Example of an Audit Report with Memos: ACC-640 Final Milestone

 

1.      Audit Report

The audit team has gathered and recorded all the information to improve understanding of Target Corporation and enable determination and evaluation of risks related to misstatement of transactions and account balances. Based on the feedback, the following risk factors were determined.

Risk Factors

After examining the financial statements of Target Corporation, including income statements for the fiscal year 2016 and company procedures, potential risks were linked to the weakness of the internal controls system. 

One of the risks of a weak internal control system is that Target’s information can be exposed to unauthorized access and might be manipulated in such a way that applying it in decision-making could result in implementing wrong strategies. Most of Target’s transactions are conducted online, hence, weak internal control could result in a loss of revenue.

Moreover, tracking of the auditing process and structuring of the organization becomes difficult with a weak internal control system. This may result in poor communication and improper delegation of duties.

2.      Memos

Memo 1

TARGET CORPORATION

Minneapolis, Minnesota, U.S.,

Target Corporation                                                                 Office of the Auditor General

 

                                                                             January 23^rd, 2018

MEMO TO:  CHIEF FINANCIAL OFFICER

FROM: Chief Auditor                                                         

SUBJECT:  Strategies for mitigating Risk Factors and Audit Program for achieving Revenue Objectives

The internal audit team at Target Corporation was asked to recommend mitigation strategies for eliminating risks presenting in the audit and to establish an audit program for achieving this goal. After conducting further inquiry, observation and inspection, our team realized that the management team should ensure that the internal control system structure in place matches international standards to eliminate chances of misstatement of financial materials.

A stable internal control is particularly important because Target Corporation is a large company which as well deals with large amounts of revenue per year. Effectiveness of the internal control system will also contribute to adoption of reliable checks needed to secure online transactions, provide clear definition of duties, and improve revenue generation. The management team will also be required to regularly review the internal control system and carry out system checks prevent unauthorized transactional access.

Our internal audit team also determined a list of revenue objectives which included: ensuring that recorded transactions are valid and are appropriately valued, classified, and summarized or reported in the master files. Since most of Target’s are conducted online, evaluation of effectiveness of general controls caused by changes in program is necessary to ensure safety of files. Moreover, inquiries and investigation of documents relevant to changes in programs and master files is important for sales orders, shipping, billing, and recording. Target Corporation may need to outsource a system analyst to conduct frequent system checks for smooth running of the online business and to enable placement of employees who possess technical ability that match operational demands. The revenue objectives are therefore achievable through a cycle approach.

Memo 2

TARGET CORPORATION

Minneapolis, Minnesota, U.S.,

Target Corporation                                                                 Office of the Auditor General

                                                                             January 23^rd, 2018

MEMO TO:                                                       CHIEF FINANCIAL OFFICER

FROM:                                                               Chief Auditor           

SUBJECT: Communicating Results of Audit Process and Selecting a Sampling Program for Formulating Field Activities  

 The internal audit team at Target Corporation was instructed to find a proper way of communicating results from audit process and to develop a sampling program for formulating field practices. According to the International Standards for Professional Practice of Internal Auditing, the chief audit executive reviews and approves the channel of communication and legitimate parties before audit results are issued. When it comes to communicating the acceptance of risks by management, which may be unacceptable to the organization, the chief audit executive must meet with senior management to discuss the results. If the issue fails to be resolved at this level, the chief audit executive must inform the board. The internal audit team only learns about the acknowledgement of the risk when the upper management engages in procedures such as assurance engagement and evaluation of actions recommended in the audit report.

Generally, auditors possess knowledge of account balances and transactions that are very likely to contain misstatements. The knowledge is useful during sampling, to help select other areas which affect achievement of goals, but auditor needs more information about. Statistical sampling is particularly important in studying the risk factors because statistical theory enables the auditor to quantify the risk factors. This helps in selection of strategies that can reduce the risks to acceptable levels. The approach however requires training of auditors, which may result in added costs.