Annual Audit Plan

Prepared by: Alvarez, Lealyn

What is Annual Audit Plan?
The annual internal audit
plan (or just 'audit plan') is
the list of audit engagements
to be conducted in the coming
year.
Purpose of AAP
The purpose of the plan is to define
the audit work that will be
completed each fiscal year, and it is
a methodical approach that enables
reviewers to focus on important
areas under review.
 How annual audit plan is
developed?
Each year, the Chief Audit
Executive - with the help of their
leadership team - interviews senior
managers, key employees
throughoutt the organization, and
members of the audit committee,
which is the subcommittee of the
Board of Directors that oversees the
internal audit function.
 After these interviews, the
audit leadership team will meet
and analyze the results of their
interviews. Before they select
which of the identified risks will
end up on their annual audit plan
as engagements, they'll do their
own assessment.
How to Write an Internal
Audit Plan
The Institute of Internal
Auditors requires that the chief
audit executive establish risk-
based plans that drive internal
audit activity.
Background Information
Include a summary of the
document’s purpose to explain to
readers what an internal audit
plan is and what makes it useful.
Risk Rating Methodology and
Staffing Allocations
Describe the methodology used by the
audit department to assign risk to
individual audit areas or businesses. Risk
rating will usually involve assessments of
quantitative risk areas such as credit or
financial risk, along with evaluations of
less tangible risk areas such as staffing,
strategic importance and legal risk.
 Audit Plan Details
Provide a brief description
of each audit planned for the
year, including scheduled
audit hours and general audit
scope.
 Annual internal audit coverage
plans
Chartered Institute of Internal
Auditors
Preparing an annual programme
of work, often described as the
internal audit plan, has always been
a challenge. Demand for assurance
and consulting services usually
exceeds available budgets or
resources.
 The definition of internal auditing
gives us an opened ended and broad
remit 'designed to add value and
improve an organization's operations'.
Furthermore, for those internal
audit activities that are required to
provide an annual opinion upon the
state of governance, risk management
and control, the question arises…
 -What is sufficient annual coverage to enable
internal audit to give such an overall annual
opinion?
• Annual opinions
• Create a framework to enable an overall annual
opinion
• Prepare an internal audit strategy
• Scope of internal audit
• Possible components of the annual internal
audit plan
• Create an internal audit universe
• The internal audit plan and resources
Annual opinion
The International Standards require
internal audit to establish risk based plans
(Performance Standard 2010) but it is not
mandatory to provide an annual or macro
opinion (Performance Standard 2450).
Annual internal audit reports and
opinions are being driven by specific codes
of governance and sector specific
expectations upon internal audit.
 Create a framework to
enable an overall annual
opinion
Internal audit planning is not an
isolated or standalone activity. There
is a necessary link or flow from the
internal audit charter, to the internal
audit strategy and then the annual
internal audit plan.
Prepare an internal audit strategy
Operational units, departments
and subsidiaries within
organisations often prepare a
business plan or strategy to set out
how they will contribute to the
achievement of the organisation's
key aims and objectives. I
Scope of internal audit
The International Standards require
that internal audit must be free from
interference in determining the scope of
internal auditing, performing work and
communicating results (Standard
1110.A1). Unrestricted access coupled with
the requirement to provide an overall
annual opinion means the scope of
internal audit is broad.
Possible components of the annual
internal audit plan
Each organisation should
agree an annual internal audit
plan that suits its specific and
unique requirements. No formula
exists that can be applied to
determine the minimum level of
coverage.
Create an internal audit universe
Where risk management is
applied effectively and
comprehensively by management
the key risks that have been
identified become the focus of
attention for annual internal audit
planning.
The internal audit plan and resources
Finally, the Standards clearly
specify (proficiency 1210) that in
providing internal audit services it is
necessary for the internal audit activity
to collectively possess the knowledge,
skills and other competencies neeed to
perform their role effectively.
Example of annual audit plan
The end……