Free Essay

It Audit

In: Computers and Technology

Submitted By Pranay1
Words 2454
Pages 10
Pranay Bhardwaj

Disaster Recovery Planning

Introduction Hurricane Sandy is regarded as one of the most devastating natural disasters to strike the city of New York. People have different recollections of that time period, with some who recall the catastrophic damage done to their home, while others remember the 4 hours of wait just to fill up their cars with gas. For financial institutions, such as Citi bank, it was a time for the management team to pat themselves on the back and breathe a sigh of relief for being able to secure important data centers and keep bank operations running. All this was a result of successful implementation of Citi’s “Disaster Recovery Plan”.

What is a Disaster Recovery Plan? Just like the disaster discussed above, every week, month, and year, companies are exposed to risks of potential disasters that can affect the continuation of vital business processes. When critical processes and applications are lost, the company can incur damages ranging anywhere from $5,000- $5,000,000 per minute, depending on the size and function of the company. Some companies never recover from the excessive damage they incur during the time of the disaster, and may be forced out of business. To avoid such a situation, companies, particularly banking institutions, are heavily encouraged to have a disaster recovery plan in place. A disaster recovery plan is a powerful tool that allows companies to shield itself from any calamity that occurs, be it natural or man made. The focal point of a disaster recovery plan is business continuity. Business continuity is an activity performed by a company to ensure that critical business functions will be available to customers, clients, and regulators. Disaster recovery is a process that allows for business continuity, particularly in operations and technology infrastructure, during a time of disaster. The plan provides an effective solution that can be used to recover all important business processes within a reasonable time frame using records that are stored off site. To create a disaster recovery plan, the company must have a disaster recovery management system in place, which serves as an ongoing process of planning, developing, testing and implementing disaster recovery procedures and processes.

What is the problem? Despite the level of protection a disaster recovery plan provides, according to a survey performed by benchmark in 2014, a majority of companies are not prepared to recover critical IT systems in the event of a disaster. Having a stable IT system is an absolute requirement for almost all companies. It is almost impossible for companies and financial institutions to function without information systems for data processing, storage and communication. Therefore, the risk of losing/deleting critical files within the information system can prove to be detrimental to a company. Aside from natural disasters, a company’s information system faces significant risks from hackers, who attempt to steal confidential information such as trade secrets. As a result, these losses of critical systems cost businesses a substantial amount of money and damage their reputation. The root cause of such negative statistics is that many companies are faced with the problem of having inconsistent, or complicated IT disaster recovery planning guides, that eventually the company decides that it lacks sufficient resources for the completion of the plan. However, to ignore these risks is not a feasible solution, particularly for banks that are responsible for driving the global economy. With that being said, it is essential for banks not only to have a disaster recovery plan in place, but to perform disaster recovery planning on an ongoing basis. This is further stressed by federal agencies, which provide IT disaster recovery planning guidelines that banks must follow. However, even with guidelines in place, IT disaster recovery is a very difficult task. The difficulty mainly stems from the rapid pace at which technology changes on a yearly basis. The change makes it very difficult to ensure that the proper steps and controls to mitigate risks are in place.

Scope and Objectives of the plan
When designing a disaster recovery plan, it is important to highlight key steps and measures that need to be taken during the time of a disaster. This means, should an emergency situation occur, employees and management should be able to rely on this plan to provide an effective method to deal with the crisis situation, as well as lessen the potential negative impact it may have with shareholders and stakeholders.
Therefore the plan should provide information on how to handle crisis events and provide procedures for the following: * Executives * Legal * Investor Relations * Corporate Communications * Corporate Administration * Marketing and Sales * Human Resources * Technology Management

In addition the plan should clearly indicate the responsibilities of various staff, as well as procedures and checklists that will be used to manage the situation post the disaster occurrence.

Components of Disaster recovery planning

1) Risk Assessment: This component involves procedures geared towards detecting, communicating, and for warning recovery team members and stakeholders. The process of detection is straightforward for the most part, as it involves detecting IT disasters. The process of warning involves alerting key team members involved with recovery that a disaster has occurred, and for them to jumpstart the recovery process. In order to create an effective plan, management needs to maintain an open mind when assessing all types of disasters that the firm can encounter, and how they would affect it’s business continuity. This requires taking every single potential risk in account from power failures to terrorist attacks. Therefore, what management is essentially doing, is taking all predetermined risks and contemplating a response to these risks. 2) Preparing employees: This component first and foremost deals with disaster recovery team training. The team consists of those who are responsible for recovering IT service. During this training, the team is familiarized with their individual responsibilities. Non-team members, specifically stakeholders, are also given training during this time. The reason for this is that during times of disaster, stakeholders must be aware of the implications of IT disasters and what to do when IT services are down. Training also touches on decision making authority in cases where employees are missing, disabled, or unable to establish authority. 3) IT services analysis: This component can be further broken down into 3 subsections which include, identifying IT services, prioritizing IT services in terms of reactivation, and identifying potential threats. When identifying IT services, management must conduct a review of all services that an IT department offers to other departments within an organization. The focus would be on services such as email communications. The second section, prioritizing services, involves procedures meant to determine the order in which IT services should be restored. This requires determination of the specific business units that are dependent on the service and the importance of the service to business continuity. The third section involves identification of risks to the IT services. 4) Business Impact Analysis: The main task in performing this analysis is to acquire an understanding of which processes in the business are absolutely essential, and what the impact would be of a disruption due to a potential disaster identified during risk assessment. It is during this time that RTO and RPO are established. RTO of recovery time objective, is the duration of time within which a company must restore its business processes after a disaster, before incurring excessive losses. In other words, how much time did the business take to restore its processes after a disaster has occurred. The RPO or recovery point objective, can be viewed as a marked period of time. This means that when disaster strikes and the recovery process is in effect, all data leading up to that marked point need to be restored. Both RTO and RPO are established when performing the business impact analysis. The business impact analysis is where research is conducted to determine the likely impact of a disruption to the company in terms of loss of business, effects on reputation, loss of staff and loss of data.
.
5) Recovery process: This component focuses on restoring IT service inputs and switching IT operations to alternative facilities. The restoring process involves the restoration of 6 processes: human resources, facilities, communications technologies, servers, application systems, and data. The human resource function is made up of individuals who provide the labor needed for IT services. The facilities category involves restoring IT inputs that are physical in nature such as, buildings, utilities, and heating/cooling. The communications category involves restoring inputs needed to communicate via video, voice, or data. The means of communication can include anything from cell phones to local area networks. The server category includes physical hardware responsible for managing networks. The application systems category is a combination of both hardware and software which support computing needs. The data category is essentially a compilation of raw facts and figures. Finally, this component also deals with securing alternative facilities for IT services in case of the primary location going offline. 6) Backup Procedures: This component is strictly concerned with creating backup copies of data, software, configuration files, and the disaster recovery plan itself. 7) Offsite storage: Offsite storage involves procedures which ensure that all systems, software, and data going out of the primary location are made as portable as possible. This means that the firm must organize everything to be easy to transport. As far as the offsite storage facility is concerned, management must make sure that the location of the facility allows for easy transport and storage of materials. 8) Maintenance: The maintenance component can be regarded as one of the most essential components of recovery planning. Maintenance involves testing and updating the IT disaster recovery plan, and making sure that the plan fits within the scope of it’s business continuity plan. When testing the plan, the key focus is to ensure that the IT disaster recovery plan will work in the event of a disaster. The plan is then updated to reflect changes in IT services and inputs, and to correct any shortcomings that were identified during the testing stage. In addition to updating the plan, there is also a responsibility to update documentation such as configuration manuals, network schematics, and logs on a regular basis. This documentation may not be included in the actual plan, but may prove to be useful in the event of emergency. Even with testing and updates, it is impossible for management to predict every threat that is relevant to IT services, and therefore the recovery process should not be considered completely comprehensive. This means that there will be cases, where it may be necessary to create new plans from scratch.
Essentials of a disaster recovery plan in the banking industry The importance of a disaster recovery plan is evident. For the most part the basic requirements of a disaster recovery plan for all companies remain consistent, however for institutions such as banks that are so heavily regulated by the federal government, the task of planning may be a little more daunting. In some ways it is fitting for banks to be at the forefront of disaster recovery planning, as they were in fact one of the first entities to embrace information technology in the business world. This has led to the birth of the automated clearinghouse association, formed by seven banks based in Philadelphia in the mid 1970’s. The purpose of this association was to address the issues of how banks should implement data recovery if their computer systems go down. In 1983, the US government officially mandated all banks to have a disaster recovery plan. With the passing of this law, it became apparent that banks face certain challenges in the planning process such as the following: * Detailed Planning: In the banking industry, being obsessive towards planning is a must when constricting a recovery plan. The importance of this became apparent during the time of the 1993 world trade center bombings. Nearly two thirds of the companies located within the building, failed to construct well thought out disaster recovery plans. This led to millions of dollars in losses both due to operations and fines. * Greater exposure: Disaster recovery holds significant weight in the banking industry, maybe even over other types of businesses, because their services produce great demand during times of disaster. What causes tremendous amount of pressure in this case, is that a particular bank has multiple locations with varied operations and computer applications. Furthermore, mergers and acquisitions have further complicated matters by causing banks to inherit more varied applications. This makes planning for one particular branch very difficult. * People still use paper: At the branch level, most bank employees continue to heavily rely on paper. So the question is what happens when none of the paper transactions have been entered into the computer system, and there is a fire? This can have a significant impact on operations as loss of records, particularly those pertaining to money, can be detrimental. * Employees first: Banks have an obligation to employees when developing their disaster plans. They must ensure that they have the ability to house their employees in a time of crisis, and provide all the necessary essentials such as food, water, clothing. * Outsourced functions: Disaster recovery plans should take into account any outsourced functions. Many banks outsource data processing such as credit card operations, automated teller machine applications, etc. This must be clearly addressed in the disaster recovery plan. * Testing is critical: A bank’s recovery plan must be heavily tested in order to ensure good results in a real life event. This testing provides confirmation that the bank will be ready in a time of crisis.
Conclusion
IT disaster recovery planning certainly requires a lot of grunt work, and may not appeal to those looking for more glamorous professions. Furthermore, the value in such a task is not immediately noticeable as it is not everyday a company is struck with a major catastrophe. However, it is important to remember that through this process, members of the IT department develop a better understanding of the business use of their systems, and will display a better level of preparedness for change when initiated by disaster. IT departments need to be a source of revenue and not cost, and therefore it is essential that they stay on top of management to allocate sufficient resources towards recovery planning. Ultimately, emphasis should be placed on long term continuity of the business as opposed to short term savings.

Work Cited * http://drbenchmark.org/wp-content/uploads/2014/02/ANNUAL_REPORT-DRPBenchmark_Survey_Results_2014_report.pdf * http://www.banktech.com/sandy-highlights-the-importance-of-bank-disaster-recovery-plans/d/d-id/1295917?page_number=1 * http://www.sans.org/reading-room/whitepapers/recovery/disaster-recovery-plan-strategies-processes-564 * http://www.arraydev.com/commerce/JIBC/2010-04/KadlecShropshireITDRP.pdf *…...

Similar Documents

Premium Essay

Audit

...audit Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.[1] Internal auditing is a catalyst for improving an organization's effectiveness and efficiency by providing insight and recommendations based on analyses and assessments of data and business processes there are 3 types of Audit : 1. Internal audit ( first party audit),to ensure implementing, maintaining and improvement of the system audited. 2.Customer audit ( second party audit), to evaluate the suppliers performance and compliance for standards. 3.External audit (third party audit), to ensure implementing and documenting according to standards. Audit Process Prevalent Audit Concerns Risk Assessment Process Definition of Internal Audit The audit process is generally a ten-step procedure as outlined below. Please click through the steps in order to better understand the process. 1. Notification 2. Planning 3. Opening Meeting 4. Fieldwork 5. Communication 6. Report Drafting 7. Management Response 8. Closing Meeting 9. Report Distribution 10. Follow-up Notification First, you will receive a letter to inform you of an upcoming audit. The auditor will send you a......

Words: 768 - Pages: 4

Premium Essay

Audit

... The Marketing Audit Comes Of Age Philip Kotler, William Gregor and William Rogers Comparing the marketing strategies and tactics of business units today versus ten years ago, the most striking impression is one of marketing strategy obsolescence. Ten years ago US, automobile companies were gearing up for their second postwar race to produce the largest car with the highest horsepower. Today companies are selling increasing numbers of small and medium-size cars and fuel economy is a major selling point. Ten years ago computer companies were introducing ever-more powerful hardware for more sophisticated uses. Today they emphasize mini and microcomputers and software. It is not even necessary to take a ten-year-period to show the rapid obsolescence of marketing strategies. The growth economy of 1950-1970 has been superseded by a volatile economy which produces new strategic surprises almost monthly. Competitors launch new products, customers switch their business, distributors lose their effectiveness, advertising costs skyrocket, government regulations are announced, and consumer groups attack. These changes represent both opportunities and problems and may demand periodic reorientations of the company’s marketing operations. Many companies feel that their marketing operations need regular reviews and overhauls but do not know how to proceed. Some companies simply make many small changes that are economically and politically feasible, but fail to get to the heart of the......

Words: 6893 - Pages: 28

Premium Essay

Audit

... Queensland University of Technology Faculty of Business School of Accountancy AYN411 Audit & Assurance – Semester 1, 2013 Final Exam Revision Questions Additional Resources AYN411 Audit & Assurance – Semester 1, 2013 Final Exam Revision Questions Additional Resources Final Exam Revision QUESTION 1 – Audit Planning a. The Auditing Standard ASA 300 ‘Planning an Audit of a Financial Report’ states that the auditor needs to plan the audit so it will be performed in an effective way, by establishing the overall audit strategy for the audit and developing the overall audit plan. Required: List four benefits to the auditor in properly planning an audit engagement. L3 (slide 28) Properly planning an audit engagement helps the auditor to: * Devote appropriate attention to important areas of the audit * Identify and resolve potential problems on a timely basis * Properly organise and manage the audit engagement efficiently * Select an engagement team with appropriate expertise * Facilitate supervision of the engagement team members (inc. review of work) * Co-ordinate work done by auditors and experts * Render the correct audit report b. The following is a list of four activities carried out by the auditor during the planning phase of the audit. Planning Procedure 1. Client acceptance/continuance decision 2. Obtain an understanding of the entity and it’s environment 3. Assess client business risk 4...

Words: 1980 - Pages: 8

Premium Essay

Is Audit

...be adequately addressed in the policy.  Security Awareness: An effective IS Audit helps increase level of security awareness and compliance with security measures among IT users. This also provides motivation to security officers and system administrators to do their job effectively.  Better Return on Investment: IS audits are not only considered for security nowadays but also performance management and value for IT investments. Therefore, an IS audit can be used for facilitating the effective and efficient use of IT for fulfilling business objectives.  Risk Management: The domain of IS Auditing is moving towards risk Management and an IS auditor is being viewed as a risk management professional particularly in the area of operational risk. Effective risk management for the enterprise is vital, therefore the role of IS auditor is crucial. ISA audits with five categories of audits: 1. Systems and Applications: An audit to verify that systems and applications are appropriate, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system's activity. 2. Information Processing Facilities: An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions. 3. Systems Development: An audit to verify that the systems under development meet the objectives of the......

Words: 477 - Pages: 2

Premium Essay

Audit

...Audit Committee Material Weaknesses in Smaller Reporting Companies December 2nd, 2010 OUTLINE: I. SUMMARY OF THE ARTICLE II. PROBLEM STATEMENT III. SUGGESTIONS FROM THE AUTHORS IV. RELEVANCE TO AUDITING ENVIRONMENT V. CONCLUSION I. Summary of the Article This report summarizes the article published by Gramling, Audrey A, Hermanson, Dana R, Hermanson, Heather M in the CPA journal of 2009. The main focus of the article is to show the importance of audit committee in auditing and analyze problems of small companies face in developing effective audit committee. The critical issue of the article is material weaknesses related to audit committee and possibility of management’s override of internal control within small companies. Before, the Sarbanes-Oxley Act, audit committees in public companies were under more pressure to understand not just a company's financial statements, but to challenge management and auditors on key accounting, internal control and compliance issues. After the financial scandals that caused firms like Enron and WorldCom to collapse, audit committees have risen from relative darkness to center stage in modern corporate world. As it’s indicated in the article, the new role, the typical audit committee is charged with many duties. Because new role of audit committee increased complexity and accountability, it's easy for directors of small public companies to feel besieged when...

Words: 1917 - Pages: 8

Premium Essay

Audit

...Section A: Audit Practice Part b (i): Why is the audit of cash important part of the audit? From an auditing standpoint, cash is an important account because cash transactions affect all other business and financial processes. Businesses acquire cash by selling goods or services, disposing of fixed assets, or acquiring debt or equity. The same businesses put their cash to use through purchasing, paying employees, and buying inventory. Audits are an important part of business. Cash audits check that money has been handled properly, and performance audits ascertain whether employees are doing their jobs properly. Corporations are likely to undergo tax audits to ensure proper tax reporting and withholding. Audits may be performed in-house by management or human resources, by a third-party consulting firm hired specifically to perform the audits or by IRS agents who are auditing company tax records. The audit of cash is considered an important part of an audit mainly due to almost all business transactions will be ultimately settled through the cash accounts, the audit of cash accounts also assists in the verification of other asset and liability accounts as well as revenue and expenses. Some of the investor relies on the accuracy of the cash account to evaluate the financial health of the company. They use current asset which include the cash account to compute several financial measures. Other than that, cash is the highly liquid asset in a company and it is an area of high...

Words: 9221 - Pages: 37

Premium Essay

It Audit

...providing non-accounting services to their audit clients, they are not prohibited from performing such services for non-audit clients or privately held companies. ANS: T PTS: 1 12. The Sarbanes-Oxley Act requires the audit committee to hire and oversee the external auditors. ANS: T PTS: 1 13. Section 404 requires that corporate management (including the CEO) certify their organization’s internal controls on a quarterly and annual basis. ANS: F PTS: 1 14. Section 302 requires the management of public companies to assess and formally report on the effectiveness of their organization’s internal controls. ANS: F PTS: 1 15. Application controls apply to a wide range of exposures that threaten the integrity of all programs processed within the computer environment. ANS: F PTS: 1 16. IT auditing is a small part of most external and internal audits. ANS: F PTS: 1 17. Advisory services is an emerging field that goes beyond the auditor’s traditional attestation function. ANS: T PTS: 1 18. An IT auditor expresses an opinion on the fairness of the financial statements. ANS: F PTS: 1 19. External auditing is an independent appraisal function established within an organization to examine and evaluate its activities as a service to the organization. ANS: F PTS: 1 20. External auditors can cooperate with and use evidence gathered by internal audit departments that are organizationally independent and that report to the Audit Committee of the Board of......

Words: 5161 - Pages: 21

Premium Essay

Audit

...auditors should communicate so that the team maintains an independent state of mind at all times during the audit. The audit approach and tests/procedures are customized to the fraud assessment made. The audit team can incorporate random testing and sampling approach in the audit work which are difficult to anticipate by the client. Also the team understands where the focus will be as a result of the fraud assessment b. Theft of personal property from the business for the purposes of depriving the owner of its possession is a method of fraud referred to as lapping. Disagreed. Lapping refers to misappropriation of cash receipts. The theft is concealed by manipulation of A/R to cover the cash receipts. The cash received later is recorded toward the original A/R. The fraud is also covered by recording cash transfers to rare expenses or other accounts in G/L. c. A critical evaluation of evidence and professional skepticism are required for all financial statement audits, fraud examinations, and financial forensic examinations. Agreed. A critical evaluation of evidence is required to ensure that what has been stated is not misrepresented. Professional skepticism ensures that the auditor is alert and with a questionable mind to situations which indicate possible misstatements due to error or fraud. d. A client experienced a fire after the year end but before the audit report was issued, and had insufficient insurance to cover the loss of the building. This event......

Words: 2277 - Pages: 10

Premium Essay

Audit

...THE RELATIONSHIP BETWEEN INTERNAL AND EXTERNAL AUDIT Professor PhD Atanasiu Pop, „Babeş-Bolyai” University of Cluj-Napoca, e-mail: apop@econ.ubblcuj.ro PhD Student Cristina Boţa-Avram, „Babeş-Bolyai” University of Cluj-Napoca, e-mail: botaavram@gmail.com PhD Student Florin Boţa-Avram, „Babeş Bolyai” University of Cluj-Napoca, e-mail: botaavramflorin@yahoo.com ABSTRACT: Analyzing the evolution process of internal audit, from its beginnings and so far, we can easily notice that internal audit function was born through detaching of some activities from external audit, the result being that there some situations when these two functions could be easily confused. The reality is that internal audit and external audit are two distinctive functions; net differenced, but which are also characterized through some complementary relationships. In this paper, we try to give our contribution at the clarification of the similarities and differences between these two functions, making a literature review that allowed us to identify some very interesting studies that permitted us to emphasize the main criterions that influenced the relationship between internal audit and external audit. Keywords: internal audit, external audit, objectivity, competence JEL Codes: M42 1. Introduction The coordination of internal audit activity with external audit activity is very important from both points of view: from external audit’s point of view is important because, in this way,......

Words: 3860 - Pages: 16

Premium Essay

Audit

...interest in an audit client. Self review threat It occurs when the audit from a member or audit team put itself in a position of reviewing the subject that previously the member is responsible Familiarity threat It occurs when auditor has a close relationship with the client Advocacy threat It occurs when the audit from a member of the audit team promotes/support or may be perceived to promote an audit client’s position or opinion. Intimidation threat It occurs when a member of the audit team may be deterred from acting objectivity and exercising professional judgment due to pressure given by the audit client to terminate the service. Auditors have an obligation to disclose -where the courts order them to do so -where they suspect their client of offences of terrorism -they suspect the client to be a drug trafficker -under banking, insurance and financial services, they consider the client is either acting recklessly or is not fit & proper person to managing such business. Safeguards Family and other personal relationship Ensure personal relationship do not affect their objectivity Beneficial interests in shares and other investment Dosnt not hold share or ahs a beneficial in shares Loans Should not make or accept loans to or guarantee from audit client Provison of other service Not to perform mgmt. functions or to make mgmt. decision Oversue fees Auditor should collect all outstanding fee in full before providing a new audit......

Words: 6177 - Pages: 25

Premium Essay

Audit

...Auditing HW #1 – Aug 26 1-36: a. Explain why management might want an independent audit of its financial statements. McIver’s management may want an independent audit of its financial statements for several reasons. First of all, due to the desired increasing growth, there is now a greater risk that salesmen and/or managers could report inflated numbers that align with management’s goals. An independent audit would be beneficial in discovering any such activity. Also, if McIver’s acquires the other swimwear distributorship there is an added risk. McIver’s probably does not have an in-depth knowledge of the other company, so an independent audit could also bring to light any malfeasance on the acquired company’s end. Finally, McIver’s could desire to go public in the near future considering its growth. Audits are necessary for public companies, and so it would make sense that management would want one. b. What are the factors that McIver’s might consider in deciding whether to seek an audit from a large national audit firm, a regional audit firm, or a local firm? McIver’s decision of whether to hire a national, regional, or local audit firm should be determined by various factors including quality, cost, familiarity with the industry, and familiarity with the region. Generally speaking, if McIver’s number one aspect of the audit was quality, they would choose a national firm. The downside of that would be the cost, which is generally higher. A local firm on the......

Words: 1732 - Pages: 7

Premium Essay

Audit

...International Science Press, examines the study of the relationship between internal audit and corporate governance with various argumentations of internal audit activities, attempting to sketch out their relationship. It analyses the contribution of internal audit to corporate governance. Based on what I found in the journal and my opinion, this journal have emphasized the importance of internal audit which is really compulsory for every company to follow as it improves the efficiency and effectiveness of the management and company. Moreover it also have mentioned that the relationship and communication between employer and management is important in internal control which is an effective idea on maintaining employer’s loyalty and reduce fraud. But this journal less focus on the disadvantage of internal control if it is not handled wisely which is really need to be considered before implementing internal audit control system. The journal have explained well on how the internal control benefits the company but as an auditor or a manager, one should also consider the disadvantage that might be faced by the company from internal audit control.  Internal audit control systems have a few weaknesses that business owners must address. First, broad application. Internal audit control systems can be very broad in their application and this can create a weaker internal audit control system. Business owners should attempt to develop a system that focuses on......

Words: 917 - Pages: 4

Premium Essay

Audit

...6-22 a. The function of the independent auditor in the audit of financial statements is expression of an opinion on the fairness with which they present, in all material respects, financial position, results of operations, and its cash flows in conformity with generally accepted accounting principles. The auditor's report is the medium through which he expresses his opinion or, if circumstances require, disclaims an opinion. In either case, he states whether his audit has been made in accordance with generally accepted auditing standards. These standards require him to state whether, in his opinion, the financial statements are presented in conformity with generally accepted accounting principles and to identify those circumstances in which such principles have not been consistently observed in the preparation of the financial statements of the current period in relation to those of the preceding period. The responsibilities of the independent auditor in the audit of financial statements are planning and performing the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud. Because of the nature of audit evidence and the characteristics of fraud, the auditor is able to obtain reasonable, but not absolute, assurance that material misstatements are detected.   b. The responsibilities of the independent auditor for the detection of fraud is provide reasonable assurance of detecting......

Words: 566 - Pages: 3

Premium Essay

Audit

...ILLUSTRATIVE AUDIT ENGAGEMENT LETTER (Date) Name of Auditee Address Dear ________________ We are pleased to confirm our understanding of the services we are to provide you with under this engagement. Audit Scope. USAID’s applicable scope of work that was part of your RFP will be included or referenced to. Audit Objectives. The objective of our audit is the expression of opinions as to whether your basic financial statements are fairly presented, in all material respects, in conformity with U.S. generally accepted accounting principles, the objective also includes reporting on: • Internal control related to the financial statements and compliance with laws, regulations, and the provisions of contracts and grant agreements, noncompliance with which could have a material effect on the financial statements, in accordance with Government Auditing Standards. • Internal control related to major programs and an opinion (or disclaimer of opinion) on compliance with laws, regulations, and the provisions of contracts and grant agreements that could have a direct and material effect on each major program in accordance with the Single Audit Act Amendments of 1996 and OMB Circular A-133, Audits of States, Local Governments, and Non-Profit Organizations. Our audit will be conducted in accordance with generally accepted auditing standards established by the Auditing Standards Board (United States); the standards for financial audits......

Words: 2547 - Pages: 11

Premium Essay

Audit

...JetBlue Audit Paper Name Institution Introduction JetBlue boasts to be a local low-cost airline in the United States having being incorporated back in 1998 with the delivery of services commencing in 2000. The incorporation of the airline occurred in Delaware in August, and many consider it a New York hometown carrier. Jet Blue had an approximately 32 million passengers in the year 2014 and the mean flights in a day were 825. Last year, the carrier number of passengers increased to 35 million with an average of 900 flights in a day. Moreover, it was the fifth largest carrier of travelers in 2015 with around 90 destinations in the USA. Considerably, JetBlue since the commencement of operations accomplished success in a duration of six years (JetBlue , 2016). Nevertheless, the company has various shortcomings in its procedures, and the evaluation of the corporation can provide more insights. JetBlue operating environment In the past years, the cost of fuel has continued to be low, and this has enabled JetBlue to have up surged revenues. The airline is also high with a considerable demand of customers as it has one of the best customer services. JetBlue management has over the years continued to monitor expenditures, and this has led to the success of the carrier. The revenue increment of JetBlue has tom some extent outperformed the airline industry by a mean of 6 %. JetBlue had a debt ratio of approximately 0.48 in 2015, which is at its lowest. Undeniably, this is......

Words: 2894 - Pages: 12