4

THE ANNUAL AUDIT PLAN

The chief audit executive should establish risk-based plans to determine the design of the internal audit priorities of the internal audit activity, consistent with the organization's goals.

—IIA Standard 2010

INTRODUCTION

We arrive now at the all-important annual audit plan. This plan should be designed to ensure discharge of the internal audit's responsibilities, which include:

  • Improving and assuring governance, risk management, and internal controls.
  • Promoting self-assessment of internal control.
  • Coordinating audit activities with the external auditor.
  • Promoting good information systems, compliance with procedures, value for money, and safeguarding assets and interests.
  • Forming a view of the corporate attestations on internal control.

Audit planning conjures up several key questions as described by Paul Sobel:

When conducting the annual audit-planning process, the auditor must answer the following questions:

  1. What represents success for the company?
  2. What are the barriers to achieving that success?
  3. How does the company manage those barriers?
  4. How do we know the barriers are managed to the desired level?1

In quoted companies, the auditor will want to consider Section 404 attestations and will want the audit plan to cover items such as the need to ensure that:

  • Significant controls are documented, assessed, and tested.
  • A clear methodology is applied to internal control reviews and reporting.
  • External audit has a clear role in testing the internal control ...

Get Audit Planning: A Risk-Based Approach now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.