Beruflich Dokumente
Kultur Dokumente
Audit Services identifies risk factors and evaluates them. The evaluation of risk
factors includes, but is not limited to, discussions with management, observations
made during previous audits, and the past history of the unit. Some examples of risk
factors are:
1. Occurrence of fraud
2. Information obtained from external reviewers
3. Date of last audit
D. Systems
Based on the evaluation, assign a “Risk Rating” (low, medium or high) and a
“Priority Level” of 1, 2 or 3 (with 1 being the highest priority).
Select audits based on the identification and evaluation of significant risk exposures
as mentioned above. By focusing on the risk, internal auditors are able to identify
controls that are absent or ineffective, as well as those that are no longer relevant.
Consider requests originating from other sources including the Board, the Audit
Committee, Administration or deparmental management.
Done Time Date Date Checked
By Spent Expected Finished Remarks By:
Audit Program
Audit Procedure
Global Ref
No,
Control Objective Risks Control
Activity
Number
Control KeyControl? Frequency Owner Exceptions Type Document Mapping to
Description Reference Standards
AREA
DATE COMPLETED:
COMPLETED BY:
Question Yes No Comment
Finding Ref # Control Testing Finding
Management Response & Treatment