Whenever a business is set up, it sets several rules, protocols, and SOPs. The business norms comply with every business entity to have an internal control system that regulates how the company will act.
The internal control system comprises the set rules on how the company will act to safeguard the company’s interest and prepare true & fair financial statements.
It defines how the company will maintain records and assess & mitigate risks. It also includes the detection and prevention of any fraudulent activities within the premises or scope of the business entity. The internal control system stands on control procedures and controls environment pillars.
An internal check is another component of the internal control system. It oversees how the duties allocated to different staff members are being performed.
Different authors define it as a continuous assessment of procedures to ensure the detection and prevention of fraud.
The internal control system is an ongoing practice. The annual audit is performed by the external auditor once a year.
However, many business and financial corporations adopt an additional practice to improve the internal check and control system. It is an internal audit. The internal audit ensures consistent assurance within the business entity.
This article will discuss how to prepare an internal audit plan.
What Is Internal Audit?
Internal audit can be explained as the continuous practice of assuring that the internal control system is working well. It comprises risk assessment, management, and evaluation of the company’s internal controls, accounting procedures, and external corporate governance.
The Institute Of Internal Auditors(IIA) defines internal audit as,
It is an independent appraisal activity within an organization to review operations as a service to the management. It is a managerial control that measures and evaluates internal controls’ effectiveness.
From this definition, the following characteristics of an internal audit are highlighted:
- It is an independent activity.
- It is an appraisal activity that means the internal auditor will review and evaluate work done by others.
- It is a service to the organization that signifies the importance of internal audits in effective decision-making at a strategic level.
- It measures and evaluates the effectiveness of internal control. It means the purpose is to review the internal control procedures of the business entity continuously.
Are There Any Regulatory Bodies For Internal Audits?
The Institute of Internal Auditors pronounced as IIA, an international professional body, sets and governs the standards for the internal auditing of business entities. It was established in 1941, and since then, it has been working in 170 countries across the world.
Step-By-Step Guide To Prepare Internal Audit Plan
The importance of internal audit is undoubtedly high for the effectiveness and consistency of the internal control system. However, internal audit planning is even more crucial for the success of the internal control environment and procedures.
IIA IPPF 2010 states the audit plan of a business entity should be in line with its strategies, risks, and overall goals. Let’s go through the ultimate guide explaining step by step on internal audit planning.
The internal audit planning comprises of following stages:
The first and foremost internal audit framework is to draw the foundation for the audit plan and execution. The audit planning stage encompasses the broader internal audit processes and engagement approach. It also covers the important control areas in internal auditing.
The internal audit might use an internal audit planning memo to communicate the scope, objective, deliverable, period, and resources.
The planning process answers the questions:
- Why has a process become part of the internal audit plan?
- How does the specific auditable process contribute to the company’s mission and objectives?
- What is the risk company needs to address?
- What was the audit process in the past, and what were the results?
What is an audit planning memorandum?
An audit planning memorandum is a document prepared by the auditor to communicate the audit planning to management and sometimes to the audit committee. This memo generally includes the scope of the audit and its main objective. It also includes the deliverable that the auditor will deliver after the audit’s completion. The audit work program at the high level should also be included in the memo as well as the duration and the location of the audit.
The audit planning process consists of the following activities:
The scope of the internal audit is often pronounced as the audit universe. It explains all the business areas and operations that will be evaluated in the audit process.
The audit universe incorporates the approach of internal audit. For instance, it explains the audit strategy based on the organizational objectives, hierarchy, and goals.
Risk Assessment Methodology
Once the audit universe is defined, the risk assessment methodology is incorporated. The primary purpose of an internal audit is risk assessment and mitigation.
Therefore, the risk assessment methodology dictates criteria for prioritizing risks in the risk assessment process. Risk criteria are defined based on their impact and probability of happening. The risk assessment process helps the internal auditors to prioritize different risks within the organization.
Strategic Audit Plan
The strategic audit plan is a long-term plan for the internal audit. It usually expands to 3-5 years. The plan encompasses the broader and long-term objectives to be achieved by the internal audit.
Strategic leadership defines the objectives of how a business entity foresees the opportunities, goals, and objectives. The strategic plan is flexible and is to be changed annually based on the strategic front of the company.
Annual Audit Plan
The annual audit plan is more actionable for assessing and mitigating the risks within the next financial year. The annual audit plan is made based on the risk assessment practice adopted and the risk prioritization.
The measurable, achievable, and actionable audit objectives are defined. The annual audit budget is also curated which is necessary for the execution of the audit.
The plan is submitted to the senior management and audit committee for review and approval. The audit plan might be accepted or revised per higher management’s instructions.
The internal audit plan comprises the activities to be performed in the execution stage of the audit. The execution stage in the audit process is outlined in the planning process and relates to the fieldwork during an audit.
The practical plan of the audit will focus on audit engagement planning as the first step. It revolves around creating the audit team, the criteria for the selection of members, and the responsibilities of every member.
The audit engagement planning is usually done at the event of the first meeting of the internal audit.
The audit team is finalized, and letters of appointment are issued to the internal auditors. The audit engagement plan will take a closer look at identifying an organization’s key issues and risk areas. The timing, objectives, and information required are also discussed.
The opening meeting highlights the main issues and areas to be covered in the internal audit. Afterward, the preliminary survey will be conducted.
Although, the surveys are conducted in the process of internal audit. However, the planning stage must plan how the preliminary survey will be consolidated.
The internal auditors usually conduct the preliminary survey to fully understand the internal processes and risk areas and gather information about the key controls, risks, etc.
Audit Objectives And Scope
The audit execution plan also defines the audit objectives and scopes specific to the business entity. As discussed earlier in the audit planning stage, the objectives should be clear, measurable, and achievable. The internal auditor defines the audit scope.
Based on the time, objectives, and processes, the auditors plan what to review and whatnot. The audit scope should be sufficient to meet the internal audit’s overall objectives.
Audit Program And Working Papers
The auditor designs the audit program that explains the audit engagement procedures to achieve audit objectives. It can include the audit technique, segregation of duties, timelines for different activities, etc.
The audit plan should also cover the documentation needs and procedures during the process of the audit. The auditors will require different evidence to support their conclusions and judgments. Therefore, the audit plan should explain how different documents will be indexed in the audit process.
Assessment, Evidence, And Supervision
The audit plan will also dictate how the internal auditor will assess the effectiveness of the internal control system. It also discusses the procedures and guidelines for collecting audit evidence and the level of supervision throughout the audit engagement process.
The last step in the execution planning is the closing meeting. The closing meeting is conducted to communicate the final judgment with the company before preparing the report. After performing the audit, the internal auditor will summarize his findings and relevant suggestions.
The fact-finding sheet is also an important aspect of the audit plan. The fact sheet also explains the findings of the audit by segregating the results into criteria, conditions, causes, and impacts of a specific issue.
The final stage to be planned in the internal audit is reporting. It also comes last in the audit process. The audit plan should dictate the procedures for reporting internal audit findings.
The plan should highlight how the reporting of internal audit engagement will be conducted as of intermediary report, draft report, and final report.
The reporting planning also comprises guidelines on reporting to external regulatory bodies if fraud, irregularity, or mismanagement is found within an organization.
In A Nutshell,
An internal audit process is a useful tool for ensuring the effectiveness of the internal control system. If the internal audit is planned carefully and flexibly, it will improve the overall goal achievement of the business entity.
Therefore, the chief audit executive within the business corporation must make an effort to plan the internal audit for the long term. The strategic audit plan should be reviewed every year to update it according to the dynamically changing circumstances and business environment.