MANAGING INTERNAL AUDIT ACTIVITY
- Internal Audit Operations.
- Describe policies and procedures for planning, organizing, directing, and monitoring IA activities.
- Interpret administrative functions within the internal audit activity, including budgeting, resourcing, recruiting, and staffing.
- Establishing a Risk-based Internal Audit Plan
- Identify potential engagements, implement a risk management framework for risk assessment and engagement prioritization.
- Understand assurance and consulting engagements.
- Describe coordination with external auditors, regulatory oversight bodies, and other internal assurance functions.
- Communicating and Reporting to Senior Management and the Board
- Recognize the CAE’s role in communicating the annual audit plan to senior management and the board.
- Identify significant risk exposures, control, and governance issues.
- CAE reports on organizational control and risk effectiveness, acknowledging internal audit key performance indicators.
PLANNING ENGAGEMENT
- Engagement Planning
- Determine engagement objectives, evaluation criteria, and the scope of the engagement.
- Plan engagement for key risk and control identification.
- Conduct detailed audit area risk assessment, evaluating and prioritizing risk and control factors.
- Define procedures and prepare the work program.
- Assess staff and resource needs for the engagement.
PERFORMING ENGAGEMENT
- Information Gathering
- Gather and assess relevant data.
- Create checklists and initial survey questionnaires.
- Utilize appropriate sampling methods.
- Analysis and Evaluation.
- Employ computerized audit tools and techniques.
- Evaluate evidence relevance, sufficiency, and reliability.
- Apply analytical approaches and process mapping.
- Implement analytical review techniques.
- Prepare supportive workpapers and documentation.
- Summarize and formulate engagement conclusions, including risk and control assessment.
- Engagement Supervision
- Identify key supervision activities.
COMMUNICATION AND PROGRESS MONITORING
- Communicating Engagement Results and the Acceptance of Risk.
- Preliminary client communication.
- Demonstrating communication quality.
- Preparing interim progress reports.
- Formulating organizational value recommendations.
- Describing audit communication and reporting.
- CAE’s residual risk assessment.
- Communicating risk acceptance process.
- Monitoring Progress
- Assessing engagement outcomes and action plans.
- Managing follow-up on audit results with management and the board.