Audit program for general planning procedures

Initial Document Request List Requesting and obtaining documentation on how the process works is an obvious next step in preparing for an audit. The following requests should be made before the start of audit planning in order to gain an understanding of the process, relevant applications, and key reports: All policies, procedure documents, and organization charts Key reports used to manage the effectiveness, efficiency, and process success Access to key applications used in the process Description and listing of master data for the processes being audited, including all data fields and attributes After gaining an understanding of the process to be audited through the initial document request, you should request access to master data for the processes being audited to analyze for trends and to aid in making detailed sampling selections.

Preparing for a Planning Meeting with Business Stakeholders Before meeting with business stakeholders, internal audit should hold an internal meeting in order to confirm the high-level understanding of the objectives of the process or department and the key steps to the process. The following steps should be performed to prepare for a planning meeting with business stakeholders: Outline key process steps by narrative, flowchart, or both, highlighting information inflows, outflows, and internal control components Validate draft narratives and flowcharts with subject matter experts if any Create an initial pre-planning questionnaire to facilitate a pre-planning meeting with key audit customers Preparing the questionnaire after performing the initial research sets a positive tone for the audit , and illustrates that internal audit is informed and prepared.

Preparing the Audit Program Once internal audit has confirmed their understanding of the process and risks within the process, they will be prepared to create an audit program. An audit program should detail the following information: Process Objectives Process Risks Controls Mitigating Process Risks Control Attributes, including: Is the control preventing or detecting a risk event?

Control frequency e. Does the control mitigate a fraud risk? Is the control manually performed, performed by an application, or both? An initial assessment of the risk event e. Audit Program and Planning Review Audit programs, especially those for processes that have never been audited before, should have multiple levels of review and buy-in before being finalized and allowing fieldwork to begin.

Audit Customer Internal auditors who can create and document audit programs from scratch — and do not rely on template audit programs — will be more capable and equipped to perform audits over areas not routinely audited.

Want to learn more tips to help you create a flexible, risk-based audit program? Internal Audit. But poor auditors tend to follow the prior year work papers and complete the audit program as an afterthought. Worse yet, the risk assessment work is completed at the end of the engagement, if at all. The tail wags the dog. This same-as-last-year approach leads to incongruities in risks of material misstatement and the procedures performed.

In effect, the prior year work papers become the current year audit program. Another common audit planning mistake is the use of a balance sheet audit approach. Moreover, some auditors test balance sheet accounts and little else. But this approach can lead to problems. I have heard auditors say: If I audit all of the balance sheet accounts, then the only thing that can be wrong is the composition of revenues and expenses. But is this true? If we disregard stock purchases and sales, equity is usually the accumulation of retained earnings.

And retained earnings comes from the earnings or losses on the income statement. In other words, retained earnings comes from revenues and expenses. So the net income or loss revenues minus expenses has to fit into the accounting equation equity equals assets minus liabilities. Mathematically I see why someone might say this, but a flaw lurks in the construct. I once saw an audit firm sued for several million dollars.

The CPAs audited the company for several years, issuing an unqualified opinion each year, but a theft was occurring all along. The balance sheet accounts reconciled to the general ledger, and no problems were noted in the audit of the balance sheet accounts. But millions were missing.

So what flaw lies in a balance sheet audit approach? Millions can go missing while the balance sheet accounts reconcile to the general ledger. Consequently, auditing the balance sheet accounts alone may not detect theft. Therefore, gaining an understanding of the internal controls and developing appropriate responses is critical to identifying material misstatements, especially when fraud is possible.

So as we plan our substantive procedures, we need to avoid the flawed balance sheet approach. Yes, substantive procedures for the balance sheet accounts are important, but fraud detection procedures are necessary when control weaknesses are present. A test of details is necessary when a significant risk such as a fraud risk is present. Develop an audit strategy and plan once you complete your risk assessments procedures.

Then link the risks of material misstatement to your further audit procedures. Doing so will help ensure that your audit is successful. In other words, that no material misstatements are present when you issue an unmodified opinion. See my audit series The Why and How of Auditing to learn even more about the full audit process, including how to audit transaction cycles such as cash, receivables, payables, and debt. For the last thirty years, he has primarily audited governments, nonprofits, and small businesses.

He frequently speaks at continuing education events. In addition, he consults with other CPA firms, assisting them with auditing and accounting issues. Wesley, yes, for my subscribers. You should see a subscription box at the top or bottom of my posts. Or I can add you manually if you like. Please log in again. The login page will open in a new tab.

After logging in you can close it and return to this page. We are documenting: The scope the boundaries of the work The objectives what the deliverables are The significant factors e. The risk assessment what are the risk areas? The planned resources e. It could have read as follows: We will put a man on the moon. The work will be completed seamlessly in the utmost honesty and precision. An audit program acts as a blueprint of the audit plan.

It specifies how the audit will go, who is going to complete it, and what steps needed in conducting it. It has a range of procedures, document verification and acquiring pieces of evidence to help the auditor with the information. It has a range of procedures, document verification, and acquiring evidence to help the auditor with the information.

The auditor plans to perform the audit in an efficient and timely manner, so it is imperative to follow the step by step planning procedures. Although it implies that the Auditor must follow the plan, the Audit program should also be flexible enough for the changes that need revision while making sure that all important areas were covered. An audit program also called an audit plan tells an auditor that what procedure is required to follow during an audit to make sure that the organization is adhering to the rules and regulations as instructed.

An audit checklist is a list of questions that are given by the quality management system to be completed during an audit. It also includes tasks that are to be fulfilled to complete an audit successfully.

An audit planning process is a process of planning an audit for a company. This process helps to break down the audit into several steps so it would be easier and convenient for the auditor to conduct an audit with the plan. Cost auditing can be defined as the audit to verify the cost accounts of a company to make sure that it is adhering to the plan of cost accounting set by the management.

Usually cost accounting records are verified such as cost reports, statements, account and techniques. After the verification, the records are examined to make sure that they are following the plans and procedures.