The main function of an internal audit department is to ensure that a sound system of internal controls exist which safeguard's the interests of the investors and Board. All internal audit needs to be structured. To make this happen the internal audit department should have a workplan based on which they should conduct the audit. So what should the internal audit workplan include? To give some guidance and provide a starting point, below are some points which I consider essential to the internal audit workplan.

1. Understanding the processes relating to the control objectives.
2. Including walkthroughs to understand the processes and transactions.
3. Conducting risk assessments, risk workshops for better risk management.
4. Testing of controls that help in mitigating risks.
5. Concluding whether controls reduce the risks to an acceptable level.
6. Discussing key control gaps with process owners.
7. Remediating control gaps noted.

Related Posts

Simple Spreadsheet Controls for SOX Compliance
Continous Auditing of Controls
How to Evaluate Internal Control Exceptions
Effect of Material Weakness on Financial Statements