An audit program, also called an audit plan, is an action plan that documents what procedures an auditor will follow to validate that an organization is in conformance with compliance regulations. Show
The goal of an audit program is to create a framework that is detailed enough for any outside auditor to understand what official examinations have been completed, what conclusions have been reached and what the reasoning is behind each conclusion. The framework should explain the audit's objectives, its scope and its timeline. The audit program should also describe how working papers -- the documented evidence of the audit -- will be collected, reviewed and reported. Objectives of audit programsWhen developing an audit program, the internal auditor and its associated audit team should start with outlining the audit's objectives, goals and obligations. Audit program objectives help direct planning of the audit report and are based onthe policies, procedures and guidelines unique to the company. These objectives may relate to and outline how the auditors will maintain efficiency, professionalism and a specific code of conduct during audit procedure. In addition to relevant regulatory compliance mandates, objectives for audit programs should consider aspects such as management priorities, business intentions, system requirements, business structure, legal and contractual mandates, the expectations of customers and other interested parties, potential risk management vulnerabilities, and any corrective action taken based on previous audits. Preparing an audit programAudit program details are specific to individual organizations based on their unique needs, but audit plan preparation will consider the audit's relevant regulatory deadlines, staff requirements and reporting structure, and overall goals.In particular, these goals will consider how the company will maintain regulatory compliance via risk assessment and management procedures. The audit program should also include a timeline detailing when specific aspects of the audit program should take place and how they should be prioritized. Audit program planning is usually a continual and iterative process. During audit planning and development, companies can build on lessons learned from previous audits by implementing newly learned best practices that alleviate risk and maintain compliance. Audit development guidelines and best practices vary by industry, but local and regional auditing certifications are available, as are internationally recognized audit certifications. These certifications include Certified Internal Auditor and Certified Information Systems Auditor, and membership in the International Register of Certificated Auditors. Types of audit programsDifferent types of audit programs include standardized audit programs, tailored audit programs and compliance audit programs. Standardized audit programs, which are available for many different industries, can be used proactively to help an organization create its own internal compliance framework and internal audit program. For example, the International Federation of Accountants publishes financial audit standards called the International Standards on Auditing. A standardized audit program is different than a fixed audit program, which is defined as an audit program that cannot be changed during the course of an audit. Tailored audit programs are different from standardized audit programs in that they cater audit procedures to match specific needs of the auditing entity.These audit programs are "tailored" to reference specific areas such as business procedures, legal documents and assets. By targeting these specific requirements through tailored audit programs, the company can more quickly identify potential compliance lapses and develop internal controls to offset these vulnerabilities. A compliance audit program outlines how an organization will adhere to regulatory guidelines. The details of compliance audit program will vary depending upon factors such as whether an organization is a public or private company, what kind of data it handles and if it transmits or stores sensitive financial data. For instance, Sarbanes-Oxley Act requirements state that electronic communication must be backed up and secured with disaster recovery infrastructure, while financial services companies that transmit credit card data are subject to Payment Card Industry Data Security Standard (PCI DSS) requirements. In the Unites States, publicly traded companies must report results of internal control audits to the Securities and Exchange Commission (SEC). In each case, an organization's audit program outlines how the company will maintain compliance with regulatory compliance rules. This was last updated in April 2017 Continue Reading About audit program (audit plan)
Dig Deeper on Risk management and governance
What is the difference between audit objectives and audit procedures?Audit objectives are what the auditor is trying to achieve, and audit procedures are specific tasks performed by the internal auditor to gather the evidence required to achieve the prescribed audit objectives.
Which of the following best describes the primary purpose of audit procedures?The main purpose of audit programme is that every material area has been audited appropriately and sufficient appropriate audit evidence has been obtained in respect of every important areas of audit.
Which of the following procedures would provide the most reliable audit evidence?Which of the following procedures would provide the most reliable audit evidence? Inspection of bank statements obtained directly from the client's financial institution.
Which of the following should be considered an audit procedure for obtaining evidence?Audit procedures to obtain audit evidence can include inspection, observation, confirmation, recalculation, reperformance, and analytical procedures, often in some combination, in addition to inquiry.
|
Which of the following is the best explanation of the difference if any between audit objectives and audit procedures?
Urheberrechte © © 2024 decemle Inc.
