From the Publisher
The first requirement for developing an internal audit plan is a comprehensive audit universe. This book prefers the phrase "engagement universe" instead of "audit universe" to reflect that both assurance and consulting engagements are considered and in the same proportions as reflected by the status of an organisation's governance, risk management and control processes.
A unique feature of this book is that the internal audit plan it proposes consists of the total engagement universe rather than a portion of it as is usual with other internal audit plans.
A major problem with risk-based internal audit plans is that they are subjective - different internal auditors (senior management and boards/committees) would produce different internal audit plans based on the same organisational situation. With only a few specified criteria, the proposed internal audit plan will result in the same priority of engagements (and types of engagements), regardless of who develops the internal audit plan, because it is objectively derived.
The proposed internal audit addresses ALL of the privately held concerns of those who have had to develop risk-based internal audit plans.
Internal audit activities will find that by using this proposed internal audit plan, they actually have more than enough resources for the internal audit activity to deliver on its mandate as stated in Standard 2100, "The internal audit activity must evaluate and contribute to the improvement of governance, risk management, and control processes using a systematic and disciplined approach."