The internal audit activity is important to the business, regardless of its size or nature. However, the successful internal audit process, which achieves the desired objective, should be based on sound planning, constructive engagement, and communication between the audited entity and the audit department. The article aims at explaining how the internal audit process works in general.
Audit planning shall be based on the coverage of all activities of the Foundation at least once a year. Planning avoids ignoring critical stages of scrutiny and involves identifying important problems. And to respond to the tasks assigned to the staff and prevents the assignment of auditors’ tasks that do not commensurate with their abilities and experience. The responsibility of the internal auditor is to determine the scope of work, the objectives to be achieved by the audit and the main area to be reviewed and evaluated.
Although the specialists differ in the determination of the audit stages, there is agreement and consensus that these stages include planning, internal control, and risk assessment, core testing, delivery of results and follow-up.
An internal memo
The audit function begins by selecting the activity to be subjected to the internal audit process. The auditor can choose this activity in different ways. This option is not limited to the auditor’s wishes but at the request of others within the establishment. The chief audit executive should determine the appropriate and sufficient resources (financial and human) to achieve audit task objectives. The audited entity shall be notified by means of a letter of engagement from the Internal Audit Manager. This letter sets out the scope and objectives of the audit, the audit team assigned to audit the activity, and other relevant information.
First meeting
Prepare a number of basic questions to query specific audit topics or initiate discussions that may lead to unknown or unexpected results.
During the opening meeting, the audited entity describes the unit or system to be performed, the resources available (personnel, facilities, equipment, funds), and other relevant information. The internal auditor meets with the senior officer directly responsible for the unit under review and any staff member wishing to include it. It is important for the audited entity to identify issues or areas of particular importance that need to be addressed. A surprise factor may be required when conducting interviews when the task involves cash checks or fraud investigations.
Internal Control Review
Examine and evaluate the internal control system in place and then identify weaknesses in this system, to make recommendations with a view to improving the control system. The performance standard specifies that the internal audit activity should assist the entity in achieving effective control by assessing its effectiveness and efficiency and promoting continuous improvement is sufficient. In doing so, the auditor uses a variety of tools and techniques to collect and analyze information about the process. The review of audited internal controls helps identify high-risk areas and design tests to be performed in the fieldwork section.
Analytical audit procedures
Are actions aimed at obtaining data and information that will help shape a general direction of the work being scrutinized?
Audit Program
Are programs of work to achieve the objectives of the internal audit function, and work programs and procedures should be written to identify, analyze, evaluate, and record information during the task.
Fieldwork
Fieldwork focuses on obtaining audit evidence from an appropriate mix of critical control tests and critical procedures.
Audit Summary
Upon completion of the field work, the auditor summarizes the audit results, conclusions and recommendations needed for the draft discussion project.