Professional Documents
Culture Documents
An audit plan explains the expected scope and functioning of the procedure under which
financial books of a company are minutely inspected to ensure they are accurate. Audit plans
make sure priorities within the audit process are addressed and direct the nature, timing and
extent of the program's success.
Audit preparation
Prepare the audit plan well. The audit plan needs to include certain preliminary checks,
such as the updating of all pertinent information, a review of risk, and, if possible, coordination of
the process.
Carry out a preliminary audit overview. This process gives insight into the audit plan and
the entire scope of the audit. Discuss with relevant stakeholders matters such as the completion
date, the process of the audit and even any matter relating to tax office guidelines. It is
important to know exactly what role each member within the audit team will play..
Gather all available information. This ensures that as detailed information as possible can
and will be used for the actual audit. For evidential purposes, the information collected needs to
be confirmed.
Review all gathered information. This helps to identify whether or not the audit scope
should be redefined. As this is the final step prior to the actual audit, the auditor must ensure
that all key issues are addressed and that a risk hypothesis has been developed. As the auditor
will now begin to develop a position, any necessary adjustments to the audit scope should be
made.
Pre-Audit Checklist
According to professional standards, auditors must plan audits using due professional care. This
includes gaining an understanding of the audit client's business processes, objectives and risks.
A common tool used during audit planning is the pre-audit checklist, or questionnaire. The
checklist can have many uses, including gathering preliminary information to scope the audit,
determining the key business risks, identifying areas for more audit attention and informing the
client of data needs.
Pre-audit checklists are often used to gather important information from the audit client
during the planning phase of an audit. For example, in a financial statement audit the auditor
may send a checklist requesting specific information such as bank statements, lease agreements
and insurance policies for a certain time period. A questionnaire can also be sent to the client to
gather key information regarding business objectives and risks. The auditor can use this
knowledge to target and prioritize audit fieldwork.
A pre-audit checklist can be also be used as a tool to provide important information to the
audit client. For example, a communication may announce the date and duration of an upcoming
audit, preliminary audit scope and objectives and audit requirements, such as office space
accommodation and data access needs. This announcement can be combined with preliminary
information requests. The information can be either forwarded to the auditor during planning or
be made available to the auditor at the audit location.
A pre-audit checklist can also function as an internal document for the audit team to
ensure key information is gathered. For example, a checklist may require the auditor to internally
generate certain reports and metrics such as financial statements and key performance metrics.
Gathering this information independent of the audit client lends more credibility to its accuracy.
Also, the auditor can gather information from third party sources, such as suppliers, creditors,
and customers using a checklist approach.
Review the business's organization charts to identify all business areas and support units.
Review the business's income statement to identify all sources of revenue. Make sure they
are accounted for in the organization chart.
Meet with business managers to discuss any plans to open new business or support units,
or to close, consolidate or sell existing units. Follow up on any anomalies between the income
statement and the organization chart.
Decide how to split your audit universe (the areas you will audit). Once you establish an
audit universe, you will audit each unit or department on a risk-based cycle, usually three years.
You may choose to audit business units in their entirety, from manufacturing or sales to shipping
and collections, including all supporting functions such as human resources, accounting, tax,
strategy and information technology. Or, you can perform smaller audits of discreet business
activities such as sales or collections, or support activities such as human resources.
Risk Assessment
Establish a numeric approach to rating the risk of each unit so you can allocate scarce
audit resources to the riskiest areas of the business. Factors to consider include: income and/or
expense contribution; transaction volume, which might include number of items manufactured,
number of employees hired or number of transactions processed through a computer system;
time since the last audit and the results; and the degree of strategic significance the unit has to
the overall business.
Determine a numeric cut-off for high-, medium- and low-risk units. For example, units
scoring between 80 and 100 (high risk) might be audited annually; those scoring between 50 and
80 may be audited every two years; and those scoring below 50 (low risk) would be audited
every three years.
Rate each unit based on its risk and assign an audit frequency. If possible, include business
managers in the process to gain their perspective on each unit's risk.
Establish how much time you will allocate to each audit, considering the manual and
automated procedures you will need to perform.
Determine how many hours of audit time your staff has available and compare it to the
audit time required. If the numbers do not match, request additional staff or reduce the hours per
audit or the number of audits you perform each year.
Discuss the draft audit plan with the business's managers and get their approval for it and
related resources.
Scope
The scope of an audit checklist outlines the main details of the audit. It contains
information about the client, any concerns that could be factors, the focus of the audit, the time
line and the required outcome. Many times, the scope also allocates the resources that will be
used during the audit. The resources will describe which departments or divisions will be involved
in the audit, and what roles they will play.
Evidence Collection
The next section in an audit checklist is for evidence collection. This is where the auditor
determines the sources from which to collect information. Depending on any known concerns,
there are many places in an organization that the auditor will collect information from for a
financial audit. These include accounts payable, accounts receivable, inventory records and
banking information. All places from which information will be collected are marked on the audit
checklist, focusing on any areas with concerns.
Audit Tests
Audit tests is the next section on the checklist. This section is labeled similarly to the
evidence collection section, listing all areas that are sources of evidence. Each area in this
section is listed, along with the type of tests used for that specific area. This section shows the
auditor the type of testing required for each area.
Analysis of Results
This section of the audit checklist contains a place to organize the results found in the
audit. The results are organized by section, and the checklist is given to the senior auditor.
Conclusion
The conclusion section to an audit checklist contains room for the auditor to write his
opinion. In this section the auditor describes the methods used in the audit, along with the
results, and he gives any opinions about the conclusion of the audit.
Background Information
Include a summary of the documents purpose to explain to readers what an internal audit
plan is and what makes it useful. The St. Louis Federal Reserve Bank indicates that the audit plan
can be used by executive management to oversee both the business's and the audit
departments performance during the year.
Explain how the audit plan was developed. It is usually based on a standardized risk
assessment; discussions with management; evaluations of prior audit results; inclusion of audits
mandated by regulatory bodies or parent companies; and management requests.
Describe the methodology used by the audit department to assign risk to individual audit
areas or businesses. Risk rating will usually involve assessments of quantitative risk areas such
as credit or financial risk, along with evaluations of less tangible risk areas such as staffing,
strategic importance and legal risk.
Describe the structure of the internal audit department, providing organization charts as
needed. Include explanations of available time, documenting hours available for audit work
during the year and explaining the difference between available hours and working hours (i.e.,
most audit departments exclude vacation, holiday and administrative time from available hour
calculations).
Provide a brief description of each audit planned for the year, including scheduled audit
hours and general audit scope.
Include a list of all auditable areas and document the department or businesss risk rating,
date of the last audit, audit result, hours used during the audit, and planned dates and audit
hours for future audits. This list demonstrates how risk ratings and prior audit history influence
the future audit schedule.
Compare the previous years audit resource allocation to each auditable area to the
coming years allocation using a pie chart or bar graph, to demonstrate how audit focus will
change. Provide an explanation for significant deviations.
List the date at the top of your audit memo. Drop down several lines and list the client's
name, address and identification number, if applicable. Specify the period covered by the audit in
the introductory paragraph. If the memo relates to a quarterly audit, include the fiscal year to
which it belongs. State the initial objective of the audit, such as verification of financial
statements, internal use or tax analysis.
Body of Memo
Use the body of the memo to discuss the results of the audit. List the areas included in the
audit and the method used to evaluate each. For financial audits, be as specific as possible with
the dollar amounts and dates of any questionable transactions.
Final Paragraph
In the final paragraph, offer a brief summary of your opinion of the company's processes.
List the areas that worked well and offer recommendations to address any problem areas.
Provide your contact information in case the recipient has any questions about your findings or
would like to schedule a follow-up audit after correcting the issues.
Accounting principles
Auditing principles
Financial information
Review national accounting and auditing standards. Generally accepted accounting
principles (GAAP) and generally accepted auditing standards (GAAS) are the most authoritative
accounting and auditing standards in the U.S. Accountants should review these standards to
design auditing procedures that accurately reflect these concepts.
Create a sampling process. Audits do not test every transaction during the review process.
Accountants must create a statistical or non-statistical system to select a random sample of the
company's information. This procedure can be computer generated or a manual random
selection process.
Develop individual fieldwork techniques. Accountants will complete most of their work
during the fieldwork stage. These procedures use a mix of observations, interviews and
recalculations. Observing and interviewing procedures are better when physical items are under
review, while recalculating information is common when accountants must test the accuracy and
validity of information.
Evaluate internal controls. Publicly held companies must use internal controls to safeguard
their financial information. Audit procedures should include an interview of company
management to assess their knowledge of the controls, observe the controls if possible and test
information to ensure all signatures or authorization exists on documents.
Audit procedures can change over time. Professional accountants should consider taking
current seminars or courses to learn about accounting issues and how to create audit
procedures.
Failing to develop strong audit procedures can allow inaccurate information to remain in a
company's accounting information. This can create dangerous legal situations for both auditors
and their clients.
Management Information
Manuals
Manuals outline the companys specific business or accounting policies and procedures.
Auditors use these manuals to compare actual information from various departments to the
companys standard operating procedures. Companies can have a single manual for the entire
company or several individual manuals. Auditors will request each manual pertinent to the audit.
Accounting Ledger
Tax Information
Companies may disclose tax information during financial audits. External auditors review
this information to ensure the company accurately reports income for tax purposes. Sales tax,
payroll tax and property tax represent a few other taxes auditors can review. Companies may not
have each of these taxes depending on their operations. Auditors will usually question company
management to determine how many tax liabilities the company must report to government
agencies.
Bank Statements
Bank statements are an important part of the audit preparation checklist. Auditors
measure the companys cash flow to assure they have enough capital to remain in business.
Companies can have several bank accounts depending on the size of their operations. Auditors
will need general, wire transfer, payroll and disbursement statements during audit preparation.
Reconciliation