FAR EASTERN UNIVERSITY

Institute of Accounts, Business and Finance

Communication Audit (COMAUD)

STUDY UNIT 5
INTERNAL AUDIT PLAN
Outline:

Risk-Based Audit Plan

1.

Determine audit priorities

2.

Develop the audit universe

3.

Establish a framework for assessing risk

4.

Rank and validate risk priorities

5.

Finalize the annual audit plan

STUDY UNIT 5
Internal Audit Plan

INTERNAL AUDIT PLAN (Risk-Based Approach)

I.

The internal audit process begins with the Risk Based Audit Plan, which is updated annually and
approved by the Audit Committee of the Board of Directors.
Once approved, the Plan becomes a guideline for conducting audits in the coming year.
In addition to the audits performed under the Plan, Internal Audit may also conduct special audits
and consulting work on demand.
RISK-BASED AUDIT PLAN
Risk Assessment a method of examining auditable units and selecting areas for review that
have greatest risk exposure
Advantage of a risk-based audit plan: The audit plan must be logically related to the identified
risks of the organization. Making these connection between identified risks and how they
relate to strategic and operational goals is the primary advantage of risk-based planning.
Responsibility of developing risk-based plan:
o The chief audit executive (CAE) must establish a risk-based plan to determine
priorities of the internal audit activity, consistent with the organizations goals.
o The CAE must identify and consider the expectations of senior management, the
board and other stakeholders for internal audit opinions and other conclusions.
1.

Determine audit priorities

- Use market, product and industry knowledge to identify new internal audit
engagement opportunities.
- IA plan must be logically related to identified risks which are in turn related to
strategic and operational goals.
Audit Plan
Risk-based approach

2.

Risk Assessment
Financial
Compliance
Operations
Strategic

Goals
Strategic
Operational

Develop the audit universe

- The audit universe (all possible audits) may include the organizations strategic
plan. Thus, it may reflect
i. Overall business objectives
ii. The attitude towards risk
iii. The difficulty of reaching objectives
iv. The result of risks management
v. The operating environment
- The audit universe should be assessed annually to reflect the most current
strategies and directions of the organization
- The audit universe includes all units, processes, or operations that can be evaluated
and defined. They include accounts, divisions, functions, procedures, products,
systems, and many other possibilities. Thus, the audit plan includes audits
requested by management or required by regulators
- Basis of internal audit activitys audit plan:
i. The audit universe
ii. Input from senior management and the board
iii. Assessed risk and exposures

STUDY UNIT 5
Internal Audit Plan

3.

Establish a framework for assessing risk

- The Institute of Internal Auditors (IIA) does not officially define a framework of
assessing risk or its components. However, the internal auditors can adopt the
model being used by the external auditors of financial statements, Audit Risk Model
- Audit Risk Model:
Audit Risk = Inherent Risk x Control Risk x Detection Risk
Audit Risk
- The risk that the auditor will provide senior management
and the board with flawed or incomplete information
about governance, risk management and control
Inherent Risk
- The risk arising from the nature of account or activity
under review
Control Risk
- The risk that the system of internal control designed and
implemented by management will fail to achieve

STUDY UNIT 5
Internal Audit Plan

managements goals and objectives for the account or

activity under review
Detection Risk
- The risk that the auditor will fail to discover conditions
relevant to the established audit objectives for the account
or activity under review.

4.

Rank and validate risk priorities

i. Risk modeling is an effective method used to rank and validate risk
priorities when prioritizing engagement in the audit plan
ii. Risk is measured in terms of:
1. Impact
2. Likelihood
Example:

5.

Finalize the annual audit plan

NOTE: Refer to Sample Internal Audit Plan

END

A goal without a plan is just a wish

-

Anonymous

Allen Lakein

Failing to plan is planning to fail

If the plan doesnt work, change the plan but never the goal
-

Anonymous