2. Normally, the internal auditors could have the right to access most of the information of their client. Confidential Internal Audit Reports- The final signed original report or signed photocopy of such report that communicates the results of an audit, special investigation or other procedures undertaken by the University's Internal Audit Department as a result of a financial hotline report, information received directly from an individual in a manner other than the financial hotline alleging impropriety and/or fraud, and standard audit procedures performed by Internal Audit that uncover a fraudulent act or other impropriety with respect to statutes or regulations. Make appropriate arrangements with the regulator for the review. The purpose of this review is to conclude whether or not the corrective actions were implemented. ability to initiate, record, process, and report financial data consistent with the assertions embodied in the financial statements or that provide direct evidence about potential misstatements of such data. Sample language that may be used follows: "The audit documentation for this engagement is the property of (name of auditor) and constitutes confidential information. It is our understanding that the purpose of your request is (state purpose: for example, to facilitate your regulatory examination). The purpose of the deliberative privilege exemption is to encourage candid communications within the government to aid decision-making. 6See AS 1205, Part of the Audit Performed by Other Independent Auditors. If the source furnished the facts as part of a selective or argumentative presentation of recommendations or views on a question of what the agency should do, the deliberate privilege under exemption five may apply. The documents contain trade secrets and confidential commercial and financial information of our firm and (name of client) that is privileged and confidential, and we expressly reserve all rights with respect to disclosures to third parties. The auditor assesses control risk for each of the relevant financial statement assertions related to all significant accounts and disclosures in the financial statements and performs tests of controls to support May the auditor allow access in such circumstances? Checking the actual contents of the record and the circumstances and purposes of its creation, acquisition or use will sometimes show the record is quite different from what its title suggests. Audit working papers are the documents which record all audit evidence obtained during financial statements auditing, internal management auditing, information systems auditing, and investigations. 4.1. AU 9339 Audit Documentation: Auditing Interpretations of Section 339 1, p. 3 Business about FOIA Update: Significant New Decisions, about FOIA Update: Index to FOIA Update (1979-1983), about FOIA Post (2009): Summaries of New Decisions -- February 2009, about FOIA Update: Index to FOIA Update, Volumes I-X, 1979-1989, Virtual Exemption 1 and Exemption 7 Training, Sobre la Oficina de Politicas Informacion, FOIA Update: Index to FOIA Update (1979-1983), FOIA Post (2009): Summaries of New Decisions -- February 2009, FOIA Update: Index to FOIA Update, Volumes I-X, 1979-1989. Aside from the SEC, the U.S. Department of Justice has brought civil claims against independent auditors under the False Claims Act for knowingly deviating from applicable auditing standards and failing to detect materially false and misleading financial statements and client fraud. |Privacy Policy and Terms of Use| Sitemap. Please select a current browser such as Chrome, Edge, or Firefox. .26In making the evaluation, the auditor should test some of the internal auditors' work related to the significant financial Correct. fn4 The auditor may wish (and in some cases may be required by law, regulation, or audit contract) to confirm in writing with the client that the auditor may be required to provide a regulator access to the audit documentation. Internal Audit Providing Access to or Copies of Audit Documentation to a Regulatorfn1fn2. 4.3. I, No. Business plan, budget, and employees salaries are also important. Thus, an audit report or a draft audit report containing exempt matter might properly be shown to a former agency employee to whose work the report pertained, to obtain his comments, without extending similar access to the world. d. Control processes. PDF Internal Investigations, Confidentiality and Witness Statements Campus Box 1050 Compliance with the Act is monitored by the Courts, Congressional committees, the Justice Department, the press, various public interest groups, and others. The auditor may also use professional internal auditing standards4 as criteria in making the assessment. September 13, 2018 - Editorial changes to remove redundant Date Approved, Date Published, and Effective Date information. 4 Code of Ethics of Internal Auditors- With Detail Explanation 4-13. consideration to the results of work (either tests of controls or substantive tests) performed by internal auditors on those particular assertions. "Agency record" is a statutory term which generally covers any record which belongs to an agency, including records on computer tapes. 4Standards have been developed for the professional practice of internal auditing by The Institute of Internal Auditors and the General Accounting Office. The fourth exemption, for confidential business information, is chiefly designed to protect businesses from competitive injury through disclosure of trade secrets and other confidential commercial or financial information which these businesses submitted to the government. Any Confidential Internal Audit Reports or Confidential Other Internal Audit Documents, as both are defined under "Definition of Terms", shall not be distributed to anyone outside the University, unless otherwise authorized by the Senior Vice President for Finance & Business, the President of the University and/or the Chair of the Committee on Audit and Risk of the University's Board of Trustees. Generally, agency personnel conduct internal audits for management purposes, to evaluate the efficiency, economy, effectiveness, financial aspects, or other features of an agency program. PDF Code of Ethics Implementation Guides - The Institute of Internal For example, a regulator may request access to the audit documentation to fulfill a quality review requirement or to assist in establishing the scope of a regulatory examination. When obtaining Internal audit activities add value to the organization (and its stakeholders) when they provide objective and relevant assurance and con-tribute to the eff ectiveness and effi ciency of gover-nance, risk management, and control processes. QuestionSection 339, Audit Documentation, paragraph .11, states that the auditor has an ethical, and in some situations a legal, obligation to maintain the confidentiality of client informationBecause audit documentation often contains confidential client information, the auditor should adopt reasonable procedures to maintain the confidentiality of that information. However, auditors are sometimes required by law, regulation or audit contract, fn3 to provide a regulator, or a duly appointed representative, access to audit documentation. for the internal audit function. The audit documentation constitutes and reflects work performed or evidence obtained by (name of auditor) in its capacity as independent auditor for (name of client). The auditor also considers the need to test the effectiveness of the factors described in paragraphs .09 and .10. (PDF) Confidential: For Internal Purposes Only INTERNAL AUDIT REPORT Sets forth the auditors understanding of the purpose for which access is being requested, Describes the audit process and the limitations inherent in a financial statement audit, Explains the purpose for which the audit documentation was prepared, and that any individual conclusions must be read in the context of the auditors report on the financial statements, States, except when not applicable, that the audit was not planned or conducted in contemplation of the purpose for which access is being granted or to assess the entitys compliance with laws and regulations, States that the audit and the audit documentation should not supplant other inquiries and procedures that should be undertaken by the regulator for its purposes. .28This section is effective for audits of financial statements for periods ending after December 15, 1991. factors as. Requests under the Act must be processed promptly, in accordance with the time limits provided in the 1974 amendments and with agency regulations. the auditor may consider in restricting detection risk for the related assertions. Confidentiality of Information | Office of Internal Audit UNC-Chapel Hill Competency Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services. One of the factors is the existence of an internal audit function.1 This section provides the auditor with guidance on considering the work audit risk to an acceptable level to eliminate the necessity to perform tests of those assertions directly by the auditor. The sixth exemption is designed to protect individual privacy, and covers most matter in an individual's medical and personnel files as well as similar information of a personal and private nature. If access is provided prior to completion of the audit, the auditor should consider issuing the letter referred to in paragraph .05 of this Interpretation, appropriately modified, and including additional language along the following lines: We have been engaged to audit in accordance with auditing standards generally accepted in the United States of America the December 31, 20XX, financial statements of XYZ Company, but have not as yet completed our audit. This means that the seventh exemption would usually not cover reports of internal audits. To fulfill this responsibility, internal auditors maintain objectivity with respect to the activity being audited. We are continually searching for innovative products and services to enhance our members' ability to meet their rising stakeholder demands. are not relevant to the financial statement audit, the auditor does not have to give further consideration to the internal audit function unless the auditor requests direct assistance from the internal auditors as described in paragraph .27. .22On the other hand, for certain assertions related to less material financial statement amounts where the risk of material [If it is expected that copies will be requested, add: Any copies of our audit documentation we agree to provide you will be identified as Confidential Treatment Requested by (name of auditor, address, telephone number).]. on the extent of the effect of the internal auditors' work on the auditor's procedures for significant account balances or classes of transactions.