Please enable JavaScript.
Coggle requires JavaScript to display documents.
INTERNAL AUDITING PROCESS - Coggle Diagram
INTERNAL AUDITING PROCESS
PERFORMING THE ENGAGEMENT
:star:
IPPF 2300
Performing the Engagement - Internal auditors must identify,
analyze, evaluate, and document sufficient information to achieve the objectives
Identifying and collecting information
IPPF 2310 :silhouette:
Identifying Information Internal auditors must identify sufficient, reliable, relevant, and useful information to achieve the engagement’s objectives
Analyzing and evaluating information :silhouette:
Interviewing/conducting inquiry
Verifying/vouching
Observation
Reperformance/ recalculation
Questionnaires
Analytical procedures
Computer assisted audit techniques
Physical inspection
Review of published reports or minutes
Confirmation
Documenting the information collected :silhouette:
Need to be properly documented (manually/electronic form) to ensure compliance to IPPF standards, future reference and knowledge management
Contains in audit work papers
Audit plan - Evidence that the auditor has developed a plan for the whole audit engagement
Narrative summaries - All information gathered through inquiry, confirmation, inspection and any other methods of enquiry, along with the conclusions reached
Supporting documents - Risk and control assessments, documents and analysis using generalized audit software
ENGAGEMENT PLANNING
:star:
Considerations in preparing engagement planning
Objectives of the activity being reviewed and activity controls its performance
Significant risks to the activity, its objectives, resources, and operations and the potential impact of risk is kept to an acceptable level
Adequacy and effectiveness of the activity’s governance, risk management, and control processes compared to a relevant framework
Opportunities for significant improvements to the activity’s governance, risk management, and control processes
Engagement objectives and scope :<3:
Understanding of the auditee - Preliminary assessment of the risks relevant to the activity under review - Probability of significant errors, fraud, non-compliance, and other exposures - Criteria that can adequately evaluate governance, risk management, and controls
Risks and control assessments :<3:
Assist the organization by identifying and evaluating significant exposures to risk and
contributing to the improvement of risk management and control systems
Information used by auditors must
The reliability of the management’s assessment of risk
The management’s process for monitoring, reporting and resolving risk and control issues
The management’s reporting of events that exceeded the limits of the organization’s risk appetite and responses to those reports
Risks in related activities relevant to the activity under review
Creating a test plan/work program
A work program includes :<3:
Objectives
Reference documents
Date of work performed
Allocation of task
Person perform the work
Detail of audit procedures and evidence collected
Additional notes
Time taken for each task
Resource allocation :<3:
Internal auditors must determine appropriate and sufficient resources to achieve engagement objectives based on an evaluation of the nature and complexity of each engagement, time constraints, and available resources
It involves determining
Audit expertise needed
Estimate time taken to complete engagement
Assigning appropriate IAs to engagement
Scheduling work
Documentation and communication :<3:
Key elements included
Planned engagement objectives
and scope of work
Preliminary assessment of risks and controls
The timing of the engagement
work
Internal auditors assigned to the engagement
The process of communicating throughout
the engagement
Concerns or any
request by the Audit Committee
Business conditions and operations of the activity being
Audit strategy and test plan