Purpose
Internal auditors play a key role in enhancing and protecting organisational value and helping organisations accomplish their objectives. They achieve this through well-founded audit planning. The core pillars of consultation, analysis and research are used to deliver forward audit plans that feed into individual engagement plans.
Background
Management is looking for internal audits that help them to reduce risk (where appropriate), improve the business, and be assured that appropriate governance, risk management and control arrangements are in place and working effectively. They expect the Chief Audit Executives (CAE) to drive a program of audits that are relevant to them, timely, and genuinely add value. They also expect the CAE to ensure that the internal audit team delivers the forward audit plan on time as promised.
In the past, CAEs developed annual and longer term audit plans (three and / or five year) on a ‘cyclical’ basis, with audit topics identified within resourcing availability on a functional basis from historical information. This approach used a set of one- dimensional risk factors, was often done in isolation of the business, and assumed a relatively static organisation. The correlation between risk rankings and the audit plan was often weak.
Contemporary audit planning requires the CAE to identify audit topics on a strategic, cross-organisational and functional basis, drawing on enterprise risk management information. The forward audit plan needs to be developed in consultation with the business to provide timely, relevant, responsive and risk-based coverage, with the integration of internal audit with risk management and strategic planning. Whilst most audit topics in the forward audit plan are focused on assurance, there is increasing provision for consulting (or advisory) topics.
The forward audit plan is usually approved by the audit committee, and the audit committee typically requires a covering business paper that convincingly articulates the robustness of the planning effort, through the three pillars of consultation, analysis and research.
This white paper is intended to aid with a) developing well founded audit plans and b) structuring the business papers and communication needed to convince stakeholders to adopt those plans.
In terms of professional auditing standards:
This white paper focuses on the risk-based forward audit plan (as illustrated in Exhibit 1), noting that separate planning is required both at the engagement level and to ensure the capability of the people undertaking these audits.
Inscrivez-vous et accèdez à l’ensemble de l’actualité GRACES.Community.