IA Clinic. การเตรียมการตรวจสอบ แผนการ...

IA Clinic

การเตร�ยมการตรวจสอบ

แผนการตรวจสอบ แผนการ

ปฏิ�บ�ต�งาน ปฏิ�บ�ต�งานตรวจสอบ

หาร�อหน�วยร�บตรวจรายงานผล

การตรวจสอบต�ดตามผลการตรวจสอบ

ผลการประเม�นความเส��ยงRisk Assessment

ข้�อตรวจพบ

Preliminary Survey

a Plan (list of work to be done)has time period (starting point until

complete of job)Assign duties to audit staffnormally comprises of:

Audit issues Objectives Scope Procedures Resources allocation

Tips

Business Plan Permanent Files Risk register Previous Internal Audit Reports External Audit Reports Any third party reports (cooperation/complaints/

incidents) Board and Audit Committee minutes Staff handbooks Management Accounts and Financial reports

(Analyse) Web site (emerging issues) Stakeholders’ expectation

Specified

project/ job

Open meeting/ Audit brief with management (formal record) Risks Needed resources/ Agreed reporting lines

Research of clients’ business Flowcharting of business processes Internal Control (exist/ enough/ effective)

Walkthrough Test Test of control Substantive Test

Identify Major Risks Determine Audit Issues (Team Briefing) May have a preliminary report

• Assess the risks (Likelihood and Impact)

• Identify level of each risk• Identify target areas (H/ M/ L)• Testing (existing control)/ Evaluate

control activities (Compliance/ Substantive)

• Set the Audit Issues• Determine the objectives of the plan

A = Achievement of Objectives/ Goals of business

C = Compliance with laws and regulations

R = Reliability of Reporting

E = Efficiency and Effectiveness of operation

S = Safeguarding of assets/ enhancing values

A C R E S

Anticipated Outcome

Let the client lists the areas to be audited as outlined (consistent with audit objectives)

Ensure that everyone understands the specific scope and also agrees with it

Caution team to keep the audit within those bound

If the auditor cannot work within the agreed scope, discuss with CAE

Step-by-step Use appropriate audit techniques Sampling methods Working papers How to collect this kind of information or

evidence: Criteria Condition Effects Cause Recommendation

Avoid duplication of work/ procedures (even previous audit)

Consider both positive and negative aspects of the area being audited

Cost should remains in line Auditors can handle audit of many concerns at

the same time Assign competent auditors or consultants How to document the evidence (relevant/ reliable/

sufficient) Which types of Audit Program?

Standard Modified Tailor-made

AP has always to be approved by CAE before starting the bloc

Get the feedback in order to improve better audit program CAE can evaluate performance of audit team via Audit

Program Can be a training instrument especially for a new staff Do the checklist/ QAR checklist for controlling quality of AP Work should be completed in time as stated in AP One audit program may not fit all types of audit work Size of audit engagement determines ‘duration’ (period of

time) Tell client ahead of time (prepare for the audit) Have contact person or Liaison (client)

You can change the program (if circumstances are changed) but it always has to be approved

Always monitoring the AP (Audit Program Management)

Assess the accomplishment of audit objectives Which issue is confidential … taking care and

beware of it!!! make it confidential

Make it simple!!!

Thank you