Auditoria Interna
Providing a framework for understanding and delivering Grant Thornton’s Internal Audit Services in a consistent, high-quality way
A Guide to Internal Audit
Table of Contents
Introduction What is Internal Audit? Risk Management Internal Controls Types of Internal Audit Service Delivery Common Services Delivery Methodology Overview Determine Client Needs KeyObjectives and Tasks Relationship with Other Phases and Activities 04 04 04 04 05 06 06 07 07 08
Scope & Arrange Work Prepare Proposal and Engagement Letter Engagement Acceptance Procedures Internal Audit Charter
09 09 09 10
Plan Determine the Audit Universe Applying the Quadrant Model Assessing Risk in Different Categories
11 12 12 12
Entity-Level Risk Assessment Facilitated Sessionswith Key Members of Management Risk Ranking Exercise Internal Audit Workplan Writing the Plan Managing the Audit Quality and Risk Final Internal Planning Meeting Kick-Off Meeting with Client Determining Staffing,Time and Field Requirements The Intersection of Pre-Fieldwork and Fieldwork
13 13 13 13 14 14 14 14 14 15
Analyze & Assess What are the Unique Aspects of Executing Internal Audits?Types of Audits Process-Level Risks and Existing Controls Control Ratings Testing Strategy/Approach Draft Formal Written Issues and Action Plans Analyze and Assess Root Causes of Process Operating and Control Deficiencies Activities and Deliverables
16 16 16 17 18 18 18 19
Pre-fieldwork
Fieldwork
Determine client needs
Scope & arrange work
Plan
Analyze & assess
Report & &Report recommend recommend
Implement
Evaluate
continuously improve
determine business & technology context manage engagement performance, quality and risk communicate & enable change
Report & Recommend Final Reports Executive Summary Description of Audit Risk Management Response Ancillary Recommendations Higher-level Findings Issue Tracking Implement
20 20 20 20 20 21 21 21 22Pre-fieldwork
Fieldwork
Determine client needs
Scope & arrange work
Plan
Analyze & assess
Report & recommend
Implement
Evaluate
continuously improve
determine business & technology context manage engagement performance, quality and risk communicate & enable change
Evaluate Client Reaction Wrap-up Confirm Client Satisfaction “Shut down” and Continuous Improvement
2323 23 24 24
Ongoing Activities Determine Business & Technology Context Manage Engagement Performance, Quality & Risk Communicate & Enable Change
25 25 27 28
Appendix: Internal Audit Engagement Checklist
29
© 2006 Grant Thornton International. All rights reserved.
A Guide to Internal Audit: Introduction
Introduction
What is Internal Audit?
The Institute of Internal Auditors(IIA) defines internal auditing as: Assisting an organization to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, internal controls and governance processes. An internal audit objectively assesses the management of risks that a company faces. The aim is to: • • • understand the current state assess the currentstate using appropriate standards develop findings and recommendations for management and/or the audit committee
An internal audit is a powerful tool that helps manage the threats to an organization’s success.
Internal Controls
Internal controls manage risk. An internal audit itself is a form of internal control because it evaluates the design and effectiveness of internal controls anddevelops recommendations for improvement. Much of the focus of internal audit work is internal control analysis, design evaluation and operational effectiveness testing. Internal auditors must be experts in 1) the assessment of risk and 2) the internal control techniques and tools that mitigate risk. Internal auditors must also be experts in the areas they are evaluating (e.g., Generally Accepted...
Regístrate para leer el documento completo.