and records from the maintenance and
repair areas in addition to seeing if the program had a set of guidelines related to timeliness for
the repairs and review it. A record I would request would be the number of potholes that were
reported and repaired segregated by month within the fiscal year. To determine their timeliness in
repairing the potholes, I would review a random weeks worth of reported potholes for three
different months and check for maintenance backlogs. In addition to these, I would survey several
cities regarding street repair process and equipment used and review the citys street services
departments (that does the pothole repair program) most recent performance audit report.

You are assigned to audit the effectiveness of the vehicle maintenance division of the
sanitation department of a large city. Without describing the specific audit steps, discuss the
major matters that you would cover in such an audit.
My major matter in the audit would be to decide if services should continue to be
provided in house versus contracting with vehicle maintenance facilities in the private sector. In
addition to this, I would look into what the financial feasibility of contracting with the private
sector for the Citys sanitation department vehicle maintenance needs are. The sanitation vehicles
are very big and there is a lot that could go wrong. Someone may need to be more specialized to
work on such vehicles. A question I would ask is are private contractors available that are
qualified to work on specialized equipment such as the sanitation department vehicles? I would
gather a list of pros and cons and basic financial analysis of contracting out service delivery. In
addition, I would look into the use of technology and equipment to see if the proper and/or
adequate equipment and software is being used for tracking and performing maintenance on
vehicles and for keeping up with vehicle maintenance history. Some goals and initiatives I would
have for the vehicle maintenance division would be to improve the effectiveness and performance
of vehicle maintenance, increase the mean distance between vehicle failures, upgrade inventory
and maintenance systems to enhance the preventative maintenance accuracy, improve the
response time for road service calls, add more standards that will ensure that preventative
maintenance inspections and repairs are done in a timely manner, and make sure there are safety
inspections done to review the work of the vehicle maintenance division of the sanitation
department. Another concern would be to check if there is a plan in place for
maintenance/operations in the event that there is bad weather like snow or ice. Lastly, if there is
establishment of fleet assignment and retention policies, then a study should be conducted with
the intent to reduce the sanitation vehicle fleet size.
Ch. 11
Describe the basic goals and objectives of a program that calls for the city to annually
inspect all elevators in commercial buildings.
The chapter says that goals, objectives and strategies of inspection programs might be
expressed in narrative or in quantitative terms in various documents. They may be expressed in
legislation, in legislative findings or executive department proposals for legislation, in executive
budgets proposing appropriations for a particular year, in agency requests for appropriations, or
in departmental regulations or action plans. For annual commercial building elevator inspections
done by the city, there are various basic goals and objectives for doing so. For example,
improving the safety of the riding public on the elevators and promoting their safety, checking the
elevators technology for possible needed upgrades, keeping the environment safe and healthy
for employees, ensuring all required tests are performed by qualified persons, making sure the
elevators are maintained in accordance with safety codes, other codes, laws, and rules are some
of the basic goals and objectives used here. They should have a main goal of making sure any
problems with the elevators are found and fixed before they are up and running again because
the citizens safety are at risk. There should also be an established system that identifies and
tracks elevators in the city to make sure they are safe to ride and that they have been inspected
with successful results. If inspections are failed, internal controls must provide procedures for the
city to enforce the code by establishing methods of recourse for dealing with instances of
non-compliance. Records of inspections must be maintained and the inspection certificates
should be on display at all times in elevators so everyone knows they are up to date and safe to
ride. There should be policies and procedures that show the criteria for getting the elevator
licensed, rules for a passing the inspection and for failure to make corrective action based on
violation, and methods for file complaints or accidents. The book states that long-term goals
regarding inspection activities may be stated specifically in legislation or may be deducted from
the broad missions assigned by an agency. Annual performance objectives should be developed
as a result of the budget process. It should cover, to the extent feasible, both outcomes and

outputs, and stated in quantified terms. An example of this would be a building code of the city
requiring the inspection of elevators. Program managers should establish specific goals at the
beginning of the year, track performance during the year, and seek to explain and act on
deviations for the goals. To successfully manage for results, they should be concerned with the
performance of the inspection staff in qualitatively and quantitatively for achieving the inspections
said goals and objectives. Control system and operating strategies should be in place for the use
of meeting the goals and objectives of the inspection programs and to deal with the risks that may
be involved. The list of these controls and strategies are listed and discussed in detail starting on
page 265. -----these inspections must include elevators that warrant condemnation, and an
additional objective might include elevator replacement initiations. If an elevator requires
condemnation, the inspection agency has a case that might take longer to close, and require a
different approach to follow up. Thank you and have a nice weekend.
A county consumer affairs agency is responsible for inspecting scales at retail grocery
stores, as well as weights shown on store-packaged meats , poultry, and fish. You are
assigned to see if the agency's system for enforcing the results of its inspections is
effective. Describe elements of a good inspection enforcement system.
Without enforcement of the inspection, the inspection itself can be useless. One of the various
ways inspection programs can be enforced are sending violation notices out promptly after
inspection with required responses and specific deadline dates for the corrective action. In
addition, other ways for enforcement include levying sufficiently severe fines and other penalties
in accordance to specific violations (accounting controls needed here for guaranteed collection),
re-inspecting, and publicity. The codes should be relevant and the response time to complaints
should be quick and sufficient.
Here are some of the various ways that I would check to make sure that the inspection
enforcement system is working well. I would first make sure the previously mentioned
enforcements were in place by checking inspection logs. This could be used to not only check for
corrective actions of violations, but also to make sure that the fine and penalty given were/are
sufficient enough for the violation. Codes should also be checked for sufficiency and to see if they
need to be updated. By checking the annual caseload for enforcements, you can see how long
each case took to resolve. For cases that were the result of a complaint, several residents who
filed the complaints should be contacted to be surveyed on whether their complaints were
resolved in a timely manner, whether their complaints were resolved in general, and if they
actually received feedback on their complaints. In addition to this, staff members that are a part of
the enforcements should be interviewed. This analysis of information would be used to identify
options for performance improvements. Lastly, a good idea would also be to perform a
benchmarking analysis with other cities and examine proactive programs in those cities.

The mayor of a large city asks the city auditor to make a performance audit of an agency
responsible for inspecting the sanitary conditions of all restaurants to make certain that the
unit is "operating efficiently." Describe three specific audit steps that the auditor might
plan to comply with the mayor's request. (9/10)
First, a review of the files, policies, and procedures for the restaurant and their
inspections would be very helpful. Relevant internal controls and audit procedures should be
reviewed, such as identifying relevant laws and regulations for the state and sanitary codes
(which are needed for this audit to be successful). This would help to assess the inspection
program areas and competencies that may not be observable at the actual restaurant. An example
of this would be having documents of long-term corrective operation that would be hard to assess
without this review. A sample of inspector activity reports should be checked for being accurate
and up-to-date. These should include ones that resulted in serious violations as well. As an
auditor, having a ride-along or shadowing a field inspection of the agency would be the next audit
step to be taken. A joint inspection (acting as if the auditor was not there) would help in the

understanding of the agencys approach to the inspection and help to reduce the risk of having
inaccurate conclusions about their actions. Having a series of field-check several times in the
audit, including inspections that are reported as recently completed, is a good addition to this step.
This way, the auditor can trace the results of the inspections they made to the ones reported by the
agency inspectors activity reports. By doing so, the reliability of data can be assessed. The third
audit step to be performed would be to check into the enforcement process for corrective actions.
If the inspection fails, they should be punished accordingly. Such enforcements would be
promptly sending out violation notices with required responses and deadlines, levying sufficient
severe fines and penalties according to the specific violation, re-inspections should be done to
make sure these are corrected, and having such publicity enforcements like inspection results
being fully disclosed to the public. For this audit step, complaints by customers should also be
checked into and made sure the customers were happy with the enforcement process. In addition,
having a benchmarking analysis with other inspection agencies would aid in this step.
Ch. 12
Of all the programs described in Chapter 12 what would be the most difficult to audit and
why?
I agree with the others who said the Homeless Housing and Assistance Program (HHAP) would
be the most difficult to audit. As the book states, HAAP "authorizes grants to not-for-profit
corporations, charitable institutions, and local governments to acquire, construct or rehabilitate
housing for the homeless state residents." This four phase program is very in depth and would
take an extreme effort and huge amount of time to audit. These phases include 1. Project
Application and Evaluation; 2. Project Development; 3. Project Construction; and 4. Project
Operation. Each phase has various steps within the phases as well. When an auditor begins the
auditing process, they should evaluate each phase in relation to goals, risks, and controls of the
programs. For project application and evaluation, you would need to assess and fulfill program
needs, seek project applicants, and evaluate and select project applicants. When auditing the
seeking and selecting the project applicants, you would need to look into whether the people
were literally homeless with no alternative housing options. For the Project Development and
Construction phases, an auditor would monitor progress in the phases (This "could include site
acquisition, zoning and planning board approvals, construction design and cost estimation and
obtaining and evaluating competitive bids. Delays in any of these phases could delay construction
and achievement of the basic program goal.)" and monitor construction contractor performance.
Lastly, for the project operation phase, an auditor would monitor for contract compliance, evaluate
project sponsor reporting, coordinate with other agencies, perform site visits, and evaluate
performance measurements. This would include making sure there are procedures implemented
the verify that the project sponsors remain financially viable for the 20-30 year period that they
are required to maintain this type of program. The project should continue to serve the target
population group while the population that is served should continue to receive appropriate
support services. In addition, thie property should continue to be well maintained and meet safety
standards. As mentioned above, project sponsors must operate the program for 20 to 30 years
after completing construction or rehabilitation (the construction could take several years by itself
with a risk of a more lengthy process in the construction phase with zoning issues, permits, and
weather delays). During this time, they should provide needed social service for the tenants.
During an audit, you would normally like to interview the staff, but, with this project lasting 20-30
years, the staff will/can change multiple times. This would add to the difficulty of the audit process
as well. In addition, as for any of these programs in Chapter 12, there are various risks involved.
Why is a strong internal control system necessary for social services and health
programs?
The Social Services and Health programs use public funds/monies; therefore, strong internal
controls are essential for them. By having these strong internal controls, they help to prevent
fraud and misuse of funds while ensuring the programs are effective and efficient. The programs
are usually always considered high risk. In addition, they play an important role in the integrity
and accuracy of financial reports. By having strict controls, it also helps non-profits reach an

acceptable ratio between expenditures for program activities and allocations for program support.
(delete almost always considered high risk).

You are assigned to audit the state agency responsible for overseeing juvenile delinquency
prevention programs. The state finances programs in each of its 20 counties. All counties
are required to have an intensive counseling program directed as high-school aged youths
considered to be at "high risk" and a recreation program directed at the general youth
population.
Required: You are a state auditor assigned to audit the efficiency and effectiveness of the
program. You plan to visit the state agency and a sample of the counties. Describe four
controls or strategies you would expect the state to institute as part of its oversight process.
As an auditor, I would expect there to be various controls in place, but some more than
others. First, I would expect there to be a requirement for the counties to submit their program
plans for the year to the oversight agency. Programs should be planned based on research and risk
assessment. Having written plan will ensure that the county programs are complying with
requirements. These program plans would include a list of the types of juvenile delinquency
prevention programs that the county needs and how they plan on meeting that need. These plans
should be reviewed and approved by the oversight agency. When approving or denying these
plans, the oversight agency should take into consideration which counties and programs are
successful and unsuccessful and the reasons for their success or failure. Next, the oversight
agency should have a certain basis they follow that makes funds available to the counties in light
of programs needs. The control should be in place to ensure that available funds are used in a
cost-effective manner. In addition to this monitoring of funds, contract awards and terms should
be researched for effectiveness and fairness. There should be consistency between plans and
contract awards. By having monitoring of the fund, this would help to decrease the risk for the
potential for siphoning off large amounts of funds into administrative costs, rather than program
services. The third control or strategy would be to analyze and gather data to evaluate program
outcomes and have a system to monitor accomplishments. The accomplishments of the individual
programs should be monitored as well as the individual program providers. Reasons for success
or failure should be determined too with these finding for each county reported to the state. There
should be collaborative program efforts that draws on public, private, and volunteer resources.
When monitoring the service providers, there should be reporting requirements in place. If
service providers did not fulfill their reporting requirements, the counties should follow up and
determine the reasons for success or failure. The effectiveness of the individual service provider
should be assessed against the contract costs. Lastly, there should be an effective reward system
for those counties who have effective performance and then violation procedures for those who
are unsuccessful and break requirements or commit fraud as well. For example, closing a center
when its operation is no longer justified and transferring its State funds appropriated to fund
community-based programs or other juvenile delinquency prevention programs. The book states
that the key for success lies in strong, pro-active management that closely plans, monitors, and
assess program performance, develops a way to reward effective performance, ferrets out the
stronger from the weaker programs and providers, and shares information among counties and
service providers. This statement sums up the best controls and strategies that I, as an auditor,
would expect the state to instate as part of its oversight process.
Ch. 13
What audit steps would you perform to verify the attendance and dropout rate?
As the chapter states, an analysis at the three levels of the state oversight agency, a sample of
the school districts, and a sample of individual schools within the sampled school district must be
done in performing an audit on the attendance and dropout rates program. In addition, there
would be a requirement to have extensive discussion with key program personnel and analysis

of records at all three levels. These three steps are the main overall steps involved:
1. Preliminary Survey at the State Oversight Board:
2. Analysis of School District Program Plans and Annual Performance Reporting, and of
Oversight Agency Program Monitoring:
3. Analysis of School District and Individual School Attendance Improvement Practices:
Below is a breakdown of each audit step I would perform, assuming it is a regular audit.
First, I would do a review of the records and procedures related to the graduation and
dropout rates (this includes a review of laws and department regulations, reporting requirements
imposed on school districts, and the procedures used by the state education agency to oversee
attendance and dropout incidence). This would also help to analyze whether the state agency
acts in a proactive manner by analyzing the rates over time and among districts with periodic
meeting held with districts that help to identify best practices and taking special actions for poorly
performing districts. If there is no district-by-district time series analyses of attendance and
dropout rates, the auditor should make such analysis to determine trends and to compare
performance among districts with similar socio-economic characteristics. Then I would interview
the Division of Instructional and Information Technology (DIIT) officials (who are in charge of the
computer systems) to gain an understanding of the process of compiling student data and the
Research and Policy Support Group (RPSG) officials (who perform the graduation rate
calculations) to gain an understanding of the graduation-rate calculation process. To gain an
understanding of the process of updating student transcripts, I would review the computer
systems' manuals and interview school officials. Furthermore, to gain an understanding of the
controls in place to prevent unauthorized changes of student information, officials in charge of
their computer systems databases should be interviewed. To ensure that the computer processed
data were complete and accurate, the computer program language used to compile the list of all
students in the audited date range should be examined and the data from that time would be
reviewed for invalid deletions or entries. The accuracy of the computer systems' database file
listing of students in that date range should be checked by reviewing student files at ten sampled
schools.
Principals, assistant principals, guidance counselors, and program chairs at five school,
one from each district/borough/county, should be interview. The interviews should also be done
on district managers. This would help to gain an understanding of the reporting requirements that
are imposed on school districts, what guidance that is furnished to the districts to improve the
attendance, and on how they select specific techniques for improving attendance and retention.
When interviewing the district managers, their attitude toward attendance management and
retention should be assessed. School principals should be asked what various approaches are
taken by the school to improve attendance and retention and how they decide which techniques
work best. The schools are to be randomly selected from a stratified grouping of schools based
on graduation rates. Each school should be checked to see if they are more effective than others
in meeting program goals and if there is a correlation that can be found between success rates
and the specific techniques used, between success rates and attitude toward the program, or
between success rates and nature of record keeping. Also, I would review the level of access to
the computer systems of selected officials at those schools. Student transcript update forms
completed by the schools and examined change logs printed should be reviewed to make sure
changes made had been properly approved, had proper supporting documentation, and had an
audit trail.
To make sure the students were properly categorized, a preliminary sample of students
should be randomly selected from the five sampled schools and then their transcripts and
attendance records in the hardcopy student files at the schools and on the computer systems
should be examined. There should also be a review of the graduates' transcripts and attendance
records before graduation to ensure that they attended high school and after graduation to ensure
that they did not have classes scheduled after graduation. There should also be a review of
students targeted for special attention to ensure that the records kept by the school are accurate
and to see what efforts went in to helping this child excel in school (records should be kept to
show improvement in attendance and scholastic performance).
A preliminary review of operations would also be a good idea to help gain an understanding

of its process and the source of the data used for their calculation of high school graduation and
dropout rates. This would include a review of applicable federal and State laws and regulations
and other information that would include correspondence with local educational agencies. In
addition, this would help conclude whether the school district established performance goals
regarding attendance and retention rates and how they established the goals. The annual reports
to the oversight agency should be supported by detailed reports from the individual schools.
Also, an auditor should recalculate the statewide graduation and dropout rates using the
final graduation and dropout summary data that was submitted. This would include verification
that the graduation and dropout rates included all of the required high schools and agreed with
the calculations provided. A number of high schools should be visited to recalculate their rates
and compare their records with the records that were provided by the State. ----------Another
factor for consideration is the individual school's attendance policy. For example, at my
daughter's high school, a student was considered tardy if he or she arrived after 7:52 am and
absent for the day if he or she arrived after 8:02 am. Many students were considered "absent"
for the day when they were really only 11 minutes late for school. This definitely makes an
impact on attendance records. In addition, this policy may deter students to even go to school if
they are going to arrive after 8:02 am.
What audit steps would you perform to determine if a student was eligible for special
education?
(sam's answer) The goals and objections of a special education program are to provide
individuals with disabilities the opportunity to receive full educational opportunities.
The state is required by federal laws to plan and implement the program and activities in areas
such as the 'least restrictive environment provision' of the law, planning the transition of students
with disabilities from school to adulthood, planning programs and services for preschool children
with disabilities, developing Individualized Education Programs (IEPs) and accessing individual
rights and entitlements. The school district is required by the federal law to identify, screen and
evaluate students with disabilities and place them in appropriate special education program in a
timely manner.
The audit steps will begin with a preliminary survey, reviewing the federal law on special
education, state laws and regulation, school district policies, plan and procedures for identifying,
screening, evaluation, placement and monitoring performance.
I will review sample information of files of special education students at the state oversight
agency offices for eligibility and evaluate the processes of approving or rejecting of school
district decision including the number of qualified students. These data will be compared to
information at select school district to ascertain completeness and accuracy.
I will attend and observe the school district committee meeting proceeding on a special education
case of determination. I will review sample evaluation committee minutes. I will request the
assistance of special education specialists to evaluate a number of special education students
who were enrolled in the program and also those who were not accepted for any particular
reason to ascertain if the students were given the right evaluation and placement.
I will interview students and parents of students to seek their feedback on eligibility and selection
procedures, paper work, visits to the school district and timely communication of decision and
placement. For instance, was the level of assistance granted by the school district appropriate for
the need of the student with disability? ---------this specialist could be independent of the school
being evaluated and of course they should have the credentials that make them an expert on the
subject matter at hand. --- benchmark results against other districts. Benchmarking can be a
very useful procedure in order to gauge the success or failure of a program, as well as assisting
in the implementation of best practices

In auditing "Attendance and Dropout Rates" and "Special Education Programs," the

authors suggest that it would be appropriate to audit school districts showing both the most
and the least improvement over time or those showing both the best and worst
performance.
Required: In doing an audit, what, if any, advantage is there to that suggestion? Why not
just audit the districts showing the least improvement?
By auditing both the most and the least improvement over time or those showing both the
best and worst performance you are able to see how certain schools are more effective than others
in meeting program goals. There may be a correlation between success rates and the specific
techniques used. In addition, there also may be a correlation between success rates and attitude
toward the program and also between success rates and the nature of record keeping. By auditing
both of either, an auditor is able to figure out what the overall best practices are which can assist
poorly performing districts in advancing their performance for the future. Lastly, by doing the
audit for both, it will make your data more reliable and provide a better chance for consistency.
Because all school districts will assume they will or may be audited in the near future, it makes
for less risk of inaccuracy of data.