Audit Program Licensing Terms

1. You accept that this product is intended for your use, and you will not
duplicate in any form or manner, electronic or otherwise, copies of this product
nor distribute this product to anyone else.

2. You recognize that the product and its content are the sole property of
AuditNet® (the Publisher), and that we have copyrighted the product.

3. You agree that the Publisher is not responsible for any interruption of
service or malfunction that is a consequence of the Internet, a service provider,
personal computer, browser or other software or hardware components. You
accept that there is no guarantee that this product is totally error free. You
further understand and accept that the Publisher intends to provide reliable
information but does not guarantee the accuracy or completeness of any
information, and is not responsible for any results obtained from the use of
such information.

4 This license is effective until terminated, when the license or subscription

period ends without renewal, or when you destroy this product and any related
documentation. The Publisher may terminate your license without notice if you
fail to comply with the conditions set forth in this agreement, and may pursue
any other legal recourse.
COSO - Integrated Internal Control Framework
COSO CONTROL COMPONENT: MONITORING CONTROL ACTIVITIES
COSO PRINCIPLE NO. 16 & 17
COSO CONTROL OBJECTIVE: Assessing Risk.
COSO ORGANIZATION LEVEL OF RESPONSIBILITY: BUSINESS UNITS AND ACTIVITY LEVEL

Carry out the monitoring activities on internal controls implemented in the organization as per listed below procedures and prepare an evaluation of internal controls
and communicate the deficiencies identified during the evaluation of internal controls. you can prepare an Internal Audit report for communicating the internal control
deficiencies identified.

Objective:

1) Ensure that the organization has established objectives and documented as well as communicated
2) Ensure that the management has established the practice for risk identification.
3) Ensure that for risk assessment process management consider the whole organization and its associated concerns.
4) Ensure that procedure has been prepared by the management to anticipate, identify, and react to changes.
5) Ensure that risks are appropriately examined and mitigated by the management.

Objective & I. C.
Auditor Time Date Date Checked
Questionnaire Audit Procedures WP Ref Remarks
Initials Spent Expected Finished By:
Ref.

1. Discuss with management and obtain

1.1 understanding of the process available for
setting objective.

verify that in setting objective all level of

1.2 management are involved.
Objective & I. C.
Auditor Time Date Date Checked
Questionnaire Audit Procedures WP Ref Remarks
Initials Spent Expected Finished By:
Ref.
verify that objective in relation to the
1.3 organization is established.

Verify that for every single significant activity

1.4 objective was established for that activity.

Verify that all documented objectives are

1.5 appropriately reviewed on periodical basis.

Verify that before setting the objective the

1.6 external and internal factors were examined.

Discuss with management and identify the

1.7 procedures available for preventing
unauthorized investments.

Verify the unauthorized access by cross

matching the list of approved personnel
1.8 having authority to invest with the personnel
made investment.

Discuss with management or CRO and verify

1.3 the following

Discuss with management or CRO and verify

information in relation to the objective were
1.4 appropriately distributed to the concern
employees and the Board of directors.
Objective & I. C.
Auditor Time Date Date Checked
Questionnaire Audit Procedures WP Ref Remarks
Initials Spent Expected Finished By:
Ref.
Discuss with management or CRO and verify
that in order to check the communication
1.5 effectiveness feedback from the concern
employees and Board of directors should be
obtained.

Discuss with management and identify how

frequently the plans and objective are
1.6 reviewed by the management and how these
are updated.

Check that the management reviews the

1.7 plan and objective and appropriately updated
them.

Discuss with management and obtain

understanding of the process available with
2.1 the organization to be aware of potential
risks relevant to the preparation of the
financial statements.

Check that the organization has included the

potential risks in the assertion of existence or
2.2 occurrence, completeness, rights and
obligations, valuation or allocation,
presentation and disclosure.

Verify the Enterprise risk management

2.3 (ERM) Framework adopted by the
organization.

Discuss with management and obtain

understanding of how the internal control are
2.4 documented over Financial Reporting.
Objective & I. C.
Auditor Time Date Date Checked
Questionnaire Audit Procedures WP Ref Remarks
Initials Spent Expected Finished By:
Ref.

Verify that the Internal control are

documented over Financial reporting
2.5 according to the intention of the
management.

Discuss with management and obtain

2.6 understanding of how the organization
considers risks that may lead to fraud.

Evaluate the programs in relation to the anti-

2.7 fraud are appropriately implemented with the
organization.

Check that the fraud factors are included in

2.8 the risk identification.

Discuss with management and identify that

2.9 the risk identification process includes non-
routine transactions.

Verify the documents and ensure that the

process includes non-routine transactions.
2.10 Otherwise, evaluate its reasonableness for
not including them.

Discuss with management and obtain

understanding of how frequently the risk
2.11 assessment are conducted by the
management and ensure that these are part
of business planning process.

Check that the risk assessments are

2.12 appropriately conducted by the
management.
Objective & I. C.
Auditor Time Date Date Checked
Questionnaire Audit Procedures WP Ref Remarks
Initials Spent Expected Finished By:
Ref.

Discuss with management, Internal auditor

or the CRO and obtain understanding of how
3.1 frequently external and internal factors are
considered in the process of risk
assessment.

Check that the relationship between the

external and internal factors are
3.2 appropriately evaluated and updated the risk
assessment process on periodical basis.

Discuss with management or the CRO and

obtain understanding of the portfolio
3.3 relationship which is considered in the risk
assessment process.

Check that objectives in relation to the

financial, regulatory and operational were
3.4 properly established for each relationship
and performed the detail risk assessment on
such relationship.

Verify the ERM Framework adopted by the

3.5 organization.

Check that fraud, going concern matters,

internal and external reporting and
accounting are considered in the risk
3.6 assessment process and the management
reviews its on periodical basis.
Objective & I. C.
Auditor Time Date Date Checked
Questionnaire Audit Procedures WP Ref Remarks
Initials Spent Expected Finished By:
Ref.
Discuss with management and obtain
understanding of all significant relationships
3.7 which are included in the risk assessment
process.

Check that relationship as identified above

3.8 are properly documented through out its life.

Discuss with management or the CRO

4.1 regarding techniques used in the risk
assessment by the organization.

Evaluate that the techniques used in the risk

assessment considers the changes about
4.2 industry, competitors and regulatory
environment.

Discuss with management or the CRO and

examine how frequently the identification
4.3 process is conducted and check that whether
it is documented.

Discuss with management and identify the

channels of communication used to
4.4 distributed changes in the business strategy
to the concern employees.

Discuss with management or the CRO and

evaluate the communication sent by the
4.5 Board in relation to the changes in the
business strategy.
Objective & I. C.
Auditor Time Date Date Checked
Questionnaire Audit Procedures WP Ref Remarks
Initials Spent Expected Finished By:
Ref.
Verify that the organization has appropriately
4.6 organized a risk response in relation to the
new changes.

Discuss with the Board in relation to their

willingness to work on the topics which they
4.7 disagree and appropriately documented as
part of the minutes of the meeting.

Discuss with management or the CRO to

identify the modes of communication on
4.8 which risk assessment is done throughout
the organization.

Verify that the results related to the risk

assessment and changes is properly
4.9 communicated to the relevant employees.

Verify that how frequently the budgets and

4.10 forecasts are updated.

Obtain all the updated budgets and forecast

prepared in the last two years for evaluating
4.11 its reasonableness of the period they were
updated and proper authorization of the
budgets/forecasts.

Discuss with management, Internal auditor

or the CRO and evaluate that the senior
5.1 management has reviewed the last risk
assessment performed within the
organization.
Objective & I. C.
Auditor Time Date Date Checked
Questionnaire Audit Procedures WP Ref Remarks
Initials Spent Expected Finished By:
Ref.
Discuss with management and obtain
understanding of how frequently the
5.2 suggestion in relation the risks which
requires to be included in the risk
assessment are received.

Assure that the appropriate channel is

5.3 established for welcoming such kind of
suggestions by the Board.

Discuss with management and obtain

understanding of how the risks are
5.4 considered by the organization which lead
towards fraud.

Obtain program in relation to the anti-fraud

5.5 which are adopted within the organization.

Discuss with the member of the disclosure

committee and obtain understanding of how
this committee reviews the identified risks,
5.6 and how they select the most important risks
that needs to be disclosed.

Verify that the risk identified as part of the

5.7 organizational disclosure is appropriately
reviewed by the disclosure committee.