provides tools, articles and resources to help you to:
- Improve your internal audit process
- Provide more valuable internal audit reporting and recommendations
- Develop audit programs, checklists and internal control questionnaires
- Discover best practices from other internal auditing leaders
Below you will find just a few examples of the KnowledgeLeader materials for Internal Audit:
Audit Committee Charter - Example 5
Audit committees assist the board in monitoring the integrity of the financial statements, external auditor qualifications, performance of the internal audit function and external auditors, and company’s compliance with regulatory requirements.
Audit Department Charters
Developing an audit charter is the first step in creating an internal audit function. This guide provides an example of the language and structure of an internal audit charter. These charters discuss topics such as independence, audit planning and reporting, and responsibilities of an internal audit department.
Audit Planning Memo - Sample
This sample provides a template for documenting the overall audit approach. Topics addressed include: risk indicators, regulatory requirements, scope of audit work, internal control evaluation, and operation and functional structure.
Audit Report Tracker - Sample
This simple one-page tracking sheet allows you to follow the status of a particular internal audit report. It tracks the date the draft was distributed, the intended reviewer, and date of comments received.
Bank Branch Internal Audit - Cash Audit Work Program
The purpose of this work program is to provide the general steps used to perform a cash audit at a bank branch. This document provides audit procedures for counting cash funds, preparing a proof of available ATMs, counting of petty cash, reviewing coin and currency logs, and many other processes.
Chief Audit Executive IT Control Checklist
Chief Audit Executives can use this checklist to examine their IT control framework to ensure the organization has addressed all control elements. The checklist can help the CAE understand the issues and plan for full internal audit coverage of the control areas.
Close the Books Audit Work Program (Sample 2)
The preface to this sample audit program discusses general audit procedures, other considerations, and management controls to review in auditing the close the books process.
Corporate Governance Policy: Relationship with Internal Auditors
The purpose of this policy is to establish reporting relationships for the internal auditors of the company. Both internal and external auditors, by the nature of their work, have a special relationship with the board of directors. This policy spells out particular reporting relationships to ensure that appropriate governance can be applied.
Controls Monitoring Quarterly Assessment Audit Work Program
This work program provides steps to perform a quarterly assessment of management’s monitoring of company-level controls. Specific objectives of this work program include: evaluate the effectiveness of management’s controls monitoring process; assess management’s progress with respect to the implementation of action plans designed to address deficiencies; provide management with an internal audit framework to use in monitoring key controls on an ongoing basis and evaluate whether those controls are operating as designed.
Entity Level Internal Audit Methodology
The entity level business process audit methodology focuses on understanding and analyzing the business. This understanding is primarily used to identify the target processes and risks during the audit planning process. Tools are provided to help with each phase is the process.
Expenditure Cycle Audit Work Program
This internal audit work program looks at expenditure cycle activities and tests purchasing, accounts payable, travel and entertainment charges, and payroll.
Internal Audit Client Satisfaction Questionnaire
This questionnaire is intended to be sent to relevant departments upon completion of work performed by internal audit. This tool contains a sample email providing instruction on completing the questionnaire. The questionnaire contains drop-down menus with pre-populated answers to assist in the questionnaire reporting process.
Internal Audit Plan - Sample
This document details an internal audit plan for a specific period and the related projects that are planned to be delivered to the organization. Further details on the scope of these projects are provided in relation to planned internal audit activities.
Internal Audit Planning Memorandum – Sample Template
This internal audit planning memorandum documents the audit approach and administrative details for each audit. This memorandum should be completed as part of the initial audit planning process and is meant to enhance audit efficiency.
Internal Audit Post Engagement Debrief Template - Sample
Use this template upon completion of an audit to have team members discuss the audit and to provide feedback on audit execution, lessons learned, best practices, and future audit considerations. Sections include names of audit team members, performance against budget, lessons learned, internal process improvement suggestions, and future audit considerations.
Internal Audit Quality Assurance Review Methodology
This methodology outlines a process for performing a quality assurance review of the internal audit function. It allows the QAR team to gain insight into performance gaps and operations of the internal auditing department. Also included are links to tools, surveys and other resources to help accomplish a quality assurance process.
Internal Audit Report and Response Processing Policy
This policy outlines procedures for preparing and issuing internal audit reports; preparing responses to internal audit reports; monitoring and reporting on the status of recommendations; and verifying implementation status.
Internal Audit Report To Audit Committee: Plan Status - Sample
This sample report to the audit committee presents a logical, easy-to-follow summary of audit projects completed, in-progress, and scheduled. The report demonstrates the use of reporting elements such as progress bar charts, color-coded ratings on the effectiveness of controls, and a scorecard style approach to reporting recommendations and status.
Internal Audit Reporting: Impact and Clarity: Guide and Example
Effective Internal Audit reports and communications are a critical aspect of the audit process. Strong reporting is more than just appearance, and should be a reflection of the audit approach, performance, and organizational governance objectives. This guide provides practical advice for audit reporting, and includes an example report to the Audit Committee.
Job Description: Internal Audit Manager
These samples job descriptions can be used by those looking to fill the position of Internal Audit Manager. The job descriptions should be customized to meet detailed company criteria.
Process Level Internal Audit Methodology
Once a process has been identified for an audit or review, this methodology provides guidance and tools for the phases to be performed during the review process. Process level reviews should focus on business risks and on improving process performance. This tool addresses The IIA Standards, information technology, and fraud.
Risk Assessment Checklist
The questions in the checklist can be considered prior to process reviews or operational internal audits. They can be used in facilitated self-assessment sessions, risk assessment workshops or questionnaires, basic auditing work programs, and auditing interviews.
Treasury and Cash Management Audit Program (Sample 2)
This work program lays out audit procedures for treasury and cash management. Specific areas of review include: cash disbursements, cash receipts, timely identification and resolution of exceptions, bank account analysis, investing/borrowing, capital management, foreign exchange exposure management, cash flow forecasting, IT assessment and derivatives.
Strategic Internal Audit Plan
This document is a template to be used by Internal Audit when developing an annual audit plan. This sample template provides areas to document the planning approach; major projects and associated timelines; and project sponsors.
10 Big Things for Small Audit Departments
Internal auditors face a problem common to many others in the business world: bigger responsibilities–but not-so-big resources. This is especially true in smaller internal audit departments, where resources are already sparse and growing responsibilities can stretch them dangerously thin. In this article, Joel Kramer, from the MIS Training Institute, discusses common mistakes made by small audit shops and provides suggestions on how they can do things right, using resources more efficiently.
2011 Internal Audit Capabilities and Needs Survey
Protiviti’s fifth annual survey found that internal auditing professionals are to play a leadership role, support the C-suite and board agenda while being prepared for continuous and ongoing change.. Participants, including chief audit executives along with internal audit directors, managers and staff, answered more than 100 questions in four categories: General Technical Knowledge, Audit Process Knowledge, Personal Skills and Capabilities and a new category, Risk Management and Governance Process Knowledge. The survey was designed to gauge how internal audit professionals perceive their present capabilities, where they currently see need for improvement and how they prioritize those needs.
2011 Internal Audit Plan Considerations
Answers to the 2011 internal audit planning process probably won’t be readily apparent without a reliable process in place to evaluate progress. This white paper presents 10 key areas that should assist organizations in their risk assessments and internal audit planning. When planning, consider these questions: Has the internal audit function considered all high-risk areas in its risk assessment? Is the risk universe complete? Is the audit plan balanced? And, are there emerging areas that the organization has overlooked?
Addressing Internal Controls In Your ERP Implementation
As “Y2K” era systems near the end of their useful lives, many companies are now launching new ERP implementation projects and conducting major upgrades to keep up with the rapid pace of technology and business change. This article describes how the knowledge gaps in internal controls may lead to budget issues, project delays and compliance risks, which further complicate an ERP implementation project. It also explores the implications of the significant ERP project risk and provides useful guidance to ensure compliance issues are addressed throughout.
Best Practices for the Use of Data Analysis in Audit
Over the past 20 years, data analysis has become an essential part of the audit process for the vast majority of audit organizations. Using data analysis in an audit (generally referred to as “audit analytics”) has already provided significant benefits for audit organizations of all sizes across a broad range of industries, but there is still much progress that can be made by optimizing the audit analytics process. In this publication, ACL describes how to successfully use audit analytics.
Covering Risks in a Shifting Economy
If you have shifting expectations and fewer internal audit resources, how do you adequately cover risk, especially the emerging risks suggested by our current economic conditions? In this article, the author encourages internal audit departments to leverage leading practices so they contribute to the organization’s ability to weather the economic storm and take advantage of opportunities in the future. Now, what internal auditor wouldn’t want to do that?
Dentsply’s IAS team leverages technology to meet global financial audit objectives while controlling costs
Dentsply, a manufacturer of dental supplies and instruments, conducts business in more than 120 countries. In this profile, Jeff Walters, Dentsply’s audit director, discusses how the audit department is expected to cover 60 to 70 percent of the company’s operating assets. This expectation is defined in the internal audit charter, approved by the audit and finance committee of Dentsply’s board of directors. Walters describes how his team achieves this coverage through an integrated audit approach that leverages technology.
Executive Presence: Increase audit effectiveness, build leadership potential
While choosing the right suit can help build a person’s confidence, it takes more than that to build credibility, authority, and trust – all qualities vital to effective internal auditors. It demands a combination of external and internal qualities that can be characterized as "executive presence." In this article, Ann Butera, from The Whole Person Project, Inc., describes the qualities that increase executive presence and its lasting value.
Exception Management Explained
The growing need for “exception management” capabilities among organizations of all sizes stems from a steady flow of new regulatory compliance and risk management requirements in recent years. These requirements force process owners to incorporate more rigorous compliance and risk-monitoring into their activities. This need, combined with the evolution of business analysis requirements, has given rise to continuous auditing and continuous monitoring, particularly at companies committed to getting the most valuable bang for their internal audit buck.
External Auditor Considerations
This section of Protiviti's "Guide to Internal Audit" addresses common questions concerning the use of external auditors. Some of the topics covered are: Can we use our external auditors to perform internal audit work? And, do all internal audit reports need to be reviewed by the external auditor?
Improving Internal Audit Through Technology
A number of studies show that internal audit functions are looking more seriously at technology as a way to improve productivity and the organization’s risk management process. The reality is that internal audit cannot successfully meet all looming expectations and perform at a new level without doing things differently and technology – or, more accurately, the very efficient and effective use of technology – is essential for internal audit to succeed in its evolving mandate. This article discusses how to start integrating technology into the audit process, sell its value proposition to executive management, and overcome the related challenges.
An Integrated Approach to Managing Operational Risk – Breaking down the organizational barriers
The operational audit function can be considered an extension of internal audit, where auditors focus on issues that may not have a direct impact on financial reporting such as compliance with company operating policies and procedures or safety, labor or health regulations. In decentralized organizations, communication is important to address operational audit issues and the associated risks. This article discusses how technology can help manage operational audits.
Global Technology Audit Guide (GTAG) 11: Developing the IT Audit Plan
As technology becomes more integral to the organization’s operations and activities, a major challenge for internal auditors is how to best approach a company-wide assessment of IT risks and controls within the scope of their overall assurance and consulting services. As pointed out in this GTAG, auditors need to understand the organization’s IT environment; the applications and computer operations that are part of the IT infrastructure; how IT applications and operations are managed; and how IT applications and operations link back to the organization.
How to Audit Compliance in the Financial Services Industry: A Primer
Anyone who has been involved in compliance management for the financial services industry over the last decade or more has seen expectations regarding the role and responsibilities of the Compliance function continue to evolve with increased responsibility. As the requirements and expectations for compliance management have changed, so too have the expectations for how Compliance should be audited. Any discussion about how to audit Compliance should begin with the premise that Compliance is, or should be, an auditable area.
Philips is implementing an Enterprise Transaction Repository to allocate internal audit resources more strategically and reduce external auditing costs
Royal Philips Electronics (Philips) is a Netherlands-based global leader in three business sectors: healthcare, lifestyle and lighting. In this profile, Ingo Bank, chief audit executive for Philips, discusses the roll out a new technology – The Enterprise Transaction Repository (ETR). This technology is an SAP platform that stores data from business transactions across the entire company, including query functionality to produce certain key performance indicators (KPIs).
The Process of Internal Auditing
This third section of Protiviti's "Guide to Internal Audit" addresses commonly asked questions concerning the process of internal auditing. Some of the topics covered are: How is internal audit work actually performed? What types of IT audit skills should be included in an internal audit department? What is control self-assessment? And, are internal auditors required to follow COSO?
SAP’s Global Internal Audit Services group implements a highly customized audit management system to improve speed and precision of planning
As one of the leading international providers of business software, SAP delivers products and services that help accelerate business innovation for its customers. This article focuses on SAP’s decision to implement an audit management system that allows the Global Internal Audit Services team to create working papers easily, review and approve documents, and perform administrative functions online. Key benefits of the system include automatic generation of documents including recommendations and risks; a user-friendly interface that guides auditors through the audit process steps; and delivery of key performance indicators (KPIs) to SAP’s management.
Securing the Cloud—Governance, Risk and Compliance Issues Reign Supreme
While acknowledging the many benefits that cloud computing solutions bring to the world, it is important to note that recent research has identified a myriad of potential governance, risk and compliance (GRC) issues. This article informs the potential cloud adopter, not only of the technological benefit, but also the potential security, privacy and related GRC issues that need to be prioritized, managed and mitigated before full implementation occurs.
External Resources for the Internal Auditing Profession
American Institute of Certified Public Accountants (AICPA) - The AICPA is the premier national professional association for CPAs in the USA. This site features accountancy news briefs, detailed AICPA product information, accounting, and auditing standards, technical documents, and selected full-text articles from AICPA magazines and newsletters.
Association of College and University Auditors - This site contains information about ACUA and provides links to document libraries and other useful Web sites
Association of Credit Union Internal Auditors - The Association of Credit Union Internal Auditors (ACUIA) is an international professional organization dedicated to the practice of internal auditing in credit unions.
Association of Healthcare Internal Auditors - The Association of Healthcare Internal Auditors (AHIA) promotes excellence in the healthcare internal audit profession. This site features membership information, position papers, and selected articles from the association journal, New Perspectives.
AuditNet - This site features a comprehensive directory of links, articles relating to use of the Internet by auditing professionals, a glossary, links to internal audit best practices, references to Internet-related books, a collection of audit programs contributed by auditors worldwide, and much more.
Financial Accounting Standards Board (FASB) - The FASB establishes and improve standards of financial accounting and reporting for the guidance and education of the public, including issuers, auditors, and users of financial information. This site features a collection of resources covering the FASB, its activities, and its pronouncements. Users can access summaries and status updates on all statements, exposure drafts, Emerging Issues Task Force reports, and a number of additional resources.
Financial Executives International (FEI) - The FEI is a professional organization representing senior level financial executives. FEI provides peer networking opportunities, emerging issues alerts, personal and professional development, and advocacy services to CFOs, VPs or Finance Controllers, Treasurers, Tax Executives, Finance and Accounting Professors in academia. This site features information about FEI events and committees as well as descriptions of publications and research.
Frequently Asked Questions (FAQs) About the Internal Audit Professions - Gain a better understanding of the internal audit profession with these FAQs from The IIA. These key concepts can be used in presentations to upper management and audit clients. They can also help you answer the question, "So you're an internal auditor ... what's that?"
Governmental Accounting Standards Board (GASB) - The mission of the GASB is to establish and improve standards of state and local governmental accounting and financial reporting that will result in useful information for users of financial reports and guide and educate the public, including issuers, auditors, and users of those financial reports.
Information Systems Audit and Control Association - The Information Systems Audit and Control Association and Foundation (ISACA) is a global professional association representing information systems (IS) auditing, control, and security practitioners worldwide.
Institute of Chartered Accountants in Australia (ICAA) - The ICAA represents the Australian accounting profession and sets the technical and ethical standards for members along with current accounting and auditing standards. This site features full text accounting and auditing standards as well as technical documentation on business law, tax, and workers compensation.
Institute of Chartered Accountants in England & Wales (ICAEW) - The Institute is the UK’s premier accountancy body, and the largest in Europe, with over 124,000 members working in business and public practice in 142 different countries. The Institute's qualification is recognised around the world as a prestigious professional business qualification.
Institute of Chartered Accountants of Ontario - The Institute of Chartered Accountants of Ontario is the regulatory body of Ontario's Chartered Accountants and CA students. The Institute protects the public interest through the CA profession's high standards of qualification and its enforcement of the profession's rules of conduct. This site provides information about the Institute, information on accreditation, directories to other Canadian accounting organizations, and full-text of selected articles of the current issue of the journal Checkmark.
Institute of Internal Auditors - The Institute of Internal Auditors (IIA) is an international professional association dedicated to the promotion and development of internal auditing.
Institute of Internal Auditors UK and Ireland Online - The Institute of Internal Auditors UK and Ireland is the primary body in the UK and Ireland representing, promoting, and developing the practice of internal auditing. This site features selected full text articles from Internal Auditing magazine, a catalog of publications, and information on membership and activities.
Institute of Management Accountants (IMA) - The IMA is the leading professional organization devoted exclusively to management accounting and financial management. This site offers selected full text articles from a number of IMA publications including Management Accounting, Syndicated News, and others. Users can also access information on certification, continuous education, and a set of links to local chapters and councils.
Internal Audit Service (IAS) of the European Commission - The IAS exists to help the Institution to make the best possible use of the taxpayer's €uro. The IAS believes that its job should also extend to promoting better understanding of the Commission's internal control landscape - such as the fact that management of up to 90% of the funds for which the Commission is accountable is actually managed by others.
Internal Auditing Standards Board - IASB develops practice standards and advisories for the internal audit profession that include the Code of Ethics, nature of internal audit activities, key components of a charter and an annual plan of activities, ways of conducting an engagements and communicating results, and criteria for evaluating the performance of the services.