Tools and Templates Archives - Page 10 of 10

As we continue the audit planning process, we need to identify and understand what risks and controls are currently in place. Depending on the maturity of an organisation or a function, a business may have already identified its risks (documented in a risk register) and may already have a series of documented controls (similar to SOC). If a business is required to perform SOC testing, you would hope this is already established.

Understanding what risks have already been identified, and what controls may be in place to address the risks, will help us to see how effective the controls are working, and whether or not there are currently any gaps in the control coverage. Essentially, we will be looking at the design of the process, what risks are there, and what controls are in place to mitigate the risks. We should give consideration to inherent risk, and the residual risk from effective implementation of controls. All of this (and it sounds like a lot), will help us to also understand the risk appetite of the business, and what areas we should focus on during our review.

A preview of our template is included below:

This activity forms part of a suit of planning activities which should be performed to make sure we fully understand the audit topic. Particularly where an organisation performs SOC testing, or has a well established risk management process, we should leverage off work from other assurance activities or team (i.e. the risk team), to avoid duplication and gain efficiencies during the planning process.

Simply CLICK HERE to download your FREE template.

To buy an editable version of this template, PLEASE CLICK HERE.

As part of the planning process, it is essential to understand if there has been any previous audit activity within this particular area. Understanding what activity has been performed previously will help us to better identify risks, areas for improvement and areas of focus.

Our review of prior audit activity should not be limited to just previous Internal Audit reviews, but also recommendation / action tracking status, results from the financial statement audit, any key control / SOC compliance reviews performed, and any other ad-hoc assurance gained during the year.

This activity forms part of a suit of planning activities which should be performed to make sure we fully understand the audit topic. Furthermore, by understanding previous audit activity, we can leverage from prior audits to gain some efficiencies in the process (i.e. re-confirming processes rather than starting from scratch). These efficiencies will allow us to better spend our time in other areas we consider there to be more risk, in turn, providing a more insightful and beneficial audit.

An overview of the template and what it looks like is included below:

Simply CLICK HERE to download your FREE template.

To purchase an editable version of this template, PLEASE CLICK HERE.

Good audit planning is essential to ensure that a quality review, which adds value to the client, is delivered. Understanding the client, the industry they operate within, and the topic of the audit, is extremely important as it allows us to focus on key areas. Furthermore, it helps us to further demonstrate our skills and knowledge to the business.

As part of our suite of audit templates to be released over the coming weeks, we are pleased to provide you with a free PDF template workpaper to cover the Background Research and Planning component of your audit.

Some screenshots of the template are included below for your reference:

Simply CLICK HERE to download your FREE template.

To purchase an editable version of this template, PLEASE CLICK HERE.