The Annual Internal Audit Plan
Simply defining the annual internal audit plan is easy. The annual internal audit plan (or just 'audit plan') is the list of audit engagements to be conducted in the coming year. But understanding the importance of the audit plan requires us to look at how the audit plan is developed.
Each year, the Chief Audit Executive - with the help of their leadership team - interviews senior managers, key employees throughoutt the organization, and members of the audit committee, which is the subcommittee of the Board of Directors that oversees the internal audit function.
The purpose of these interviews is to identify the areas where these managers feel the organization faces the most risk. For example, maybe there are new regulations and managers are thinking about the compliance risk. Or, maybe managers worry that the organization isn't adequately protected against cybersecurity threats.
After these interviews, the audit leadership team will meet and analyze the results of their interviews. Before they select which of the identified risks will end up on their annual audit plan as engagements, they'll do their own assessment. This may include looking at data to gain more insight into some of the risk areas, conducting research to see how other organizations are managing the risk, and reaching out to colleagues to get their opinion about the risks. The interviews and the audit team's research are both important when generating the enterprise-wide risk assessment.
Web Resource Links
Audit planning is a process that identifies all business areas; assesses the risk of each using a standard methodology; and uses available audit and financial resources to determine which audits will be performed during a year. While the format for an audit plan may vary from organization to organization they all should include common elements.
- Define the audit universe (by division, location, department, product etc.)
- Conduct a risk assessment
- Prioritize audits based on risk assessment
- Determine available resources to conduct the audits
- Prepare the audit plan for the defined period
- Assign resources for engagement planning
If you have examples of audit plans that your company or organization uses please share them with AuditNet. We will provide links to the online template or make Excel or Word versions available to subscribers.