PowerPoint Presentation

Audit Programs and Establishingthe Audit UniverseChapter 10

internal audit areas

reviews of financial process internal controls,operational areas in the enterprise,safety and security issues, controls related to information technology (IT) systems,etcafter internal audit get its scope of potential areas to review, the chief audit executive (CAE) and other members of the audit team can subject areas to risk analysis and develop overall internal audit activity plans.audit universe

list of all of the potential areas to auditCBOK : Internal auditors at all levels should understand the importance of having an enterprise-specific internal audit universe as a basis to guide their internal audit activities. That audit universe will help internal audit to better present planned activities to the audit committeeall members of an internal audit function should perform their internal audit procedures in a consistent and orderly manner. They will accomplish these audit procedures through documents called audit programsDefining the Scope and Objectives of the Internal Audit UniverseTo define its audit universe, internal audit should review or understand the number of potential audible entities (business units / areas of operations) within the enterprise and across those business unitsExamples of auditable activities include Policies, procedures, and practices both on an enterprise level and those specific to locations, such as at international units Manufacturing, distribution, or supply chain units Information systems on infrastructure and specific application levels Major contracts or product lines Functions such as purchasing, accounting, finance, marketing and mothers

The internal audit team should also define several audit focal points to ensure consistency in their execution of all potential internal audits.Focal pointsFor an information security universe1. IT access controls2. System security configuration3. Monitoring and incident response4. Security management and administration

For an IT infrastructure universe element1. Structure and strategy2. Methodologies and procedures3. Measurement and reporting4. Tools and technologyII

Assembling Audit Programs : Audit Universe Key ComponentsTo provide help and guidance, internal auditors use audit programs to perform their internal audit procedures in a consistent and effective manner for similar types of audits. The term program refers to a set of auditor procedures similar to the steps in a computer program, which go through the same steps every time the process is run.Example Computer program to calculate pay will include instructions to read the time card file of hours worked, look up the employees rate stored in another file, and then calculate the gross pay. The same steps apply for every employee unless there are exceptions, such as overtime rates coded into the payroll program. Similarly, an audit program is a tool for planning, directing, and controlling audit work and a blueprint for action, specifying the steps to be performed to meet audit objectives. It represents the auditors selection of the best methods of getting the job done and serves as a basis for recording the work steps performed.Audit Program Formats and Their PreparationAn audit program is a procedure describing the steps and tests to be performed by the auditor when actually doing fieldwork.The program should be finalized after the completion of the preliminary and field surveys and before starting the actual audit fieldwork.

The format is Depending on the type of planned audit, programs usually follow one of three general formats: a set of general audit procedures, programs with detailed instructions for the auditor, and a checklist for compliance reviews

The questionnaire-format audit program tends to cause auditors to overlook necessary evidential matter. Inexperienced auditors can too easily check yes on the questionnaire without determining.The approach allows audit management to recognize what procedures the auditors did or did not perform

There is no best or set format for an audit program; however, the program should be a document that auditors can use to guide their efforts as well as to record activities.Types of Program Audit EvidenceAn audit program, properly constructed, should guide the auditor in evidence-gathering process. An internal auditor will encounter multiple types of evidence that can be useful in developing audit conclusions.

Audit Universe and Program MaintenanceThe audit universe document is a general description of all of the audit units that an enterprise internal audit function may review. It is a plan that defines the breadth and scope of internal audit activitiesAn understanding of how to build and use an audit universe for an internal audit function as well as supporting audit programs is a key internal audit CBOK requirement.