top of page
Guidance Hub - Internal Audit - Mob.png
Guidance Hub - Internal Audit.png

Your guide to the Internal Audit Process

Here's everything that you need to ensure your audits align to the Standards.

The Global Institute of Internal Auditors have put together standards, aimed at guiding adherence with the mandatory components of the International Professional Practices Framework (IPPF), providing a framework for performing audits, establishing a basis for evaluation and, encouraging improved business processes and operations. We have developed a range of Internal Audit templates based on the requirements of the International Standards for the Professional Practice of Internal Auditing.

On this page you will find:

  • A downloadable version of our Auditing to the Standards Guide; 

  • A step by step breakdown of each phase of the Internal Audit Process, with links to the various templates; and

  • Links to the IIA's 'International Standards for the Professional Practice of Internal Auditing. (Standards).


As always, this is only one way of performing annual planning, and any planning activities should be appropriate and relevant to the organisation. 

Your guidance document

Download your copy of the Auditing to the Standards Guidance document  by clicking on the icon to the right. 

Alternatively, you can email us at and we will email a copy over to you right away. 

All of our Guidance documents can also be found in our document archive which is located here

Your step by step breakdown of the Internal Audit process

Click on each number below to be taken to the relevant template which supports this part of the Annual Planning process.



Starting the audit

Your audit will only be as good as your planning. Failure to appropriately plan and scope the review can potentially result in risks not being appropriately reviewed, or improvement opportunities within the business not being identified. 

The Standards reflect how important the planning phase is, with the Standards considering everything from current risks and governance processes, through to current control frameworks within the business, and even the objectives of the review. These templates will help guide you throughout the Planning process and help you consider parts of the Standards. 



Doing the audit

This is the guts of it. By now, you have done all the planning, worked out what your risk areas are, and now built a Work Program around how you are going to test and address each of the identified risks.
Throughout the fieldwork phase, it’s important to ensure that all of your work is appropriately documented. If it’s not documents, it’s not done. At a minimum, each workpaper should include:
•    Scope area being addressed
•    Purpose/objective of the workpaper
•    Methodology – how we have performed the work
•    Tests
•    Outcome / conclusion



Communicating the audit

The audit report phase is important for so many reasons. Not only is it the one major output of your work, but it is also a direct reflection of the effort and attention to detail which has been undertaken during the audit. 

An audit report also has the potential to value add by identifying opportunities or future considerations which may not have otherwise been surfaced. 

It is important that reports are communicated to the relevant stakeholders and appropriate management. Additionally, reports should be clear and concise as they will be constantly referred to for the action tracking / audit follow up process. 



The business' bigger picture and how this links with the current environment and external information

Although the final report has been issued and the file now completed, there are a few good ‘housekeeping’ practices which should be undertaken. 

Ideally, these checklists presented below should be completed throughout the review. They should be completed alongside a file review whereby comments are lefts by the Manager on audit workpapers. A final report should not be issued until all checklists are completed and comments addressed. 

Follow the close out of the audit, all recommendations arising from the report should be included in the Action Tracking Database, updates to the risk register made (if required), and updates made to the Audit Universe. 

Shopping Banner v2.png
bottom of page