Audit requirements such as responsibilities, scope, time frame, who will the auditor report to is defined in the Audit charter if internal audit, and in the Letter of engagement or Service Level Agreement (SLA) if external audit
Kick off meeting is held with senior officials and the audit committee to start the audit effort (Identify POC, scope, timelines and resources)
Conduct a Business Impact Analyst to identify high risk area where audit effort will be allocated to. This is usually done by interviewing business owners
Schedule a meeting with senior management and audit committee to go over findings during BIA and redefine audit scope (Control to be tested), time frame and resources
Plan/Prepare test plan
Control to be tested
Sample size
Sample method-random or non-random
Evidence
Method of testing-Interview, examine or test
Fieldwork/Conduct the audit
Analysis/Analyze Evidence
Report
Generate a draft report (Finding and recommendation) and discuss findings with the audit committee and business owners (departmental heads)
Update draft report if supplementary evidences are submitted by business owners
Prepared a final report (Findings and recommendations)
Close
Conduct a close out meeting to discuss finding with senior management and audit committee and also set time frame for follow up verification of the implementation of the recommendations
Conduct follow up assessment/continuous monitoring to attest that findings are fixed