Planning is part of internal auditing’s systematic, disciplined, and risk-based approach and is mandated by the International Standards for the Professional Practice of Internal Auditing. Planning internal audit engagements involves considering the strategies and objectives of the area or process under review, prioritizing the risks relevant to the engagement, determining the engagement objectives and scope, and documenting the approach. This practice guide contains the engagement planning steps necessary to fulfill Standard 2200 – Engagement Planning through Standard 2220 – Engagement Scope and related assurance (.A) and consulting (.C) implementation standards.
Engagement planning generally includes the following steps:
Engagement Planning: Establishing Objectives and Scope also offers guidance on how internal auditors can use a risk and control matrix and heat map to prioritize the risks, then use the results to form the engagement objectives and scope, in conformance with the Standards. Established engagement objectives and scope enable internal auditors to focus efforts on the significant risks in the area or process under review, develop the engagement work program, and communicate clearly with management and the board. Access the new supplemental guidance now.
This is for members only. To access it and other valuable resources, become a member today or log in!