Show Planning is part of internal auditing’s systematic, disciplined, and risk-based approach and is mandated by the International Standards for the Professional Practice of Internal Auditing. Planning internal audit engagements involves considering the strategies and objectives of the area or process under review, prioritizing the risks relevant to the engagement, determining the engagement objectives and scope, and documenting the approach. This practice guide contains the engagement planning steps necessary to fulfill Standard 2200 – Engagement Planning through Standard 2220 – Engagement Scope and related assurance (.A) and consulting (.C) implementation standards. Engagement planning generally includes the following steps:
Engagement Planning: Establishing Objectives and Scope also offers guidance on how internal auditors can use a risk and control matrix and heat map to prioritize the risks, then use the results to form the engagement objectives and scope, in conformance with the Standards. Established engagement objectives and scope enable internal auditors to focus efforts on the significant risks in the area or process under review, develop the engagement work program, and communicate clearly with management and the board. Access the new supplemental guidance now.
Performance Standards describe the nature of internal audit activities and provide criteria against which the performance of these services can be evaluated. The Standard states: Internal auditors must develop and document a plan for each engagement, including the engagement’s objectives, scope, timing, and resource allocations. The plan must consider the organization’s strategies, objectives, and risks relevant to the engagement. The organisation’s Internal Audit Manual (IAM) should provide suitable working guidance in respect of the expected internal process to be followed by the team when planning any audit. The IAM should also provide any standard documentation templates which the team are expected to utilise when performing their work. In practice what processes are key to demonstrating that the Chief Internal Auditor (CIA) has considered the organisation’s strategies, objectives and risks when planning an engagement’s scope and resources? The CIA will already have performed or overseen the performance of the Audit Needs Assessment (ANA) and resulting Internal Audit Strategy (IAS); this provides the starting point. Thereafter, when planning an individual assignment:
Planning of audit assignments, their scope and resources directed to them is incredibly important; failure to give this stage suitable consideration could devalue the entire audit process, impact negatively upon relationships with auditees, jeopardise the quality of the end product, value derived from our input and ultimately the assurance we are able to provide back to Executive and Board. Clearly documenting the planned audit scope, testing, resources and timeframes provides a benchmark against which to monitor the execution of our work, demonstrate we have discharged our responsibilities and reflect upon to improve our service moving forward. Core Evidence Demonstrating Compliance
The CIA should ensure that risk assessment is clearly evident throughout Strategic and Assignment Planning. Whilst the Strategy provides the justification for the prioritisation of the audit, the Brief provides the specific scope and objectives of the review immediately prior commencement to ensure that it is focused upon current risks as they present themselves at that moment, recognising that the environment may have moved on since the development of the Strategy. Ideally, the Brief should follow a consistent agreed upon format, following any guidance within the IAM; capturing both audit and management’s view of the risk and control environment. Formal acceptance of the Brief and any amendment to scope will help minimise the risk of any expectation gap. The Brief provides the auditor with the ‘plan’ against which audit quality and resources will be subsequently monitored. What is the scope of an audit engagement?Audit scope, defined as the amount of time and documents which are involved in an audit, is an important factor in all auditing. The audit scope, ultimately, establishes how deeply an audit is performed. It can range from simple to complete, including all company documents.
What is the scope of internal audit is decided by?❖ The Audit Committee of the company or the Board shall, in consultation with the Internal Auditor, formulate the scope, functioning, periodicity and methodology for conducting the internal audit – Sub-rule 2 of Rule 13 of Companies (Accounts) Rules, 2014.
What is planning in internal audit?The plan is developed based on an assessment of risk and potential exposures that may affect the organization. Ultimately, Internal Audit's objective is to provide management with information to reduce exposure to the negative effects that may be associated with operations intended to achieve management's objectives.
What are the phases of an internal audit cycle?Internal audit conducts assurance audits through a five-phase process which includes selection, planning, conducting fieldwork, reporting results, and following up on corrective action plans.
|