Register now or log in to join your professional community.
Steps in performing the Internal Audit1. PlanningDuring the planning portion of the audit, the auditor establishes the terms of the engagement with the auditee, notifies the board of the audit, gathers information on important processes, evaluates existing controls, and prepares the audit plan.a. Engagement Team DebriefIn this stage, the audit senior will contact the staff who will be conducting the audit to give them a debrief of the board’s previous contact and/or history with the internal audit function, as well as previous findings, time spent on the previous audits, results of the risk assessment and the preliminary scope of the audit.The auditor will prepare a “client assistance letter” with general requests to be sent to the entity to be audited (example of general requests are: flow charts, processes narratives, organizational chart, department heads’ availability, recent changes in the processes etc.) which will have a deadline on or before the initial meeting.b. Engagement LetterThe auditor will prepare the engagement letter to be sent to the head of the audited department which will confirm the scope of work to be performed, objectives of the audit, the auditors assigned to the project and other relevant information. The auditee can contact the auditor at any time before the initial meeting and ask for clarifications and/or make amendments to the terms of the engagement. c. Preliminary Survey & DocumentationTo increase the efficiency of the planning and to speed up the process of developing the audit program tailored for the specific audit at hand, the auditor might ask some general questions for a better understanding of the processes or ask for copies of the policies and procedures by email. The auditor gathers relevant information about the auditee in order to obtain a general overview of operations. The auditor discusses with key personnel and reviews sources of information. This process will likely take place through telephone or email.d. NotificationThe auditor will confirm with the head of the audited department (or heads of departments, if more than one department will be included in the same period), in writing (i.e. via email), the timing and the scope of work of the audit to be performed (already agreed upon in the engagement letter).e. Review of Processes and Internal ControlsDuring this step, the auditors will get an understanding of the processes and policies of the unit being audited. If this is not the first audit of the unit, the auditor will update the processes with the changes/improvements that took place since the last audit, as confirmed with the processes’ owners. The review might consist of either one or a combination of the following: interviews and enquires with the managers of the unit and/or the personnel that are actually performing the tasks, review of documentation used in transaction processing, flow-charts etc. f. Audit ProgramThe audit program concludes the planning phase. This will describe the fieldwork to be performed to achieve the objectives.2. Fieldwork/ExecutionThe fieldwork stage concentrates on transaction testing and communications. It concludes with a list of significant findings from which the auditor prepares a draft of the audit report.a. Initial MeetingDuring this meeting, the auditee describes the unit or system to be reviewed, the available resources and other relevant information. The auditee identifies issues or areas of special concern that should be addressed. During this meeting, different issues can be discussed:- introduction of the team and client’s personnel- communication standards with the client (daily/weekly update, communication of the outstanding points, discussion of the issues and findings etc)- targeted timeline of the mandate- reconfirm the scope of the engagement, as well as explain the approach that will be followed b. Transaction TestingIn this stage transactions will be tested using various techniques, including sampling. The purpose of the testing is for the auditor to assess whether the controls mentioned in the “Review of Processes and Internal Controls” step are operating effectively.c. Continuous CommunicationAs the fieldwork is performed, the auditor will discuss any significant findings with the owners of the processes. At the same time, the process owners will have the opportunity to discuss with the auditor compensatory controls as well as the supporting documentation. The auditor will also inform the client of the progress of the audit throughout the process. Usually the communication will be oral, with written emails or memos for more complex issues to ensure full understanding by the client and the auditor.d. Exit Meeting Upon completion of the fieldwork, the auditor will meet with the client to discuss the preliminary findings and the proposed recommendations. This meeting gives the opportunity to both parties to agree on the most feasible recommendation and to avoid any unpleasant surprises during the reporting phase.3. ReportingThis phase is where the principal product from the audit occurs. It expresses the auditor’s opinion, presents audit findings and discusses recommendations for improvements. a. Preliminary Audit ReportAfter the file is reviewed, the auditor will prepare the draft internal audit report outlining the entities audited, the scope of work, the recommendations and the recommended timeframe for their implementation.b. Management’s ResponseThe management in the audited department will prepare a response to the audit findings in the audit report. The response (plan of action) will indicate:- the title of the person responsible for the implementation - the action to be taken- the timeline for the implementation.The response will be sent to the auditor.c. Final ReportWhen the management’s response is incorporated in the draft audit report, the report becomes final. The auditor will present the final report to the audit committee. Copies will be distributed to the head of the audited activity or department, the person to whom this individual reports to and up the chain of command to the director of education of the affected school board.4. Follow-upThe auditor will follow-up on the completed audit within approximately one year of the final report to verify the resolution of the report findings.a. Follow-Up ReviewThe auditor will keep an updated log of issues to be followed-up from the previous audits, including the deadline for the implementation of the proposed and agreed upon recommendations. The auditor will contact the client to follow up on the implementation of the recommendation as the deadlines approach. They will discuss and understand the process that is implemented, asking for different documents supporting the implementation.b. Follow-Up ReportA follow-up report will be issued to the management and a copy sent to the audit committee, describing the issue followed-up on, the management’s control implementation, the assessment of the appropriateness of the control and a listing of unresolved finding, including their deadline.
Audit Engagement :
As Per Standard of Audit210 issued by ICAI,
In Recurring Audit:
Compliance of Pree condition
Written Representation from mgt. Regarding internal control, Preparation Financial Statement, Provide information and additional information,
In new assignment.
Engagement condition should be decided by auditor and TCWG.
Written representation as stated above.
The following steps of the audit engagement:
Check & consider whether it is ethically barred from acting.
Consider whether it has resources available to undertake the engagement.
Obtain permission to contact the outgoing auditors and do so
Ensure its appointment is valid.
evaluate the integrity of management
Identify special circumstances and unusual risk
Access competence to perform audit
Evaluate independence
decision to accept or decline engagement
prepare engagement letter
Create the engagements letter with the client and Understanding with the client the environment and industry and the responsibilities of the client management for the design and perform the internal control system and the preparing of the financial statements.
communicate with the predecessor auditor
The audit is some times planned in advance even much before that one does the planning just before doing the audit. This type of audit planning is generally the part of organization's QMS internal audit. To make it simple to audit an organization's QMS one has to identify that how frequently it is going to be audited in a year e.g. quartelry, six monthly or annually. So that is called an annual internal audit plan which may specify which process is going to be audited when. Now the next audit planning based on this plan is to agree with the auditee about date, time and duration of audit.
As per ISO standard auditor can not audit his own process of which he is the process owner.
Once agreement is reached with the auditee about the planning, the next step is to prepare for the audit, both the auditor and auditee prepare themselves for the audit.
Then as per planning the audit will commence as under;
a. Threre will be an opening meeting among the auditor and all auditee concerned in which auditor would explain about the auditing process and raising of nonconformity and / or observation/ findings.
b. Audit starts after the openeing meeting, the information is collected, reviwed and analysed in the light of laid down process policy procedures requirements etc.
c. The findings of the audit are discussed with auditee (s) during audit at the site of audit and agreed.
d. The overall findings at the end of the audit is also discussed and agreed in the closing meeting of the audit where all concerned auditees and managers of the auditees are present, and accordingly action plan is requested by the auditor to close the findings.
e. The closing of audit findings is followed up by the concerned auditor as per the action plan submitted by the auditees.
f. The Audit finding and closing is reported to Top management of the organization and discussed in a periodic meenting.
Audit engagements are performed in three general phases: planning, fieldwork & review, and reporting
the first before determine steps of audit engagement , the internal auditor should have Independent as per the personal experience or objectivity and the steps of audit engagement as follow
1- after that the processing of auditing will do accept or non accept to continue with the company
2- in case of accepted auditing processing should determine Audit plan helps auditor to obtain sufficient appreciate evidence for the circumstances,
3- evaluation of the internal control system The internal auditor should identify and evaluate the organisation's internal control system as a basis for reporting upon its adequacy and effectiveness
4- Identify special circumstances and unusual risk
5- Evaluate independence
6-decision to accept or decline engagement
7-prepare engagement letter by first draft to discuss around Importance note before issues final report as per 701 standard
1. Audit notification
2. Request for documentation
3. Preparing an dudit plan
4. Scheduling for opening meeting
5. Conducting the audit
6. Documenting a report
7. Closing meeting
8. Follow up and closure of action plan
Planning based of scope of Audit, Fieldwork carried out as per plans, Review and Finally Reporting of the Audit.
1.Assist to team for Auditing.
2.Communication with Audit Client.
3.Requesting Financial Documents.
4.Preparing an Audit Plan.
5.Scheduling an Open Meeting.
6.Conducting Onsite Fieldwork.
7.Drafting a Report.
8.Setting Up a Closing Meetin