Documente Academic
Documente Profesional
Documente Cultură
INTERNAL AUDITING CO2: Able to apply the internal audit process (procedural and practical
aspects) during an audit engagement (Engagement Process) in
accordance with the relevant standards and able demonstrate a good
understanding on the importance of technology in the internal audit
4. ENGAGEMENT PLANNING work. (C4)
1 2
3 4
Communication (reporting)
Incorporation of IA strategies
Follow Up
5 6
Overall view on an Internal Audit Strategic Plan
Steps in Developing Strategic Plan
7 8
9 10
The IIA, in its IPPF Standard 2200 stipulated that; The objectives of the activity being reviewed and the means
by which the activity controls its performance;
Internal auditors must develop and document a plan for each The significant risks to the activity, its objectives, resources,
engagement, including the engagement’s objectives, scope, timing, and and operations and the means by which the potential impact
resource allocations. of risk is kept to an acceptable level;
The adequacy and effectiveness of the activity’s governance,
risk management, and control processes compared to a
relevant framework or model; and
The opportunities for making significant improvements to the
activity’s governance, risk management, and control
processes.
11 12
Risks and Control Assessment
Setting up the objectives
Understanding of the auditee.
LIKELIHOOD ASSESSMENT OF RISK -EXAMPLE
• More specific guidance might be A Almost Certain
Preliminary assessment of the risks relevant to the activity provided for this, for example
under review.
• E: Once in 10 years B Likely
Probability of significant errors, fraud, non-compliance, and
other exposures when developing the engagement objectives.
• D: Once a year
• C: Several times a year C Probable
Criteria that can adequately evaluate governance, risk • B: Every day
management, and controls. D Unlikely
• A: Several times a day
Consulting engagement, address G,RM, C processes to the E Rare
extent agreed upon with the client.
13 14
• 5:The impact would stop the area from reaching its 1 Negligible
key objectives A
Significant Significant High High High
• 4: The impact would threaten the area’s key
objectives 2 Minor B
Moderate Significant Significant High High
• 3: The impact would not threaten the area’s key
objectives, but subject it to significant review or 3 Moderate C
change the area’s function Moderate Moderate Significant High High
15 16
Computer assisted audit tools and Using audit software to reconcile payroll file and employee master
Selection techniques (CAATTs) file.
Physical inspection Test drive the company car used by the chief executive officer to
ensure that it is in good condition
Review of published reports or Review minutes of meeting to identify decision on bonuses for the
Nature minutes year.
Confirmation Send letters to employees who took company car loan to confirm
23 the loan balance due. 24
Analysing audit evidence Documentation
25 26
27 28
E.g. whether control activities are adequately designed & Determine the criteria to evaluate the
operating effectively, requires significant degree of results, risk and specific controls
professional judgment.
IA team MUST ultimately reach logical conclusions Evaluate the results with respect to the
(informed decisions) based on the evidence gathered. risks and good internal control standards
31 32
engagements. report.
Review and edit by the
manager of audit assignment
Preparation of the second revision
of the report.
Review and edit by the head of
internal auditdepartment
Preparation of the third revision of
the report.
Combined review and edit by
the audit team leader,
manager, and director.
Preparation of the “discussion draft”
of the report for review by auditee
management.
Review by management and
response provided on audit
findings.
Preparation of the final draft of the
audit report for distribution.
33 34
35 36
Questions and Answers
37