The document summarizes the key activities of the engagement planning phase:
1) Activities include determining objectives and scope, understanding the auditee and risks, identifying key controls, evaluating control design, creating a test plan, and developing a work program.
2) Risk assessments involve identifying, measuring, and analyzing program risks and distinguishing risk assessment from broader risk management.
3) Control frameworks provide standards for internal controls.
The document summarizes the key activities of the engagement planning phase:
1) Activities include determining objectives and scope, understanding the auditee and risks, identifying key controls, evaluating control design, creating a test plan, and developing a work program.
2) Risk assessments involve identifying, measuring, and analyzing program risks and distinguishing risk assessment from broader risk management.
3) Control frameworks provide standards for internal controls.
The document summarizes the key activities of the engagement planning phase:
1) Activities include determining objectives and scope, understanding the auditee and risks, identifying key controls, evaluating control design, creating a test plan, and developing a work program.
2) Risk assessments involve identifying, measuring, and analyzing program risks and distinguishing risk assessment from broader risk management.
3) Control frameworks provide standards for internal controls.
o Understand the auditee, including audit objectives and assertions
o Identify and assess risks
▪ Business risks that threaten the achievement of the auditee’s
objectives and, ultimately, the organization's objectives
o Identify key controls
o Evaluate the adequacy of control design
o Create a test plan
▪ Effectiveness of internal control
o Develop a work program
▪ A work program specifically outlines the audit procedures required to
accomplish the engagement objectives.
▪ Internal auditors sign off on the procedures to indicate that the work has been completed.
o Allocate resources to the engagement
▪ The last step
▪ This involves determining the audit expertise needed, estimating the
time it will take to complete engagement, assigning appropriate internal auditors to the engagement, and scheduling the work so that it is completed timely.
● Risk assessments
o A risk assessment is the process of identifying, measuring, and analyzing
risks relevant to a program or process. This assessment is systematic, iterative, and subject to both quantitative and qualitative inputs and factors. Furthermore, it is also dependent on the timeframe of the review. ▪ Risk assessment vs. Risk management
● Risk assessment (meso-level) - within the risk management
● Risk management (macro-level) - large in scope, includes risk
assessment; distinct from risk assessment because risk management requires strategy to mitigate risks.