Beruflich Dokumente
Kultur Dokumente
1. Title
a. Name of the Company
b. Duration (start of audit—end target)
c. “Audit Plan”/ “Operational Audit”
d. Names of Auditors/Members
2. Table of Contents
3. Company Profile
a. Vision and Mission
b. Goals and Objectives
c. History
d. Organizational Structure (DTI requirement)
e. Competitors (Identify competitors that are Known and Unknown to them)
i. Direct
ii. Indirect
4. Engagement/Audit Objectives
5. Audit Scope
6. Risk Assessment (by the Auditors)
a. Governance
i. Assess the level of management’s
1. Attitude (i.e. active evaluation, lax, hands-on, addresses problems
continuously, proactive in responding to questions, fears competitors?,
any other way/attitude in answering the questions (does the answer
have substance?, was the owner timid?))
2. Appetite (level of risks)
b. Identify all departments/areas of the of the company and briefly describe each (2-3
sentences)
i. Example:
Sales Department
The Sales Department is responsible for blah blah blah. It is headed by
blah blah blah
c. Risk Assessment Matrix (landscape orientation)
Risk Assessment Matrix
Depts./Areas Likelihood Impact Remarks
(1, 2, 3, 4, 5) (Amount in (T, A, M, A)
PhP)
1. Sales
a. Risk A
b. Risk B
…
2. Finance
…
Graph or something identical (no even RANGE)
60000
50000 D
TTransfer
A Avoid
Impact (in PHP)
40000 E B
30000
A M
20000
Accept Mitigate
10000 A C
0
0 1 2 3 4 5 6
Likelihood (chance/probability)
Example
Area
A. Sales
1. Loss of sales
a. Rainy/flood season (4, Php 10,000) : Mitigate
b. Theft (5, Php 40,000) : Avoid
c. Rising of competitors (5, Php 10,000) : Mitigate
d. If you don’t use social media (1, Php 50,000) : Transfer
e. Fire (1, Php 40,000) : Transfer Insurance Co.
(transfer risk to other
person)
7. Internal Controls (i.e. SOX)
CRICM
C- Control Environment
R- Risk Assessment
- On the part of the company
- Their initiative to conduct risk assessment
(Do you conduct risk assessment, ma’am?)
I- Information Dissemination
- Reporting by the accountant
- Reporting by the management/manager
- Is there any written reports (sales report, income report, etc)?
C- Controls
- Use of CCTV
- Use of security guard
ARC IPO Controls
Approval Input
Recording separate? Process
Custody Output
M- Monitoring of Controls
- Checking whether controls are still effective or not
8. Audit Program
Audit Program
Objective Audit Output Date Auditor Remarks
Procedure (Evidence)
Documentation
Recordings
Research
etc.
Triangulation
Accdg. to sir: sufficient, appropriate evidence, getting more evidence
Triangulation means using more than one method to collect data on the. same topic. This is a
way of assuring the validity of research through. the use of a variety of methods to collect data
on the same topic, which. involves different types of samples as well as methods of data
collection.
https://www.researchgate.net/post/What_is_triangulation_of_data_in_qualitative_research_Is
_it_a_method_of_validating_the_information_collected_through_various_methods
Working Paper
Working Paper
Objectives Audit Procedure Auditor Explanation of Evidence
Remarks
Detailed see Annex __
explanation in
relation to the
audit
9. Effectivity