1. © OECD
A joint initiative of the OECD and the European Union, principally financed by the EU
Tirana, 10-12 September 2014
Workshop System Based Auditing
4. HSC Audit approach

2. 4.1 Overall Planning (Reg. 10.4)
•Obtaining knowledge and understanding of the activity of the entity being audited
•Defining objectives and scope of the audit
•Assessment of materiality and audit risk
•Understanding of internal control structure of the entity being audited
•Definition of the main directions of the audit
•Assessment of inherent risk and audit risk
•Determination of the combination of audit tests
2

3. 4.2 Detailed Planning (Reg. 10.4)
•Develop audit programme
•Determine staffing requirements and resource allocation
•Calculate costs
•Determine time required for audit activities
•Define information and data to be required from management the entity
•Full documentation of planning
•Review and approval of the audit programme
3

4. 4.3 Planning resources and time (Reg. 10.4.1) .
Factors to be considered:
•Individual professional skills of auditors
•Nature and complexity of the audited entity
•Interpersonal Relations conditioning work group auditors (Teamwork needed)
•Relationship with auditee
•No conflict of interest or other factors that may impede any auditor to perform tasks
•Each member of audit team and programme accepts certain tasks.
•Programme internal audit unit ( avoiding overlap)
•Time and other resources allocated to each of the tasks, along with the person assigned to this task and his responsibility
•Where specific knowledge from other fields is needed, inclusion in the group of experts should be specified and role of the expert .
• Time and cost audit (realistic taken into account other duties of auditors; comparing cost of previous audit
4

5. 4.4 Gathering information (reg.10.4.2)
Before drafting audit programme the audit team should gather information (within 5 days) about:
•The strategic plans of the subject and legislation , regulations , guidelines, etc. on the basis of which its activity is regulated .
•Recognition of the audited entity organization , techniques and different levels of management .
• Identify key points of the functioning of the entity , its systems audit , a preliminary assessment of strengths and weaknesses .
• Identify risks that have important effects on targets .
•Identify additional information , necessary to achieve the objectives of the audit and to select appropriate audit techniques
5

6. 4.5 Planning the audit guidelines , methods, techniques , etc m( Reg. 10.4.3)
•The audit program should include: - Type of audit - The purpose of the audit - Information on the subject of the audit , and its features ; results and data from previous audits - Legal basis - Countercheck tasks and previous audit recommendations - Methods and techniques of auditing - Period to be audited - The audit team, the team leader and division of tasks for each audit - Time and expenses for conducting the audit.
6

7. 4.6 Methods and techniques to be mentioned in audit programme (Reg. 10.4.3).
•Verification
•Interviewing
•Reports and information –
•Evaluation of internal control systems - the auditor should obtain the latest information on structure of entity 's internal control and role of internal audit unit to define whether one can rely on internal controls during the audit
•Questionnaires
•Computer-assisted techniques
•Statistical modelling
•Analytical procedures and methods for substantive tests to be used (FA)
•Planning questionnaires, evaluation criteria for the subject , research , interviews , observations and documents analysed (PA).
7

8. Correct?
8