Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Example of Annual Audit Planning Work Program

    Hochgeladen von

    rindwa
    1K Ansichten2 Seiten
    audit planning

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    audit planning

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    1K Ansichten2 Seiten

    Example of Annual Audit Planning Work Program

    Hochgeladen von

    rindwa
    audit planning

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 2

    EAST CAROLINA UNIVERSITY

    OFFICE OF INTERNAL AUDIT


    WORK PROGRAM
    Project Number:
    Project Description:
    Developed By/Date:
    Reviewed By/Date:
    Page:

    Annual Audit Plan

    1 of 2

    General Purpose and Scope of Engagement:


    To establish a risk-based audit plan process to determine the priorities of the internal audit activity, consistent with the
    Universitys goals. A risk-based audit plan ensures that audit activities are effectively focused on those areas where risks or
    materiality of exposure is greatest. Therefore, audit planning should be based on an assessment of risks and exposures that may
    affect the University, and should be done annually in order to reflect the most current strategies and direction of the organization.
    Risk assessments should include input from management and the board of trustees.
    Per IPPF: 2010 Planning

    The chief audit executive must establish risk-based plans to determine the priorities of the internal audit activity, consistent
    with the organization's goals.
    Interpretation:
    The chief audit executive is responsible for developing a risk-based plan. The chief audit executive takes into account the
    organization's risk management framework, including using risk appetite levels set by management for the different activities
    or parts of the organization. If a framework does not exist, the chief audit executive uses his/her own judgment of risks after
    consultation with senior management and the board.
    2010.A1- The internal audit activity's plan of engagements must be based on a documented risk assessment, undertaken
    at least annually. The input of senior management and the board must be considered in this process.
    2010.C1- The chief audit executive should consider accepting proposed consulting engagements based on the
    engagement's potential to improve management of risks, add value, and improve the organization's operations. Accepted
    engagements must be included in the plan.
    Related IPPF Guidance
    PA-2010-1: Linking the Audit Plan to Risk and Exposures
    PG-GTAG 11 Developing the IT Audit Plan
    A. Preliminary Work

    No.
    1.
    2.
    3.
    4.
    5.
    6.
    7.
    8.

    Detailed Engagement Procedure


    Review vision, mission, and current strategic plan of University.
    Obtain and review high-level organization chart, chart of accounts for
    University and latest fact book.
    Obtain and review latest financial report.
    Review ECU website noting any considerable items.
    Review banner balances from ODS for each division.
    Update Audit Universe with audits/reviews/consults conducted internally or
    externally.
    Review UNC FIT initiative, Internal Control Assessment, and Core Business
    Processes to determine affect on audit plan.
    Based on above information update audit universe.

    Performed
    By

    W/P
    Reference

    Observation
    Number

    SAWPT-06 (07/01/04)

    CONFIDENTIAL DO NOT DISTRIBUTE

    EAST CAROLINA UNIVERSITY


    OFFICE OF INTERNAL AUDIT
    WORK PROGRAM
    Project Number:
    Project Description:
    Developed By/Date:
    Reviewed By/Date:
    Page:

    Annual Audit Plan

    2 of 2

    B. Risk Assessment**

    No.
    1.
    2.
    3.
    4.

    Detailed Engagement Procedure


    IT Risk Assessment performed by Systems Auditor.
    Minutes from ERM Committee
    Risk Assessments conducted/facilitated by AVC for ERM.
    Based on Information update audit universe using audit universe template.

    Performed
    By

    W/P
    Reference

    Observation
    Number

    Performed
    By

    W/P
    Reference

    Observation
    Number

    Performed
    By

    W/P
    Reference

    Observation
    Number

    C. Other

    No.
    1.
    2.
    3.

    Detailed Engagement Procedure


    Review latest findings from State Auditor reports for other Universities.
    Review 2009-2010 ECU BOT minutes and ECUP Board Minutes.
    Determine effect on annual audit plan.

    D. Audit Plan

    No.
    1.
    2.
    3.
    4.
    5.
    6.
    7.
    8.
    9.

    Detailed Engagement Procedure


    Review last years audit plan and bring forward any necessary audits.
    Review last years audit hours to determine available audit hours.
    Review follow-ups that need to be conducted.
    Inquire of senior management and other of reviews to be performed.
    Review audit universe.
    Based on the above develop the audit plan.
    Update audit universe with planned audits.
    Meet with senior management to discuss audit plan.
    Obtain approval of audit plan from Chancellor and BOT

    SAWPT-06 (07/01/04)

    CONFIDENTIAL DO NOT DISTRIBUTE

    Das könnte Ihnen auch gefallen