Making It Happen
Chief audit executives should look to his or her audit committee and management for guidance on the range and type of work to be performed by the internal audit function. However, the chief audit executive, as an internal audit professional, should be using his or her knowledge and experience to identify and influence the formulation of a risk-based internal audit plan of work that best provides for the needs of the organization. This is likely to be a blended plan of internal audit work that encompasses both assurance services and consulting services:
Assurance Services
-
Part of the overall internal audit plan of work.
-
Annual or longer-term focus.
-
Risk-based.
-
May include cyclical internal audits of higher-risk areas.
-
Need to consider legislative and regulatory requirements.
-
Need to consider external audit to avoid duplication of audit effort.
-
Estimated hours for audit topics assessed from previous internal audits (structured gut feel).
-
Focus on compliance, financial issues and risks, financial controls, and IT reviews.
Consulting Services
-
Part of the overall internal audit plan of work.
-
Flexible, rolling focus—rather than fixed in time.
-
Risk-based and customer-focused.
-
If limited previous data are available, estimate hours needed for internal audit topics on the basis of the best available information and past experience (unstructured gut feel).
-
Focus on current and emerging business issues and risks, and system under development reviews.
- Page 7 of 7
- Previous section Case Study
www.qfinance.com