Learn what information internal audit should include when making preliminary communications to senior management during an assurance engagement. Discover best practices for reporting high-risk deficiencies early in the audit process to allow prompt corrective action.
Table of Contents
Question
An internal audit activity is performing an assurance engagement of a shipping organization’s billing process. During the early stages of the engagement, the internal audit activity identifies potential high-risk deficiencies in billing transactions with certain vendors. The internal audit activity believes these deficiencies should be communicated to senior management. Which of the following would the internal audit activity include in its preliminary communication to senior management?
A. An action plan for senior management to immediately implement to address deficiencies.
B. Convers of fraud associated with the questionable billings.
C. A list of the identified billing transactions with deficiencies and the associated vendors.
D. Notification of the completion of fieldwork and the preparation of the final report.
Answer
When internal audit identifies potential high-risk deficiencies early in an assurance engagement, they should promptly communicate this information to senior management in a preliminary communication. The best information to include would be:
C. A list of the identified billing transactions with deficiencies and the associated vendors.
Explanation
By providing the specific transactions and vendors where issues were noted, internal audit gives management the key facts needed to investigate further and take corrective action if needed. Simply making management aware of the general concerns allows them to look into the matter without internal audit prematurely concluding fraud or prescribing solutions.
The other options would not be appropriate at this preliminary stage:
A. An action plan should not be provided, as management is responsible for remediation, not internal audit. Audit can recommend actions in the final report after completing their assessment.
B. Conclusions of fraud are premature, as internal audit has not yet completed procedures to obtain sufficient evidence. Notifying management of “potential fraud” could unnecessarily alarm them.
D. Notifying management of fieldwork completion and report preparation is irrelevant to the timely communication of potential issues. That administrative update can be provided separately.
In summary, when internal audit notes potential high-risk issues during an engagement, they should promptly notify management of the preliminary facts, including the specific transactions and parties involved. This enables management to investigate and respond to concerns in a timely manner, prior to the final audit report.
IIA-CIA-Part2 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the IIA-CIA-Part2 exam and earn IIA-CIA-Part2 certification.