Scribd
Upload
70 views3 pages

Internal Audit Best Practices Overview

The document discusses internal audit processes and risk-based auditing. It outlines how internal audit areas are selected based on risk analysis and input from departments. It also describes the key aspects of a risk-based audit approach, including focusing on strategic, regulatory, financial and operational risks. The document notes employees should report any fraud, waste or abuse. It provides the standard operating procedures for internal audits, including developing an annual audit plan, communicating the plan, conducting planning and fieldwork, reporting results, and following up on audits.

Uploaded by

Rojan Completano
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
70 views3 pages

Internal Audit Best Practices Overview

The document discusses internal audit processes and risk-based auditing. It outlines how internal audit areas are selected based on risk analysis and input from departments. It also describes the key aspects of a risk-based audit approach, including focusing on strategic, regulatory, financial and operational risks. The document notes employees should report any fraud, waste or abuse. It provides the standard operating procedures for internal audits, including developing an annual audit plan, communicating the plan, conducting planning and fieldwork, reporting results, and following up on audits.

Uploaded by

Rojan Completano
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Completano chapter 13

1st slide

How reviewed areas selected by internal audit

- An annual audit plan is developed based on significance and risk. Input is actively solicited from
the different segments or departments or components to incorporate into the risk analysis plan
2nd slide

Risk- based audit approach

- A risk-based audit approach (RBAA) is the latest "best practice" in the evolution of internal
auditing, aimed at maximizing the impact of audit by focusing on the major strategic, regulatory,
financial and operational risks that confront an organization.

- risk-based audit is an audit approach designed to provide assurance that the business is
appropriately mitigating significant risks to the achievement of objectives.

- RBAA can effectively and efficiently assist an organization by:

(1)Improving understanding and communication of risk and related mitigation options,(2)


Strengthening accountability for achieving objectives,(3) Facilitating achievement of enterprise-
wide requirements for risk management,(4) Providing a basis upon which to create contingency
plans, (5) Enhancing information for informed decision-making: ,(6) Definitive basis for giving
overall assurance opinion:
 Dictates coverage of all inherently high risk areas
 Justifies audit ( and management) attention to inherently high and residually low
risks
 Rigorous basis for estimating resources needed
 Raises profile of internal audit withing organization

3rd Slide

Report fraud, waste and abuse

- it is the responsibility of every employee to help protect the assets and resources of the entity.
To accomplish this, each employee is encouraged to report factual information suggestive of
dishonest or illegal. By policy, the internal audit department is responsible for investigating
report of suspected wrong doing.

- It is very important for an entity to respect the privacy of the person providing the information.
4th slide

Standard Operating procedures for internal audit:

1. Prepare Annual Internal Audit Plan

2. Communicate Annual Internal Audit Plan

3. Conduct Internal Audit Planning and Notification

4. Perform audit Field work

5. Report Results
6. Wrap-up Audit
7. Review Final Report
8. Disseminate Report
9. Evaluate and Follow Up

4th slide (di to kasali AHAHAHHAHA narealize ko amsyadong mahaba kung isali sa PPT kaya rekta
explaibn ko na yang pang 4th slide)

1. Prepare Annual Internal Audit Plan

a. Conduct a preliminary risk assessment session utilizing a facilitated group interview.

b. Gather top management input on the preliminary risk assessment.

c. Prepare a Draft Annual Audit Plan based upon the results of the risk assessment process.

d. Obtain the formal approval of the Audit & Governance Committee of the Board of Directors

2. Communicate Annual Internal Audit Plan

a. Distribute the Annual Audit Plan to senior management.

b. Keep senior management informed of any changes to the Annual Audit Plan.

c. Ensure that appropriate senior management is informed at least a month prior to each planned
audit.

d. Note that special requested projects require different procedures involving little or no notification
to involved management.

3. Conduct Internal Audit Planning and Notification


a. Contact department management at least two weeks in advance of scheduled audit date to discuss
risk considerations that led to the audit being on the annual plan, expected scope of the audit, and
current management concerns.

b. Develop preliminary audit program outlining anticipated scope, risk assessment, procedures

and schedule.

c. Schedule an Entrance Meeting with department management and staff, and other stakeholders as
appropriate, to go over and finalize the audit program, obtain documents, schedule interviews and
communicate expected audit completion date.

4. Perform Audit Fieldwork

a. Carry out fieldwork as indicated in the audit program.

b. Obtain cooperation from the line management and department staff as necessary to identify, obtain
documentation and conduct interviews, etc.

c. Conduct fieldwork with minimal disruption to department operations; for example, whenever
possible, obtain information from central sources rather than from departmental staff or line
management.

5. Report Results

a. In general, share important and sensitive findings with responsible managers immediately upon
verification by the auditor; short memo reports may be used in this process.

b. Prepare a first draft final report and discuss it with responsible managers immediately following the
fieldwork.

Engagement observations and recommendations, according to The IIA's Practice Advisory 2410-1:
Communication Criteria', emerge by comparing criteria (the correct state) with condition (the current
state). The observations and recommendations, if developed are based on four attributes: criteria,
condition, cause, and effect. These four attributes comprise a finding.

6. Wrap-up Audit

a. Schedule an Exit Meeting after responsible managers have received the first draft report; this meeting
will provide the opportunity for responsible managers to discuss findings, conclusions, and
recommendations with the auditor.

You might also like