Factors to consider when planning an audit

Given that a recent Standish Group Report found that as many as 53% of projects will suffer from poor planning, budgeting, and resource management, how can you make sure you implement a system that succeeds, one that embeds your business processes, provides meaningful data, improves productivity, and—most importantly—meets your business objectives?

As a practitioner in Audit Management Solutions and Implementations, here are five key success factors I would recommend you consider:

1. Define success

It may sound obvious, but many projects begin without a clear definition of success. Take the time to determine what is driving your implementation and what you expect to achieve in business terms. Define how you will measure your results. Ask yourself this question: If everything goes well, what will things look like a year from now…and how will you know whether you are successful?

2. Prioritize your needs and wants

Regardless of the Audit Management system you have selected, there are undoubtedly numerous configuration options. Too often, organizations get caught up in the features and functions rather that starting with a business perspective. Take the time to ask yourself these questions. What is critical to you and your organization? What speaks to your strategies and operational processes? These will be the areas to focus on. And remember to think about what will make everyone’s lives simpler; simplicity means better user adoption, an important factor in long-term success.

3. Identify and document your desired business processes

Software systems enable business processes, and the best Audit Management systems provide great flexibility in implementation. Most can handle reasonably complex business processes. The success of your project lies in making sure that the processes you want are properly configured in the system and the best way to do that is to design and document those processes prior to the system implementation. And then, design, configure and document your “future state”. Take advantage of the opportunity to transform your organization by reviewing and improving processes that add the most value.

4. Ensure you have the right stakeholders with the right skills—and the right authority

Successful projects always focus on engaging with the right people at the right time. The Standish Group Report listed “User Involvement” and “Executive Management Support” as the highest-rated factors for success across any implementation project! Make sure you have committed executive sponsorship, strong project management, team members with the necessary technical and business skills, a broad approach to gathering feedback and input from those who will be using the system regularly, and a defined process for making decisions.

5. Communicate, communicate, communicate!

While often a cliché, the importance of communication cannot be overstated: the more you effectively communicate how and what the project team is doing, the project objectives, and the value to the organization, the more likely you are to succeed—particularly in the critical area of user acceptance. The best project teams communicate early and often, informing stakeholders frequently, consistently, and clearly.

While the above five factors are critical to success, there is one other compelling point to make: overall ownership and accountability—from everyone involved—is fundamental for project success. Your new Audit Management system is an investment—not only in time and resources, but in the future of Internal Audit within your organization. Gaining commitment and dedication from your stakeholders and project team is a sure path to meeting your overall objectives and the long-term success of your Audit Management solution.

The word ‘Audit’ is originated from the Latin word ‘audire’ which means ‘to hear’. In the earlier days, whenever there is suspected fraud in a business organization, the owner of the business would appoint a person to check the accounts and hear the explanations given by the person responsible for keeping the account and funds.

According to Montgomery, a well-known author, “auditing is a systematic examination of the books and records of a business or the organization in order to ascertain or verify and to report upon the facts regarding the financial operation and the result thereof.”

Factors to be considered in internal audit planning

1. Audit objectives: The detailed audit plan largely depends upon the specific objectives to be achieved by the audit. Normally, an internal audit has the following objectives:
   a) Examination of the correctness of the financial and accounting records and reports.
   b) Verifying the safekeeping and valuation of the assets of the enterprise.
2. Internal audit framework: The framework for the internal audit programme cannot be the same for every organization, and the details are substantially different from company to company.
3. Audit procedures: Audit procedures are the specific sets of actions to be performed to ensure the quality of the audit is in line with benchmark auditing standards. It is important to plan, as far as practicable, the precise scheduling and timing of each audit procedure, both to give advance information to the function being audited and to utilize audit staff efficiently and without overlap or wastage of time.
4. Staffing: Determining the staff strength required for the audit programme is an important aspect of planning an internal audit. This is to be done both at the overall department strength level and at the level of teams for individual audits.
5. Reporting: The internal audit reporting structure is an important aspect of the programme and has to be planned in some detail, with respect to the following questions:
   a) What types of internal audit reports are to be issued and to whom should they be issued?
   b) What should be the timing and the frequency of the reports?
   c) How should the reporting be revamped every year to guarantee value addition?

The importance of internal audit planning

Planning the internal audit programme is the key to an effective and efficient internal audit. Effectiveness means attainment of the internal audit objectives and efficiency means conduct of the audit with the maximum utilization of the internal audit resources. Thus planning results in high returns from the exercise, and the low cost of resources deployed.

An appropriate internal audit plan enables:

• Fine-tuning the specific methods to be adopted for different segments of the audit
  • Selecting staff that would ideally suit each segment
  • Coordinating the programme with that of the statutory auditors
  • Establishing clear and realistic timelines
  • Identifying and giving priority in the audit programme for critical areas to be audited
  • Using computer resources and statistical sampling techniques appropriately.

List of qualifications for internal auditor

Following are the required qualifications of an internal auditor:

1. Education/Training – An internal auditor should have some type of training, whether held internally or through a company that offers this type of training. If you have an experienced auditor on staff, he or she may be able to conduct the training for you.
2. Skills – Auditing skills are usually acquired through experience.
3. Experience – Once an internal auditor has completed training, it is a good idea for him/her to conduct audits under the guidance of a more experienced auditor for a period of time before doing audits on their own.
4. The person must be competent in their own job function (and if they weren’t they would no longer be employed here). the Second qualification, be able to read and understand the audit checklist/instructions which are prepared by people who are knowledgeable about audits.
5. The Technical Specification ISO/TS 16949:2009 and related core tools (e.g. APQP, SPC, MSA, FMEA, PPAP).
6. The automotive process approach to auditing.
7. Core tools and customer specifics can be taught by the company or industry-recognized experts/specialists.
8. Must be gone through Internal auditor training Course certification by 3rd Party Certified Lead Auditor for TS16949:2009.

Role of internal auditor

Following are the role of Internal Auditors:

• Evaluating controls and advising managers at all levels: The Internal Auditor’s work includes assessing the tone and risk management culture of the organization as well as evaluating and reporting on the effectiveness and efficiency of the implementation of management policies.
• Evaluating risks: Internal Auditors identify key activities and relevant risk factors and assess their significance. Changing trends and business/economic conditions impact the way the internal auditor assesses risk. The techniques of internal auditing have changed from a reactive and control-based form to a more proactive and risk-based approach. This enables the internal auditor to anticipate possible future concerns and opportunities as well as identifying current issues.
• Analyzing operations and confirming information: Internal Auditors work closely with line managers to review operations then report their findings. The internal auditor must be well versed in the strategic objectives of the organization so that they have a clear understanding of how the operations of any given part of the organization fit into the bigger picture.
• Reviewing compliance: Compliance review ensures that the organization is adhering to rules, regulations, laws, codes of practice, guidelines, and principles as they apply individually and collectively to all parts of their organization.

The different stages in internal audit planning

The internal auditing process is essentially comprised of three main stages, namely:

1) Planning: Internal Audit planning is based on an annual cycle that runs in line with each academic year. Each Internal Audit will cover all key activities of the institution at least once and some areas that are considered to be high risk or high priority are often covered more than once. Each summer the Internal Auditors meet with Strategic Planning to plan the internal audit schedule for the academic year identifying the areas for review. Strategic Planning then notifies Colleges and Services about audits involving them in order to try and schedule a time during the year that is most convenient for the audit to take place.

2) Fieldwork: The auditors’ fieldwork concentrates on determining how well a unit is managing the risks identified at the planning stage and what controls are operating to help them do this. This can take a variety of forms that includes interviews and detailed testing/analysis of documents or transactions. When the fieldwork stage is completed, the auditors usually have a list of significant findings that are used to prepare a draft audit report.

However, prior to this, the auditors will usually have arranged to discuss any key issues with the nominated audit contact before completion of the fieldwork (see above). We encourage this aspect of the audit as the nominated contact can offer insights and work with the auditors to determine the best method of resolving any issues that arise.

3) Reporting: When the fieldwork is finished, the auditors draft a report. A feedback meeting may be held with the unit to discuss the audit findings, conclusions, and recommendations – the unit can give comments on the findings and reach an agreement on any recommendations identified – before the formal draft report is produced.

The formal draft is then sent to Strategic Planning, who coordinates the response to the audit findings prior to the final report being published. Included in the draft is an action plan that identifies the recommendations made in the report and as part of any response, it will be necessary to complete the action plan. This involves explaining how the recommendations will be implemented, by whom, and within what time scale.

What should you consider before an audit?

What factors should be considered for quality audits?

What are the factors you need to consider when preparing for operational audit?