Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.
Internal auditors are credentialed professionals with expertise in analyzing business processes and internal controls. Due to the breadth of processes and industries examined by internal audit, internal auditors cannot be expected to have subject matter expertise in everything we do. As an example, internal audit would not evaluate the merits of whether the District Attorney decides to take a case to trial or enter into a plea bargain. We would not recommend whether Sheriff’s Deputies should ride one or two to a patrol car. We would not second guess the manner of death stated by the Coroner’s office. These are all examples of professional judgment exercised by individuals with the requisite knowledge, experience, and education to make such judgments.
omissions from the audit plan may expose the organization's CEO and board of directors to unnecessary risk
ideally the commmitte , senior management and the chief audit executive should agree on those areas of risk that will not be audited and reasons
audit committee members should be alert to possibility of under-refunding of the internal audit function
recommended practices
the internal audit plan includes a list of those areas of risk that ranked just below those selectec for inclusion in the audit plan
this enables the audit committee to assess what risks management and committe will accept by excluding them from the plan
There are several methodologies of conducting internal audit:
1. Everything is covered. Process based approach - when every single procedure gets audited. Consumes a lot of time and a lot of resources but provides the most accurate picture of internal controls. However if it lasts too long, the controls may change so by the time of the report it may not be accurate any more. Used very rarely these days, mostly for some precise processes where any deviation may have disastrous results.
2. Only the scariest things are covered the rest don't get any attention. Risk-based approach - when the riskiest areas are identified and audited first providing a good view of the threats and most important controls. Still consumes considerable resources and time. It is also subject to judgment bias especially in the area of event probability and impact. The most used approach everywhere. However, it is most suitable for conservative organizations, like banks, state agencies, funds, estates, wuquf etc.
3. We only look at what can prevent us from achieving our goals. The rest of the risk and processes are not covered. This is a business objective-based approach, which is suitable for industrial, commercial, service and other aggressively growing and trading organizations. Not all of the risk or processes are audited, but only those directly related to timely achievement of the business goals.
In short, what's covered and what's not, depends on the organization's risk appetite and available audit resources.
Simply nothing, its scope should include all organization aspects and activities. It is only exempted from giving a judgement about the fairness view and presentation of the financial position of the company.
any area in organization could be covered by internal auditing - but it is depend on agreement with clint
Internal Audit does not cover the business,forecasting,secretarial work.