Mastering Audit Planning for Success
Ankita Krishnan, MBA, CIA?
Senior Internal Auditor at Crowe Australasia
Benjamin Franklin, once said, ‘By failing to prepare, you are preparing to fail.’ So is the case with delivering an internal audit. Audit planning plays a very crucial role in the success of audit and in an auditor’s ability to provide valuable insights to clients. Let’s break down what an audit planning phase entail.
Researching: Gather as much as information about the upcoming audit. This could be by way of reading prior audit reports in similar areas, understanding the client’s industry background, industry specific terminologies, best practices or referencing industry regulators’ reports. In addition, an auditor can also learn about the specific audit area (say, procurement), its key risks and internal controls to mitigate the same.
Reviewing initial information: Make it a point to request some initial information prior to the start of fieldwork. This information could be policies, procedures, checklists, job descriptions, financial delegations, access rights, registers and so on. It is important that the auditor reviews such information carefully.
Preparing RACM: Prepare a Risk and Control Matrix (RACM) to help in navigating all phases of internal audit. When prepared well, the RACM acts as a guiding document in planning, conducting fieldwork and reporting. It should ideally contain the below fields:
领英推荐
It is important to keep in mind that an RACM is a dynamic document which should be updated throughout the audit process. For example, the actual controls maybe updated later from information gathered in interviews / discussions.
Preparing for interviews: Prepare a list of interview questions in advance which can be a mix of both open and closed ended questions. Some of the initial discussions can be around roles and responsibilities, KPIs, team structure, walk-through of systems used, any current risks / system limitations / opportunities for improvements and various reports produced for monitoring.
Obtaining advice: Schedule periodic discussions with seniors to obtain insights, advice and identify any gaps early in the audit so that there is still sufficient time to steer into the right path.
Ensuring that each work program is designed to achieve the internal audit objectives and provide scope coverage is essential. By doing the above steps and following good document retention practices, the audit is very likely to be a successful one. Remember, preparation is the key to any success!
#internalaudit #internalcontrols #riskbasedinternalaudits #riskandcontrols #riskandcontrolmatrix #RACM #auditplanning
Project Manager
7 个月Brilliant!