Audit Program Licensing Terms

1. You accept that this product is intended for your use, and you will not duplicate in
any form or manner, electronic or otherwise, copies of this product nor distribute this
product to anyone else.

2. You recognize that the product and its content are the sole property of AuditNet®
(the Publisher), and that we have copyrighted the product.

3. You agree that the Publisher is not responsible for any interruption of service or
malfunction that is a consequence of the Internet, a service provider, personal
computer, browser or other software or hardware components. You accept that there
is no guarantee that this product is totally error free. You further understand and
accept that the Publisher intends to provide reliable information but does not
guarantee the accuracy or completeness of any information, and is not responsible
for any results obtained from the use of such information.

4 This license is effective until terminated, when the license or subscription period
ends without renewal, or when you destroy this product and any related
documentation. The Publisher may terminate your license without notice if you fail to
comply with the conditions set forth in this agreement, and may pursue any other
legal recourse.
Document Source: Internet Search
1. This document was obtained from the Internet by AuditNet® using advanced search
techniques.

2. The document is from a site which has not identified restrictions on permitted use and are
sharing this information for the benefit of the audit community.

3. While we have attempted to provide accurate information no representation is made or

warranty given as to the completeness or accuracy of the document.

4. In particular, you should be aware that the document may be incomplete, may contain
errors, or may have become out of date.

5. While every reasonable precaution has been taken in the preparation of this document,
neither the author nor AuditNet® assumes responsibility for errors or omissions, or for
damages resulting from the use of the information contained herein.

6. The information contained in this document is believed to be accurate.

7. No guarantee is provided.

8 Use this information at your own risk.

Audit Program Area:

AUDIT PROCEDURES WP Ref

IT Audit Planning Checklist

No Control
1 Obtain all instructions and scoping decisions made during overall audit planning
as a means of ensuring that detailed planning will be consistent with such
requirements.
2 Obtain and consider planning memoranda and related work papers for similar
engagements and make best use of these sources during planning.
3 Obtain and consider the following for the most recent internal audit of the
auditable unit and consider whether any of this material could be updated and
re-used:
· Previous work papers;
· Most recent report;
· Status of management action on all findings.
4 Determine whether any work needs to be done to verify management’s
remedial actions on previous internal audit findings reported as cleared.
5 Consider the work planned for or already done by the external auditor for this
auditable unit (normally this is done through periodic meetings rather than on
an individual auditable unit basis), and determine the impact this may have on
the nature, timing and extent of the internal audit work now being planned.

6 Consider any documentation or testing performed by management to discharge

their Sarbanes-Oxley responsibilities or as part of a self-assessment process,
and consider the impact on the scope of internal audit work (usually determined
through periodic meetings with management).

7 Document the following decisions as regards the nature, timing and extent of
work to be performed to test operational effectiveness of IT controls:
· The overall quality of IT general controls and how this should be taken
into account when auditing this or other business processes;
· Whether a sample of program changes should be drawn and tested for
this business process;
· IT controls that are considered critical, and the approach to be taken to
evaluate their design and test their operational effectiveness.
8 Ensure that management and other officers within the company have been
notified about and agree to the dates for the audit to be performed (typically
performed six weeks prior to the start of fieldwork, information requests may be
made at this time).
9 Determine the nature and extent of participation in the planning process that the
manager wants to undertake in order to approve the planning and scoping
memorandum.
10 Make and/or record decisions and instructions concerning the following:
· The objectives of the assignment;
· A description of the process to be examined, including its boundaries
and the sub-processes to be included;
· The transaction types to be included, including consideration of
individually significant events and transactions and the audit work to be
done in respect of them;
· The key risks or objectives to be addressed during the assignment;

· The coordination with specialists for the planning, performance of work

and/or review of results;
· Key scoping decisions, including scoping decisions for key steps or any
areas where sampling ranges are not to be used, together with supporting
reasons.
11 Assign responsibility for the development and review of work programs all to be
done before work commences.
12 Prepare a budget for the work that shows who is responsible for and the time
for at least each of the following:
· Supervision;
· Job administration activities;
· Review of results and work papers;
· Attendance at client meetings;
· Performance of each major section of the work (often for each sub-
process or transaction type);
· Clearance of findings and meetings with management;
· Drafting and review of reports;
· Total hours for the job.
13 Document or update details of key client contacts and how to reach them,
special instructions to follow and notes regarding key concerns of client
management.
14 Hold an opening meeting of relevant staff before the work commences and
review all planning documents and results.
15 Was all the above documented or referenced to the planning and scoping
memorandum?
Auditor Time Date Date Checked
Initials Spent Expected Finished Remarks By:
Audit Program Area:

CYCLE PROCESS AREA

CONTROL
RECOMMENDATION
COMPENSATING CONTROL
 Auditor Time
WP Ref Initials Spent
 Date Date Checked
Expected Finished Remarks By:
 Client Name
Internal Control Framework

Date Completed:
Completed By:
Reviewed By:

Question Yes No* Comments /Description

To the best of my knowledge, the answers and comments noted above are accu
internal controls within this department:

* For a “No” answer, cross-reference to either a compensating control or to audit work which has been performed
Questionnaire
or is to be performed.
 Name and Title of Person Completing Form (please print) Name and Title of Department Dir

Signature of Person Completing Form Signature of Departmen

1/20/2024
Date Form Completed Date of Department Directo

* For a “No” answer, cross-reference to either a compensating control or to audit work which has been performed
Questionnaire
or is to be performed.
 Employee Responsible for Task

s noted above are accurate and reflect the current

this department:

* For a “No” answer, cross-reference to either a compensating control or to audit work which has been performed
Questionnaire
or is to be performed.
Name and Title of Department Director (please print)

Signature of Department Director

Date of Department Director's Signature

* For a “No” answer, cross-reference to either a compensating control or to audit work which has been performed
Questionnaire
or is to be performed.
Control Risk Control Considerations
Assertion E,A,C,V,P Description of control Documentation W/P Ref.
Do controls meet objective?Test W/P Ref Testing exceptions noted? Yes/No
Resolution / remediation/ comments W/P Ref
Finding Ref # Control Testing Finding
Management Response & Treatment