IA-104 DEVELOPING RESULTS-DRIVEN AUDIT WORK PROGRAMS

IA-104 DEVELOPING RESULTS-DRIVEN AUDIT WORK PROGRAMS

DESCRIPTION

Developing an audit work program can be a daunting process, especially when the specific audit area is unfamiliar or has not been audited previously. An effective audit program specifies who is responsible for the work, what is the purpose of the work, and how the work will be accomplished—all while allowing for flexibility. This course will provide participants with an approach that eliminates many of the assumptions, guesses, and pain points associated with audit planning. It will provide a foundation for developing audit programs and steps based on business objectives and the tools and techniques required to gather the evidence needed to achieve audit objectives while staying in scope. Less-experienced auditors will learn how to build the audit program, and experienced auditors will have an opportunity to refresh their skill set and master the Closing the Loop Framework as a tool for improving audit quality. Participants will have the opportunity to build components of an audit program during class exercises.

LEARNING OBJECTIVES:

  • Learn to develop a targeted and focused audit program that can be efficiently executed
  • Understand the importance of proper planning
  • Learn tools and techniques for planning and executing an audit program
  • Develop interviewing and communication skills
  • Strengthen skills for developing audit steps and audit work programs
  • Understand the importance of proper scoping and learn scoping tools and methodologies
  • Compare, contrast, and understand various testing approaches and methodologies

 

COURSE OUTLINE

Setting the Stage: The Role of Audit

  • Requirements from auditing standards
  • Management and Board Expectations

Planning—Understanding the Business and Scoping

  • Identifying and understanding business objectives
  • Understanding the business processes and “rules”
  • Defining scope—what’s in and what’s out | SIPOC
  • Scope statements | Setting expectations with Management

Interviewing

  • Preparation | Information gathering and fact finding
  • Establishing rapport | Communication barriers
  • Interviewing approaches and styles | Questioning styles and approaches
  • Conducting the interview | Interviewing rules and best practices

Engagement Risk Assessments

  • Types of risks—operational/financial/reputational/regulatory
  • Understanding risk | Identifying risk | Prioritizing risk
  • Evaluating risk—Likelihood | Significance | Duration | Velocity

Identification and Documentation of Controls

  • Types of controls | Control objectives
  • Entity-level controls | Activity-level controls
  • Evaluating controls: design vs. operating effectiveness
  • Narratives | Flowcharts and process flows | Walkthroughs

Developing Audit Objectives and Refining Scope

  • Importance of linking Audit Objectives to Operational and Control Objectives
  • Developing steps that add value | Linking to business objectives | Closing the loop
  • Business strategy and changes in business | Proactive not reactive
  • Adjusting scope

Developing Test Programs

  • The purpose and use of formal test programs
  • Test types and approaches | Building audit steps based on business and audit objectives
  • Sampling methodologies—statistical/random/judgmental/data analytics
  • Timing, coordination and sequence of audit steps
  • Fraud considerations | Avoiding the rabbit hole | Leveraging technology

Audit Evidence

  • Evidence requirements | Evidence gathering methodologies
  • Evidence types | Reliability of evidence

Conducting the Audit

  • Staying on time and on budget
  • Avoiding scope creep | Dealing with changes to the plan
  • 5 Cs during field work
  • Setting realistic expectations and meeting them

Communicating Audit Results and Reporting

  • Transparency and communicating throughout audit
  • Setting expectations for client updates
  • Framing issues from a business perspective
  • Leveraging the 5 Cs in reporting
  • Using visualization in reporting

Auditing Standards

  • IPPF standards | ISACA standards | GAGAS standards
Duration

CPE

Delivery

Field

Level

Who Should Attend

Prerequisites

Advanced Preparation

2 Days

16

Group-Live

Auditing

Intermediate

Internal auditor staff and management of all levels

Auditors with at least 2 years of experience

None