+44 203239 7446

The Anatomy of an Audit

Planning, Planning, Planning! Never underestimate the importance of planning to ensure a smooth audit process. Effective planning includes defining what is being audited, notifying the auditee, collecting and analyzing relevant data, identifying key risks, and scoping the audit. Certain audits must be performed annually, so these are factored into the year’s planning. During this process, input from management regarding risk areas in the business is essential, allowing the focus on high-risk areas for that year. Typically, the audit scope covers the previous six to twelve months and includes current transactions to reflect the present situation. Although audits are inherently retrospective, they should also have a present and future focus.

It’s vital to inform management or the auditee of the upcoming audit and request reports and samples before beginning. Ensure that relevant personnel are available for interviews. Data analytics and Computer Aided Audit Techniques (CAATS) should be utilized before fieldwork to identify exceptions and errors in transactions. While the primary purpose of Internal Audit is not to root out fraud, it must always be considered. If a risk, particularly a fraud risk, is identified during the audit, the scope can be adjusted to focus on this area. Flexibility in planning and conducting the audit is essential for effective “drill down” into these areas.

During planning, create a task plan that outlines all tests to be performed, assigns responsibilities, estimates budgeted hours, and sets target completion dates. Tasks and tests can be assigned points to monitor auditors’ productivity on a daily and weekly basis. Setting targets is crucial to provide a goal to work towards. Every auditor, from intern to junior level and upwards, is an “executive” and should act strategically. Involving the entire team in planning helps develop juniors and gives them a comprehensive view. All juniors and clerks are potential executives and should be treated as such, taking responsibility for their work and thinking critically. Auditors need to understand the “why” of the controls tested, the risks mitigated, the processes involved, and who is responsible.

When entering the audit area, it is important to understand the business landscape. Sometimes past audit files are available, but it is crucial to flowchart current processes and activities. This process, known as a process narrative, documents all processes and activities and the associated controls. Alongside this, a risk assessment is performed, highlighting gaps in controls where risks are identified without corresponding controls. These gaps should be immediately brought to management’s attention.

After documenting all risks and the business landscape, a program of tests to be performed is prepared, focusing on risk areas and compliance issues. If time is limited and some areas are not covered (or were previously covered and are not high risk), a limitation of scope is communicated to management. Up to this stage, the audit is in the planning phase. It is crucial to distinguish planning from fieldwork to avoid confusion, overruns, and failed audits. Planning is a distinct cycle of action, separate from fieldwork, and should be structured to ensure the audit team and auditee understand this distinction.

Fieldwork can now begin. The audit team is assigned specific tests to perform, following the audit program sequence to avoid stops and blockages. In reality, there is often resistance from employees being audited, which must be addressed promptly. This is why planning is crucial to ensure all documents, reports, information, and employees are available during the audit. If the auditee does not cooperate, the auditor should immediately escalate the issue to their superior. Most delays are due to waiting for the client or auditee, which must be stopped promptly to avoid creating incomplete cycles and slowing down the work.

Supervisors and managers need to monitor and review work daily, setting targets and deadlines for auditors to complete tests. Targets include specific deadline dates and hours allocated for each task.


Share this article:

Share on facebook
Share on twitter
Share on linkedin
Share on email

Other Articles