Chapter 9
Audit Fieldwork
Introduction
We have established that there are many different interpretations of the internal audit role and many approaches to performing both assurance and consulting work. One basic approach that has been discussed is risk-based systems auditing. This involves establishing the system objectives, finding out what risks should be addressed and then developing appropriate solutions to mitigate unacceptable levels of risk. The audit can be done by the client (with help from internal audit), by the auditor but with a great deal of participation with the client, or entirely by the internal auditor (as an outsider). These perspectives form a spectrum from objective review through to facilitated self-assessment. Whatever the adopted format, the auditor should perform fieldwork to arrive at an opinion and advice on managing outstanding risks. Apart from the self-assessment approach, which is more consultancy than anything else, the internal auditor may go through variations on several set stages in performing the audit. Note that all references to IIA definitions, code of ethics, IIA attribute and performance standards, practice advisories and practice guides relate to the International Professional Practices Framework (IPPF) prepared by the Institute of Internal Auditors in 2009. The various stages for performing a basic audit are covered in this chapter and include:
9.1 Planning the Audit
9.2 Interviewing Skills
9.3 Ascertaining the System
9.4 Evaluation ...