SlideShare a Scribd company logo

How to plan an audit engagement

Aditya Narayan Mishra
Aditya Narayan Mishra

How to plan an audit engagement

Law
1 of 14
Download to read offline
01 November 2017 How to plan an audit engagement Chartered Institute of Internal Auditors Planning audit projects, or engagements, well will ensure you deliver a quality assurance and consulting service to your organisation or clients. You need to take account of a great many factors when planning. This guide draws together all of those factors and aims to help internal auditors who are new to planning as well as providing a useful reminder to more experienced internal auditors. Why bother planning? What are the benefits? Stages of planning an engagement Prepare Objectives Scope Resources Programme of work Input, oversight and review Planning as an iterative process Why bother planning? What are the benefits? 1. Increased chance of success (fail to plan = plan to fail) As with any project, taking time to plan the internal audit engagement increases the chances that you will complete it to the agreed quality standards in the agreed time and with the available resources. 2. A more comprehensive outcome In terms of the content of the work, planning allows the internal auditor to clarify the objectives of the work and to set out all the tasks needed to achieve them. This helps to ensure that the work done is comprehensive. The real outcomes of internal audit depend on the relationships between the internal auditor and the organisation's managers and governors. Planning provides an opportunity to establish or develop those relationships, establishing the foundation for communications later in the engagement. Done well, planning makes communicating engagement results easier and quicker. 3. Resource availability The better the internal auditor understands the tasks, the better he or she will be able to identify the resources needed and to secure their availability: • General or specialist skills • Technology requirements 1 © Chartered Institute of Internal Auditors
• Time with key personnel 4. Better management of expectations Documenting the thought processes and decisions taken helps to ensure that everyone involved knows what to expect, what to do and when to do it. It also avoids repeating the same processes later. Documenting the tasks and the timeline allows the internal auditor to monitor progress and to take alternative action if necessary as the engagement takes place. During planning, the internal auditor can also obtain whatever approvals are necessary from internal audit management and from the organisation's managers and governors. Stages of planning an engagement The internal auditor needs to prepare and then, as required by Performance Standard 2200, internal auditors must develop and document the engagement's objectives, scope, timing, resource allocations and work programme. Internal auditors may find that their internal audit activity has decided on specific ways to plan engagements, documented in a methodology or manual or other policies and procedures. If the activity conforms to the IPPF, the specific ways should cover all of the points below. Internal auditors should follow the IPPF where possible. Graphical representation of the stages 2 © Chartered Institute of Internal Auditors
1. Prepare Internal auditors of any level need to start by putting the engagement into context. The data available to assist with this will depend on the nature and size of the organisation. The strategic plan or the business plan of the organisation may be useful, as may be information on the risks identified by the organisation's managers and their responses to them. The overall plan for the internal audit activity is likely to provide information on the reason for selecting this engagement and on whether it is designed primarily to provide assurance or to be a consultancy engagement. In larger departments, the head of internal audit (HIA) or an internal audit manager may provide the person responsible for planning the engagement with this background information in a written or oral briefing. Whatever the source of data, the Definition of Internal Auditing provides internal auditors with a key question to decide during planning: How will this engagement help my organisation to accomplish its objectives? 3 © Chartered Institute of Internal Auditors
Finding out about the business area and building relationships with managers Before you start detailed planning, it is important to understand the area under review. To do this, you can research the internet and organisational documents. You can also talk to the managers responsible for the area. This helps you not only to gather information about the activities they manage, but also to lay the foundation for good communications. It will help you to understand their aspirations and what matters to them. Also read our guide: How to approach unfamiliar areas of work. This is equally valid for familiar and unfamiliar areas of work: • What activities occur? • Who does what and where? • What are its strategic objectives? • Who is accountable for what? • What information is made available to whom? • How does it contribute to the organisation's strategy or purpose? • What are the likely risks and responses? Planning considerations from Performance Standard 2201 The results of this research will help the internal auditor in meeting the obligations in Performance Standard 2201. This says that in planning the engagement, internal auditors must consider: 1. The objectives of the activity being reviewed and the means by which the activity controls its performance 2. The significant risks to the activity, its objectives, resources and operations and the means by which the potential impact of risk is kept to an acceptable level 3. The adequacy and effectiveness of the activity's risk management and control processes compared to a relevant control framework or model 4. The opportunities for making significant improvements to the activity's risk management and control processes. Your professional obligations and opportunities Internal auditors can use the preparation stage to review other requirements of the IPPF. The most relevant parts are duplicated in full later in this guidance. Ask yourself: 1. How does this engagement meet the Definition of Internal Auditing? 2. Thinking about the principles and rules of conduct relating to Objectivity in the Code of Ethics and the guidance in Attribute Standards 1120 and 1130, do I have an impartial, unbiased attitude and can I avoid any conflict of interest with this work? 3. Thinking about the principles and rules of conduct relating to Competency in the Code of Ethics and the guidance in Attribute Standard 1210, do I have the proficiency and experience to carry out this engagement? 4. Given my obligations under the principles and rules of conduct relating to Competency in the Code of Ethics and the guidance in Attribute Standard 1230, are there learning and development opportunities for me and other internal auditors? 5. How will these opportunities contribute my studies for internal audit qualifications or support the requirements of continuous professional development (CPD)? 4 © Chartered Institute of Internal Auditors
Additionally, you should ensure you are applying the following: • Principles and rules of conduct relating to Integrity and to Confidentiality • Principles in Attribute Standard 1220 on Due Professional Care • Principles in 2100 series of Performance Standards, outlining the Nature of Work for each of Governance, Management of Risk and Control • Principles in 2200 series of Performance Standards on Engagement Planning The requirements for assurance and consulting engagements differ. You will find them in the Implementation Standards under the Attribute and Performance Standards listed above. 2. Objectives Performance Standard 2210 requires the internal auditor to establish objectives for each engagement. You can use the IPPF to help you think what your objectives might be. 1. Agree what is the main purpose of the engagement: assurance or consulting. This will determine which implementation standards you will need to apply. 2. Performance Standard 2100, Nature of Work, sets an overall objective for any internal audit work: it is about evaluating and contributing to the improvement of your subject matter. 3. Moving to a level of greater detail, the Performance Standards in the 2100 series explain the objectives of work on governance, risk management and control processes. For governance processes this includes looking at ethics programmes, IT governance, performance measurement and coordination between the cornerstones of governance, 'the board, external and internal auditors and management'. 4. For assurance engagements, the assurance Implementation Standards (indicated by an "A" in the number) provide more detailed considerations. This includes looking at the reliability and integrity of financial and operational information; the effectiveness and efficiency of operations; the safeguarding of assets; and compliance with laws, regulations and contracts. It also includes considering how well your organisation is managing the risk of fraud. Of course, not all these considerations will be relevant to every engagement. 5. For consulting engagements, the consulting Implementation Standards (indicated by a 'C' in the number) provide more detailed considerations. Most assurance engagements are about evaluating and contributing to the improvement of the management of the risks in a particular area. A risk based approach will start with understanding what the business area does - its purpose and objectives - and will seek to provide assurance on the way management is responding to risks to those objectives. In other words, the objectives of the engagement will be to evaluate the effectiveness of the responses to risk, including the treatment of risks using controls. Agreeing the objectives with management 5 © Chartered Institute of Internal Auditors
For consulting engagements, Implementation Standard 2201.C1 requires the internal auditor to agree the objectives with the 'client'. For assurance engagements, the internal auditor is not normally required to do this and, indeed, Implementation Standard 1110.A1 requires that 'the internal audit activity must be free from interference in determining the scope of internal auditing…' The only exception to this is when the work is being performed on behalf of 'parties outside the organisation', see Implementation Standard 2201.A1. However, there are benefits to discussing the engagement objectives with managers. 1. It will help to confirm that the priorities you have chosen are valuable to the organisation. 2. It encourages the managers to see the engagement as something that can help them to improve the organisation's operations. 3. You will have an opportunity to demonstrate that internal auditors are prepared to listen to the manager's problems and concerns. In these ways, it will be another way to build a constructive relationship with the managers, making the later stages of the engagement easier. Establishing effective working relationships with management is therefore as important as defining the engagement objectives. Examples of internal audit objectives 6 © Chartered Institute of Internal Auditors
Defining criteria for assurance engagements At the heart of assurance engagements are the criteria the internal auditor uses to evaluate the area under review. Ideally, you will be able to use the same criteria that managers use to monitor and report on their area. Implementation Standard 2210.A3 requires the internal auditor to look at whether managers have established adequate criteria. If they have, you must use those criteria; if they have not, you have 7 © Chartered Institute of Internal Auditors
an immediate opportunity to improve the overall management of risk, by helping managers to develop appropriate criteria. Given these requirements, if you are planning an assurance engagement, you must discuss the criteria with managers. Documenting objectives Performance Standard 2200 requires you to document the objectives of the engagement. The format for such documents is a matter for professional judgement: there is no single correct method. The International Standards require you to agree the objectives with managers only for consulting engagements and for assurance engagements for parties outside the organisation. However, the Institute believes that in most cases it will build a better relationship with managers if you show them the documentation of the objectives with them and check that you all share the same understanding. In addition, documenting engagement objectives also provides an important basis for contact with other assurance providers who may work within or for the organisation. Sharing information helps to reinforce the role of internal audit, can avoid duplication of effort and prevent the arrival of two or more audit teams in the same area at the same time. If you identify a consulting engagement while performing an agreed assurance engagement, the International Standards expect you to document and agree the objectives and scope of the new work, just as if you were planning from scratch (see Implementation Standard 2220.A2). This is to ensure that you realise all the benefits of careful planning even in these circumstances. 3. Scope The scope of the engagement is the extent of the subject matter with which the engagement deals. Implementation standard 2220.A1 (for assurance engagements) provides suggestions of what the subject matter may include: systems, records, personnel and physical properties. What to include The purpose of defining and documenting the scope is to establish boundaries and to set expectations. It allows you to identify the records and systems etc to which you will need access - a practical consideration. This includes items that are under the control of third parties with whom you may need to negotiate how and when to access them. What not to include It clarifies for managers and governors the exact subject matter, the period under review or any special conditions. Perhaps equally as important, it shows what the engagement will not cover. Some internal auditors are specific about omissions; others concentrate on stating what the engagement includes, thereby implying what it does not. The best way to handle that will depend upon the requirements of your stakeholders and the culture of the organisation. Related to objectives Performance Standard 2220 states that 'the established scope must be sufficient to satisfy the objectives of the engagement.' Therefore, start with the objectives and identify all the systems, 8 © Chartered Institute of Internal Auditors
business areas and people that are relevant. For a risk-based approach, this will be the managers who monitor the effectiveness of responses to risk and the information systems and processes they use; and the activities and processes that put responses into effect. You may also wish to look at the underlying assets and transactions. Root cause analysis The value that internal audit provides is not limited to assurance. Insight into how and why things are done to provide a window into the real culture of the team, department or subsidiary under review using some form of root cause analysis, such as the 5 Why technique, is also valuable. As Practice Advisory 2320-2 explains “Internal audit can be the ideal group to analyze issues and identify the root cause(s) given their independence and objectivity. This perspective helps ensure biases are minimised, assumptions are challenged, and evidence is fully evaluated.” The introduction of root cause analysis will be more effective and more readily received when discussions about its use take place with stakeholders around when the scope of the audit engagement is being considered. As the Practice Advisory points out early discussion will hopefully resolve any concerns and potential barriers to using root cause analysis. Flexing objectives to create more manageable scope It is possible that the objectives of an engagement are so broad that the required scope is enormous. This means that the engagement is likely to take a long time and consume many internal audit resources. If the objectives are fixed, then this may be unavoidable. However, it is a good idea to go back and reconsider the objectives if the scope is too large. It may be possible to focus the objectives more tightly, achieving most of the benefits with a smaller scope of work. Chunking (sizing) down the engagement Another approach is to divide the engagement into a series of smaller ones, making up a linked programme. Approaching the engagement this way creates a series of more manageable packages of work that can fit around the timetable of the business area - allowing you to provide the assurance and consulting service without interfering adversely with the organisation's ability to meet its objectives. It may also allow more frequent communication of results, allowing more timely information to flow to both managers and governors. There is no problem with doing this in the internal audit world, as long as all the stakeholders are happy with the approach. Comparison to external audit This is one advantage that internal audit work has compared to external audit work. The audit of the financial statements has clear, fixed and time-sensitive objectives and external audit standards provide guidance and protection for external auditors so that there are no restrictions on the scope of their work. For internal audit, the objectives of the work are more flexible so it is possible to change these in order to ensure that the scope of work is manageable. Free from interference At the same time, once the objectives of an internal audit assurance engagement have been 9 © Chartered Institute of Internal Auditors
agreed, internal auditors too have protection from restrictions on their scope of work. Implementation standard 1110.A1 states that 'the internal audit activity must be free from interference in determining the scope of internal auditing ...' Therefore, the internal auditor must apply professional judgment when discussing objectives and scope and be alert to situations where managers and governors may be seeking to restrict the scope without good reason. 4. Resources There are two important aspects to allocating resources to an internal audit engagement: firstly enough resource and secondly the right resource. Performance Standard 2230 requires the internal auditor to evaluate 'the nature and complexity of each engagement, time constraints and available resources'. Sufficient The objectives and scope provide some idea of the nature and complexity of the engagement. The internal audit activity's overall plan or schedule may provide estimated start and finishing dates and the managers may have provided other information on time constraints. In some organisations the number of planned engagement days is the basis for a budget for travel, subsistence and other operating expenses. The internal auditor must consider all of this information, together with schedules for the availability of individual internal auditors or specialist resources, in order to decide which resources to use to deliver the engagement objectives in the required timescale. However, this may be only a preliminary allocation until the detailed programme of work is complete. After that is finalised, it may be necessary to revise the allocation of resources. Appropriate Appropriate resources are a function of both their competency and their objectivity and independence. Our guide How to approach unfamiliar areas of work covers the issue of competency. Here is a recap of some of the important points: 1. The role of internal audit is to evaluate and to help the organisation to improve its governance and management of risk, including internal controls. Therefore, internal auditors need the knowledge, skills and experience to address these aspects of an area; they do not need to be able to operate or manage the activities of an area. 2. The knowledge, skills and experience may be spread among different members of a team so that not every internal auditor needs to have all of them. For example, a technical expert in computing, accountancy, fraud, contract management etc may be assigned to the engagement at some point. 3. There is a development opportunity for internal auditors who can work under supervision of more experienced auditors. 10 © Chartered Institute of Internal Auditors
4. Where there are gaps the HIA may need to look outside the internal audit team for support. According to both the Code of Ethics and the 1100 series of the Attribute Standards internal auditors have a professional duty to ensure that they have the necessary individual objectivity, in fact and appearance, to perform the engagement. This means combining an ability to be impartial and unbiased with the knowledge, skills and experience to review the subject area. For assurance engagements, there are specific impairments to objectivity that are forbidden: • 1130.A1 requires that internal auditors not assess operations for which they were previously responsible within the previous year. • 1130.A2 requires the HIA to find someone from outside the internal audit activity to oversee assurance engagements in functions for which the HIA is responsible. 5. Programme of work Performance Standard 2240 Engagement Work Programme states that internal auditors must develop and document work programmes that achieve the engagement objectives. From a practical point of view, considering the engagement as a project with many tasks and relying on the availability of different people and other resources, it is good practice for the internal auditor to map out what is going to be done, where and when. This may be relatively straightforward for a simple engagement with one person doing all the work. The key action then is to request access to information and to set up meetings in good time. For larger, more complex engagements with many interrelated activities such as surveys, interviews, data gathering and analysis, benchmarking, and a team of internal auditors, it will be useful to build a formal project plan to coordinate all the activities and resources. This includes key events, tasks and a detailed timeline so that everyone involved knows what they are doing and so that internal audit managers can monitor progress. The level of involvement of managers and staff from the business area will vary from one engagement to the next. In some engagements, it may be necessary to not to provide notice of visits, meetings and information requests. However, where you can, try to set these up well in advance in order to make the work smoother. These project plans may meet the requirements of Performance Standard 2240 which requires internal auditors to 'develop and document work programmes that achieve the engagement objectives'. They must show how the work achieves the objectives. It is also possible, and may be necessary in larger teams or when working with less experienced staff, to formulate a more detailed work programme. For assurance engagements, Implementation Standard 2240.A1 requires that the work programme include 'the procedures for identifying, analyzing, evaluating and documenting information during the engagement.' A detailed testing plan may establish the breadth and depth of testing, taking into 11 © Chartered Institute of Internal Auditors
consideration: • The adequacy and effectiveness of responses that guard against high impact risks • High levels of residual risk • Criteria established by management and the nature of management assurance • Volume and materiality of transactions • Previous audit findings, reported incidents and recurring problems/issues In addition, Implementation Standard 1220.A2 requires internal auditors to 'consider the use of technology-based audit and other data analysis techniques'. If you decide to use these, they should appear in the work programme. According to Attribute Standard 1311, day-to-day supervision and review provides the ongoing monitoring required for a complete Quality Assurance and Improvement Programme. There are very few areas where the nature of such review is specified. One of the instances is in the planning for assurance engagements where it states that 'the work programme must be approved prior to its implementation'. The engagement work programme guides the internal auditors' subsequent work. It ensures thorough and complete coverage and documentation of the engagement. However, it is not intended to be a static or rigid document. The activities and tests that the internal auditor performs throughout the engagement may deviate from the original plan, if the results of previous tests warrant it. Internal auditors should not be afraid to stray off the path as long as they evaluate their activities in light of their overall objectives, maintain perspective on their resource limitations, and communicate the nature of their activities to their supervisor or manager. Significant adjustments must be approved promptly. Input, oversight and review At all stages, you may receive input from both internal audit managers and the HIA and from business managers and other interested parties. This will help provide different insights into the purpose of the engagement and into the nature of the business area. However, you may have to seek help in prioritising the input from different interest groups. As noted above, day-to-day supervision and review is part of a Quality Assurance and Improvement Programme. Your internal audit activity is likely to have procedures and expectations of how the processes of oversight and review take place. Make sure you leave time for those as you are completing your planning. In smaller internal audit activities, it may be difficult or impossible to establish procedures for detailed review. If you can exchange files or even just discuss your ideas with a colleague, this may be a good way to gain comfort that you have identified the key issues. In larger internal audit activities, the requirements are likely to be more formal with sign-off levels established for different engagements and for different stages. 12 © Chartered Institute of Internal Auditors
Planning as an iterative process The stages appear in this guidance as consecutive. However, as suggested above in the section on resources and scope, in fact the process is likely to be iterative. So, scoping considerations may cause you to refine the objectives. The detailed work programme may have consequences for the preliminary resource allocation. Furthermore, even during the detailed work, a specific issue or problem may extend or reduce the scope of an engagement. An example of this is where finding irregularities creates a suspicion of fraud. This could cause you to change the scope of the current engagement or to establish a new engagement with a specific objective to address this particular issue. Therefore, it is important not to consider the process to be rigid but to move between the stages as necessary. There are few tips to keep in mind: 1. Find a way to limit the number of iterations or you could spend all your time planning! 2. Make sure you consult with all the appropriate people - do not agree one thing with your supervisor or the business area manager on one iteration and then forget to update them when the plan changes. 3. Document the key decisions whether it is on the first iteration or on the twentieth! 4. Obtain approval of changes to work programmes for assurance engagements. Summary All the stages of planning an engagement are equally important. They apply both to simple and to very complex engagements. Together, they help to ensure consistency between engagements and to provide the foundations for a quality service to the organisation. Weakness in any one of the stages will impact upon the others, so give each one the attention it deserves. Here is a simple list to help you: DO: 1. Research the subject area thoroughly. 2. Treat audit engagements like a project. 3. Be open with business area managers about what you are doing and encourage participation. 4. Agree objectives - linked to governance, risk management and control. 5. Agree success criteria for the area under review as a basis for audit objectives and scope. 6. Work with the business area to set a reasonable timetable and agree requirements. 7. Consider the application of root cause analysis. 8. Set performance measures and targets. 9. Communicate with other assurance providers. 10. Draw in and schedule expertise when you need it. 11. Timetable key activities and map out a project plan if need be. 12. Obtain approval for an assurance engagement work programme. DON'T: 13 © Chartered Institute of Internal Auditors
1. Set vague objectives that are open to interpretation 2. Take for granted that people understand the objectives and scope of the audit 3. Make the engagement too long and drawn out 4. Assume all the elements of the engagement will come together once it starts 5. Assume people in the business will be able to cooperate with your requests and requirements as they arise Further reading Top tips: Engagement planning Standards: 2200 Engagement planning 2201 Planning considerations 2240 Engagement work programme Practice advisories 1200-1 Proficiency and due professional care 1210-1 Proficiency 1210.A1-1 Obtaining external service providers to support or complement the IA activity 1220-1 Due professional care 2200-1 Engagement planning 2210-1 Engagement objectives 2210.A1-1 Risk assessment in engagement planning 2230-1 Engagement resource allocation 2240-1 Engagement work programme 14 © Chartered Institute of Internal Auditors

Recommended

Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal AuditKaran Puri
 
Chapter 3 -Audit evidence
Chapter 3 -Audit evidenceChapter 3 -Audit evidence
Chapter 3 -Audit evidenceSaidiBuyera
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit pptIbrahim Jimalle
 
04 Audit documentation
04 Audit documentation 04 Audit documentation
04 Audit documentation CA. (Dr.) Rajkumar Adukia
 
Materiality in Planning and Performing an Audit
Materiality in Planning and Performing an AuditMateriality in Planning and Performing an Audit
Materiality in Planning and Performing an AuditDr. Soheli Ghose Banerjee
 
Internal audit report writing.pdf
Internal audit report writing.pdfInternal audit report writing.pdf
Internal audit report writing.pdfkavyashree k
 
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...Taufir Alam
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit pptLetzconsult.com
 

Recommended

Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal AuditKaran Puri
 
Chapter 3 -Audit evidence
Chapter 3 -Audit evidenceChapter 3 -Audit evidence
Chapter 3 -Audit evidenceSaidiBuyera
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit pptIbrahim Jimalle
 
04 Audit documentation
04 Audit documentation 04 Audit documentation
04 Audit documentation CA. (Dr.) Rajkumar Adukia
 
Materiality in Planning and Performing an Audit
Materiality in Planning and Performing an AuditMateriality in Planning and Performing an Audit
Materiality in Planning and Performing an AuditDr. Soheli Ghose Banerjee
 
Internal audit report writing.pdf
Internal audit report writing.pdfInternal audit report writing.pdf
Internal audit report writing.pdfkavyashree k
 
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...Taufir Alam
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit pptLetzconsult.com
 
Internal control and internal audit presentation for bank
Internal control and internal audit presentation for bankInternal control and internal audit presentation for bank
Internal control and internal audit presentation for bankMohammad Halim Stanikzai
 
Audit & Assurance
Audit & AssuranceAudit & Assurance
Audit & AssuranceAhmad Tariq Bhatti
 
Audit Evidence Presentation
Audit Evidence PresentationAudit Evidence Presentation
Audit Evidence PresentationSheikh Ali Asghar
 
An introduction to internal auditing
An introduction to internal auditingAn introduction to internal auditing
An introduction to internal auditinggrifff
 
Internal Audit
Internal AuditInternal Audit
Internal AuditJami Martin
 
Audit Documentation Presentation
Audit Documentation PresentationAudit Documentation Presentation
Audit Documentation PresentationKarim70
 
Isa 300 Planning An Audit Of Financial Statements En Ingles
Isa 300 Planning An Audit Of Financial Statements En InglesIsa 300 Planning An Audit Of Financial Statements En Ingles
Isa 300 Planning An Audit Of Financial Statements En Inglesguest4a971d
 
Audit report writing 5
Audit report writing 5Audit report writing 5
Audit report writing 5DJones68
 
Topic 6 audit documentation
Topic 6 audit documentationTopic 6 audit documentation
Topic 6 audit documentationsakura rena
 
Internal Audit
Internal AuditInternal Audit
Internal AuditAhmad Tariq Bhatti
 
Audit planning
Audit planningAudit planning
Audit planningRichard Clarke Academy
 
STANDARDS ON AUDITING
STANDARDS ON AUDITINGSTANDARDS ON AUDITING
STANDARDS ON AUDITINGANMOL GULATI
 
Chapter 5
Chapter 5Chapter 5
Chapter 5Nur Dalila Zamri
 
working paper.pdf
working paper.pdfworking paper.pdf
working paper.pdfMdMasud56
 
Internal Audit Reporting
Internal Audit ReportingInternal Audit Reporting
Internal Audit ReportingSALIH AHMED ISLAM
 
Presentation on Internal Audit Standards
Presentation on Internal Audit StandardsPresentation on Internal Audit Standards
Presentation on Internal Audit StandardsNahidHasan617654
 
Topic 5 audit evidence and auditing procedure
Topic 5 audit evidence and auditing procedureTopic 5 audit evidence and auditing procedure
Topic 5 audit evidence and auditing proceduresakura rena
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit FrameworkAhmad Tariq Bhatti
 
AUDIT REPORT [ AUDITING ]
AUDIT REPORT [ AUDITING ]AUDIT REPORT [ AUDITING ]
AUDIT REPORT [ AUDITING ]Rakshit Porwal
 
Introduction of Assurance
Introduction of AssuranceIntroduction of Assurance
Introduction of AssuranceSazzad Hossain, ITP, MBA, CSCA™
 
CIA part 1 essentials of internal auditing
CIA part 1 essentials of internal auditingCIA part 1 essentials of internal auditing
CIA part 1 essentials of internal auditingariundalai1
 
Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Mohammad Wahid Abdullah Khan
 

More Related Content

What's hot

Internal control and internal audit presentation for bank
Internal control and internal audit presentation for bankInternal control and internal audit presentation for bank
Internal control and internal audit presentation for bankMohammad Halim Stanikzai
 
An introduction to internal auditing
An introduction to internal auditingAn introduction to internal auditing
An introduction to internal auditinggrifff
 
Audit Documentation Presentation
Audit Documentation PresentationAudit Documentation Presentation
Audit Documentation PresentationKarim70
 
Isa 300 Planning An Audit Of Financial Statements En Ingles
Isa 300 Planning An Audit Of Financial Statements En InglesIsa 300 Planning An Audit Of Financial Statements En Ingles
Isa 300 Planning An Audit Of Financial Statements En Inglesguest4a971d
 
Audit report writing 5
Audit report writing 5Audit report writing 5
Audit report writing 5DJones68
 
Topic 6 audit documentation
Topic 6 audit documentationTopic 6 audit documentation
Topic 6 audit documentationsakura rena
 
STANDARDS ON AUDITING
STANDARDS ON AUDITINGSTANDARDS ON AUDITING
STANDARDS ON AUDITINGANMOL GULATI
 
working paper.pdf
working paper.pdfworking paper.pdf
working paper.pdfMdMasud56
 
Presentation on Internal Audit Standards
Presentation on Internal Audit StandardsPresentation on Internal Audit Standards
Presentation on Internal Audit StandardsNahidHasan617654
 
Topic 5 audit evidence and auditing procedure
Topic 5 audit evidence and auditing procedureTopic 5 audit evidence and auditing procedure
Topic 5 audit evidence and auditing proceduresakura rena
 
AUDIT REPORT [ AUDITING ]
AUDIT REPORT [ AUDITING ]AUDIT REPORT [ AUDITING ]
AUDIT REPORT [ AUDITING ]Rakshit Porwal
 

What's hot (20)

Internal control and internal audit presentation for bank
Internal control and internal audit presentation for bankInternal control and internal audit presentation for bank
Internal control and internal audit presentation for bank
 
Audit & Assurance
Audit & AssuranceAudit & Assurance
Audit & Assurance
 
Audit Evidence Presentation
Audit Evidence PresentationAudit Evidence Presentation
Audit Evidence Presentation
 
An introduction to internal auditing
An introduction to internal auditingAn introduction to internal auditing
An introduction to internal auditing
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 
Audit Documentation Presentation
Audit Documentation PresentationAudit Documentation Presentation
Audit Documentation Presentation
 
Isa 300 Planning An Audit Of Financial Statements En Ingles
Isa 300 Planning An Audit Of Financial Statements En InglesIsa 300 Planning An Audit Of Financial Statements En Ingles
Isa 300 Planning An Audit Of Financial Statements En Ingles
 
Audit report writing 5
Audit report writing 5Audit report writing 5
Audit report writing 5
 
Topic 6 audit documentation
Topic 6 audit documentationTopic 6 audit documentation
Topic 6 audit documentation
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 
Audit planning
Audit planningAudit planning
Audit planning
 
STANDARDS ON AUDITING
STANDARDS ON AUDITINGSTANDARDS ON AUDITING
STANDARDS ON AUDITING
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
working paper.pdf
working paper.pdfworking paper.pdf
working paper.pdf
 
Internal Audit Reporting
Internal Audit ReportingInternal Audit Reporting
Internal Audit Reporting
 
Presentation on Internal Audit Standards
Presentation on Internal Audit StandardsPresentation on Internal Audit Standards
Presentation on Internal Audit Standards
 
Topic 5 audit evidence and auditing procedure
Topic 5 audit evidence and auditing procedureTopic 5 audit evidence and auditing procedure
Topic 5 audit evidence and auditing procedure
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
 
AUDIT REPORT [ AUDITING ]
AUDIT REPORT [ AUDITING ]AUDIT REPORT [ AUDITING ]
AUDIT REPORT [ AUDITING ]
 
Introduction of Assurance
Introduction of AssuranceIntroduction of Assurance
Introduction of Assurance
 

Similar to How to plan an audit engagement

CIA part 1 essentials of internal auditing
CIA part 1 essentials of internal auditingCIA part 1 essentials of internal auditing
CIA part 1 essentials of internal auditingariundalai1
 
Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Mohammad Wahid Abdullah Khan
 
internal-audit-competency-framework (1).pdf
internal-audit-competency-framework (1).pdfinternal-audit-competency-framework (1).pdf
internal-audit-competency-framework (1).pdfandhikapg1
 
PART II INTERNAL AUDITING in local government.ppt
PART II INTERNAL AUDITING in local government.pptPART II INTERNAL AUDITING in local government.ppt
PART II INTERNAL AUDITING in local government.pptCamellaCandon
 
auditing Fram . from the start to Reporting .pdf
auditing Fram . from the start to Reporting .pdfauditing Fram . from the start to Reporting .pdf
auditing Fram . from the start to Reporting .pdfnguyenanvuong2007
 
IA Competency Experts Forensic Level.pdf
IA Competency Experts Forensic Level.pdfIA Competency Experts Forensic Level.pdf
IA Competency Experts Forensic Level.pdfmijanca01
 
Iso 9001 internal audit tips
Iso 9001 internal audit tipsIso 9001 internal audit tips
Iso 9001 internal audit tipsBaptist Molai
 
AUDIT - AUDITING STRATEGIES.pptx
AUDIT - AUDITING STRATEGIES.pptxAUDIT - AUDITING STRATEGIES.pptx
AUDIT - AUDITING STRATEGIES.pptxMohamed Fazil M
 
Frequently asked questions on auditing in dubai
Frequently asked questions on auditing in dubaiFrequently asked questions on auditing in dubai
Frequently asked questions on auditing in dubaiManeesha35
 
Client Evaluation and Planning the Audit Lecture slide chapter 8
Client Evaluation and Planning the Audit Lecture slide chapter 8Client Evaluation and Planning the Audit Lecture slide chapter 8
Client Evaluation and Planning the Audit Lecture slide chapter 8Sazzad Hossain, ITP, MBA, CSCA™
 
Creative Performance Audit
Creative Performance AuditCreative Performance Audit
Creative Performance AuditHumanology
 
Required training, education, & certification for internal auditor development
Required training, education, & certification for internal auditor developmentRequired training, education, & certification for internal auditor development
Required training, education, & certification for internal auditor developmentMohammad Wahid Abdullah Khan
 
Assessing risks and internal controls training
Assessing risks and internal controls trainingAssessing risks and internal controls training
Assessing risks and internal controls trainingshifataraislam
 
Planning an external audit of financial statements
Planning an external audit of financial statementsPlanning an external audit of financial statements
Planning an external audit of financial statementsAyesha Majid
 
Topic 7 audit planning (1)
Topic 7 audit planning (1)Topic 7 audit planning (1)
Topic 7 audit planning (1)sakura rena
 
Internal controls maturity and SME corporate governanance
Internal controls maturity and SME corporate governananceInternal controls maturity and SME corporate governanance
Internal controls maturity and SME corporate governananceBrowne & Mohan
 
Audit Framework presentation.pptx
Audit Framework presentation.pptxAudit Framework presentation.pptx
Audit Framework presentation.pptxOnwVinx
 

Similar to How to plan an audit engagement (20)

CIA part 1 essentials of internal auditing
CIA part 1 essentials of internal auditingCIA part 1 essentials of internal auditing
CIA part 1 essentials of internal auditing
 
Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)
 
internal-audit-competency-framework (1).pdf
internal-audit-competency-framework (1).pdfinternal-audit-competency-framework (1).pdf
internal-audit-competency-framework (1).pdf
 
Interview Question for Manager
Interview Question for ManagerInterview Question for Manager
Interview Question for Manager
 
PART II INTERNAL AUDITING in local government.ppt
PART II INTERNAL AUDITING in local government.pptPART II INTERNAL AUDITING in local government.ppt
PART II INTERNAL AUDITING in local government.ppt
 
auditing Fram . from the start to Reporting .pdf
auditing Fram . from the start to Reporting .pdfauditing Fram . from the start to Reporting .pdf
auditing Fram . from the start to Reporting .pdf
 
IA Competency Experts Forensic Level.pdf
IA Competency Experts Forensic Level.pdfIA Competency Experts Forensic Level.pdf
IA Competency Experts Forensic Level.pdf
 
Iso 9001 internal audit tips
Iso 9001 internal audit tipsIso 9001 internal audit tips
Iso 9001 internal audit tips
 
AUDIT - AUDITING STRATEGIES.pptx
AUDIT - AUDITING STRATEGIES.pptxAUDIT - AUDITING STRATEGIES.pptx
AUDIT - AUDITING STRATEGIES.pptx
 
Frequently asked questions on auditing in dubai
Frequently asked questions on auditing in dubaiFrequently asked questions on auditing in dubai
Frequently asked questions on auditing in dubai
 
The iia s 2017 international professional practices framework
The iia s 2017 international professional practices frameworkThe iia s 2017 international professional practices framework
The iia s 2017 international professional practices framework
 
Client Evaluation and Planning the Audit Lecture slide chapter 8
Client Evaluation and Planning the Audit Lecture slide chapter 8Client Evaluation and Planning the Audit Lecture slide chapter 8
Client Evaluation and Planning the Audit Lecture slide chapter 8
 
Creative Performance Audit
Creative Performance AuditCreative Performance Audit
Creative Performance Audit
 
Required training, education, & certification for internal auditor development
Required training, education, & certification for internal auditor developmentRequired training, education, & certification for internal auditor development
Required training, education, & certification for internal auditor development
 
Assessing risks and internal controls training
Assessing risks and internal controls trainingAssessing risks and internal controls training
Assessing risks and internal controls training
 
Planning an external audit of financial statements
Planning an external audit of financial statementsPlanning an external audit of financial statements
Planning an external audit of financial statements
 
Topic 7 audit planning (1)
Topic 7 audit planning (1)Topic 7 audit planning (1)
Topic 7 audit planning (1)
 
Internal controls maturity and SME corporate governanance
Internal controls maturity and SME corporate governananceInternal controls maturity and SME corporate governanance
Internal controls maturity and SME corporate governanance
 
Value based internal auditing - Nilai Dasar Internal Audit
Value based internal auditing - Nilai Dasar Internal AuditValue based internal auditing - Nilai Dasar Internal Audit
Value based internal auditing - Nilai Dasar Internal Audit
 
Audit Framework presentation.pptx
Audit Framework presentation.pptxAudit Framework presentation.pptx
Audit Framework presentation.pptx
 

Recently uploaded

Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxAnalysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxadvabhayjha2627
 
PPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptxPPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptxRRR Chambers
 
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)Delhi Call girls
 
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxMollyBrown86
 
The doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteThe doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteDeepikaK245113
 
Navigating the Legal and Ethical Landscape of Blockchain Investigation.pdf
Navigating the Legal and Ethical Landscape of Blockchain Investigation.pdfNavigating the Legal and Ethical Landscape of Blockchain Investigation.pdf
Navigating the Legal and Ethical Landscape of Blockchain Investigation.pdfMilind Agarwal
 
一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理Airst S
 
PowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptxPowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptxca2or2tx
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理ss
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxRRR Chambers
 
Relationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfRelationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfKelechi48
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理Airst S
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersJillianAsdala
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理Airst S
 
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhaiShashankKumar441258
 
Police Misconduct Lawyers - Law Office of Jerry L. Steering
Police Misconduct Lawyers - Law Office of Jerry L. SteeringPolice Misconduct Lawyers - Law Office of Jerry L. Steering
Police Misconduct Lawyers - Law Office of Jerry L. SteeringSteering Law
 
Shubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubham Wadhonkar
 
Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.Nilendra Kumar
 
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...SUHANI PANDEY
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理e9733fc35af6
 

Recently uploaded (20)

Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxAnalysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
 
PPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptxPPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptx
 
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
 
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
The doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteThe doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statute
 
Navigating the Legal and Ethical Landscape of Blockchain Investigation.pdf
Navigating the Legal and Ethical Landscape of Blockchain Investigation.pdfNavigating the Legal and Ethical Landscape of Blockchain Investigation.pdf
Navigating the Legal and Ethical Landscape of Blockchain Investigation.pdf
 
一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理
 
PowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptxPowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptx
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
 
Relationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfRelationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdf
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
 
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
 
Police Misconduct Lawyers - Law Office of Jerry L. Steering
Police Misconduct Lawyers - Law Office of Jerry L. SteeringPolice Misconduct Lawyers - Law Office of Jerry L. Steering
Police Misconduct Lawyers - Law Office of Jerry L. Steering
 
Shubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptx
 
Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.
 
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
 

How to plan an audit engagement

  • 1. 01 November 2017 How to plan an audit engagement Chartered Institute of Internal Auditors Planning audit projects, or engagements, well will ensure you deliver a quality assurance and consulting service to your organisation or clients. You need to take account of a great many factors when planning. This guide draws together all of those factors and aims to help internal auditors who are new to planning as well as providing a useful reminder to more experienced internal auditors. Why bother planning? What are the benefits? Stages of planning an engagement Prepare Objectives Scope Resources Programme of work Input, oversight and review Planning as an iterative process Why bother planning? What are the benefits? 1. Increased chance of success (fail to plan = plan to fail) As with any project, taking time to plan the internal audit engagement increases the chances that you will complete it to the agreed quality standards in the agreed time and with the available resources. 2. A more comprehensive outcome In terms of the content of the work, planning allows the internal auditor to clarify the objectives of the work and to set out all the tasks needed to achieve them. This helps to ensure that the work done is comprehensive. The real outcomes of internal audit depend on the relationships between the internal auditor and the organisation's managers and governors. Planning provides an opportunity to establish or develop those relationships, establishing the foundation for communications later in the engagement. Done well, planning makes communicating engagement results easier and quicker. 3. Resource availability The better the internal auditor understands the tasks, the better he or she will be able to identify the resources needed and to secure their availability: • General or specialist skills • Technology requirements 1 © Chartered Institute of Internal Auditors
  • 2. • Time with key personnel 4. Better management of expectations Documenting the thought processes and decisions taken helps to ensure that everyone involved knows what to expect, what to do and when to do it. It also avoids repeating the same processes later. Documenting the tasks and the timeline allows the internal auditor to monitor progress and to take alternative action if necessary as the engagement takes place. During planning, the internal auditor can also obtain whatever approvals are necessary from internal audit management and from the organisation's managers and governors. Stages of planning an engagement The internal auditor needs to prepare and then, as required by Performance Standard 2200, internal auditors must develop and document the engagement's objectives, scope, timing, resource allocations and work programme. Internal auditors may find that their internal audit activity has decided on specific ways to plan engagements, documented in a methodology or manual or other policies and procedures. If the activity conforms to the IPPF, the specific ways should cover all of the points below. Internal auditors should follow the IPPF where possible. Graphical representation of the stages 2 © Chartered Institute of Internal Auditors
  • 3. 1. Prepare Internal auditors of any level need to start by putting the engagement into context. The data available to assist with this will depend on the nature and size of the organisation. The strategic plan or the business plan of the organisation may be useful, as may be information on the risks identified by the organisation's managers and their responses to them. The overall plan for the internal audit activity is likely to provide information on the reason for selecting this engagement and on whether it is designed primarily to provide assurance or to be a consultancy engagement. In larger departments, the head of internal audit (HIA) or an internal audit manager may provide the person responsible for planning the engagement with this background information in a written or oral briefing. Whatever the source of data, the Definition of Internal Auditing provides internal auditors with a key question to decide during planning: How will this engagement help my organisation to accomplish its objectives? 3 © Chartered Institute of Internal Auditors
  • 4. Finding out about the business area and building relationships with managers Before you start detailed planning, it is important to understand the area under review. To do this, you can research the internet and organisational documents. You can also talk to the managers responsible for the area. This helps you not only to gather information about the activities they manage, but also to lay the foundation for good communications. It will help you to understand their aspirations and what matters to them. Also read our guide: How to approach unfamiliar areas of work. This is equally valid for familiar and unfamiliar areas of work: • What activities occur? • Who does what and where? • What are its strategic objectives? • Who is accountable for what? • What information is made available to whom? • How does it contribute to the organisation's strategy or purpose? • What are the likely risks and responses? Planning considerations from Performance Standard 2201 The results of this research will help the internal auditor in meeting the obligations in Performance Standard 2201. This says that in planning the engagement, internal auditors must consider: 1. The objectives of the activity being reviewed and the means by which the activity controls its performance 2. The significant risks to the activity, its objectives, resources and operations and the means by which the potential impact of risk is kept to an acceptable level 3. The adequacy and effectiveness of the activity's risk management and control processes compared to a relevant control framework or model 4. The opportunities for making significant improvements to the activity's risk management and control processes. Your professional obligations and opportunities Internal auditors can use the preparation stage to review other requirements of the IPPF. The most relevant parts are duplicated in full later in this guidance. Ask yourself: 1. How does this engagement meet the Definition of Internal Auditing? 2. Thinking about the principles and rules of conduct relating to Objectivity in the Code of Ethics and the guidance in Attribute Standards 1120 and 1130, do I have an impartial, unbiased attitude and can I avoid any conflict of interest with this work? 3. Thinking about the principles and rules of conduct relating to Competency in the Code of Ethics and the guidance in Attribute Standard 1210, do I have the proficiency and experience to carry out this engagement? 4. Given my obligations under the principles and rules of conduct relating to Competency in the Code of Ethics and the guidance in Attribute Standard 1230, are there learning and development opportunities for me and other internal auditors? 5. How will these opportunities contribute my studies for internal audit qualifications or support the requirements of continuous professional development (CPD)? 4 © Chartered Institute of Internal Auditors
  • 5. Additionally, you should ensure you are applying the following: • Principles and rules of conduct relating to Integrity and to Confidentiality • Principles in Attribute Standard 1220 on Due Professional Care • Principles in 2100 series of Performance Standards, outlining the Nature of Work for each of Governance, Management of Risk and Control • Principles in 2200 series of Performance Standards on Engagement Planning The requirements for assurance and consulting engagements differ. You will find them in the Implementation Standards under the Attribute and Performance Standards listed above. 2. Objectives Performance Standard 2210 requires the internal auditor to establish objectives for each engagement. You can use the IPPF to help you think what your objectives might be. 1. Agree what is the main purpose of the engagement: assurance or consulting. This will determine which implementation standards you will need to apply. 2. Performance Standard 2100, Nature of Work, sets an overall objective for any internal audit work: it is about evaluating and contributing to the improvement of your subject matter. 3. Moving to a level of greater detail, the Performance Standards in the 2100 series explain the objectives of work on governance, risk management and control processes. For governance processes this includes looking at ethics programmes, IT governance, performance measurement and coordination between the cornerstones of governance, 'the board, external and internal auditors and management'. 4. For assurance engagements, the assurance Implementation Standards (indicated by an "A" in the number) provide more detailed considerations. This includes looking at the reliability and integrity of financial and operational information; the effectiveness and efficiency of operations; the safeguarding of assets; and compliance with laws, regulations and contracts. It also includes considering how well your organisation is managing the risk of fraud. Of course, not all these considerations will be relevant to every engagement. 5. For consulting engagements, the consulting Implementation Standards (indicated by a 'C' in the number) provide more detailed considerations. Most assurance engagements are about evaluating and contributing to the improvement of the management of the risks in a particular area. A risk based approach will start with understanding what the business area does - its purpose and objectives - and will seek to provide assurance on the way management is responding to risks to those objectives. In other words, the objectives of the engagement will be to evaluate the effectiveness of the responses to risk, including the treatment of risks using controls. Agreeing the objectives with management 5 © Chartered Institute of Internal Auditors
  • 6. For consulting engagements, Implementation Standard 2201.C1 requires the internal auditor to agree the objectives with the 'client'. For assurance engagements, the internal auditor is not normally required to do this and, indeed, Implementation Standard 1110.A1 requires that 'the internal audit activity must be free from interference in determining the scope of internal auditing…' The only exception to this is when the work is being performed on behalf of 'parties outside the organisation', see Implementation Standard 2201.A1. However, there are benefits to discussing the engagement objectives with managers. 1. It will help to confirm that the priorities you have chosen are valuable to the organisation. 2. It encourages the managers to see the engagement as something that can help them to improve the organisation's operations. 3. You will have an opportunity to demonstrate that internal auditors are prepared to listen to the manager's problems and concerns. In these ways, it will be another way to build a constructive relationship with the managers, making the later stages of the engagement easier. Establishing effective working relationships with management is therefore as important as defining the engagement objectives. Examples of internal audit objectives 6 © Chartered Institute of Internal Auditors
  • 7. Defining criteria for assurance engagements At the heart of assurance engagements are the criteria the internal auditor uses to evaluate the area under review. Ideally, you will be able to use the same criteria that managers use to monitor and report on their area. Implementation Standard 2210.A3 requires the internal auditor to look at whether managers have established adequate criteria. If they have, you must use those criteria; if they have not, you have 7 © Chartered Institute of Internal Auditors
  • 8. an immediate opportunity to improve the overall management of risk, by helping managers to develop appropriate criteria. Given these requirements, if you are planning an assurance engagement, you must discuss the criteria with managers. Documenting objectives Performance Standard 2200 requires you to document the objectives of the engagement. The format for such documents is a matter for professional judgement: there is no single correct method. The International Standards require you to agree the objectives with managers only for consulting engagements and for assurance engagements for parties outside the organisation. However, the Institute believes that in most cases it will build a better relationship with managers if you show them the documentation of the objectives with them and check that you all share the same understanding. In addition, documenting engagement objectives also provides an important basis for contact with other assurance providers who may work within or for the organisation. Sharing information helps to reinforce the role of internal audit, can avoid duplication of effort and prevent the arrival of two or more audit teams in the same area at the same time. If you identify a consulting engagement while performing an agreed assurance engagement, the International Standards expect you to document and agree the objectives and scope of the new work, just as if you were planning from scratch (see Implementation Standard 2220.A2). This is to ensure that you realise all the benefits of careful planning even in these circumstances. 3. Scope The scope of the engagement is the extent of the subject matter with which the engagement deals. Implementation standard 2220.A1 (for assurance engagements) provides suggestions of what the subject matter may include: systems, records, personnel and physical properties. What to include The purpose of defining and documenting the scope is to establish boundaries and to set expectations. It allows you to identify the records and systems etc to which you will need access - a practical consideration. This includes items that are under the control of third parties with whom you may need to negotiate how and when to access them. What not to include It clarifies for managers and governors the exact subject matter, the period under review or any special conditions. Perhaps equally as important, it shows what the engagement will not cover. Some internal auditors are specific about omissions; others concentrate on stating what the engagement includes, thereby implying what it does not. The best way to handle that will depend upon the requirements of your stakeholders and the culture of the organisation. Related to objectives Performance Standard 2220 states that 'the established scope must be sufficient to satisfy the objectives of the engagement.' Therefore, start with the objectives and identify all the systems, 8 © Chartered Institute of Internal Auditors
  • 9. business areas and people that are relevant. For a risk-based approach, this will be the managers who monitor the effectiveness of responses to risk and the information systems and processes they use; and the activities and processes that put responses into effect. You may also wish to look at the underlying assets and transactions. Root cause analysis The value that internal audit provides is not limited to assurance. Insight into how and why things are done to provide a window into the real culture of the team, department or subsidiary under review using some form of root cause analysis, such as the 5 Why technique, is also valuable. As Practice Advisory 2320-2 explains “Internal audit can be the ideal group to analyze issues and identify the root cause(s) given their independence and objectivity. This perspective helps ensure biases are minimised, assumptions are challenged, and evidence is fully evaluated.” The introduction of root cause analysis will be more effective and more readily received when discussions about its use take place with stakeholders around when the scope of the audit engagement is being considered. As the Practice Advisory points out early discussion will hopefully resolve any concerns and potential barriers to using root cause analysis. Flexing objectives to create more manageable scope It is possible that the objectives of an engagement are so broad that the required scope is enormous. This means that the engagement is likely to take a long time and consume many internal audit resources. If the objectives are fixed, then this may be unavoidable. However, it is a good idea to go back and reconsider the objectives if the scope is too large. It may be possible to focus the objectives more tightly, achieving most of the benefits with a smaller scope of work. Chunking (sizing) down the engagement Another approach is to divide the engagement into a series of smaller ones, making up a linked programme. Approaching the engagement this way creates a series of more manageable packages of work that can fit around the timetable of the business area - allowing you to provide the assurance and consulting service without interfering adversely with the organisation's ability to meet its objectives. It may also allow more frequent communication of results, allowing more timely information to flow to both managers and governors. There is no problem with doing this in the internal audit world, as long as all the stakeholders are happy with the approach. Comparison to external audit This is one advantage that internal audit work has compared to external audit work. The audit of the financial statements has clear, fixed and time-sensitive objectives and external audit standards provide guidance and protection for external auditors so that there are no restrictions on the scope of their work. For internal audit, the objectives of the work are more flexible so it is possible to change these in order to ensure that the scope of work is manageable. Free from interference At the same time, once the objectives of an internal audit assurance engagement have been 9 © Chartered Institute of Internal Auditors
  • 10. agreed, internal auditors too have protection from restrictions on their scope of work. Implementation standard 1110.A1 states that 'the internal audit activity must be free from interference in determining the scope of internal auditing ...' Therefore, the internal auditor must apply professional judgment when discussing objectives and scope and be alert to situations where managers and governors may be seeking to restrict the scope without good reason. 4. Resources There are two important aspects to allocating resources to an internal audit engagement: firstly enough resource and secondly the right resource. Performance Standard 2230 requires the internal auditor to evaluate 'the nature and complexity of each engagement, time constraints and available resources'. Sufficient The objectives and scope provide some idea of the nature and complexity of the engagement. The internal audit activity's overall plan or schedule may provide estimated start and finishing dates and the managers may have provided other information on time constraints. In some organisations the number of planned engagement days is the basis for a budget for travel, subsistence and other operating expenses. The internal auditor must consider all of this information, together with schedules for the availability of individual internal auditors or specialist resources, in order to decide which resources to use to deliver the engagement objectives in the required timescale. However, this may be only a preliminary allocation until the detailed programme of work is complete. After that is finalised, it may be necessary to revise the allocation of resources. Appropriate Appropriate resources are a function of both their competency and their objectivity and independence. Our guide How to approach unfamiliar areas of work covers the issue of competency. Here is a recap of some of the important points: 1. The role of internal audit is to evaluate and to help the organisation to improve its governance and management of risk, including internal controls. Therefore, internal auditors need the knowledge, skills and experience to address these aspects of an area; they do not need to be able to operate or manage the activities of an area. 2. The knowledge, skills and experience may be spread among different members of a team so that not every internal auditor needs to have all of them. For example, a technical expert in computing, accountancy, fraud, contract management etc may be assigned to the engagement at some point. 3. There is a development opportunity for internal auditors who can work under supervision of more experienced auditors. 10 © Chartered Institute of Internal Auditors
  • 11. 4. Where there are gaps the HIA may need to look outside the internal audit team for support. According to both the Code of Ethics and the 1100 series of the Attribute Standards internal auditors have a professional duty to ensure that they have the necessary individual objectivity, in fact and appearance, to perform the engagement. This means combining an ability to be impartial and unbiased with the knowledge, skills and experience to review the subject area. For assurance engagements, there are specific impairments to objectivity that are forbidden: • 1130.A1 requires that internal auditors not assess operations for which they were previously responsible within the previous year. • 1130.A2 requires the HIA to find someone from outside the internal audit activity to oversee assurance engagements in functions for which the HIA is responsible. 5. Programme of work Performance Standard 2240 Engagement Work Programme states that internal auditors must develop and document work programmes that achieve the engagement objectives. From a practical point of view, considering the engagement as a project with many tasks and relying on the availability of different people and other resources, it is good practice for the internal auditor to map out what is going to be done, where and when. This may be relatively straightforward for a simple engagement with one person doing all the work. The key action then is to request access to information and to set up meetings in good time. For larger, more complex engagements with many interrelated activities such as surveys, interviews, data gathering and analysis, benchmarking, and a team of internal auditors, it will be useful to build a formal project plan to coordinate all the activities and resources. This includes key events, tasks and a detailed timeline so that everyone involved knows what they are doing and so that internal audit managers can monitor progress. The level of involvement of managers and staff from the business area will vary from one engagement to the next. In some engagements, it may be necessary to not to provide notice of visits, meetings and information requests. However, where you can, try to set these up well in advance in order to make the work smoother. These project plans may meet the requirements of Performance Standard 2240 which requires internal auditors to 'develop and document work programmes that achieve the engagement objectives'. They must show how the work achieves the objectives. It is also possible, and may be necessary in larger teams or when working with less experienced staff, to formulate a more detailed work programme. For assurance engagements, Implementation Standard 2240.A1 requires that the work programme include 'the procedures for identifying, analyzing, evaluating and documenting information during the engagement.' A detailed testing plan may establish the breadth and depth of testing, taking into 11 © Chartered Institute of Internal Auditors
  • 12. consideration: • The adequacy and effectiveness of responses that guard against high impact risks • High levels of residual risk • Criteria established by management and the nature of management assurance • Volume and materiality of transactions • Previous audit findings, reported incidents and recurring problems/issues In addition, Implementation Standard 1220.A2 requires internal auditors to 'consider the use of technology-based audit and other data analysis techniques'. If you decide to use these, they should appear in the work programme. According to Attribute Standard 1311, day-to-day supervision and review provides the ongoing monitoring required for a complete Quality Assurance and Improvement Programme. There are very few areas where the nature of such review is specified. One of the instances is in the planning for assurance engagements where it states that 'the work programme must be approved prior to its implementation'. The engagement work programme guides the internal auditors' subsequent work. It ensures thorough and complete coverage and documentation of the engagement. However, it is not intended to be a static or rigid document. The activities and tests that the internal auditor performs throughout the engagement may deviate from the original plan, if the results of previous tests warrant it. Internal auditors should not be afraid to stray off the path as long as they evaluate their activities in light of their overall objectives, maintain perspective on their resource limitations, and communicate the nature of their activities to their supervisor or manager. Significant adjustments must be approved promptly. Input, oversight and review At all stages, you may receive input from both internal audit managers and the HIA and from business managers and other interested parties. This will help provide different insights into the purpose of the engagement and into the nature of the business area. However, you may have to seek help in prioritising the input from different interest groups. As noted above, day-to-day supervision and review is part of a Quality Assurance and Improvement Programme. Your internal audit activity is likely to have procedures and expectations of how the processes of oversight and review take place. Make sure you leave time for those as you are completing your planning. In smaller internal audit activities, it may be difficult or impossible to establish procedures for detailed review. If you can exchange files or even just discuss your ideas with a colleague, this may be a good way to gain comfort that you have identified the key issues. In larger internal audit activities, the requirements are likely to be more formal with sign-off levels established for different engagements and for different stages. 12 © Chartered Institute of Internal Auditors
  • 13. Planning as an iterative process The stages appear in this guidance as consecutive. However, as suggested above in the section on resources and scope, in fact the process is likely to be iterative. So, scoping considerations may cause you to refine the objectives. The detailed work programme may have consequences for the preliminary resource allocation. Furthermore, even during the detailed work, a specific issue or problem may extend or reduce the scope of an engagement. An example of this is where finding irregularities creates a suspicion of fraud. This could cause you to change the scope of the current engagement or to establish a new engagement with a specific objective to address this particular issue. Therefore, it is important not to consider the process to be rigid but to move between the stages as necessary. There are few tips to keep in mind: 1. Find a way to limit the number of iterations or you could spend all your time planning! 2. Make sure you consult with all the appropriate people - do not agree one thing with your supervisor or the business area manager on one iteration and then forget to update them when the plan changes. 3. Document the key decisions whether it is on the first iteration or on the twentieth! 4. Obtain approval of changes to work programmes for assurance engagements. Summary All the stages of planning an engagement are equally important. They apply both to simple and to very complex engagements. Together, they help to ensure consistency between engagements and to provide the foundations for a quality service to the organisation. Weakness in any one of the stages will impact upon the others, so give each one the attention it deserves. Here is a simple list to help you: DO: 1. Research the subject area thoroughly. 2. Treat audit engagements like a project. 3. Be open with business area managers about what you are doing and encourage participation. 4. Agree objectives - linked to governance, risk management and control. 5. Agree success criteria for the area under review as a basis for audit objectives and scope. 6. Work with the business area to set a reasonable timetable and agree requirements. 7. Consider the application of root cause analysis. 8. Set performance measures and targets. 9. Communicate with other assurance providers. 10. Draw in and schedule expertise when you need it. 11. Timetable key activities and map out a project plan if need be. 12. Obtain approval for an assurance engagement work programme. DON'T: 13 © Chartered Institute of Internal Auditors
  • 14. 1. Set vague objectives that are open to interpretation 2. Take for granted that people understand the objectives and scope of the audit 3. Make the engagement too long and drawn out 4. Assume all the elements of the engagement will come together once it starts 5. Assume people in the business will be able to cooperate with your requests and requirements as they arise Further reading Top tips: Engagement planning Standards: 2200 Engagement planning 2201 Planning considerations 2240 Engagement work programme Practice advisories 1200-1 Proficiency and due professional care 1210-1 Proficiency 1210.A1-1 Obtaining external service providers to support or complement the IA activity 1220-1 Due professional care 2200-1 Engagement planning 2210-1 Engagement objectives 2210.A1-1 Risk assessment in engagement planning 2230-1 Engagement resource allocation 2240-1 Engagement work programme 14 © Chartered Institute of Internal Auditors