1. Scope
    • Request for an Audit for compliance purpose
    • Audit requirements such as responsibilities, scope, time frame, who will the auditor report to is defined in the Audit charter if internal audit, and in the Letter of engagement or Service Level Agreement (SLA) if external audit
    • Kick off meeting is held with senior officials and the audit committee to start the audit effort (Identify POC, scope, timelines and resources)
    • Conduct a Business Impact Analyst to identify high risk area where audit effort will be allocated to. This is usually done by interviewing business owners
    • Schedule a meeting with senior management and audit committee to go over findings during BIA and redefine audit scope (Control to be tested), time frame and resources
  2. Plan/Prepare test plan
    • Control to be tested
    • Sample size
    • Sample method-random or non-random
    • Evidence
    • Method of testing-Interview, examine or test
  1. Fieldwork/Conduct the audit
  2. Analysis/Analyze Evidence
  3. Report
    • Generate a draft report (Finding and recommendation) and discuss findings with the audit committee and business owners (departmental heads)
    • Update draft report if supplementary evidences are submitted by business owners
    • Prepared a final report (Findings and recommendations)
  4. Close
    • Conduct a close out meeting to discuss finding with senior management and audit committee and also set time frame for follow up verification of the implementation of the recommendations
    • Conduct follow up assessment/continuous monitoring to attest that findings are fixed
error: Content is protected !!