Overview of the audit process
Each year our team prepares a risk-based three year rolling audit plan, which is presented to the audit committee at its January meeting. Approval is sought for projects scheduled for Year 1, with proposed projects for Years 2 and 3 provided to the committee for information only. The 3-year rolling plan is revisited each year to validate risk rankings and identify emerging risk areas, so that these are considered when annually updating the 3-year plan.
For each individual audit project, the following steps are included:
The internal audit process involves the following four key phases: planning, fieldwork (detailed examination and analysis), reporting and follow-up.
Phase 1: Planning
- a detailed analysis of the scope, objectives and approach for each project
- scope specifies what will be examined, and the project’s objectives define the purpose of the project
Phase 2: Fieldwork
- involves gathering sufficient, relevant, and reliable information pertaining to those activities included in the project’s scope
- this information helps support conclusions related to the project’s objectives
- conclusions reached based on evidence collected and analyses performed inform recommendations IA makes to help management improve performance
Phase 3: Reporting
- Reports of progress are provided to management throughout both assurance and advisory engagements. The mode of reporting varies, but may involve a written report.
Phase 4: Follow-up
- Internal Audit is expected to monitor actions taken in response to recommendations for improvement and report on the status of follow-up actions to the Audit Committee - follow-up work necessary will vary depending on the risk profile of the recommendations and the nature of the engagement.