Audit Process: How to Successfully Plan Audit - PowerPoint PPT Presentation


PPT – Audit Process: How to Successfully Plan Audit PowerPoint presentation | free to download - id: 7c778a-MmMwN


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Audit Process: How to Successfully Plan Audit


Learn how to effectively plan your audit to successfully complete the auditing process. – PowerPoint PPT presentation

Number of Views:62


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Audit Process: How to Successfully Plan Audit

Audit Process How to Successfully Plan Audit
What is an Internal Audit?
  • As defined by the Institute of Internal Auditors
    (IIA), internal audit is an independent,
    objective assurance and consulting activity
    designed to add value and improve an
    organization's operations. It helps an
    organization accomplish its objectives by
    bringing a systematic, disciplined approach to
    evaluate and improve the effectiveness of risk
    management, control, and governance processes.

Types of Audits
  • First-Party Audits These are performed within an
    organization to measure its strengths and
    weaknesses against its own procedures or methods
    and/or external standards. Internal audits are
    first-party audits and are conducted by auditors
    who are employed by the company being audited,
    but have no vested interest in the audit results
    of the area(s) being audited.
  • Second-Party Audits These are external audits
    performed on a supplier by a customer or by a
    contracted firm (consulting firm) on behalf of a
  • Third-Party Audits These are external audit
    performed on a supplier or regulated entity by an
    external participant other than a customer. They
    are conducted for recognition or registration
    purposes are performed either by Extrinsic
    Regulatory (FDA, FAA, NRC, USDA) or Registrars
    (ISO9001, AIB, JCAHCO ).

Phases of Audit Program
Plan Audit Properly
  • During the planning phase, the following has to
    be done
  • The purpose of the audit
  • A complete description of the GRC program. This
    should include details such as the entity which
    is to be audited and the key measures of the
  • The scope of the audit and the scope exclusions
  • The objective of the audit and the approach to be
  • A high level schedule of the audit and a detailed
  • The necessary skills needed to complete the audit
  • The selection of members of the internal audit
  • Any other resources required for successful
    completion of the audit
  • Document management and archival/ retention
    policies and processes

Define Audit Scope and Objectives
  • Defining the scope of the audit and its
    objectives is an important part of planning the
    process, ensuring that the audit is carried out
  • In order to conduct a successful GRC program
    audit, the auditors need to have a thorough
    understanding of the following
  • The organizations culture, business, strategic
    goals and objectives
  • Key risks that the program and the organization
  • The organization and structure of the GRC program
    and its future evolution
  • Auditors must determine the following
  • The major operational processes
  • Various initiatives being implemented within the
  • The IT systems that support the operation of the
    GRC program

Audit Objectives
  • An audit of a GRC program should have the
    following objectives
  • Evaluate the tone at the top Is it proper and
    effective in promoting a culture that is ethical
    and compliant?
  • Check if the program provides reasonable
    assurance of compliance with organizational
    policies and all applicable laws and regulations.
  • Determine if the motivation/incentive/reward
    system is well planned and structured.
  • Determine if the GRC program has a robust
    management framework that is well documented and
    has enough resources to carry out its tasks.
  • Check whether the GRC program has been
    implemented and if the programs performance
    reporting system accurately represented the end
    results of the programs efforts.
  • Conduct a cost-benefit analysis of the GRC
  • Determine whether the program is up-to-date with
    prevailing industry practices and is adequate for
    the size and complexity of the organization.
  • Include other audit objectives that the board or
    management has requested.

  • Want to learn more about audit, its process and
    best practices for auditing? ComplianceOnline
    webinars and seminars are a great training
    resource. Check out the following links
  • Risk Based Internal Auditing (RBIA)
  • Internal Auditing Essentials for Medical Device
  • How to Audit GRC Programs?
  • Role of the Audit Committee in Corporate
  • Internal Audit's Role in Enterprise Risk
  • OCEG Approved GRC (Governance, Risk and
    Compliance) Professional Seminar
  • Auditing Technology and IT Investment Management