Internal audit conducts assurance audits through a five-phase process which includes selection, planning, conducting fieldwork, reporting results, and following up on corrective action plans. Audit activities are selected using a risk
based approach. Internal audit meets with leadership and management during the development of the annual audit plan to discusses risks and potential impediments to meeting objectives. This plan is approved by the Executive and Audit Committee of the Board of Trustees. Audits can also be conducted based on concerns reported on the fraud and ethics hotline. Each audit requires planning, starting from defining the scope and objective to developing audit steps
to meet the objective. Internal audit conducts an entrance meeting with management to discuss the purpose of the audit, risk factors, and other logistics. Management is included in the planning phase and the details are documented in a planning and scoping memo. During the fieldwork phase, auditors conduct the steps identified in the planning process. Steps often include conducting interviews, reviewing laws, policies and best practice, verifying
sample transactions, analyzing data sets, and conducting surveys. Auditors meet regularly with management throughout fieldwork and discuss the status of the audit, preliminary observations, and potential recommendations. Auditors conduct an exit meeting with management at the conclusion of the fieldwork to discuss the results of the audit, specific findings and recommendations and other observations. Auditors communicate these to management through an audit
observation memo and ask management to provide a response with a corrective action plan and timeline to implement. These responses are included in the final report. Management and leadership are provided an opportunity to review drafts and provide feedback. Follow-upAll audit recommendations and management corrective action plans are followed up on to provide assurance that plans are implemented. Corrective action plans that do not appear to be progressing are reported annually to the president and Executive and Audit Committee. Do you want to create a flexible, risk-based audit program — but don’t know where to start? Read our Internal Audit Planning Checklist to learn which audit steps and requirements you should keep in mind, and download our full guide to “Planning an Audit from Scratch” below! What can internal auditors do to prepare
a more comprehensive scope for their internal audit projects? And where can internal auditors find the subject matter expertise needed to create an audit program “from scratch”? AuditBoard’s “Planning an Audit: A How-To Guide” details how to build an effective internal audit plan from the ground up through best practices, resources, and insights, rather than relying on template
audit programs. One of the guide’s highlights is a comprehensive checklist of audit steps and considerations to keep in mind as you plan any audit project. Use the checklist below to get started planning an audit, and download our full “Planning an Audit: A How-To Guide” for tips to help you create a flexible, risk-based audit program. Internal Audit Planning Checklist1. Initial Audit PlanningAll internal audit projects should begin with the team clearly understanding why the project was put on the audit plan. The following questions should be answered and approved before fieldwork begins:
2. Risk and Process Subject Matter ExpertisePerforming an audit based on internal company information is helpful to assess the operating effectiveness of the process’s controls. However, for internal audit to keep pace with the business’s changing landscape and to ensure key processes and controls are also designed correctly, seeking out external expertise is increasingly becoming a best practice. At least one of the following should be used to evaluate the design of the process audited:
Once you have leveraged internal and external resources to identify relevant risks, you will want to build an audit program that tests for these risks. 3. COSO’S 2013 Internal Control – Integrated FrameworkWhile used extensively for Sarbanes-Oxley (SOX) compliance purposes, internal auditors can also leverage COSO’s 2013 Internal Control – Integrated Framework to create a more comprehensive audit program. In addition to identifying and testing control activities, Internal audit should seek to identify and test the other components of a well controlled process.
4. Initial Document Request ListRequesting and obtaining documentation on how the process works is an obvious next step in preparing for an audit. The following requests should be made before the start of audit planning in order to gain an understanding of the process, relevant applications, and key reports:
After gaining an understanding of the process to be audited through the initial document request, you should request access to master data for the processes being audited to analyze for trends and to aid in making detailed sampling selections. 5. Preparing for a Planning Meeting with Business StakeholdersBefore meeting with business stakeholders, internal audit should hold an internal meeting in order to confirm the high-level understanding of the objectives of the process or department and the key steps to the process. The following steps should be performed to prepare for a planning meeting with business stakeholders:
Preparing the questionnaire after performing the initial research sets a positive tone for the audit, and illustrates that internal audit is informed and prepared. Once this research is completed, internal audit should meet with their business stakeholders to confirm their understanding of the process. 6. Preparing the Audit ProgramOnce internal audit has confirmed their understanding of the process and risks within the process, they will be prepared to create an audit program. An audit program should detail the following information:
7. Audit Program and Planning ReviewAudit programs, especially those for processes that have never been audited before, should have multiple levels of review and buy-in before being finalized and allowing fieldwork to begin. The following individuals should review and approve the initial audit program and internal audit planning procedures before the start of fieldwork:
Internal auditors who can create and document audit programs from scratch — and do not rely on template audit programs — will be more capable and equipped to perform audits over areas not routinely audited. When internal audit can spend more of their time and resources aligned to their organization’s key objectives, internal auditor job satisfaction will increase because they’ll be taking on more interesting projects. The Audit Committee and C-suite may become more engaged with internal audit’s work in strategic areas. Perhaps most importantly, recommendations made by internal audit will have a more dramatic impact to enable positive change in their organizations. Want to learn more tips to help you create a flexible, risk-based audit program? Download our free "Planning an Audit from Scratch: A How-To Guide" below.What should be the first step in the auditing process?Audit Process. Step 1: Planning. The auditor will review prior audits in your area and professional literature. ... . Step 2: Notification. ... . Step 3: Opening Meeting. ... . Step 4: Fieldwork. ... . Step 5: Report Drafting. ... . Step 6: Management Response. ... . Step 7: Closing Meeting. ... . Step 8: Final Audit Report Distribution.. What is audit followAudit standards require that a follow-up process is implemented to monitor the disposition of audit results and ensure that action plans have been effectively implemented. Our professional goal is to conduct follow-up auditing in a timely manner and report on the results.
What are the 5 steps of an audit?Audit Process. What happens during an audit? Internal audit conducts assurance audits through a five-phase process which includes selection, planning, conducting fieldwork, reporting results, and following up on corrective action plans.. Selection. ... . Planning. ... . Fieldwork. ... . Reporting. ... . Follow-up.. What are the 4 phases of an audit process?Although every audit process is unique, the audit process is similar for most engagements and normally consists of four stages: Planning (sometimes called Survey or Preliminary Review), Fieldwork, Audit Report and Follow-up Review.
|