Internal Audit Planning Process

The definition of an internal audit plan is a list of all the audit engagements that need to be conducted over a period of
time. The most common form of an internal audit plan is the annual internal audit plan. How to best develop your internal
audit plan depends on the size of your organization, industry-specific requirements and other regulations.
In large companies, there are often positions such as chief audit executive. A person in this role is charged with
interviewing managers and key employees and delegating tasks to the management staff and members of the audit
committee. The number and rankings of staff interviewed may be different for every company.

Interviewing Staff Members

The purpose of interviewing and speaking with staff members is to find pain points. In addition, members of the audit
team must focus on any risks that their interviewees foresee for the company.
For instance, an upcoming change in regulations of which managers might be aware is important to know about on a
larger scale since employees should be appropriately trained or risk getting dinged for noncompliance by a regulatory
body. These penalties could require that a formal plan be instituted to bring the company up to standard or could entail
heavy fines.
Another example of something staff members might be able to suggest would be changing software systems that could
pose a cybersecurity problem. High-level management might not be aware of things that those dealing with these systems
on a daily basis would observe.

Submitting an Audit Report

Once the interviews have been completed, the board of directors (or the person in charge of operations) should receive a
report from the audit team. To create this report, the audit leadership team must analyze all of the results of the various
interviews they conducted.
During the assessment, the team should be looking for any common themes or concerns that were mentioned repeatedly.
In addition, they must consider the source of each complaint and that individual’s level of expertise. For instance, some
companies only have one IT employee, so her complaint about cybersecurity could be the only one. Due to her level of
expertise, however, the audit team would know that this is a serious problem that needs to be addressed.

Internal Audit Plan Completion

Once all major interviews have been completed, the audit team should do a check of industry regulations for compliance.
Depending on the size and scope of a business, this process alone could be a full-time position. Interfacing with regulatory
bodies is crucial for continued licensing, funding and business operations.
Each of these concerns needs to be accounted for in your audit. This remains true even if your company does not need to
make any changes to processes. Many regulatory bodies do not change from year to year, but they need to be
acknowledged to maintain compliance.
How to Write an Audit Plan for Business
With your interviews completed, you can begin to develop your audit plan. The more complex the business, the more
complex your plan needs to be. Internal audit program examples or internal audit plan examples may vary based on your
company's needs. For the following explanations, high-level topics are considered, but note that most companies will need
to break these down on a deeper level specific to their industry.
Existing Regulations: These are easily found on a regulatory body’s website, in mailings and in other information accessible
by upper-level management. If any changes have been made to these regulations, each regulatory body should notify you
about the changes and provide you with a deadline for full compliance.

Employee Concerns: Staffing, wages, errors in production or service and anything else that relates to your workforce
should be measured. Many companies do not do a full audit of employee satisfaction or even check to ensure that they
are paying competitively. When these areas are not given the attention that they deserve, you risk unhappy employees
who do not do their best work. A lack of attention to detail due to staff being overworked and underpaid can be a
considerable risk to your company.

Customer Concerns: Customer satisfaction surveys, complaint or compliment rates and client engagement are all ways to
measure your customer satisfaction. Asking your customers what they need and providing for those needs is critical in any
business.
New Regulations: Some industries, such as health care or education, can go through many changes when it comes to what
is and isn’t required. Keeping up to date with new regulations and ensuring that your company has a proper pathway to
compliance is critical.

Compiling Major Audit Sections

Once you have each major section of your audit sorted, you or whomever the board of directors or upper-level
management has delegated to conduct the audit will break those sections down further. Each pain point will then be
graded on its risk to the company. For example, providing new uniforms for your technicians is a low risk to your company.
By contrast, not keeping up with the personal protective equipment is a high risk to your company.

Reference:
How to Write an Internal Audit Plan
By: Danielle Smyth
Reviewed by: Michelle Seidel, B.Sc., LL.B., MBA
Updated June 20, 2019
https://bizfluent.com/how-5826155-write-internal-audit-plan.html