search

In the planning phase, the scope of an internal audit engagement is defined by the

1 Jahrs vor
Kommentare: 0
Ansichten: 173

Aligned with Standards 2200 through 2220

In the planning phase, the scope of an internal audit engagement is defined by the

Show

Planning is part of internal auditing’s systematic, disciplined, and risk-based approach and is mandated by the International Standards for the Professional Practice of Internal Auditing.  Planning internal audit engagements involves considering the strategies and objectives of the area or process under review, prioritizing the risks relevant to the engagement, determining the engagement objectives and scope, and documenting the approach. This practice guide contains the engagement planning steps necessary to fulfill Standard 2200 – Engagement Planning through Standard 2220 – Engagement Scope and related assurance (.A) and consulting (.C) implementation standards.

Engagement planning generally includes the following steps:

  • Understand the context and purpose of the engagement.
  • Gather information to understand the area or process under review.
  • Conduct a preliminary risk assessment of the area or process under review.
  • Form engagement objectives.
  • Establish engagement scope.
  • Allocate resources.
  • Document the plan.

Engagement Planning: Establishing Objectives and Scope also offers guidance on how internal auditors can use a risk and control matrix and heat map to prioritize the risks, then use the results to form the engagement objectives and scope, in conformance with the Standards. Established engagement objectives and scope enable internal auditors to focus efforts on the significant risks in the area or process under review, develop the engagement work program, and communicate clearly with management and the board. Access the new supplemental guidance now.

  2. MANDATORY GUIDANCE
  3. STANDARDS
  4. PERFORMANCE STANDARDS

Performance Standards describe the nature of internal audit activities and provide criteria against which the performance of these services can be evaluated.

The Standard states:

Internal auditors must develop and document a plan for each engagement, including the engagement’s objectives, scope, timing, and resource allocations. The plan must consider the organization’s strategies, objectives, and risks relevant to the engagement.

The organisation’s Internal Audit Manual (IAM) should provide suitable working guidance in respect of the expected internal process to be followed by the team when planning any audit. The IAM should also provide any standard documentation templates which the team are expected to utilise when performing their work.  

In practice what processes are key to demonstrating that the Chief Internal Auditor (CIA) has considered the organisation’s strategies, objectives and risks when planning an engagement’s scope and resources? The CIA will already have performed or overseen the performance of the Audit Needs Assessment (ANA) and resulting Internal Audit Strategy (IAS); this provides the starting point.

Thereafter, when planning an individual assignment:

  • Consider the underlying risk assessment performed by internal audit when performing the ANA and identifying the areas for inclusion within the IAS and any outline scope therein; update the understanding through considering any significant changes since its approval.
  • Review any updated risk assessment performed by management such as risk register entries; to gain further understanding of objectives, the identified risks to their achievement, the policies and procedures put in place and relied upon by management to mitigate risk, any management review and reporting in place to monitor and measure their success and the results of any work performed by other external assurance providers.
  • Review any legislation, regulatory or recognised good practice control frameworks relating to the area of review; ensure these are suitably captured within the control environment or record and highlight any gaps.
  • Hold and document planning meetings with Executive and auditees to gain further insight into the objectives, performance indicators, risks and controls of the area subject to review.
  • The auditor should consider the extent of work necessary to provide reasonable assurance over and opportunity for significant improvements to the risk management, governance and internal controls in place to mitigate risk to an acceptable level within the organisation’s risk appetite.
  • Create an Audit Planning Brief, based upon the organisation’s adopted template; this should include the objective for the area under review, scope of the assignment, result of risk assessment, key controls, focus of audit testing and expected dissemination of results.  
  • The Brief should clearly identify both what is ‘in scope’ and ‘out of scope’ to provide clarity and avoid scope creep.
  • The Brief should clearly identify any work of third parties upon which it is planned to place reliance; including what work will be undertaken to gain assurance over the robustness of that work (See Standard 2050).
  • Areas of audit testing should be prioritised based upon both impact and likelihood; it is important to ensure that controls recognised as managing the most significant risks are adequately designed and operating effectively.
  • The audit resources necessary to deliver the intended scope should be considered and outlined; covering both execution and supervision of the assignment. It is the CIA responsibility to ensure not only the quantity but also the quality of resources allocated; considering necessary knowledge, skills, experience and technology to complete the engagement with suitable professional care and diligence. It may be necessary for the CIA to bring in additional resources to meet this need; including supervision, subject matter experts and co-sourcing.
  • When planning resources, the CIA should pay suitable attention to any departmental skills audit and declared conflicts of interest.
  • The Brief should be reviewed and approved by the CIA, the auditee responsible and ultimately the Executive team with whom responsibility lies. This helps to promote the recognition of auditees’ views and buy-in to the audit process.
  • To ensure the smooth execution of the audit it is often desirable to provide an explicit timetable for key stages of the audit process and prior information needs.
  • The audit process should not be immovable; if based upon audit work performed, the auditor identifies that the scope and audit work would benefit from change, these should be brought to the attention of the CIA, suitably considered, discussed with client and approved. As auditors we must remain agile; especially in today’s fast paced environments. The CIA should confirm any agreed change to the Executive lead.
  • Any limitation to an audit’s scope or performance should be clearly reported to Executive and Audit Committee.

Planning of audit assignments, their scope and resources directed to them is incredibly important; failure to give this stage suitable consideration could devalue the entire audit process, impact negatively upon relationships with auditees, jeopardise the quality of the end product, value derived from our input and ultimately the assurance we are able to provide back to Executive and Board.

Clearly documenting the planned audit scope, testing, resources and timeframes provides a benchmark against which to monitor the execution of our work, demonstrate we have discharged our responsibilities and reflect upon to improve our service moving forward.

Core Evidence Demonstrating Compliance

  1. Audit Needs Assessment documentation
  2. Internal Audit Strategy
  3. Audit Planning Briefs
  4. Minutes/records of meetings with auditees

The CIA should ensure that risk assessment is clearly evident throughout Strategic and Assignment Planning. Whilst the Strategy provides the justification for the prioritisation of the audit, the Brief provides the specific scope and objectives of the review immediately prior commencement to ensure that it is focused upon current risks as they present themselves at that moment, recognising that the environment may have moved on since the development of the Strategy.

Ideally, the Brief should follow a consistent agreed upon format, following any guidance within the IAM; capturing both audit and management’s view of the risk and control environment. Formal acceptance of the Brief and any amendment to scope will help minimise the risk of any expectation gap. The Brief provides the auditor with the ‘plan’ against which audit quality and resources will be subsequently monitored.

What is the scope of an audit engagement?

Audit scope, defined as the amount of time and documents which are involved in an audit, is an important factor in all auditing. The audit scope, ultimately, establishes how deeply an audit is performed. It can range from simple to complete, including all company documents.

What is the scope of internal audit is decided by?

The Audit Committee of the company or the Board shall, in consultation with the Internal Auditor, formulate the scope, functioning, periodicity and methodology for conducting the internal audit – Sub-rule 2 of Rule 13 of Companies (Accounts) Rules, 2014.

What is planning in internal audit?

The plan is developed based on an assessment of risk and potential exposures that may affect the organization. Ultimately, Internal Audit's objective is to provide management with information to reduce exposure to the negative effects that may be associated with operations intended to achieve management's objectives.

What are the phases of an internal audit cycle?

Internal audit conducts assurance audits through a five-phase process which includes selection, planning, conducting fieldwork, reporting results, and following up on corrective action plans.

planning phase scope internal audit engagement defined

zusammenhängende Posts

Which of the following hierarchical levels does strategic planning consist of check all that apply?
Which of the following hierarchical levels does strategic planning consist of check all that apply?

What are the main planning processes performed as part of project scope management?
What are the main planning processes performed as part of project scope management?

Which step in the laser printing process occurs immediately after the exposing phase?
Which step in the laser printing process occurs immediately after the exposing phase?

What type of planning involves setting short term goals for a new business venture?
What type of planning involves setting short term goals for a new business venture?

Which management functions are involved in setting goals and measuring performance?
Which management functions are involved in setting goals and measuring performance?

Metal boxes that are used to ship consumer goods on cargo ships are known as _____.
Metal boxes that are used to ship consumer goods on cargo ships are known as _____.

A nurse is planning care for a client who has anorexia nervosa. the nurse should make
A nurse is planning care for a client who has anorexia nervosa. the nurse should make

Mission and vision play a prominent role in the planning facet of the p-o-l-c framework.
Mission and vision play a prominent role in the planning facet of the p-o-l-c framework.

What phase of the adjustment process does the employee gains language skills and starts to adjust to life overseas?
What phase of the adjustment process does the employee gains language skills and starts to adjust to life overseas?

A nurse is planning care for a client who has hepatitis B which of the following interventions
A nurse is planning care for a client who has hepatitis B which of the following interventions

Werbung

NEUESTEN NACHRICHTEN

A set of formalized rules and standards that describe what a company expects
1 Jahrs vor . durch AffiliatedTicker
How do you protect against a similar incident occurring again in the future?
1 Jahrs vor . durch EducationalBonus
Wann blockiert das Hinterrad beim Motorrad?
1 Jahrs vor . durch All-whiteBattery
Antrag auf Erhöhung des Grades der Behinderung Sachsen
1 Jahrs vor . durch RainyRegulator
Wer ist englischer meister geworden
1 Jahrs vor . durch MainCatholicism
Was macht der nat typ für einen unterschied
1 Jahrs vor . durch Million-dollarOverseer
Using threats or intimidation to persuade someone is which influence tactic?
1 Jahrs vor . durch AbandonedDispatcher
Wie spät ist es Schreib die Uhrzeit auf?
1 Jahrs vor . durch WealthyHearth
Süßigkeiten die es nicht mehr gibt
1 Jahrs vor . durch GovernmentalCutter
Was hilft gegen Migräne mit Aura
1 Jahrs vor . durch InsatiableEarnings

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial

homeendefrkoptzhitthtr
Urheberrechte © © 2024 ihoctot Inc.