 helps an organization accomplish its

objectives by bring a systematic discipline

approach.

 Internal Auditing Process may be divided

into major categories based in IAS:
 Engagement planning
 Performing the engagement (gathering
of evidence/fieldwork or execution)
 Communicating the results (issuance of
audit report)
 Monitoring Progress
Every audit engagement is unique. Audit
process similar for most engagements

Audit focuses on the objectives of the

audit and involves a plan of activities to
achieve the objectives
1. To establish objective and scope of the
engagement.
2. To determine priorities and establish the
most cost-effective means of achieving
audit objectives.
3. To assist in the direction and control of
audit work.
4. To help ensure that attention is devoted to
critical aspects of audit work.
5. To help ensure that work is competed in
accordance with pre-determined targets.
 Annual planning for the audit function as
a whole; and
 Individual audit

The extent and the nature of audit

planning process depend on the nature
and complexity of engagement.
IIA Practice Advisory for Engagement Performance Standard
2201 enumerates following factors to be considered in
planning:

 The objectives of the activity being reviewed and means

by which the activity controls its performance
 The significant risk to the activity, its objectives resources
and operations and the means by which the potential
impact of risk is kept to an acceptable level.
 The adequacy and effectiveness of the activity’s risk
management and control processes compared to a
relevant control framework or mode.
 The opportunities for making significant improvements to
the activity’s risk management control processes.
 Chief Audit Executive- responsible for
developing risk-based plan.

WHAT IF THE FRAMEWORK DOES NOT EXIST?

- The Chief Audit Executive uses his own
judgement of risk after consultation with
senior management and board.
Communicate the Internal Audit activity’s
plans and resource requirements and
changes to senior management and board
for the approval.
 Engagement letter – terms of reference
to be send to the auditee.
 Audit Criteria – provide a basis for
developing audit observations and
formulating conclusions.
As stated in Standards 2010.A1 Planning
should be documented and that the
process should include:
1. DETERMINE ENGAGEMENT OBJECTIVES
AND SCOPE
1.1 ENGAGEMENT PROCEDURES are
means to attain engagement objectives
1.2 ENGAGEMENT PROCEDURES AND
1.3 OBJECTIVES taken together defines
scope of the IA’s work.
› BUSINESS OBJECTIVE
CATEGORIES
› DELIVERABLES HE INTERNAL
AUDIT ARE EXPECTED TO
PRODUCE
› BOUNDARIES OF THE
ENGAGEMENT
› OBJECTIVE AND GOALS
› POLICIES, PLANS, PROCEDURES, LAWS,
REGULATIONS AND CONTRACTS
› ORGANIATIONAL INFORMATION
› BUDGET INFORMATION, OPERATING
RESULTS, FINANCIAL DATA OF THE
ACTIVITY
a process for gathering
information, without detailed
verification on the activity being
examined.
A. Result in a thorough internal auditor
familiarity with the engagement client’s:
- Objectives
- Organizational structure
- Operations
- Physical Facilities
- Personnel
- Information system
- Risk Management
B. Identify significant areas warranting
special emphasis to reduce time
allocated to areas in which risk
appears to be minimal

C. Set a cooperative tone for the

fieldwork that follows
Engagement objectives and procedures
should address the risks associated with
the activity under review.
 It is essentially the potential cost incurred
if the business does not achieve its
strategic plans.
Components of Audit Risk:
 Inherent risk – risk that threatens the
achievement of the auditee’s objectives
assuming related control.
 Control risk- risk of material misstatement
not being detected by the system of
internal control.
 Detection risk- risk of material
misstatement not being detected by the
auditor.
FACTORS AFFECTING RISKS:

 Changes operational environment

 New personnel
 Rapid growth
 New technology
 Financial failure
 Corporate restructurings
– analysis of significant ratios and trends.

PURPOSE OF ANALYTICAL PROCEDURES

- As Risk assessment procedures
- As substantive procedures
- As an overall review of the systems and
processes
 Inquiries
 Inspection
 Observation
 Walk-through
PURPOSE OF AUDIT PROGRAM
- A guide for conducting and coordinating
the audit work to be done
- A framework for assigning audit work and
effectively supervising work and
assessing the cost and the quality of the
work performed
 Chief Audit Executive must ensure that
internal audit resources are Appropriate,
sufficient and effectively deployed to
achieve the approved plan.
 Concentrate on transaction testing and
communications. It concludes with a list of
significant findings from which the auditor
prepares a draft of the audit report.

 INITIAL MEETING
 TRANSACTION TESTING
 CONTINUOUS COMMUNICATION
 EXIT MEETING
It expresses the auditor’s opinion, presents
audit findings and discusses
recommendations for improvements.

 PRELIMINARY AUDIT REPORT

 MANAGEMENT’S RESPONSE
 FINAL REPORT
The auditor will follow up on the
completed audit within approximately
one year of the final report to verify the
resolution of the report findings.

 FOLLOW UP REVIEW
 FOLLOW UP REPORT