What is Annual Audit Plan? The annual internal audit plan (or just 'audit plan') is the list of audit engagements to be conducted in the coming year. Purpose of AAP The purpose of the plan is to define the audit work that will be completed each fiscal year, and it is a methodical approach that enables reviewers to focus on important areas under review. How annual audit plan is developed? Each year, the Chief Audit Executive - with the help of their leadership team - interviews senior managers, key employees throughoutt the organization, and members of the audit committee, which is the subcommittee of the Board of Directors that oversees the internal audit function. After these interviews, the audit leadership team will meet and analyze the results of their interviews. Before they select which of the identified risks will end up on their annual audit plan as engagements, they'll do their own assessment. How to Write an Internal Audit Plan The Institute of Internal Auditors requires that the chief audit executive establish risk- based plans that drive internal audit activity. Background Information Include a summary of the document’s purpose to explain to readers what an internal audit plan is and what makes it useful. Risk Rating Methodology and Staffing Allocations Describe the methodology used by the audit department to assign risk to individual audit areas or businesses. Risk rating will usually involve assessments of quantitative risk areas such as credit or financial risk, along with evaluations of less tangible risk areas such as staffing, strategic importance and legal risk. Audit Plan Details Provide a brief description of each audit planned for the year, including scheduled audit hours and general audit scope. Annual internal audit coverage plans Chartered Institute of Internal Auditors Preparing an annual programme of work, often described as the internal audit plan, has always been a challenge. Demand for assurance and consulting services usually exceeds available budgets or resources. The definition of internal auditing gives us an opened ended and broad remit 'designed to add value and improve an organization's operations'. Furthermore, for those internal audit activities that are required to provide an annual opinion upon the state of governance, risk management and control, the question arises… -What is sufficient annual coverage to enable internal audit to give such an overall annual opinion? • Annual opinions • Create a framework to enable an overall annual opinion • Prepare an internal audit strategy • Scope of internal audit • Possible components of the annual internal audit plan • Create an internal audit universe • The internal audit plan and resources Annual opinion The International Standards require internal audit to establish risk based plans (Performance Standard 2010) but it is not mandatory to provide an annual or macro opinion (Performance Standard 2450). Annual internal audit reports and opinions are being driven by specific codes of governance and sector specific expectations upon internal audit. Create a framework to enable an overall annual opinion Internal audit planning is not an isolated or standalone activity. There is a necessary link or flow from the internal audit charter, to the internal audit strategy and then the annual internal audit plan. Prepare an internal audit strategy Operational units, departments and subsidiaries within organisations often prepare a business plan or strategy to set out how they will contribute to the achievement of the organisation's key aims and objectives. I Scope of internal audit The International Standards require that internal audit must be free from interference in determining the scope of internal auditing, performing work and communicating results (Standard 1110.A1). Unrestricted access coupled with the requirement to provide an overall annual opinion means the scope of internal audit is broad. Possible components of the annual internal audit plan Each organisation should agree an annual internal audit plan that suits its specific and unique requirements. No formula exists that can be applied to determine the minimum level of coverage. Create an internal audit universe Where risk management is applied effectively and comprehensively by management the key risks that have been identified become the focus of attention for annual internal audit planning. The internal audit plan and resources Finally, the Standards clearly specify (proficiency 1210) that in providing internal audit services it is necessary for the internal audit activity to collectively possess the knowledge, skills and other competencies neeed to perform their role effectively. Example of annual audit plan The end……
Audit Engagement Strategy (Driving Audit Value, Vol. III): The Best Practice Strategy Guide for Maximising the Added Value of the Internal Audit Engagements