5
ENGAGEMENT PLANNING
Internal auditors should develop and record a plan for each engagement, including the scope, objectives, timing and resource allocations.
—IIA Standard 2200
INTRODUCTION
We arrive now at detailed engagement planning, where long-term plans get translated into actual audits. An audit engagement is described as:
A specific internal audit assignment, task, or review activity, such as an internal audit, Control Self-Assessment review, fraud examination, or consultancy. An engagement may include multiple tasks or activities designed to accomplish a specific set of related objectives.1
Each engagement should be planned and a work program that can be used to guide the auditor through the work needed to complete the engagement should be prepared. An engagement work program is described as:
A document that lists the procedures to be followed during an engagement, designed to achieve the engagement plan.2
IIA standards help set the scene for this all-important aspect of risk-based audit planning:
In planning the engagement, internal auditors should consider:
The objectives of the activity being reviewed and the means by which the activity controls its performance.
The significant risks to the activity, its objectives, resources, and operations and the means by which the potential impact of risk is kept to an acceptable level.
The adequacy and effectiveness of the activity's risk management and control systems compared to a relevant control framework or model.
The opportunities ...
Get Audit Planning: A Risk-Based Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
