top of page

Procurement Audit Work Program

Updated: Jun 1, 2021

Example Internal Audit Work Program / Risk and Control Matrix (RCM)

Maintaining appropriate controls over procurement, such as ensuring we have obtained value for money and only verified suppliers are used, is important to ensure there is no fraud, the business is meeting any local regulatory requirements in terms of paying small businesses and vendors are being paid within the specified timeframes.


We have developed a generic Internal Audit Work Program, or Risk and Control Matrix (RCM) aimed at helping audit teams ensure controls over the procurement process (prociure to pay) have been designed and implemented correctly, and are also operating effectively.


The testing work program is built within our example 'Excel' audit file. The test plan has also been mapped to an example audit scope and objectives, and includes example risks and controls. See below for an extract from the example work program file.