Please enable JavaScript.
Coggle requires JavaScript to display documents.
Unit 2.1, Use market, pdt, industry knowledge to
identify new internal…
-
Use market, pdt, industry knowledge to
identify new internal audit engagem
opportunities
Built an audit universe
-> represent potential range of all audit activities
-> comprised of a number of auditable programs, functions and structures
Benefit of having an audit universe
- tools to help comm the coverage of the org by IA
e.g. high risk -> high coverage by audit against audit universe
- crucial component - coordination
--Std 2050 - CAE should share info, coordinate activities,
and consider relying upon the work of others
-> to ensure proper coverage and min dup of efforts
--Good starting point for discussions with other teams
How to built audit universe
Implementation Guide - Std 2010 - Planning
- Audit universe includes projects and initiatives related to the org's strategic plan, may be org by business units, pdt/ service
lines, programs, systems, and control
- IA should have effective processes to identify all auditable
entities within the auditable universe
(e.g. dept/ functions, org chart/ mgt listings, major pdt line,
cost centre, major operating systems)
- CAE should use a risk-factor approach to consider both internal and external risks
- to ensure audit universe covers all of the org's key risks
-> IA activity independently reviews and corroborates the
key risks that were identified by senior mgt
- understand potential sources of Opp/ Threats (SWOT)
-> solicit both qualitative (interview, walkthrough, observation)
and quantitative data (report, survey) during risk assessm
-
-
-
-
-
- Comm Areas of sign risks
- Obtain approval from the Board
for the annual engagem plan
Perf Std 2060 "Reporting to Senior Mgt and the Board"
- CAE must report periodically on the IA's activity's
purpose, authority, responsibility, perf relative to
its plan and on its conformance with COE and Std
- Report must include sign risk and ctrl issues,
including fraud risks and gov issues, other matters
required attention of senior mgt and the board
Perf std 2020 " Communication and Approval"
- CAE must comm the IA activity's plans and resources requirements, including sign interim changes, to senior mgt and board for review and approval
- also comm the impact of resource limitation
-
CAE must establish a risk-based plan
to determine priorities of IA activity,
consistent with org's goals
IA activity must evaluate and contribute
to the improvement of the org's
gov, risk mgt and control process
using systematic, disciplined,
risk-based approach