audit steps
TRANSCRIPT
IT Audits
Aud
it Pr
oces
s Fl
owch
art
Site Arrival and Audit initiation
Finalize
Schedule and Agenda
Verify receipt of information as per Checklist
Review Documents and
Information gathered
Interview People to obtain understanding
Substantiate risk for
identified exposure
Audit and assess
compliance
Pre-Audit
Prepare Initial draft report
Submit to IT Audit Manager Accept
Submit to Senior
Management
Interim Closing Meeting
Attendees:CEO/CFO/ IT Manager
Send to IT Audit Manager
Senior Management
Review
Submission of Report to
Senior Management
Accept
Publish report to Unit
Business Owners
Yes
No
Yes
No
Remedial measures from Unit Business
Owners
Audit follow-up procedures and
dates
Submit to IT Audit Manager
Submit to Senior
Management
Final Closing Meeting
Attendees:CEO/CFO/ IT Manager
Gather Information and Plan• Knowledge of Business and Industry• Prior Year’s Audit Results• Regulatory Statutes• Inherent Risk Assessments
Our Methodology
Obtain Understanding of Internal Controls• Control Environment• Control Procedures• Control Risk Assessment
Perform Compliance Tests• Test Policies and Procedures• Test Segregation of Duties
Perform Substantive Tests• Analytical Procedures• Other Substantive Audit Procedures
Conclude Audit
Make recommendations after correctly evaluating the controls for improvements within each of the five interrelated areas like:• Control environment.• Risk assessment.• Control activities.• Information and communication.• Monitoring.
Submit an Audit Report that is:• Accurate• Objective• Clear• Concise• Constructive • Complete• Timely
To: ________________________________From:___________________________ Date: EXECUTIVE AUDIT SUMMARYI. INTRODUCTION AND SCOPE Entity Name: _________________________ Location: _______________________Segment : ________________________ Assets: (USD million) ______________ Bud. Ann. Sales: (USD million)__________________Bud. Ann. EBIT: (USD million __________________________ Business Description: (Provide information about the business and its links to other businesses or corporate office. Give list of services offered and how these are executed) ________________________________________________________________________________ ________________________________________________________________________________Scope: (Write about scope of the audit in terms of areas covered) ________________________________________________________________________________ ________________________________________________________________________________Audited Period: ________________ II. AUDIT RESULTS____________________________________________________________________________________________________________________
Sample Audit Report
CriticalImportantMinor
AreaIssue Specific Rating
Findings & Root Causes Impact Recommendation Management ResponseFinding:
Root Cause:
Agree: (Yes/No)
Responsible Party (Person, Title):
Corrective Action Plan:
Target Date:
Audit Follow Up Date:
Findings Total Financial ReportingOperational Efficiency & Effectiveness
Compliance
Critical - - - -Important - - - -
Minor - - - -
Executive summary of our audit findings:
The table below details Audit findings:
Based on the overall audit strategy, we undertake medium term and annual Audit programmes to provide the required assurance. These will be drawn up by Internal Audit in consultation with the Concerned Authority and the approval of the Audit Committee. The programme’s are meticulously designed to:
Appraise progressively the soundness, adequacy and application of the internal control systems;
Ascertain the extent to which the system of internal control ensures compliance with the policies and procedures and State laws and regulations;
Ascertain that the system of internal control promotes the efficient and effective use of resources;
Ascertain that the system of internal control operates to ensure that the assets of the Organization are properly controlled and safeguarded from losses arising from fraud, irregularity or corruption;
Ascertain that there are adequate controls to ensure reliability of accounting and other information as a basis for producing accounts and for financial, statistical and other returns;
Ascertain that there is an adequate internal control system to ensure the integrity and reliability of financial and other information provided to the Governing Authority; and
Confirm compliance with laws, regulations and Government Guidelines.