The Government Audit Office, Audit e-Activities - Essay Example

Audit e-Activities Preparer Part The Government Audit Office (GAO) has made a number of changes to the Generally Accepted Government Auditing Standards (). These changes include: re-organization of chapters of the Yellow Book; revisions relating to independence; clarification on matters relating to threats and safeguards, audit subsequent to the provision of non-audit services, attestation engagements and performance audits; changes in the chapter on financial audit; and assistance for practitioners during the implementation process. The reorganization is important in that it brings to the forefront the matter of professional ethics. This is very critical to the audit process. It has been combined with foundational concepts. However, I think that ethics it should be the only matter dealt with in this chapter. Since independence falls under this heading it should also be included. The importance of independence has been stressed in a number of instances and the lack of it has been blamed for a number of events. In relation to independence an auditor should never be required to give an opinion on his own work. If the same auditors are engaged in setting up internal controls inclusive of information controls they may be pressured by their colleagues against reporting on the discovery of major weakness. The auditor engaged in giving an opinion on how management has carried out their responsibilities and giving an opinion should not be engaged in any other activity with the entity. Therefore the standards need to go further in not allowing any other work whatsoever as it certainly will affect independence. This matter should be ted into threats and safeguards. The best safeguard is to quit. There will therefore be no consideration of some of the other matters which relating to the provision of non-audit services. In relation to quality control issues the additional requirement to include systems that address additional areas is a step in the right direction as all areas of an organization should be monitored as they affect the financial and other aspects and are therefore interrelated. If there is no proper leadership then the system of control will break down since management will be ineffective. In terms of the elimination of requirements already included in AICPA this will leave room for additional requirements to be added later. The additional guidance is important as it addresses the need for technical assistance. However, it might have been beneficial for those who prefer to find as much as possible in one place if the rules were not eliminated. Having to go to AICPA rules to find rules related to GAGAS may be seen as cumbersome. Part 2 The AICPA deals with a range of issues in Rule 101 – Independence (ACPA 2012b). It covers family members and rules regarding pension plans which GAGAS does not cover. When an auditor who is employed to an audit organization visits a government office and audits information provided by a relative in a substantive position this represents a conflict of interest and constitutes an impairment of independence. The AICPA has provided exceptions which should be considered since relationships exists in a lot of situations. There are a number of similarities between AICPA rules and GAGAS. They include and are not limited to the following: i. Transition period for employment relationships; ii. Application of rules to cover members who were formerly employed to a client; iii. Employment association to attest client; iv. Requirements for provision of non-attest services Non-audit services can impair independence in Yellow Book audits because they involve matters on which the auditor should be reporting in an audit. It constitutes self audit and should not be allowed. No auditor would criticize a job that they have been entrusted to do because of their experience and competence. Self-audit represents a conflict of interest and also points to familiarity issues which would impair the auditor’s independence. The AICPA rules are not more restrictive than the Yellow Book since the Yellow Book is aligned in some instances with AICPA rules. The AICPA standard requires 120 hours of CPE over a three year period while GAO Yellow Book requires 80 hours (AICPA 2012a). The difference is that the Yellow Book specifies the number of hours that should relate to government auditing. The Yellow Book has no restrictions of that nature. Part 3 The new trends that are emerging in relation to IT security concerns is that more than 65 per cent of IT departments are taking steps to protect their organizations (IIT 2007). One of the biggest challenges they face is keeping an overview on security weak points (Astaro Corp 2007). This is followed closely by preventing unauthorized access to the network and to confidential data and thereby preventing leakage of confidential information. Protection of applications against worms and attack by hackers is also of major concern. Other challenges relate to the protection of wireless data communication (Astaro Corp 2007). Organizations can protect themselves from the major trends by investing in IT security. Security weak points can be checked by vulnerability scanning while the prevention of unauthorized access can be dealt with by putting in place intrusion protection systems. In terms of protection against worms and attacks by hackers organizations should set up firewalls and use anti-virus protection. Organizations should also keep abreast of changes and improvements in IT security. Additionally, an IT expert should be contracted to determine the risks that exists and make recommendations for solutions. Part 4 In relation to legal matters with respect to SEC investigations relating to non-disclosure by Dell, the company agreed to remedy the alleged breach by agreeing to a number undertaking (Dell 2011). They include: i. Enhancement of the company’s disclosure review committee (DRC) processes. ii. Retain the services of an independent consultant independent that SEC approves of to carry out an evaluation of disclosure processes practices and controls and recommend changes that will allow for improvement in the respective areas. . iii. Provide training to various groups including those required to certify SEC filings. The requirements are only for a limited period. Therefore, it is not in Dells best interest to train external parties that are required to certify SEC filings. Dell should instead employ certified personal that has the requisite knowledge to perform the task. The cost of doing so outweighs the benefits to be derived. Dell should not provide training for third parties as they are requested to perform a task based on the fact that they have a certain level of competence. References AICPA (2012a). CPE Requirements and Credits. Retrieved from http://www.cpa2biz.com/content/media/PRODUCER_CONTENT/Store/Products/CPE/cperequirements.jsp. [Last accessed 8th December 2012] AICPA. (2012b) ET Section 101 – Independence. Retrieved from http://www.aicpa.org/Research/Standards/CodeofConduct/Pages/et_101.asp [Last accessed 8th December 2012] Dalkin, J.R (2010). Proposed Changes to GAOs Yellow Book Promote Harmonization of Auditing Standards. Retrieved from http://www.journalofaccountancy.com/Issues/2010/Dec/20102944.htm. [Last accessed 7th December 2012] Dell, Inc (2011). Fiscal Year 2011 in Review. Retrieved from http://i.dell.com/sites/content/corporate/secure/en/Documents/FY11_YIR_Letter_with10K.pdf. [Last accessed 9th December 2011] Government Audit Office (2007). Major Changes: July 2007 Revision to Government Auditing Standards. Retrieved from http://www.gao.gov/govaud/somc0707.pdf. [Last accessed 7th December 2012] Institute of Internal Auditors. (2007). Survey provides Insight Into Future IT Security Trends. IT Audit, 10(2007) Retrieved from http://www.theiia.org/ITAuditArchive/index.cfm?iid=575&catid=28&aid=289. [Last accessed 7th December 2012] Astaro Corporation (2007). Astaro Global Survey 2007. Retrieved from http://www.theiia.org/ITAuditArchive/index.cfm?iid=575&catid=28&aid=289. [Last accessed 7th December 2012] Read More