Fundamentals of Risk Management


Undertaking an internal audit


Download 3.45 Mb.
Pdf ko'rish
bet401/445
Sana02.06.2024
Hajmi3.45 Mb.
#1833791
1   ...   397   398   399   400   401   402   403   404   ...   445
Bog'liq
Fundamentals of Risk Management

Undertaking an internal audit
Undertaking an internal audit exercise involves a number of steps, as set out in
Table 35.1. Essentially, the steps involved are planning the internal audit exercise, 
undertaking the fieldwork during which controls are tested, producing the audit
report and, finally, ensuring that there is adequate follow-up. As part of the audit 
exercise, the auditor should collect information relevant to the audit that is to be 
undertaken. Analysis of the information that has been collected will enable the 
auditor to determine and agree the priorities and objectives of the review. For ex-
ample, an audit of the supply chain will require the auditor to collect information
on the contracts that are in place with suppliers.
In many ways, the fieldwork is the most important part of the audit exercise.
The auditor may need to visit locations, including supplier locations if the audit is 
concerned with the supply chain. The purpose of the fieldwork is to understand the 
risks and the controls that are in place to manage those risks. Testing of the controls 
will then be undertaken to ensure the efficiency and effectiveness of the controls that 
are in place. Testing of these controls will be based on discussions with the managers 
and staff, as well as observation of the activities as they are carried out.
Based on the fieldwork that has been undertaken, the auditor will produce the 
audit report. The audit report will contain comments on the efficiency and effective-
ness of the controls that are in place and recommendations for further improvement
if considered necessary. The internal auditor will need to form an independent opin-
ion of the level of control that has been achieved so that assurance can be provided 
to the audit committee, to the extent that this is justified. Also, if the audit report sets 
out recommendations, these should be agreed with the local/departmental manage-
ment. The reason for agreeing the recommendations is that they are more likely to
be implemented, if they have been agreed. However, if the internal auditor feels that 
controls are inadequate but local management does not accept this conclusion, 
escalation of the issue will be required.



Download 3.45 Mb.

Do'stlaringiz bilan baham:
1   ...   397   398   399   400   401   402   403   404   ...   445




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2024
ma'muriyatiga murojaat qiling