ABSTRACT: This case provides an active-learning opportunity for students to assume the role of an internal auditor conducting a compliance audit. Specifically, we provide students with the actual telephone records of a firm with a policy prohibiting employees from using company phones for personal long distance calls. The case exposes students to (1) using generalized audit software, (2) validating data (for potential anomalies) before performing analysis, (3) analyzing nonfinancial information, (4) converting nonfinancial information into financial impact (i.e., the cost of the nonbusiness long distance phone calls), and (5) writing a business letter outlining the findings of the compliance audit and recommendations. Students must understand the data, analyze it, interpret the results, and develop recommendations. Given that most shareholder value is lost due to strategic, operational, and business risks, rather than financial risks, audit committees and senior management are now putting pressure on internal auditing to shift its focus from financial compliance auditing to nonfinancial concerns. This case helps students gain the necessary skills to conduct these non-SOX audits.
