The internal audit process can be very complex, but the fundamentals are straightforward with the right internal audit management approach. This article provides some back-to-basics tips for your next internal audit.
An internal audit identifies risks that may prevent an organisation from achieving its goals, whatever they may be. For example, private sector companies generally strive to generate profit while school boards seek to educate students and municipal governments try to provide cost-effective essential services.
Your audit plan will vary greatly depending on the organisation, its industry and the processes you plan to review.
Consider some of the points below as you plan your next internal audit:
- Communicate value: When planning an audit, ensure members of the group being audited view the audit as beneficial, not detrimental to their overall work.
- Define a detailed audit strategy: Agree on and document the overall audit strategy. This means defining reporting requirements, deadlines, important dates, identified issues from previous engagements, and the names and titles of the audit team members.
- Schedule diligently: Keep all parties involved and up-to-date with key dates and document requirements.
- Establish scope: Identify a realistic audit scope to help you avoid scope creep during fieldwork.
- Don’t be limited by the past: If you are auditing an area or process that has been audited previously, consider the results of previous audits but don’t limit yourself to examining only the areas and processes that were issues previously.
- Document communications: Document all discussions. This will help to ensure appropriate communication within the audit team prior to the start of an engagement and keep an accurate record of all findings. Record the attendees, agenda items, and agreed-upon action items by keeping minutes.
- Assess risk: Perform a risk assessment and use its results to help you determine the areas and processes to audit.
- Gather all documents and data: Collect all required information from the internal client. For example, if your internal audit examines the organisation’s financial statements, you’ll want to acquire trial balance and transactions files. If you’re auditing the organisation’s policy compliance, you will need to have access to those policies, or copies of them. Request relevant documents early in the planning process, impose strict submission deadlines and underscore the importance of punctuality to your client.
Identify and test controls
In this stage of the audit, start by identifying high-risk areas and ensuring that controls established by the client are performing as intended. This step is important because controls can vary greatly between organisations, or even between departments. It is also important to examine financial controls surrounding expenses, cheques, or procured services to ensure corporate books are well-kept and expensed items are within market rates.
After the controls are identified during the planning phase, it’s time to move on to testing the controls during the fieldwork phase.
The fieldwork phase is where you put your audit plan into action. This is the time to meet with the relevant department leads and other internal personnel to gather the required information.
- Take plenty of notes throughout the internal audit. These will assist greatly if you audit the same area in the future.
- Have appropriate subject matter experts assigned to appropriate audit areas.
- Meet with internal audit clients on a regular basis during fieldwork. Communicate any concerns in a timely manner. This will help ensure there are no surprises.
An audit report documents findings and recommendations from the internal audit.
Work on your audit report during fieldwork. Take notes along the way. If you wait until all the fieldwork is done to start your report, you can easily miss key information.
To avoid surprises, consider sharing preliminary audit results with internal stakeholders before the final report is due.
Keep the report simple and to-the-point and avoid the passive voice. Include any critical information in a one- or two-page executive overview.
Many practitioners continue to use simple MS Word documents and Excel files during their audits. In fact, in a recent CaseWare IDEA survey of internal audit professionals, nearly 43% of respondents said they complete audits manually using MS Word and Excel (or equivalent) and store their files on a network drive.
In the same survey, only 18% of respondents indicated they use an integrated software solution to automate and manage all aspects of an audit.
This is problematic because there are many steps in an internal audit, and manual approaches needlessly multiply the potential for error, error minimised by streamlined audit management software solutions. For example, PBC (provided by client) documentation is key during the planning stage of an audit. Storing individual Word and Excel PBC documents on a network drive can mean missing or incomplete documentation and poor version control.
Audits can benefit from a combination of best practices and the appropriate audit management software to deliver quick, efficient audits.
Read source article here.