Abstract

Internal audit planning is a critical step in achieving effective and efficient internal audits. This study looks at how risk management approach is used to plan internal audit. Purpose is to reduce the subjectivity and time spent in audit planning. A two-step risk management approach is used. In Step 1, the audit frequency is determined based on the department’s Workplace Environment, Health and Safety (EHS) risk. In Step 2, the level of readiness of a department is determined by looking at the department’s level of documentation and level of measuring and monitoring of processes. From the risk assessment, a 3-year cycle plan is developed to ensure all departments are audited at least once in every 3 years. Higher risk departments would be audited more frequently. A review of risk factors is conducted every 3 years or as and when necessary. The subjectivity in selecting a department for internal audit is reduced. Another significant benefit achieved is the reduction in time spent to do audit planning. With the risk-based audit planning, new staff who is not familiar with audit planning can complete the audit planning process efficiently and effectively. Through the risk management approach, the internal audit planning is more structured and effective.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.