Database Reference
In-Depth Information
InFission audit planning approach
At InFission, the CAE establishes the audit plan, which is approved by the Audit
Committee. The CAE ensures that the internal audit resources are appropriate,
sufficient, and effectively deployed to achieve the approved plan by communicating
the resource needs to senior management and the board in the audit plan. The CAE
is responsible for maintaining the audit standards, policies, and procedures.
InFission audit plan includes several audit engagements to address the audit
objectives, such as:
• Independent opinion of internal controls based on risk assessment
• Management assertions of controls over inancial statements to comply
with Sarbanes-Oxley Act
• IT audit to provide assurance over management information systems
The CAE communicates the audit plan objectives, guidelines, and standards to the
Audit Directors. Each Audit Director is responsible for managing audit engagements,
reviewing the audit activities, and approving the audit results. The CAE requires
formal documentation from the audit directors, which includes management
interview responses from risk assessment meetings, risk rating criteria, and audit
tasks details for work plans within the scope of the engagement.
Each Audit Director prepares a detailed engagement work plan, which includes the
objectives of the engagement, scope of the engagement in terms of risks, processes,
controls, and test plans. The audit work plan describes the audit task details and
procedures for gathering, analyzing, and documenting test samples. An opinion
framework is established to interpret the test results and categorize the findings.
The Audit Director also determines the audit period covered and estimated
completion dates.
The work plan also includes resource level requirement details for the engagement
to identify the auditors that will perform specific audit tasks based on the complexity
of the audit, internal audit activities, and requirement for direct supervision.
The auditors are assigned to the work plan based on their audit experience,
understanding for the business area, technical knowledge, language skills, and
accounting as well as audit expertise. Audit resources include employees, external
auditors, financial managers, and GRC software tools for testing IT-enabled controls.
The CAE ensures that the skills, experience, and technical knowledge of the
resources assigned to the each audit engagement are appropriate for the planned
activities before approving the engagement. The CAE also ensures that resources are
deployed effectively to audit the geographically dispersed business units based on
the localized risk ratings.
Search WWH ::
Custom Search