Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
RiBIA
Take this simple example, which is an extension of the data used on Day 1:
If the Internal Audit function only had 180 mandays available, then only Finance, IT,
Engineering and Marketing could be done in the coming year.
Once the planning exercise is complete, including the establishment of the Audit Cycle, it
has to go to the Audit Committee for approval.
As can be seen from the above, a great deal of emphasis is placed upon risk analysis
when determining what audits to perform in the coming year; the Internal Auditors
systems need to include a methodology to react to the situation where an entity that was
considered to be of, say, medium risk when the planning was done becomes a high risk
entity at sometime during the year. If this is not recognized and reacted to then the whole
concept of risk based audit planning is nullified. It follows on from this that risk based
audit planning is a continuous process you must reassess your plans frequently usually
quarterly; it also follows on from this that risk data about all entities in the portfolio needs
to be constantly updated as well!
Day 2
HO 4
2