Example of Annual Audit Planning Work Program
of 2
Transcript of Example of Annual Audit Planning Work Program
-
8/10/2019 Example of Annual Audit Planning Work Program
1/2
EAST CAROLINA UNIVERSITYOFFICE OF INTERNAL AUDIT
WORK PROGRAM
Project Number:
Project Description: Annual Audit Plan
Developed By/Date:
Reviewed By/Date:
Page: 1 of 2
SAWPT-06 (07/01/04
CONFIDENTIAL DO NOT DISTRIBUTE
General Purpose and Scope of Engagement:
To establish a risk-based audit plan process to determine the priori ties of the internal audit activit y, consistent wit h theUniversitys goals. A risk-based audit plan ensures that audit activities are effectively focused on those areas where risks ormateriality of exposure is greatest. Therefore, audit planning should be based on an assessment of risks and exposu res that mayaffect the Universit y, and shoul d be done annually in order to reflect the most current strategies and direction of t he organization.Risk assessments should include inpu t from management and the board of trustees.
Per IPPF: 2010 Planni ng
The chief audit executive must establish risk-based plans to determine the priorities of the internal audit activity, consistent
with the organization's goals.
Interpretation:
The chief audit executive is responsible for developing a risk-based plan. The chief audit executive takes into account the
organization's risk management framework, including using risk appetite levels set by management for the different activities
or parts of the organization. If a framework does not exist, the chief audit executive uses his/her own judgment of risks after
consultation with senior management and the board.
2010.A1-The internal audit activity's plan of engagements must be based on a documented risk assessment, undertaken
at least annually. The input of senior management and the board must be considered in this process.
2010.C1-The chief audit executive should consider accepting proposed consulting engagements based on the
engagement's potential to improve management of risks, add value, and improve the organization's operations. Accepted
engagements must be included in the plan.
Related IPPF Guidance
PA-2010-1: Linking the Audit Plan to Risk and Exposures
PG-GTAG 11 Developing the IT Audit Plan
A. Preli minary Work
No. Detailed Engagement ProcedurePerformed
ByW/P
ReferenceObservation
Number
1. Review vision, mission, and current strategic plan of University.
2. Obtain and review high-level organization chart, chart of accounts forUniversity and latest fact book.
3. Obtain and review latest financial report.
4. Review ECU website noting any considerable items.
5. Review banner balances from ODS for each division.
6. Update Audit Universe with audits/reviews/consults conducted internally orexternally.
7. Review UNC FIT initiative, Internal Control Assessment, and Core BusinessProcesses to determine affect on audit plan.
8. Based on above information update audit universe.
-
8/10/2019 Example of Annual Audit Planning Work Program
2/2
EAST CAROLINA UNIVERSITYOFFICE OF INTERNAL AUDIT
WORK PROGRAM
Project Number:
Project Description: Annual Audit Plan
Developed By/Date:
Reviewed By/Date:
Page: 2 of 2
SAWPT-06 (07/01/04
CONFIDENTIAL DO NOT DISTRIBUTE
B. Risk Assessment**
No. Detailed Engagement ProcedurePerformed
ByW/P
ReferenceObservation
Number
1. IT Risk Assessment performed by Systems Auditor.
2. Minutes from ERM Committee
3. Risk Assessments conducted/facilitated by AVC for ERM.
4. Based on Information update audit universe using audit universe template.
C. Other
No. Detailed Engagement ProcedurePerformed
ByW/P
ReferenceObservation
Number
1. Review latest findings from State Auditor reports for other Universities.
2. Review 2009-2010 ECU BOT minutes and ECUP Board Minutes.
3. Determine effect on annual audit plan.
D. Audit Plan
No. Detailed Engagement ProcedurePerformed
ByW/P
ReferenceObservation
Number
1. Review last years audit plan and bring forward any necessary audits.
2. Review last years audit hours to determine available audit hours.
3. Review follow-ups that need to be conducted.
4. Inquire of senior management and other of reviews to be performed.
5. Review audit universe.
6. Based on the above develop the audit plan.
7. Update audit universe with planned audits.
8. Meet with senior management to discuss audit plan.
9. Obtain approval of audit plan from Chancellor and BOT
