Search
Updated on November 24, 2023

BIZOPS-22 – Internal Audit

Estimated reading: 4 minutes 1386 views

What is this control about?

Implementing the control of Internal Audit is essential for organizations to ensure effective governance, risk management, and internal control processes. Internal audit functions as an independent, objective assurance and consulting activity that adds value to an organization by evaluating and improving its operations.

Available tools in the marketplace

 Corrective Action Tools
No tool recommendation is made for this section

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

  • N/A: no template for this control

Control implementation

Here are some guidelines to implement an Internal Audit program:

  • Establish an Internal Audit Charter: Develop an Internal Audit Charter that defines the purpose, authority, and responsibilities of the internal audit function. The charter should outline the objectives, scope, and reporting lines of the internal audit activities. It should also establish the independence and objectivity of the internal audit function, as well as its relationship with the audit committee or board of directors.
  • Develop an Annual Audit Plan: Develop an annual audit plan that outlines the key areas, processes, or functions to be audited during the year. Consider factors such as risk assessments, regulatory requirements, and management priorities when developing the plan. Ensure that the audit plan covers a comprehensive range of audits, including financial, operational, and compliance audits.
  • Allocate Resources: Allocate appropriate resources to the internal audit function based on the audit plan. This includes assigning qualified and experienced auditors to perform the audits. Consider the skills, knowledge, and expertise required for each audit and ensure that the internal audit team has the necessary resources, such as budget, technology, and training, to execute the audits effectively.
  • Develop Audit Procedures and Work Programs: Develop detailed audit procedures and work programs for each audit engagement. These documents should outline the specific steps, methodologies, and techniques to be used during the audit. Ensure that the audit procedures address the identified risks and objectives of the audit. The work programs should include a timeline, key milestones, and deliverables for each audit engagement.
  • Execute Audit Engagements: Conduct the audit engagements according to the planned audit procedures and work programs. This involves gathering evidence, conducting interviews, reviewing documentation, performing tests, and analyzing data as required. Maintain open communication with auditees, management, and other stakeholders throughout the audit process.
  • Document Audit Findings: Document the audit findings, including any control deficiencies, weaknesses, or opportunities for improvement identified during the audit engagements. Clearly articulate the impact and potential risks associated with the findings. Ensure that the audit findings are supported by sufficient and appropriate evidence.
  • Report and Communicate Audit Results: Prepare audit reports that summarize the audit findings, recommendations, and management responses. Ensure that the reports are clear, concise, and actionable. Communicate the audit results to the appropriate stakeholders, including management, the audit committee, and other relevant parties. Follow up on management’s actions and track the implementation of audit recommendations.
  • Monitor and Follow-Up: Establish a process for monitoring and following up on the implementation of audit recommendations. Track the progress of management’s actions and verify the effectiveness of the remediation efforts. Maintain documentation of the follow-up activities and ensure that any outstanding issues are appropriately addressed.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

  • Internal Audit Charter: Auditors expect to see a documented Internal Audit Charter, which establishes the purpose, authority, and responsibilities of the internal audit function. The charter should outline the objectives, scope, and reporting lines of the internal audit activities. It should also specify the independence, objectivity, and accountability of the internal audit function.
  • Annual Audit Plan: Auditors will review the documented Annual Audit Plan, which outlines the key areas, processes, or functions to be audited during the year. The audit plan should be based on a comprehensive risk assessment, considering both financial and non-financial risks. It should indicate the planned audit engagements, their objectives, timelines, and resource allocation.

Evidence example

For the suggested action, an example is provided below:

  • Internal Audit Charter

Screenshot source

BIZOPS 22 Internal audit charter

  • Annual Audit Plan

Screenshot source

BIZOPS 22 Internal Audit Schedule Template

Join the conversation

ON THIS PAGE
SHARE THIS PAGE

SUBSCRIBE
FlightSchool
Trusty

Want to see how to turn GRC into a profit center?

Ready to save time and money on audits, pass security reviews faster, and manage enterprise-wide risk? Let’s talk! 

Learn More
TrustCommunity

The #1 Community for Security, Privacy, and GRC Professionals.

© 2024 TrustCloud Corporation. All rights reserved.
TrustCloud® and TrustOps® are registered trademarks of TrustCloud Corporation.

Facebook Linkedin Youtube Rss

Resources

Platform

TOPICS

ABOUT US

AICPA
Monitored by TrustCloud

💛 Joyfully Crafted to Elevate GRC Leaders into Trust Champions.

OR