Internal Audit Plan Ultimate Guide: Step By Step On How To Prepare Internal Audit Plan

Whenever a business is set up, it set several rules, protocols, and SOPs. The business norms comply with every business entity to have an internal control system that regulates how the company will act. The internal control system comprises the set rules on how the company will act to safeguard the company’s interest, prepare true & fair financial statements.

It defines how the company will maintain records and assess & mitigate risks. It also includes detection and prevention of any fraudulent activities within premises or scope of business entity. The internal control system stands on the pillars of control procedures and control environment.

An internal check is another component of the internal control system. It oversees how the duties allocated to different staff members are being performed. Different authors define it as a continuous assessment of procedures to assure detection and prevention of fraud.

The internal control system is an ongoing practice. The annual audit is performed by the external auditor once a year. However, many business corporations and financial corporations adopt an additional practice to improve the internal check and internal control system. It is an internal audit. The internal audit ensures consistent assurance within the business entity.

This article will discuss how to prepare an internal audit plan. 

What Is Internal Audit?

Internal audit can be explained as the continuous practice of assuring that the internal control system is working well. It comprises risk assessment, management, and evaluation of the company’s internal controls, accounting procedures, and external corporate governance.

The Institute Of Internal Auditors(IIA) defines internal audit as,

It is an independent appraisal activity within an organization to review operations as a service to the management. It is a managerial control that functions by measuring and evaluating the effectiveness of internal controls.

From this definition, the following characteristics of an internal audit are highlighted:

  • It is an independent activity.
  • It is an appraisal activity that means the internal auditor will review and evaluate work done by others.
  • It is a service to the organization that signifies the importance of internal audits in effective decision-making at a strategic level.
  • It measures and evaluates the effectiveness of internal control. It means the purpose is to continuously review the internal control procedures of the business entity.

Are There Any Regulatory Bodies For Internal Audit?

The Institute of Internal Auditors pronounced as IIA, an international professional body, sets and governs the standards for internal auditing of business entities. It was established in 1941, and since then, it is working in 170 countries across the world.

Related article  What is Audit Program? Why It Is Important?

Step-By-Step Guide To Prepare Internal Audit Plan

The importance of internal audit is undoubtedly high for the effectiveness and consistency of the internal control system. However, internal audit planning is even more crucial for the success of the internal control environment and procedures.

IIA IPPF 2010 states the audit plan of a business entity should be in line with its strategies, risks, and overall goals. Let’s go through the ultimate guide explaining step by step on internal audit planning.

The internal audit planning comprises of following stages:

Planning Process

The first and foremost internal audit framework is to draw the foundation for audit plan and execution. The audit planning stage encompasses the broader approach of the internal audit processes and engagement. It also covers the important control areas to be covered in the internal auditing. The internal audit might use an internal audit planning memo to communicate the scope, objective, deliverable, period, and resources.

The planning process answers the questions like:

  • Why a process has become part of internal audit plan?
  • How the specific auditable process contribute to company’s mission and objectives?
  • What is the risk company need to address?
  • What was the audit process in the past, and what were the results?

What is an audit planning memorandum?

An audit planning memorandum is the documents that are prepared by auditor to communicate the audit planning to management and sometime to the audit committee. This memo generally includes the scope of audit and its main objective. It is also including the deliverable that auditor will be delivered after the completion of audit. Audit work program at the high level should also be include in the memo as well as the duration and the location of audit.

The audit planning process consists of the following activities:

Audit Universe

The scope of the internal audit is often pronounced as the audit universe. It explains all the business areas and operations that will be evaluated in the audit process. The audit universe incorporates the approach of internal audit. For instance, it explains the audit strategy based on the organizational objectives, hierarchy, and goals.

Risk Assessment Methodology

Once the audit universe is defined, the risk assessment methodology is incorporated. The primary purpose of internal audit is risk assessment and mitigation. Therefore, the risk assessment methodology dictates criteria for prioritizing risks in the risk assessment process. The criteria of risk are defined based on its impact and probability of happening. The risk assessment process helps the internal auditors to prioritize different risks within the organization.

Related article  4 Code of Ethics of Internal Auditors- With Detail Explanation

Strategic Audit Plan

The strategic audit plan is a long-term plan of the internal audit. It usually expands to 3-5 years. The plan encompasses the broader and long-term objectives to be achieved by the internal audit. Strategic leadership defines the objectives of how a business entity foresees the opportunities, goals, and objectives. The strategic plan is flexible to be changed annually based on the strategic front of the company.

Annual Audit Plan

The annual audit plan is a more actionable action plan on assessing and mitigating the risks within the next financial year. The annual audit plan is made based on risk assessment practice adopted and the risks prioritization. The measurable, achievable, and actionable audit objectives are defined. The annual audit budget is also curated which is necessary for the execution of the audit.

The plan is submitted to the senior management and audit committee for review and approval. The audit plan might be accepted or revised as per instructions of higher management.


The internal audit plan comprises the activities to be performed in the execution stage of the audit. The execution stage in the audit process is outlined in the planning process, and it relates to the fieldwork during an audit.

Audit Engagement

The practical plan of the audit will focus on audit engagement planning as the first step. It revolves around creating the audit team, criteria for selection of members, and responsibilities of every member. The audit engagement planning is usually done at the event of the first meeting of the internal audit. The audit team is finalized, and letters of appointment are issued to the internal auditors. The audit engagement plan will take a closer look at identifying key issues and risk areas in an organization. The timing, objectives, and information required are also discussed.


The opening meeting highlights the main issues and areas to be covered in the internal audit. Afterward, the preliminary survey will be conducted. Although, the surveys are conducted in the process of internal audit. However, the planning stage must plan on how the preliminary survey will be consolidated. The internal auditors usually conduct the preliminary survey to fully understand the internal processes and risk areas and gather information about the key controls, risks, etc.

Audit Objectives And Scope

The audit execution plan also comprises defining the audit objectives and scopes specific to the business entity. As discussed earlier in the audit planning stage, the objectives should be clear, measurable, and achievable. The audit scope is defined by the internal auditor.

Related article  Internal Audit Vs. External Audit: Key Differences You Should Know

Based on the time, objectives, and processes, the auditors plan what to review and whatnot. The audit scope should be sufficient enough to meet the overall objectives of the internal audit.

Audit Program And Working Papers

The auditor designs the audit program that explains the audit engagement procedures to achieve audit objectives. It can include the audit technique, segregation of duties, timelines for different activities, etc.

The audit plan should also cover the documentation needs and procedures during the process of audit. The auditors will require different pieces of evidence to support their conclusions and judgments. Therefore, the audit plan should explain how different documents will be indexed in the audit process.

Assessment, Evidence, And Supervision

The audit plan will also dictate how the internal auditor will assess the effectiveness of the internal control system. It also discusses the procedures and guidelines on collecting audit evidence and the level of supervision throughout the audit engagement process.

Closing Meeting

The last step in the execution planning is the closing meeting. The closing meeting is conducted to communicate the final judgment with the company before preparing the report. The internal auditor will summarize his findings and relevant suggestions after performing the audit process. The fact-finding sheet is also an important aspect of the audit plan. The fact sheet also explains the findings of the audit by segregating the results into criteria, condition, cause, and impact of a specific issue.


The final stage to be planned in the internal audit is reporting. It also comes last in the audit process. The audit plan should dictate the procedures for the reporting of internal audit findings. The plan should highlight how the reporting of internal audit engagement will be conducted as of intermediary report, draft report, and final report. The reporting planning also comprises guidelines on how to report to the external regulatory bodies if fraud, irregularity, or mismanagement is found within an organization.

In A Nutshell,

An internal audit process is a useful tool for ensuring the effectiveness of the internal control system. If the internal audit is planned carefully and flexibly, it will improve the overall goal achievement of the business entity. Therefore, the chief audit executive within the business corporation must make an effort to plan the internal audit for the long term. The strategic audit plan should be reviewed every year to update it according to the dynamically changing circumstances and business environment.