Navigation:


DISCUSSIONS > IIA GENERAL DISCUSSION AREA [ REFRESH ]
Thread Title: Scope Limitation / Disclaimer of Opinion
Created On Wednesday September 19, 2007 11:14 AM
  Scope Limitation / Disclaimer of Opinion
  Scope Limitation / Disclaimer of Opinion
  Scope Limitation / Disclaimer of Opinion
  Scope Limitation / Disclaimer of Opinion
  Scope Limitation / Disclaimer of Opinion
  Scope Limitation / Disclaimer of Opinion
  Scope Limitation / Disclaimer of Opinion


Jazzy


Posts: 2
Joined: Sep 2007

Wednesday September 19, 2007 11:14 AM

User is offline View thread in raw text format

This is my inaugural post, so please forgive an "newbie" errors! After a couple of decades in external auditing, I've landed in the wonderful world of internal auditing.

Has anyone out there dealt with reporting aspects of a client-imposed scope limitation? I've made all of the appropriate "heads-up" communications to senior management and the audit committee, and am now at the report writing stage. I'm unclear as to whether to disclaim an opinion or issue an opinion with an "except for" qualification. Technical guidance exists for external audits, but I've not found similar guidance for internal audit reports.

Reply
Quote
Top
Bottom



planoisdaudit


Posts: 1814
Joined: Oct 2006

Wednesday September 19, 2007 11:30 AM

User is offline View users profile View thread in raw text format

Scope limitations have to be disclosed! Here are the applicable standards and practice advisories that you may need to look at:

Attribute Standard 1130

Impairments to Independence or Objectivity
If independence or objectivity is impaired in fact or appearance, the details of the impairment should be disclosed to appropriate parties. The nature of the disclosure will depend upon the impairment.

Implementation Standard 1130.A1 (Assurance Engagements)
Internal auditors should refrain from assessing specific operations for which they were previously responsible. Objectivity is presumed to be impaired if an internal auditor provides assurance services for an activity for which the internal auditor had responsibility within the previous year.

Implementation Standard 1130.A2 (Assurance Engagements)Assurance engagements for functions over which the chief audit executive has responsibility should be overseen by a party outside the internal audit activity.

Implementation Standard 1130.C1 (Consulting Engagements)
Internal auditors may provide consulting services relating to operations for which they had previous responsibilities.

Implementation Standard 1130.C2 (Consulting Engagements)
If internal auditors have potential impairments to independence or objectivity relating to proposed consulting services, disclosure should be made to the engagement client prior to accepting the engagement.

Endorsed and Strongly Recommended Guidance

Practice Advisory 1130-1: Impairments to Independence or Objectivity

Practice Advisory 1130.A1-1: Assessing Operations for Which Internal Auditors were Previously Responsible
Practice Advisory 1130.A1-2: Internal Audit Responsibility for Other (Non-Audit) Functions



-------------------------
Dan
Integrity can be defined as your moral soundness. A test for integrity - Do your actions match your words?

Reply
Quote
Top
Bottom



IntAud


Posts: 381
Joined: Apr 2004

Wednesday September 19, 2007 5:11 PM

User is offline View thread in raw text format

I've always included scope limitations in my internal audit reports when required - you need to be able to give an opinion but cannot allow that opinion to be viewed as covering a whole process if some areas were scoped out. Even if your particular matter doesn't quite fit the standards I would suggest you still include it so that your opinion can be taken in context.

Reply
Quote
Top
Bottom



Jazzy


Posts: 2
Joined: Sep 2007

Wednesday September 19, 2007 5:25 PM

User is offline View thread in raw text format

Have you ever issued a complete disclaimer of opinion, or have you issued an opinion with an "except for" qualifier? (Of course, including the scope limitation description and effect in the report as well.)

The scope limitation is fairly pervasive. We have identified enough issues though that I know the internal control processes are broken, and absent the scope limitation, I would render our lowest level opinion, which provides no assurance and basically says nothing is working properly. What I don't know is if we've identified all of the issues due to the scope limitation.

Reply
Quote
Top
Bottom



planoisdaudit


Posts: 1814
Joined: Oct 2006

Wednesday September 19, 2007 5:45 PM

User is offline View users profile View thread in raw text format

I've spent my career on the IA side of the equation. IA is not required to have the same opinion structure as the EA. If I understand the use of the disclaimer opinion correctly, an EA is basically stating that they did not perform the examination of the financial statement and does not accept responsibility for their accuracy. The only time I've seen this used is when the EA withdrew or was let go mid-engagement. The EA issued a disclaimer opinion to protect their firm legally.

If that interpretation of a Disclaimer Opinion is correct, then I don't beleive the Disclaimer Opinion would apply here. Basically, if an IA stops work for any reason, they are to document the reasons why work was stoped and issue that documentation to the Board. I actually had to do that earlier this year!

In your situation I'd issue an Adverse Opinion, stating the clearly both the scope of testing and the effects of the identified scope impairment. Depending upon sampling methods and how pervasive the scope impairment really was, I'd consider limiting the audit opinion to tested transactions only and offer no assurances over untested items.

That should give you enough wiggle room to identify the appropriate findings and recommendations without having the Board place too much reliance on your overall audit opinion.

BTW welcome to the wonderful world of IA!

-------------------------
Dan
Integrity can be defined as your moral soundness. A test for integrity - Do your actions match your words?

Reply
Quote
Top
Bottom



Crash


Posts: 1770
Joined: Jun 2004

Wednesday September 19, 2007 11:02 PM

User is offline View thread in raw text format

I'll echo the welcome and appreciate the post. I can see your EA gears are grinding against your newly installed IA transmission! I've addressed it both ways at different times for different reasons. I've thrown a coverage blanket over an area and detail listed the spots left out. I've also only listed those areas where work was performed and used a blanket disclaimer for everything else. Either way, there is not 'set' way to present it. It doesn't work like the 'clean' opinion on an external financial review where they all read the same. You need to make it fit what you did and use your judgment on the wording. I'm not a big fan of ALL or NONE being used in reports, but when it comes to disclaimers, they can't be beat.

-------------------------
Do the right things for the right reasons.

Reply
Quote
Top
Bottom



IntAud


Posts: 381
Joined: Apr 2004

Sunday September 23, 2007 3:55 PM

User is offline View thread in raw text format

A complete disclaimer no, but one with an 'except for' yes - when I was asked to provide an update on the status of a process following a previous report but was denied access to the previous report. I undertook the work which was immediately obvious and gave an opinion on what I found but then had to list all the areas I had not covered as I was not aware they were in the previous report when the fieldword was undertaken. Its a difficult stand to take, but then I'm not one for compromising my integrity.

Reply
Quote
Top
Bottom

DISCUSSIONS > IIA GENERAL DISCUSSION AREA [ REFRESH ]
The Institute of Internal Auditors • 247 Maitland Avenue Altamonte Springs, FL. 32701-4201 USA
+1-407-937-1100 • FAX +1-407-937-1101 • www.theiia.org