The purpose of this work program is to provide the general steps used to perform an employee travel and expense reimbursement audit.

This audit work program focuses on the risk assessment component of the COSO framework. Sample risks addressed in this audit work program include: management does not have a business planning process in place that examines existing objectives and establishes new objectives when necessary; senior management does not develop plans to mitigate significant identified risks; and changes in risks are not identified in a timely manner.

The objective of this audit work program is to evaluate the controls and processes required for conducting a vendor management audit.

The objective of this work program is to evaluate the management reporting process. It outlines the checkpoints in preparing, compiling and reviewing management reports.

This exclusive work program for KnowledgeLeader subscribers provides retailers with an overview of operational audit steps to ensure compliance with key regulations.

The objective of this audit work program is to evaluate a business’s ability to detect unauthorized system access attempts.

This page will link you to AuditNet.org and will take you to AuditNet’s Premium Content - typically only available to paid, registered AuditNet users. Subscribers have access to all of AuditNet's Premium Content as a part of the KnowledgeLeader service. Protiviti disclaims all warranties as to the accuracy, completeness or adequacy of information contained therein or for interpretations thereof. Protiviti accepts no liability or responsibility to the user for the selection of materials from AuditNet.org or for reliance by any user or reader on such information.

This work program focuses on the capital projects process. It focuses on identifying and prioritizing risks, evaluating internal controls and assessing the maturity of this business process.

The objective of this audit work program is to evaluate a business unit’s application controls to determine compliance with corporate policies and that the application environment is appropriately protected.

The objective of this work program is to assess the internal controls in place for the adoption assistance process.

This work program lays out audit procedures for treasury and cash management. Specific areas of review include: cash disbursements, cash receipts, timely identification and resolution of exceptions, bank account analysis, investing/borrowing, capital management, foreign exchange exposure management, cash flow forecasting, IT assessment and derivatives.

The objective of this work program is to assess whether accounting reconciliations are performed accurately and discrepancies are reconciled.

This work program focuses on the credit process. Its objectives are to verify whether the credit limits are properly approved and the terms of the credits in the subsidiary records agree to the documentation.

The purpose of this work program is to act as a guide for the controls needed to minimize the business recovery time in case of a disaster. The steps covered in this work program include: business impact analysis; plan development, documentation, and maintenance; and recovery testing.

This work program is an aid to assess the quantity of risk and the effectiveness of a financial institution’s risk management processes as they relate to the security measures instituted to ensure confidentiality, integrity, and availability of information, instilling accountability for actions taken on the institution’s systems.

This work program covers a complete IT Asset Management (ITAM) diagnostic audit. Areas covered within this work program include the IT Asset Management Function, IT Asset Management Processes, and IT Asset Financial Management.

This work program will help determine whether information resources are protected against unauthorized access and environmental hazards.

This work program covers a high-level PCI review. Objectives include the processing of PINs, cryptographic key creation, and secure key transmission, loading, and administration.

This audit work program focuses on the payroll and leave management process. This document assesses objectives such as whether the organization has established an adequate control environment and properly assesses risks associated with this process.

This work program covers network and environment controls for systems running Microsoft Windows Server 2003. Topics covered include monitoring intrusion detection software, ensuring authorized access to packet sniffing utilities, and proper filtering of all network ports. Review this work program to learn more about these topics and many more.

This work program covers areas specific to user account management for systems running Microsoft Windows Server 2003. Topics covered include: remote access, default accounts, access control groups, reviewing contractor/temporary accounts, unique user IDs and more.

This work program covers areas specific to Access Control management for systems running Microsoft Windows Server 2003. Topics covered include access control objectives for: administration tools and system utilities, DNS queries and zone transfers, Microsoft Management Console, and more.

This work program covers areas specific to user account management for systems running Microsoft Windows Server 2003. Topics covered include: remote access, default accounts, access control groups, reviewing contractor/temporary accounts, unique user IDs and more.

The purpose of this document is to provide the general steps used to execute a pre-implementation review audit. This document provides audit objectives and procedures to help evaluate items such as the project management strategy, mechanisms that limit the ability to make changes to the application, and associated infrastructure testing strategies and procedures.

The purpose of this document is to provide the general steps used to execute an audit on computer operations and IT job scheduling. This work program provides audit objectives and test steps to help determine and review the role of computer operations within an organization, the responsibilities of the computer operations department, and ability to proactively manage computer operations. Use this work program to test these steps and many more.

The purpose of this document is to provide the general steps used to execute an IT project governance audit. This work program identifies major areas to be investigated during an IT project governance review as well as critical control validation tests to perform.

The purpose of this document is to provide the general steps used to evaluate a data conversion project. This work program provides audit objectives and work steps to ensure proper extraction of source data, confirm that controls are in place to verify accurate data conversion, and make certain that appropriate testing is done with converted data.

The purpose of this document is to provide the general steps of a database administration review audit. This work program identifies audit steps in the areas of general security, access, database availability, backup and recovery, development and integrity, and database host operating system security.

The purpose of this document is to provide the general steps of an AS400 review audit. This work program identifies major areas which should be investigated during a general or specific controls review in an AS/400 installation as well as critical control validation tests that should be performed.

The purpose of this document is to provide the general steps of a Virtual Private Network (VPN) Administration audit. This work program provides tasks descriptions and test steps in the areas of documentation, logging, monitoring, and user pool for VPN Administration.

The purpose of this document is to provide the general steps of a firewall administration audit. This work program provides tasks descriptions and test steps for areas such as: documentation, logical access, configuration, operating systems logs, firewall tests, application logs, physical security, and continuity of operations.

The purpose of this document is to provide the general steps of a technology change management audit. This work program includes tasks descriptions and test steps in the following areas: documentation, approval process, testing, and migration to production.

The purpose of this document is to provide the general steps of an IT network infrastructure audit. This work program addresses three general risks -- confidentiality, integrity, and availability -- in four major areas.

The purpose of this work program is to conduct an internal control review at a restaurant company’s operating sites. Example audit areas covered in this work program include: payroll, overtime, inventory, bank reconciliations, and approved vendors.

The purpose of this work program is to conduct an internal control review at a restaurant company’s regional office. Example audit areas covered in this work program include: payroll, overtime, inventory, bank reconciliations, and approved vendors.

This audit work program focuses on the information and communication component of the COSO Framework. Sample risks addressed in this audit work program include: adequacy of the information technology structure is not considered by senior management; there is not a regular back-up of application programs and data files; and reported problems are not investigated in a timely manner and disciplinary actions are not taken when necessary.

This audit work program focuses on the control environment component of the COSO Framework. Sample risks addressed in this audit work program include: a code of conduct and other policies does not exist regarding acceptable business practices, conflicts of interest, or expected standards of ethical and moral behaviour; adequate staffing levels are not maintained to effectively perform required tasks; and an independent governing body that provides oversight for management's activities does not exist.

This audit work program focuses on the monitoring component of the COSO Framework. Sample risks addressed in this audit work program include: internal and/or external audit comments and management responses are not provided to the audit committee or board of directors and internal audit does not have the authority to review any aspect of the entity's operations.

This work program focuses on auditing end user computing. It concentrates on the IT controls to be tested; reviews the results of management’s testing; and documents the procedures used to test each control.

This work program focuses on auditing computer operations. It concentrates on the IT general controls to be tested; reviews the results of management’s testing; and documents the procedures used to test each control.

This work program focuses on auditing the program development process. It concentrates on the IT general controls to be tested; reviews the results of management’s testing; and documents the procedures used to test each control.

This work program focuses on auditing program change controls. It concentrates on the IT general controls to be tested; reviews the results of management’s testing; and documents the procedures used to test each control.

This extensive e-Commerce audit work program is tailored towards the requirements of a credit union. It can be downloaded and reviewed for ideas and comparison with your own work programs.

This is the final section of an Active Directory work program covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with the Infrastructure.

This is part eight of an Active Directory work program covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with Replication.

This is part seven of an Active Directory work program covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with Architecture/Design.

This is part six of an Active Directory work program covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with the rights of Powerful User.

This is part five of an Active Directory work program covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with user Access Request procedures.

This is part four of the Active Directory work program covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with user ID termination.

This is part three of an Active Directory workprogram covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with user ID maintenance.

This is part two of an Active Directory workprogram covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. The second section deals with ID creation.

This is part one of an Active Directory workprogram covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. The first section deals with general aspects of user management and administration.

The purpose of this work program – focused on access to programs and data – is to outline the IT general controls to be tested, review the results of management’s testing, and document the procedures to test each control.

The purpose of this internal audit work program is to assess, at a high level, and validate key controls in place for the travel agents commission process. Steps in this document include examining the travel agent commission review and approval process; adequacy of supporting documentation; and compliance with company policies and procedures.

The purpose of this audit work program is to review a company’s method of tracking and recording in-warranty repairs, out-of-warranty repairs, and sales credits under the warranty and service repair process in accordance with company policy and United States Generally Accepted Accounting Principles (GAAP).

This work program focuses on key tax processes and systems related to a company’s U.S. operations. This review focuses on related business strategies and policies, business and risk management processes, management reports, methodologies, people and organizational structure, and systems and data.

This work program provides a review of a Disaster Recovery Plan, including the creation of the plan, evaluation of the risks covered, their impact on the business, and whether or not the plan provides for appropriate methods to recover from the threats covered by the plan.

This work program can be used to audit compliance with the European Union Data Directive (EUDD). It includes an overview of the EUDD requirements as they relate to privacy and security of personal data, and initial survey questions intended to provide the audit team with an overview of the auditee’s high-level privacy knowledge and awareness.

This payroll/HR review work program focuses on adequacy of controls, overall efficiency and effectiveness of the processes, and compliance with policies and procedures. Specific areas of review include the adequacy of system and manual check processing functions; proper review of payroll information; adequacy of supporting documentation; appropriate review and authorization of manual checks; and existence of proper segregation of duties.

The purpose of this audit work program is to review conflict of interest procedures between a trust company and its affiliates. This includes reviewing guidelines on appropriate financial trades, obtaining necessary board of director approval for these transactions, and determining appropriate fee structures.

The purpose of this audit work program is to review procedures regarding the creation, posting and retention of journal entries. This includes determining if evidence exists and supports the amount booked in the accounting system; proper approval; and completeness and accuracy of each journal entry.

The audit objective of this review is to assess documented policies and procedures, including business requirements documentation, to determine if provisions of the Electronic Signatures Act and Department of Education are adequately addressed. Auditors are asked to verify that the IT Infrastructure supporting the electronic signature process is appropriately configured to protect critical data from unauthorized access, disclosure, modification, corruption, or destruction.

The audit objective of this review is to analyze and evaluate a hospital’s physician credentialing process and identify the key controls governing the process. This work program has been updated with detailed steps focused on verifying applicants’ education and certification background, hospital staff system access rights to physician profiles, and maintaining a log of current physicians on staff.

This database audit work program covers the following applications: DB2, Oracle 8i, Oracle 9i, Oracle RDB7, Sybase, and Progress. The work program is in the form of an Excel workbook, with a separate spreadsheet covering each of the following areas: Security; Change Management; and Monitoring.

The purpose of this audit work program is to assess the controls specific to a Service Level Agreement (SLA). This includes determining the business requirements of the service provider; identifying frameworks and methods used by the service provider; and reviewing key performance indicators, controls, and critical success factors used to ensure delivery of business requirements.

The purpose of this work program is to understand and evaluate the freight management process. This includes reviewing process performance measures, process effectiveness and efficiency, and contract terms and management.

The purpose of this work program is to review an organization’s system backup procedures. This includes identifying all applications key to the organization, identifying the responsible person for the backup procedure, analyzing actual procedures performed, and determining the appropriateness of handling related media.

The objective of this audit work program is to evaluate the entity-level controls at an organization. The work program specifically focuses on entity-level topics such as integrity and ethical values; management commitment to competence; effective Board of Directors; and management's philosophy and operating style.

The objective of this audit work program is to evaluate the accuracy of the shipping and receiving process. The audit work program specifically focuses on ensuring that all deliveries/shipments are accurately received/issued and ensuring the integrity of order information as it flows through the systems.

The objective of this audit work program is to review the controls in place for the following areas of the Purchasing Rebate process: Supplier Rebate Set-Up, Maintenance and Forecasting; Rebate Processing; and Rebate Accounting and Financial Reporting.

The objective of this audit work program is to evaluate the operating effectiveness of the monitoring component of COSO. The audit work program specifically focuses on the attributes of on-going monitoring, separate evaluations, and reporting deficiencies.

The objective of this audit work program is to identify and evaluate the effectiveness of a debit and credit card service provider’s fraud prevention process. This work program reviews the reports utilized to monitor fraudulent activities involving debit and credit cards and system settings intended to identify potentially fraudulent transactions

This document focuses on auditing a company employee benefits program. This audit work program reviews the administration of the employee benefits program, eligibility of benefits, and authorization and issuing of benefit disbursements.

The objective of this audit work program is to evaluate the operating effectiveness of internal controls identified in the external financial reporting process. The audit work program specifically focuses on controls related to the earnings release, filing Forms 10-Q and 10-K, and debt compliance sub-processes.

The objective of this audit work program is to review the controls related to a company’s investment procedures. The work program reviews whether investment transactions were initiated in accordance with management’s established policies, the accuracy of investment information, and the results reported in the financial statements.

The objective of this audit program is to ensure that SOX 404 processes are documented to communicate a clear understanding of the business activity, including its related risks and controls, roles, and responsibilities. In addition, these steps are intended to ensure all changes made to process documentation are reviewed for accuracy and completeness.

The objective of this work program is to evaluate access controls and environmental controls for the data center, and to develop recommendations to create meaningful change.

This disaster recovery risk assessment work program provides an outline for standard business models. It is not intended to be an all-inclusive list, but a starting point in the risk assessment process. Key areas and related risks considered include environmental, man-made, business, and IT threats.

The objective of this audit work program is to review the policies governing the asset and liability management process. While performing this review, an auditor can determine if these policies are reviewed on a regular basis and assess the governance oversight of the asset and liability management function.

The objective of this audit work program is to review the capital raise process. While examining this process, an auditor can verify whether processes exist to report accurate and complete information; transactions are in adherence with company policies; and sufficient supporting documentation exists.

This is a sample work program for reviewing an application that handles transactions related to leasing and renting commercial property.

This extensive business continuity management work program covers the following areas: general BCP, preliminary steps, examination scope and objectives, appropriateness of enterprise-wide BCP, oversight and support, business impact analysis, risk management, testing, IT documentation, hardware backup and recovery, software backup and recovery, preparation for data center recovery, inclusion of security procedures, critical outsourced activities, conclusions, and final steps.

This sample Siebel / Oracle information security work program provides procedures to evaluate six system control objectives.

This sample balance sheet review audit work program can be downloaded and reviewed for ideas and comparison with your own work programs.

This healthcare audit work program is intended to assist in determining whether internal controls in the health insurance claims review process are in place and working effectively. This audit work program addresses topics such as duplicates, claim approvals, system interfaces, and refund status.

The objectives of this audit work program are to assess the effectiveness of a Corporate Responsibility Program (CRP), and to ensure that the company is continuing to put into practice the seven elements of an effective compliance program.

The audit objectives of this work program is to evaluate the adequacy of internal controls over the construction project; determine the extent of compliance with the terms of the contract; verify the propriety of the amounts paid for construction; identify and quantify overcharges to the construction project; and determine that assets are properly classified and componentized. Steps in this work program include reviewing bid documentation, evidence of contractor and subcontractor billings, and approval of change orders.

This healthcare audit work program is intended to determine whether internal controls in the provider contracting and capitated payment processes are in place and working effectively.

The objective of this program is to perform a high-level review of charity care program practices to validate compliance with hospital policy. Steps include a detailed analysis of selected charity accounts and bad debt accounts.

The audit objective of this hospital work program is to analyze and evaluate the adequacy of the Charge Master Maintenance process. These steps verify that all charges are developed in accordance with policy, determine the degree of compliance by employees with administrative and financial policies as prescribed by management, and confirm if charges are developed timely and accurately.

This sample work program covers various application controls necessary to support the business, focusing primarily on access and change controls.

This sample audit work program can be used to determine whether vendor rebate receivables have been properly recorded and calculated, to determine whether the General Reserve for vendor rebates and the inventory adjustment are adequate, and to review supporting documentation.

This sample work program provides steps to perform a quarterly assessment of management’s monitoring of company-level controls. Specific objectives of this work program include: evaluate the effectiveness of management’s controls monitoring process; assess management’s progress with respect to the implementation of action plans designed to address deficiencies; provide management with an internal audit framework to use in monitoring key controls on an ongoing basis and evaluate whether those controls are operating as designed.

This page is provided as a resource for linking to work programs that other organizations have posted on the Internet.

IT change management is a process to manage changes to production hardware, network devices, operating systems, and application software. This sample audit work program helps assess IT change controls.

This sample work program provides steps to review plant operations security. Specific objectives of the work program include: determine the plant’s safety environment; ensure compliance with company and governmental requirements related to safety; and review that safety issues identified in various audits are addressed appropriately.

This sample work program provides steps to review the direct charges process. Specific objectives of the work program include: understand procedures relating to the processing, payment, billing and reconciliation of direct charges; evaluate the control environment within the direct charge process; and investigate build up of direct charge transactions (debits) in the direct charge clearing account.

This sample work program provides steps to audit the treasury process. Specific areas of review include the wire transfer process, foreign exchange exposure management, and interest rate swaps.

This sample work program reviews the safety of plant operations. Specific objectives of the work program include assessing the plant’s safety environment; ensuring compliance with company and governmental requirements related to safety; and verifying that safety issues identified in various audits are addressed.

This is a sample work program to assist in an RACF controls review. Specific objectives of the work program are to ensure system software is inventoried and maintained, change controls are in place, procedures for initial program load (IPL) are clearly documented and distributed, and procedures exist to monitor system capacity and performance.

This sample work program provides audit steps for a privacy controls review. Specific objectives of the work program include: verifying management direction and support for privacy controls; checking system implementations and changes are appropriately tested; reviewing policies and procedures; and testing that privacy controls are working effectively.

There are five areas that should be considered when auditing financial end-user developed spreadsheets and other applications: change control; version control; access control; input control; and security and integrity of data. This audit program has a variety of audit steps you can apply depending on the complexity of the application.

This sample work program reviews the order to bill process. Specific objectives of the work program include ensure orders are accurately filled, use of old/obsolete inventory, and accurate customer billing.

This work program reviews the membership and billing process within a healthcare cooperative. Specific areas of review include group contract rates, membership status, and adjustments/credits made to membership billings.

This sample work program covers the general security of systems running the UNIX operating system It reviews control elements, general system admin issues, account groups, remote and root logins, passwords, super users and services.

This tool is designed to assist Internal Audit with the review of the following areas of restaurant operation: Cash Control; Asset Control; Operations Management; Inventory Control; Information Systems; and Human Resources.

The purpose of this work program is to evaluate the overall process for planning and completing budgeting, to determine the effectiveness of compliance with corporate policies and procedures, and to ensure the budget process is operating as planned.

This program can be used by internal auditors as an evaluation tool or converted into a questionnaire for use with management to better understand current fraud prevention and detection program activities.

Reputation risk associated with lack of social responsibility programs, instances of possible ethics violations, and other ‘red-flag’ occurrences should be considered during annual audit planning. This work program is intended to position the internal audit function to help identify social responsibility issues that the organization may not be adequately addressing and to assess controls around those programs.

The preface to this sample audit program discusses general audit procedures, other considerations, and management controls to review in auditing the close the books process.

New product development is a critical part of any enterprise and internal audit can help to assure controls over the resources are effective. This work program includes an overview for understanding and engaging in this important area. The program includes risk analysis, special and operational considerations, and evaluation components for an audit review.

Product pricing and customer can have significant impact on revenue. Internal audit can help to assure that controls over pricing and discounts are effective. This sample audit program will assist in a thorough review of this area.

Cost estimation is an important part of determining prices for deliverables. Poor controls can lead to proposal loss or project cost overruns. This work program covers areas including: bids, labor/material cost, engineering, other allocations, and change orders.

Third party labor is often an important part of operations -- especially during times of expansion. This work program covers: contract/bid processes, billing matters, time reporting controls, and possible areas for improvement.

This work program includes an overview for understanding and engaging in a review of controls around advertising and promotions. The work program includes risk analysis, special and operational considerations, and recommendations for key internal controls.

Other assets should be reviewed to determine if the processes of approval, maintaining subsidiary ledgers, and reconciliation to general ledger accounts are adequately supervised and controlled. Although other assets are normally not significant amounts to the overall financial statements, these items, especially in the prepaid expenses area, can create surprises for management if not maintained properly.

Spending authority limits represent a key component of the internal control structure. Spending authority is an extension of management’s delegated authority to approve transactions. This work program provides steps and considerations for reviewing spending authority policies and processes

Since most financial transactions are processed and maintained in the IT environment, the IT function is critical for all financial audits performed. This work program will assist audit teams to identify risks and related controls for logical security administration and monitoring, physical security, change management, problem management and system availability.

Other liabilities should be reviewed to determine if the processes of approval, maintaining subsidiary ledgers, and periodic reconciliation to the general ledger accounts are adequately controlled.

This work program example focuses on the major revenue areas associated with the sales cycle particularly major customers and channel partners.

This work program will assist audit teams to review compliance with the Foreign Corrupt Practices Act of 1977. An introduction describes the basics of the Act.

This work program is designed to assist the audit team to perform additional review tests of the high volume expenditure areas using Computer Assisted Audit Testing (CAATs). The following tests can provide a manageable set of supervisory oversight controls through transaction analysis for line management in expenditure areas.

Software licensing activities are often considered a limited area of auditor concern since upgrade events and installations are limited and seemingly simple. However, there is an entry on a financial statement balance sheet representing the recorded value of property, equipment, and other durable purchased goods and the treatment of software should be carefully examined for appropriateness. This work program for can be modified for scope considerations that will depend on the extent and particulars of the licensing agreement included under review.

This work program on capital expenditures auditing provides an example of steps to include in a review of internal controls surrounding fixed assets. Included is a general discussion of the financial, operational, and technology aspects of capital expenditure auditing. A few associated CAATs testing procedures are included to assist those considering computer-assisted techniques.

This robust work program will assist in a comprehensive review of the expenditure cycle. Although the program is tailored to a hotel it includes review of the purchasing, receiving, inventory and supervisory operational and financial expenditure areas. Related Computer Assisted Audit Techniques (CAATS) or ACL type tests are included to leverage IT audit team members.

This work program will assist teams to understand the controls and related processing risks for performing a review of Accounts Receivable & Credit areas of the Hotel. Topics such as guest ledgers, doubtful accounts, and inter-company accounts are included.

This work program will assist a comprehensive review of a hotel property’s cash and treasury practices including cash floats, cashier handling and analysis. Review steps address general cashier procedures, petty cash, and aspects of front office operations.

Revenue recognition and related risk of fraud is an issue for all industries and the hospitality sector is no exception. This work program will assist a comprehensive review of hotel revenue practices including reservations, restraints, and other revenue streams. An overview of audit requirements with focus upon SAS-99 fraud considerations is included.

This work program is designed to assist the audit team in performing a comprehensive review of the financial reporting area and of a hotel or similar facility’s compliance with its management contract or lease agreement.

Application security involves checking the security controls of an application, not the operating system or device that hosts the application. A thorough and exhaustive evaluation of the security issues related to e-Business applications is best tackled using a phased approach, such as that described here.

This guide will help to evaluate the adequacy of internal controls in the customer order fulfillment and cash handling processes. It includes a checklist of control activities and a related cash handling segregation of duties matrix.

The control objectives guide identifies the types of risks that can be present in a bank's deposit cycle, and lists many process and monitoring type controls that can be put in place to minimize these risks. The associated work program assists in evaluating the effectiveness of the deposit cycle internal control structure.

This sample work program covers areas specific to the security of systems running Microsoft Windows 2000. Topics covered include: system administration issues, password and other logon controls, group management and separation of duties, reviewing domain names, structures, and trust relationships, maintaining the security of file system objects, auditing and event logging issues, and more.

This control objectives guide identifies the types of risks that can be present in a bank's expenditure nonpayroll cycle, and lists many process and monitoring type controls that can be put in place to minimize the risks. The associated work program can in evaluating the effectiveness of the expenditure nonpayroll cycle internal control structure.

This sample work program covers the security of systems running the Microsoft Windows family of operating systems. It looks at IT policy, organization, system development & maintenance, operations, data communication, documentation, physical security, backup and disaster recovery.

The objective of this work program is to determine whether the appropriate project management controls are in place to ensure a successful and effective conversion of data from a legacy systems to a new system. Adequate planning and execution of a controlled data conversion process can save rework time and help ensure new system launches are successful.

The expense cycle is a high transaction processing area that includes both manual and application controls. This work program provides a comprehensive controls review of the procurement and related accounts payables processes including key risk areas, processing controls (segregation of duties), and steps to uncover opportunities for process/control improvements.

The objectives of this work program are to assess whether contracts are executed in accordance with agreed upon terms and to ensure all contracts are valid, properly authorized and mitigate risk of loss.

Sales commissions structures can be complex, posing the risk of over- or under-paying sales professionals and running afoul of regulations and policies. The following work program can be used as a template to create a sales commission review plan. Any plan will need to be customized to the features of your organization’s sales compensation structures.

The purpose of this work program is to determine whether the right security policies exist, and for those policies that do exist, to determine whether they cover the necessary issues and are disseminated to the right people.

An organization’s ethics program is increasingly important in the current regulatory environment and critical to minimizing reputation risk. Internal audit is responsible for evaluating the effectiveness of ethics programs that can significantly reduce reputation risk exposure. However, evaluating a relatively intangible area such as ethical behavior can be challenging; this work program can assist in developing a comprehensive review.

The purpose of this work program is to determine whether company policy and the structure of the security administration function provide for adequate administration of logical security. The information and guidelines in the work program can be used to audit the state of security administration.

This work program outlines the primary controls and considerations for an internal audit of property or fixed assets. Included is a general discussion of the financial, operational, and technology aspects of property auditing. The appendix shows a sample system flow and some testing procedures to assist those considering computer-assisted techniques.

This work program outlines physical security best practices for data centers and information processing/storage facilities. It then details the control practices and control techniques that should be investigated as part of an audit or review of physical security.

This sample IT strategy management audit program can be downloaded and reviewed for ideas and comparison with your own work programs.

This sample IT help desk audit program can be downloaded and reviewed for ideas and comparison with your own work programs.

"This work program focuses upon the internal responsibilities of corporate stock program administration. Controls may span several internal functions and external organizations. This work program includes some general and specific tests that can be modified to reflect the specific plans and administration attributes of your organization."

This sample platform management work program can be downloaded and reviewed for ideas and comparison with your own work programs.

This sample network management work program can be downloaded and reviewed for ideas and comparison with your own work programs.

Accounts receivables processing between sales order entry to collections can create significant risk to cash flow from aging receivables and cash handling. Internal audit teams can utilize the following work program designed to focus upon segregation of duties and general control concerns. Combined with the segregation of duties matrix this work program will assist internal audit team to evaluate management internal control assertions.

This sample IT organization work program can be downloaded and reviewed for ideas and comparison with your own work programs.

This sample IT data management work program can be downloaded and reviewed for ideas and comparison with your own work programs.

This sample IT operations management work program can be downloaded and reviewed for ideas and comparison with your own work programs.

This sample security management work program can be downloaded and reviewed for ideas and comparison with your own work programs

This sample Business Continuity Management (BCM) work program can be downloaded and reviewed for ideas and comparison with your own work programs

Revenue recognition at cut-off dates for financial reporting of sales and inventory can create overstatements, double counting and other risk of misstatement. The following work program will assist in development of a tailored company internal control effort designed to ensure accurate transaction recording.

This sample IT application management work program can be downloaded and modified as applicable for your organization.

This sample desktop management work program can be downloaded and modified as applicable for your organization.

This sample IT asset management work program can be downloaded and modified as applicable for your organization.

This sample work program can be downloaded and reviewed for ideas and comparison with your own work programs.

This internal audit work program looks at expenditure cycle activities and tests purchasing, accounts payable, travel and entertainment charges, and payroll.

This sample inventory management work program can be downloaded and reviewed for ideas and comparison with your own work programs.

This internal audit work program focuses on understanding and evaluating the company's stock option management process, performing testing, and investigating control weaknesses.

This internal audit work program reviews controls to ensure that all service activity -- above and beyond what is called for in a warranty contract -- is captured, tracked and billed to the customer. The program directs auditors to review the process, the documentation generated during a customer inquiry, reports generated as a result of service activity, and to perform transaction testing.

This work program suggests steps for an internal audit review over the sales compensation and commission payment process. The primary objective is to review controls, metrics, and process efficiency. Some of the key work steps include understanding the process, segregation of duties, understanding plan attributes and benchmarking.

This sample work program guides an internal audit of the processes and controls a company may use to select, qualify, approve, and maintain OEM customers. Work steps focus on customer qualification attributes, customer master file controls, standard forms, authorization and sign-off, cycle time, and related issues.

This work program focuses primarily on transaction and controls testing for a company's Returns Management process. Overall efficiency of the process is considered along with performance metrics, authorization, cycle time, quality control, receiving controls, segregation of duties and the like.

This work program provides key steps for a review of the order management process. Work steps include the identification of the process flow, identification of performance metrics, computer assisted auditing steps, process audit steps, and comparison to known best practices.

This casino audit work program covers reviews of live gaming tables, electronic gaming devices, cashiering and credit, currency transaction reporting, and more.

This program focuses on identifying charges that were not allowed to be charged to an owner based on the construction contract between the owner and the general contractor. Steps are provided for reviewing both lump-sum contracts and cost-plus contracts.

This audit program primarily focuses on existence, additions, disposals, and depreciation of fixed assets and leases.

This audit program primarily focuses on identification and reporting of contingencies and accrued liabilities.

This audit work program primarily reviews controls around obtaining contractors, controlling costs, managing change orders, and administration for construction projects undertaken by a company.

This compliance based work program covers existence, accuracy, and cut-off of cash balances.

This sample work program can be downloaded and reviewed for ideas and comparison with your own work programs.

This control objectives guide identifies the types of risks that can be present in a bank's expenditure payroll cycle, and lists many process and monitoring type controls that can be put in place to minimize the risks. The associated work program assists in evaluating the effectiveness of the expenditure payroll cycle internal control structure.

This work program focuses primarily on identification of unauthorized payments that may be occurring within an organization.

This program focuses internal auditors on the necessary controls which should be in place to ensure a compliant export management system.

This control objectives guide identifies the types of risks that can be present in a bank's financial reporting cycle, and lists many process and monitoring type controls that can be put in place to minimize the risks. The associated work program can assist in evaluating the effectiveness of the financial reporting cycle internal control structure.

This guide discusses the attributes, the control objectives, and the risks to be addressed in bank cycles. The objective of these tools is to assist management in analyzing the effectiveness of the internal control structure over financial reporting.

This Human Resources Review Work Program primarily focuses on testing controls over the following sub-processes: New hire activity, termination activity, pay rate changes, and performance evaluations.

This control objectives guide identifies the types of risks that can be present in a bank's investment cycle, and lists many process and monitoring type controls that can be put in place to minimize the risks. The associated work program can assist in evaluating the effectiveness of the investment cycle internal control structure.

This control objectives guide identifies the types of risks that can be present in a bank's loan cycle, and lists many process and monitoring type controls that can be put in place to minimize the risks. The associated work program can assist in evaluating the effectiveness of the loan cycle internal control structure.

This control objectives guide identifies the types of risks that can be present in a bank's trust cycle, and lists many process and monitoring type controls that can be put in place to minimize the risks. The associated work program can assist in evaluating the effectiveness of the trust cycle internal control structure.

This control objectives guide identifies the types of risks that can be present in a bank's treasury cycle, and lists many process and monitoring type controls that can be put in place to minimize these risks. The associated work program can assist in evaluating the effectiveness of the treasury cycle internal control structure.

This sample work program can be downloaded and reviewed for ideas and comparison with your own work programs.

Review the Payroll processing function focusing on adequacy of controls, overall efficiency and effectiveness of the processes, and compliance with policies and procedures. Additionally, review the Human Resources function as it relates to Payroll focusing on completeness of personnel files, adequacy of supporting documentation for changes to employee profile, and timely reporting of employee information (new hires, terminations, merit increases, etc.) to Payroll.

Review the travel and expense reporting function focusing on proper review and approval of reimbursement items, adequacy of supporting documentation, and efficiency of the reimbursement process.

Cash Collections and Security entails assessing the controls related to the collection of cash at various locations. The program reviews procedures for cash security, recordkeeping, check acceptance and handling, customer receipts, cash reconciliation, money transfer, cash deposit, petty cash and change fund authorization and replenishment, and proper segregation of duties.

This work programs reviews billing, collections and account follow-up processes. Specific areas of review include patient and insurance billing; processing of adjustments and refunds; and timely follow-up of account balances on aging reports.

This work program reviews the adequacy and efficiency of current Capital Asset Management polices and procedures as they relate to asset procurement, tracking and monitoring, recording and reporting, disposal of assets, and depreciation.

The purpose of this audit work program is to review compliance with established procedures for the purchasing function. Specific areas of focus include the requisitioning process, consistent pricing, identifying and obtaining key vendors, proper authorization, adequacy of supporting documentation, timeliness of receiving process, and existence of segregation of duties.

This tool is a comprehensive work program to use as a guideline for auditing a hotel. It covers many processes related to hotel management, and can also be modified for other hospitality and service operations such as restaurants.

The purpose of this work program is to provide the general steps used to perform an audit at an investment management firm. This document provides work steps to prepare for a visit to the firm and perform reviews and audit testing.

The purpose of this work program is to provide the general steps used to perform an audit of a bank’s payroll department. This document provides audit procedures for the review of payroll calculations, methods of payment, tax remittance verification, payroll check distribution, payroll changes, bonuses, manual checks, official checks, payroll bank reconciliation, year end reconciliation, general ledger account reconciliation, and payroll controls and reconciliation.

The purpose of this work program is to provide the general steps used to perform an audit of accounts receivable/credit and collections. This document provides audit objectives and work steps for project planning, obtaining and reviewing documentation, benchmarking company accounts receivable processes, testing, discussing findings with management, and creating reports.

The purpose of this work program is to provide the general steps used to perform a general audit at a bank branch. This document provides audit procedures for reviewing branch general ledger balances for fraudulent checks and overdraft losses, and reconciliation of accounts payable and receivable accounts.

The purpose of this work program is to provide the general steps used to perform an audit of the accounts receivable/collections process. This document provides audit work steps for planning, fieldwork, testing and reporting. Specific steps include understanding and documenting the process, identifying improvement opportunities, and associated test steps.

The purpose of this work program is to provide the general steps used to perform an audit of capital asset management. This document provides audit procedures for the review of requisition/purchasing, receiving, capital asset tracking and monitoring, capital asset recording and reporting, capital asset disposal and retirement.

The purpose of this work program is to provide the general steps used to perform a savings audit at a bank branch. This document provides audit procedures for reviewing inventories on hand, savings deposit and withdrawal activity, and related reporting.

The purpose of this work program is to provide the general steps used to perform a certification of check audits at a bank branch. This document provides audit procedures for reviewing recent certifications, tracing fees collected recently, and reviewing any certified checks that were returned.

The purpose of this work program is to provide the general steps used to perform a security audit at a bank branch. This document provides audit procedures for reviewing security forms and general security activities, such as the inspection of the bank by a designated person.

The purpose of this work program is to provide the general steps used to perform an income and expense audit at a bank branch. This document provides audit procedures for reviewing miscellaneous disbursement reports, and any debit entries to a general ledger income account over a specific dollar amount.

The purpose of this work program is to provide the general steps used to perform an audit of baseline controls for a company in the healthcare industry. This document provides audit procedures for the review of billing and collections, cash controls, accounts payable/general accounting, payroll, and claims processing/compliance.

The purpose of this work program is to provide the general steps used to perform an audit of unissued checks and money orders at a bank branch. This document provides audit procedures for reviewing inventories for official checks and money orders, and daily issuance logs.

The purpose of this work program is to provide the general steps used to perform a safe deposit audit at a bank branch. This document provides audit procedures for reviewing daily transaction journals, trial balances, billing records, contract cards, access slips, and unrented keys.

The purpose of this work program is to provide the general steps used to perform an encashment and cash items audit at a bank branch. This document provides audit procedures for reviewing the process by which a bank branch cashes payroll checks for employees of bank depositors.

The purpose of this work program is to provide the general steps used to perform a cash audit at a bank branch. This document provides audit procedures for counting cash funds, preparing a proof of available ATMs, counting of petty cash, reviewing coin and currency logs, and many other processes.

The purpose of this work program is to provide the general steps used to perform an audit of accounts payable/expense accounting. This document provides audit work steps for planning, fieldwork and reporting. Steps for fieldwork address the areas of accounts payable, expense reporting, purchasing and procurement cards.

The purpose of this work program is to provide the general steps used to perform a checking account and overdraft audit at a bank branch. This document provides audit procedures for reviewing overdraft approval, dormant account activity, and availability of funds.

The purpose of this work program is to provide the general steps used to perform an audit of items held on consignment at a bank branch. This document provides audit procedures for reviewing the reserve and working supplies and fees collected for American Express traveler’s cheques.

The purpose of this work program is to provide the general steps used to perform a night deposit audit at a bank branch. This document provides audit procedures for reviewing information related to night deposits including location, contents, and selected night depositors.

The purpose of this work program is to provide the general steps used to perform an audit of wire transfers and foreign remittance at a bank branch. This document provides procedures for reviewing wire transfer forms, completed wire transfers, and applications for foreign exchange drafts or cables.

The purpose of this work program is to provide the general steps used to perform an audit of a bank’s operations department. This document provides audit procedures for the review of item processing, customer accounting, retail services, ATM administration, and general ledger and suspense accounts.

The purpose of this work program is to provide the general steps used to perform an audit of a bank’s investments department. This document provides audit procedures for the review of safekeeping items, federal funds, repurchase agreements, securities, commercial paper held, FASB 115, FDICIA, and asset and liability policies.

The purpose of this work program is to document general procedures used to perform an audit of an international office. The steps indicated apply to the areas of service and product sales, procurement, human resources, financial management, and tax considerations.

This sample work program provides a framework and checklist for testing to be performed by the internal audit or quality assurance team in reviewing a web site. It can be downloaded and reviewed for ideas and comparison with your own work programs.

The purpose of this work program is to provide the general steps used to perform an inventory management audit. This document provides audit procedures for the review of purchasing, warehousing, distribution, finance, marketing/support, and engineering.

The purpose of this work program is to provide the general steps used to perform an audit of material receiving internal controls. This document provides audit steps that include: checking limits placed on quantities to be maintained in inventory, confirming controls are adequate to prevent theft and diversion of material, and assuring that store records maintained by employees are functionally independent of storekeepers.

The purpose of this work program is to provide the general steps used to perform an audit of spare parts inventory. This document provides steps that include procedures for the review of procurement, storage, and the methodology used to determine the quantity/product mix/replenishment of spare inventory.

The purpose of this work program is to provide the general steps used to perform an inventory audit. This document provides audit procedures for the review of receiving, production process/physical security, physical counts, inventory valuation, inventory reserves, consignment inventory, scrap, and shipping and receiving (including returns).

The purpose of this work program is to provide the general steps used to perform an audit of a distribution center/consigned delivery. This document provides audit procedures for the review of warehousing, IT audit techniques and areas, as well as contracts.

The purpose of this work program is to provide the general steps used to perform a quality assurance audit. This document provides audit steps that include procedures for the review of materials receiving, subcontractor quality control, metrology and calibration, and quality assurance data.

The purpose of this work program is to provide the general steps used to perform a procurement/accounts payable matrix audit. This document provides detailed steps in the areas of understanding expectation, understanding and analyzing the process, and payables.

The purpose of this work program is to provide the general steps used to perform an audit on commission review. This document provides the steps used to confirm whether an existing process to review commissions is adequately controlled and has acceptable segregation of duties.

The purpose of this work program is to provide the general steps used to perform a “close the books” audit. This document provides guidance for ensuring related systems are fully integrated, the company is in compliance with established schedules, and determining whether segregation of duties is adequate.

The purpose of this work program is to provide the general steps used to perform an audit of purchasing, A/P, travel and entertainment. This document provides detailed steps to review best practices, identify CAAT tests, and request system data for CAAT testing.

The purpose of this work program is to provide the general steps used to perform a payroll audit. This document provides details for interviewing personnel, reviewing and discussing payroll policies, and testing randomly selected transactions.

The purpose of this work program is to provide the general steps used to perform an order entry/customer service audit. This document identifies risks such as customer master records may not be accurate or created in a timely manner, sales order information may not be correct or timely, and change orders that exceed established credit limits are not communicated to the factory in an appropriate amount of time or are unauthorized. The work program describes how to best test these risks.

The purpose of this work program is to provide the general steps used to perform a facilities management audit. This document provides guidance on reviewing facilities management best practices, understanding essential processes, and obtaining information regarding the cost of facilities maintenance.

The purpose of this work program is to provide the general steps used to perform an implementation/control validation audit. This document provides guidance on data mapping, identifying key data, conversion strategy and process, as well as conversion sign off.

The purpose of this work program is to provide the general steps used to perform a remote site audit. This document provides audit steps associated with accounts payable, accounts receivable, payroll, treasury, and general accounting.

The purpose of this work program is to provide the general steps used to perform a remote site visit. This document provides detailed objectives to ensure target audit areas are adequately controlled, to ensure proper segregation of duties in target audit areas, and to provide information related to internal control weaknesses as well as to comment on the overall efficiency of the processes.

The purpose of this work program is to provide the general steps used to perform a shipping and receiving audit. This document provides steps to audit processes such as handling back-orders, receipt of products and transfer of received goods, and the resolution of discrepancies/exceptions.

The purpose of this work program is to provide the general steps used to perform a procurement/accounts payable audit. This document provides detailed steps in the areas of selection and evaluation of vendors, adequate documentation and adherence to bid process, approvals for PRs/POs, approvals for payment, accurate & timely recording of liabilities, early payment discounts, and system access.

The purpose of this work program is to provide the general steps used to perform a systems and application audit. This document provides guidance on when and what to test within a system. Testing examples include systems designs, component integration, interfaces, and data conversion routines.

The purpose of this work program is to provide the general steps used to perform a remote site audit. This document provides detailed objectives to determine compliance with certain corporate and local policies and procedures, evaluate overall effectiveness of the operating entity's key business functions, and identify internal control and process improvement opportunities.

The purpose of this work program is to provide the general steps used to perform an audit of ethical business conduct guidelines. This document provides guidance on obtaining a list of all executives and directors, determining who is required to sign an ethical business conduct form, obtain access to employees’ human resource files, and other steps needed to complete this audit.

The purpose of this work program is to provide the general steps used to perform a drug-free workplace and workforce audit. This document provides objectives such as reviewing the policy, and determining if the policy is adequately displayed and lists the most common proscribed substances.

The purpose of this work program is to provide the general steps used to perform a purchasing audit. The detailed steps in this document provide an understanding of the purchasing process, how to create process maps, review departmental policies, and compare current practices to best practice.

The purpose of this work program is to provide the general steps used to perform a policy development audit. This document provides steps such as determining existing policies, interviewing process owners, discussing format and content, and identifying areas for new policies.

The purpose of this work program is to provide the general steps used to perform an incentive compensation audit. This document provides guidance on the review of incentive policies and procedures, speaking with key individuals, and gaining understanding of key processes.

The purpose of this work program is to provide the general steps used to perform a cash controls audit. This document provides steps to review and test controls related to cash-box security, check acceptance, receipts, reconciliation, and deposits.

The purpose of this work program is to provide the general steps used to perform a capital leasing audit. This document provides steps to review controls for authorization, validations, accuracy, completeness, and timeliness.

The purpose of this work program is to provide the general steps used to perform an audit on consumer lending. This document provides objectives covering physical safeguards, adequate documentation, substantiation of loan balances, and substantiation of collateral held on loan balances.

The purpose of this work program is to provide the general steps used to perform a procurement card audit. This document provides audit guidance for the review of training of procurement card users, cardholder agreements, spending limits, auditing procedures, and terminations.

The purpose of this work program is to provide the general steps used to perform a revenue forecasting audit. This document provides steps to review forecasting development/methodology and forecast execution.

The purpose of this work program is to provide the general steps used to perform an audit of physical security for IT facilities. This document gives specific questions related to risks such as unauthorized physical access, damaged cables and wiring, and power failures.

The purpose of this work program is to provide the general steps used to perform an incentive compensation audit. This document provides guidance on the review of incentive policies and procedures, speaking with key individuals, and gaining understanding of key processes.

The purpose of this work program is to provide the general steps used to perform an audit on commissions. This document provides insight into what questions should be asked for an audit of this type. Questions address factors such as who is responsible for processing commissions, what policies, procedures and controls are in place, along with many other topics.

The purpose of this work program is to provide the general steps used to perform an audit of procurement internal controls. This document provides detailed audit steps used to check controls such as the use of standardized purchase orders, the prevention of unauthorized use of cancelled or voided purchase requisitions, and procedures requiring complete history files.

The purpose of this work program is to provide the general steps used to perform an audit of corporate treasury. This document provides objectives covering the overall financial control environment, financial and accounting controls, and processes within cash management, investments, and foreign exchange exposure management.

The purpose of this work program is to provide the general steps used to perform an audit on consolidation of finance functions. This document provides the audit steps needed to address the finance functions associated with the accounts payable, accounts receivable, accounting operations, payroll, cost accounting, information systems, human resources, and transfer pricing departments.

The purpose of this work program is to provide the general steps used to perform a travel and expense reimbursement audit. This document provides detailed objectives to determine that policies, practices, procedures and internal controls regarding funds transfers are adequate, ensure that employees involved in funds transfers are operating in compliance with established guidelines, and determine that adequate security is maintained over wire transfer operations and system administration, and many other objectives.

The purpose of this work program is to provide the general steps used to perform an audit of temporary employee management. This document provides detailed objectives used to understand and evaluate the temporary employee management process, validate process performance measures and business controls, and identify opportunities for enhancement.