Your guide to the Internal Audit Process
Here's everything that you need to ensure your audits align to the Standards.
The Global Institute of Internal Auditors have put together standards, aimed at guiding adherence with the mandatory components of the International Professional Practices Framework (IPPF), providing a framework for performing audits, establishing a basis for evaluation and, encouraging improved business processes and operations. We have developed a range of Internal Audit templates based on the requirements of the International Standards for the Professional Practice of Internal Auditing.
​
On this page you will find:
-
A downloadable version of our Auditing to the Standards Guide;
-
A step by step breakdown of each phase of the Internal Audit Process, with links to the various templates; and
-
Links to the IIA's 'International Standards for the Professional Practice of Internal Auditing. (Standards).
As always, this is only one way of performing annual planning, and any planning activities should be appropriate and relevant to the organisation.
Your guidance document
Download your copy of the Auditing to the Standards Guidance document by clicking on the icon to the right.
​
Alternatively, you can email us at hello@myauditspot.com and we will email a copy over to you right away.
​
All of our Guidance documents can also be found in our document archive which is located here.
Your step by step breakdown of the Internal Audit process
Click on each number below to be taken to the relevant template which supports this part of the Annual Planning process.
PLANNING
Starting the audit
Your audit will only be as good as your planning. Failure to appropriately plan and scope the review can potentially result in risks not being appropriately reviewed, or improvement opportunities within the business not being identified.
The Standards reflect how important the planning phase is, with the Standards considering everything from current risks and governance processes, through to current control frameworks within the business, and even the objectives of the review. These templates will help guide you throughout the Planning process and help you consider parts of the Standards.
FIELDWORK
Doing the audit
This is the guts of it. By now, you have done all the planning, worked out what your risk areas are, and now built a Work Program around how you are going to test and address each of the identified risks.
Throughout the fieldwork phase, it’s important to ensure that all of your work is appropriately documented. If it’s not documents, it’s not done. At a minimum, each workpaper should include:
• Scope area being addressed
• Purpose/objective of the workpaper
• Methodology – how we have performed the work
• Tests
• Outcome / conclusion
REPORTING
Communicating the audit
The audit report phase is important for so many reasons. Not only is it the one major output of your work, but it is also a direct reflection of the effort and attention to detail which has been undertaken during the audit.
An audit report also has the potential to value add by identifying opportunities or future considerations which may not have otherwise been surfaced.
It is important that reports are communicated to the relevant stakeholders and appropriate management. Additionally, reports should be clear and concise as they will be constantly referred to for the action tracking / audit follow up process.
CLOSE
The business' bigger picture and how this links with the current environment and external information
Although the final report has been issued and the file now completed, there are a few good ‘housekeeping’ practices which should be undertaken.
Ideally, these checklists presented below should be completed throughout the review. They should be completed alongside a file review whereby comments are lefts by the Manager on audit workpapers. A final report should not be issued until all checklists are completed and comments addressed.
Follow the close out of the audit, all recommendations arising from the report should be included in the Action Tracking Database, updates to the risk register made (if required), and updates made to the Audit Universe.
