Establishing an Internal Audit Function Request for Proposal - Sample
This sample request for proposal (RFP) is used to solicit services to establish an internal audit function. It discusses the standard information providers should include in their proposals.
Business Processes to Application Mapping Diagnostic Template
This sample template helps map out an organization’s business processes and their impact or reliance on IT systems and applications.
Disclosure Restrictions during the Initial Public Offering Process – Memo
The purpose of this sample memo is to document the SEC restrictions on public communication by companies beginning initial public offerings of their capital stock.
Audit Committee and Disclosure Committee Agenda Template - Sample
This sample audit committee and disclosure committee agenda outlines the quarterly meeting topics for audit and disclosure committees.
Contract/Project Approval Sheet - Sample
This one-page approval sheet helps you track to completion the process of approving a contract or project. It allows you to identify the parties involved and then provides a checklist of the fundamental steps to be completed by different parties.
Healthcare Reform Dashboard
This dashboard provides an example of how to report the status of compliance with U.S. healthcare reform regulations.
Risk Assessment Facilitated Session Results Matrix - Sample
This template will help capture the results of a risk assessment facilitated session. It allows leaders of these sessions to document their final results in an organized format.
Sarbanes-Oxley Control Deficiency Assessment Form – Sample
This form assists in evaluating Sarbanes-Oxley control deficiencies and allows management to document related responses. The evaluation criteria includes: evidential deficiencies, potential impact to financial statements, safeguarding of assets and antifraud controls, likelihood that an error could occur, compensating controls and multiple similar control deficiencies.
Remote Locations Audit Planning Memo
The purpose of this memo is to document the audit approach, project scope and project timing for auditing various locations of a university in order to determine compliance with select university policies and procedures, whether key financial controls exist and are operating effectively and whether reasonable security protocols are being followed.
Risk Assessment Workshop Presentation - Sample
The purpose of this presentation is to facilitate a risk assessment workshop. It explains to workshop participants the objectives and ground rules, how to identify key risks, and how to plot significance and likelihood on a risk map.
Sarbanes-Oxley Act Project Approach Memo – Sample
This is a sample memo defining management’s approach to Sarbanes-Oxley Section 404 compliance. The memo outlines the processes in scope, testing approach, sample sizes and management sign-off.
Segregation of Duties: Controls for Significant Accounting Applications
Segregation of duties is an integral part of the internal control environment. The following assessment form will assist you in understanding a function’s segregation of duties and related internal control effectiveness. Sales, accounts receivables, related cash collections are included.
Internal Audit Project Administration Memo -- Sample
The purpose of this memo is to document the approach to administering and supervising internal audit projects.
Strategic Internal Audit Plan
This template is to be used by internal audit when developing an annual audit plan. It provides areas to document the planning approach, major projects and associated timelines, and project sponsors.
Spreadsheet Controls: Process Owner Memo - Sample
This is a sample memo notifying spreadsheet owners about the requirement to document the internal controls related to spreadsheets relied upon for financial reporting. The communication explains why these controls are important to manage spreadsheet risks.
Service Level Agreement Template - Sample
This is a template to be used by a company when developing a service level agreement (SLA), providing areas to document the version history, audience, assumptions and escalation actions.
Audit Planning Memo – Sample 2
This memo provides a template for documenting the overall audit approach to evaluate the design of newly implemented controls or those planned to be implemented. It also focuses on evaluating the effectiveness of existing controls.
Request for Qualifications: IT Professional Services Qualified Vendor List – Sample
This is a sample request for qualified IT services to help create an IT vendor list for multiple year projects. The information requested in this document includes: description of work to be performed, service categories, procedures for obtaining services, and special contracting terms and conditions.
IT Projects Ranking Template – Sample
This sample provides a template to assess multiple project options using project risk factors and quantitative metrics.
Entity-Level Controls Memo – Sample
This memo can be used as a working template to ensure all company entity-level controls exist, are reviewed in detail and can document additional findings in need of escalation.
Management Response to Internal Audit Reports Memo – Sample
This sample memo provides guidance on drafting an action plan that will remediate risks associated with the observations noted during an audit.
Project Scope Change Request Form – Sample
This form documents the request to change project scope, identifying the purpose and the change management impact of the requested scope change.
Sarbanes-Oxley Section 404 Program Executive Scorecard - Sample
This document serves as an executive report template focused on the progress of the Sarbanes-Oxley Section 404 program.
Internal Audit Qualitative Diagnostic Presentation - Sample
This example presentation displays the results of an internal audit department evaluation to the audit committee, particularly following the quality assessment review process.
Process Level Documentation Requirements Memo – Sample
This memo describes example documentation requirements for Section 404 compliance efforts. The three levels of documentation standards described correlate to the priority rating of financial statement elements and associated processes.
Financial Elements and Business Process Prioritization Memo - Sample
This is an example memo used to define the process of prioritizing financial statement elements and related business processes for Sarbanes-Oxley Section 404 purposes. The prioritization of these items helps define the extent of a company’s process-level documentation efforts.
Internal Audit Standards Crossword Puzzle
This crossword puzzle is a fun tool internal audit organizations can use as an activity during group meetings. The puzzle focuses on activities and skills key to the internal audit function. Many of the questions are derived from the IIA’s International Standards for the Professional Practice of Internal Auditing. The questions and answers for the puzzle are provided within this document.
Sarbanes-Oxley Compliance Request for Proposal – Sample
This is a sample request for proposal (RFP) for Sarbanes-Oxley compliance assistance working with a company’s internal audit department.
Internal Audit Plan – Sample 2
This sample document outlines the internal audit plan for specific projects that are planned to be delivered. Further details on the scope of these projects, interaction with the auditee and execution steps are provided in this planning document.
External Quality Assessment Review Request for Proposal - Sample
This is a sample request for proposal (RFP) for an external quality assessment review (QAR) of a company’s internal audit department.
Sarbanes-Oxley Testing Strategy Memo – Sample
This is a sample memo documenting a company’s testing strategy for Sarbanes-Oxley compliance. This memo focuses on the test strategy for business process controls including entity-level controls and validating this strategy with external auditors.
Request for Proposal – Internal Audit Services and Sarbanes-Oxley Regulatory Compliance - Sample
This is a sample request for proposal (RFP) and vendor questionnaire from a company seeking a service provider to establish an internal audit function with an emphasis on compliance with the Sarbanes-Oxley Act.
SOX Section 404 Project Conclusion Memo – Sample
This sample memo documents a company’s annual Sarbanes-Oxley compliance process. It details steps followed and conclusions reached during the project including: the scoping, materiality and risk assessment process; testing; walkthroughs; evaluating deficiencies; and management’s conclusion on internal control over financial reporting.
Sarbanes-Oxley Auditor Walkthrough Prep Email - Sample
This is an example email you can use to notify SOX process owners that the external auditors will perform at least one walkthrough for each significant class of transactions. This communication explains what is involved in an audit walkthrough, preparatory actions to take, and tips and suggestions for the auditor’s assessment.
Business Process Benchmarking Tool – Sample
This template provides sample performance measures for the following business processes: accounts payable, accounts receivable, billing, close the books, commissions, finance and accounting, fixed assets, internal audit, inventory, payroll, purchasing, spare parts, supply chain, tax, and travel and entertainment.
Code of Business Conduct - Sample
This sample code of business conduct covers a wide range of business practices and procedures, including the Foreign Corrupt Practices Act. It sets out basic principles to guide all employees and officers of a company. The code of business conduct should be tailored to each company’s needs and governing rules.
SOX Year-End Update Testing Approach Memo - Sample
This example memo defines a process to update Sarbanes-Oxley testing of internal controls near or as of fiscal year-end. Such a process includes determining which controls to select for update testing as well as the type of testing to perform based on specific criteria.
Internal Audit Engagement Letter: sample
This sample internal audit engagement letter informs the auditee of an upcoming audit. It details the audit objectives, audit timeline, audit team members, expected deliverables and audit team’s mission.
Sarbanes-Oxley Section 404: Compliance Plan – Sample
This sample document establishes a framework and standard policy for compliance with Section 404 of the Sarbanes-Oxley Act.
Sarbanes-Oxley Review Process Tracking Worksheet - Sample
This sample helps project teams track key information and dates associated with developing Sarbanes-Oxley process documentation and management review.
Request for Proposal – Systems Audit Work - Sample
This is an example of a relatively informal RFP for specialized systems audit outsourcing services to be coordinated by the Internal Audit Director.
General Ledger Account Reconciliation Matrix - Sample
The purpose of the matrix is to communicate assignments and responsibilities related to the account reconciliation process. It also helps to ensure these activities are completed on time and conducted properly and accurately in conjunction with the overall financial close process and internal control structure
Risk Assessment Map - Sample
This risk assessment sample helps to identify and document critical business processes. Combined with facilitated management meetings, this approach can help gain company-wide consensus by including key process owners in risk and controls analyses.
Finance and Accounting Integration Project Plan – Sample
The document serves as a sample project plan for integrating the finance and accounting processes for a company planning to go public. It addresses key issues such as: system integration, payroll processing, and billing and collections processes. It lists down the key actions that need to be taken by each department and milestones that they should set out to achieve.
Audit Committee Annual Planning Schedule - Sample
This sample schedule provides an annual planner for audit committee activities and demonstrates how to schedule and track audit committee activities throughout the year. Using an annual planner helps ensure that required topics and issues are discussed and not overlooked.
Candidate Evaluation Form - Sample
This evaluation form can be used by an interviewer or recruiter to rate a candidate for an internal audit position. The form suggests competencies and criteria that could be applied to someone seeking to obtain employment in the audit group.
Audit Report Tracker - Sample
This simple one-page tracking sheet allows you to follow the status of a particular internal audit report. It tracks the date the draft was distributed, the intended reviewer, and date of comments received.
Audit Status Worksheet - Sample
This document provides a template to track the progress of all completed and in-progress audit activity during a specified period.
Audit Planning Memo - Sample
This sample provides a template for documenting the overall audit approach. Topics addressed include: risk indicators, regulatory requirements, scope of audit work, internal control evaluation, and operation and functional structure.
Role-Based Access Control Report – Sample Template
Role-based access plays a big part in an identity management strategy. The implementation of an identity management system and the associated process redesign has many benefits for an organization if done right. This document provides a sample template to outline a role-based access approach.
IT Application Inventory Sample Template
This template provides a structured way to define an organization’s system landscape. Use this document to capture applications utilized in the company and assess whether they fall within scope for Sarbanes-Oxley compliance testing purposes.
Audit Plan Schedule - Sample Template
This template can be used by the audit team when planning and scheduling specific audits. The document allows users to organize audits by process and location while assigning hours to specific dates throughout the year.
Application Control Review Risk Control Matrix
This document is a sample application control review risk control matrix (RCM) that can be used while reviewing the existing application controls of an organization. It can also act as a basic checklist for organizations which have applied or plan to apply Enterprise Resource Planning (ERP) software.
Logistics Risk and Control Matrix - Sample
This document represents a sample risk control matrix (RCM) relevant to the logistics department of a corporation. It provides an overview of different risks organizations can face and the corresponding controls to safeguard the company against such risks. This RCM also addresses how a good Enterprise Resource Planning (ERP) system coupled with good management can prevent fraud.
Risk Corridor Risk and Control Matrix - Sample
The Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA) established a system of "risk corridors" for prescription drug plans and Medicare Advantage drug plans. That system would to some extent limit the profits or losses those plans would incur if their costs of providing the basic Medicare drug benefit turned out to be lower or higher than estimated in their bid submission. This sample risk and control matrix (RCM) addresses the risk corridor process.
Month-End Close Template - Sample
The purpose of this month-end close document is to ensure that all responsible employees are fully aware of their assignments and their responsibilities are completed on time, properly and accurately in accordance with the company’s financial closing and reporting internal control structure. This document is organized by ERP cutoff tasks and activities broken down into pre-close, recurring entries, reconciliations, internal controls and analysis & reporting.
Control Testing Tracking Spreadsheet – Sample
This document serves as a template to use in tracking the testing of internal controls. The spreadsheet can be used to track control testing status and operating effectiveness and to create a testing timeline.
Financial Reporting Timeline - Sample
This sample timeline outlines steps needed to complete the financial reporting process. It helps management define roles and responsibilities and meet specified deadlines.
Internal Audit Plan - Sample
This document details an internal audit plan for a specific period and the related projects that are planned to be delivered to the organization. Further details on the scope of these projects are provided in relation to planned internal audit activities.
Intercompany Accounts Reconciliation Template - Sample
Performing regular account reconciliations contributes to strong internal controls. The purpose of this sample is to provide a template to document the reconciliation of the intercompany payable and receivable accounts.
Internal Audit Post Engagement Debrief Template - Sample
Use this template upon completion of an audit to have team members discuss the audit and to provide feedback on audit execution, lessons learned, best practices, and future audit considerations. Sections include names of audit team members, performance against budget, lessons learned, internal process improvement suggestions, and future audit considerations.
Internal Audit Feedback Survey Template - Sample
This survey is intended to be sent to relevant departments upon completion of work performed by internal audit. The questionnaire focuses on topics such as: communication, exit and closing meetings, technical proficiency, and level of value the audit provided to the business unit.
Competency Assessment for Accounting Function - Sample Template
The purpose of this sample template is to document the positions that currently make up a company’s accounting function during the competency assessment process. Information in this template includes: job title, job function and responsibilities, start date, relevant work history, education level, and professional organizations and accomplishments.
Audit Discussion Form Sample
This is a sample form used to communicate specific findings identified during an audit. This form focuses on the condition and/or significance of the finding, the standard by which the finding is compared, and the Management Action plan recommended to address the finding.
Acquisition Tracking Spreadsheet Template - Sample
This is a sample spreadsheet used to track acquisition details. Data tracked in this spreadsheet can accommodate several acquisitions and details that include important dates, information related to the First Binding Agreement, and analysis.
Process Interview Notes Template - Sample
This interview template can assist with capturing information related to a process being reviewed by internal audit. The specific information tracked in this document includes identifying key personnel, relevant IT applications, relevant risks, controls currently in place, and related control gaps.
Testing Status Template - Sample
This testing status sample template can assist in tracking the testing of controls, control attributes, and testing attributes such as control description, control method, and control frequency.
Goodwill/Indefinite Lives Impairment Analysis - Sample Template
This template was designed to assist companies in the periodic evaluation of potential impairment of Goodwill and Indefinite Lived Intangibles. Note that this is a tool to assist companies in the summarization of their impairment evaluations under U.S. GAAP, but is not intended to promote one valuation model/methodology over another.
Financial Close Process – Sample Schedule Improvement Action Plan
The purpose of this sample is to document the activities performed as part of the monthly financial close process and identify areas where task duration can be improved upon. As part of this effort, users are encouraged to document the responsible person for each financial close task, current task duration, and desired task duration.
Primary Controls Tracker - Sample
This document serves as a template to use in tracking the number of key internal controls identified in an organization. The information compiled in this template can be used to develop project status reports and plan for remediation efforts.
Internal Control Issues Log
This sample serves as a template to use when documenting internal control issues and associated remediation plans. It provides an outline of information to use in this tracking process including: process, nature of issue, observation, control description, and action plan.
Six Elements of Infrastructure - Sample Assessment Template
The Six Elements of Infrastructure Framework is a useful tool for categorizing issues, understanding where problems are occurring within the organization, and drawing conclusions to form the basis for process recommendations. This template may be used by a company when identifying, assessing, or designing processes using this framework. For each of the Six Elements of Infrastructure, this sample template provides areas to document innovative practices, current practices, and improvement opportunities.
SFAS 13 Lease Criteria Template
The purpose of this document is to provide a template to use when analyzing whether a lease should be classified as a capital or operating lease for financial reporting purposes. This template is based on the criteria outlined in SFAS 13. Note: This template contains formulas as outlined in the instructions.
COSO/COBIT Data Center Operations and Problem Management Control Objective Risk Matrix
This risk and control matrix focuses on high-level control objectives DS10 (Manage Problems and Incidents) and DS13 (Manage Operations) of the COBIT Delivery and Support domain.
COSO/COBIT Disaster Recovery and Business Continuity Control Objective Risk Matrix
This sample matrix aligns high-level control objectives DS4 (ensure continuous service) and DS11 (manage data) of the COBIT Delivery and Support domain and with their associated risks.
COSO/COBIT Application Change Control and QA Control Objective Risk Matrix
This Risk and Control Matrix focuses on high-level control objectives AI2, AI5, and AI6 of the COBIT Acquire and Implement domain, PO10 and PO11 of the Plan and Organize domain, and DS11 of the Deliver and Support domain.
Internal Audit Planning Memorandum – Sample Template
This internal audit planning memorandum documents the audit approach and administrative details for each audit. This memorandum should be completed as part of the initial audit planning process and is meant to enhance audit efficiency.
COSO/COBIT Security Administration Control Objective Risk Matrix
The COBIT Delivery and Support (DS) domain focuses on the delivery aspects of information technology. It covers areas such as the execution of the applications within the IT system and the results, as well as, the support processes that enable the effective and efficient execution of these IT systems. These support processes include security issues and training. This risk and control matrix focuses on control objective DS5 - Ensure Systems Security.
Segregation of Duties Matrix
A fundamental element of internal control is the segregation of certain key duties. The basic idea underlying segregation of duties is that no employee or group should be in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties. This worksheet has been designed to highlight conflicting duties performed by one individual or group of individuals. Audit teams are encouraged to use this form to help identify potentially commingled duties within accounting processes that may constitute a control weakness.
Risk Assessment Survey Template - Sample
The goal of Enterprise Risk Management is to identify, evaluate and manage key risks impacting an organization’s ability to achieve its objectives and strategies. This document provides a template to inventory and assess critical risk areas (business functions) and the associated risks embedded within each area. The results can be used to help develop an Internal Audit Plan. The results may also be included in the Risk Assessment Report provided to the Audit Committee.
Exception Form - Evaluation of an Individual Process/Transaction-Level Control
The process to evaluate and classify an individual process/transaction-level control deficiency incorporates the evaluation of quantitative and qualitative factors. This sample form assists in documenting and analyzing exceptions identified during individual process/transaction-level control testing.
Overview of Enterprise Risk Management
While your business environment evolves, so do the risks you face. New vulnerabilities appear while old fears antiquate. Can you distinguish between the two? Identify, understand, mitigate. This is the ERM formula for a good nights sleep.
Payroll Process - SAS 70 Review Report Sample
The SAS 70 report is intended to communicate, from auditor to auditor, the testing performed around the outsource provider’s internal controls, particularly controls over IT processes. This report provides an example of how to communicate the findings of a Type II SAS 70 review when a company outsources the processing of its employee payroll checks. It assess how the results of the report impact the company’s SOX compliance process.
Risk Assessment Facilitated Session Results Matrix - Sample
This excel template can assist organizations in capturing results of a risk assessment facilitated session. It allows leaders of these sessions to document the final results, based on discussion or the use of voting technology, in an organized format. This sample also provides the opportunity to capture next steps and ownership related to the risk assessment results.
Enterprise Risk Management Project Plan- Sample
Enterprise Risk Management (ERM) requires clear risk management goals and objectives, linked to business objectives and strategies. This document is a sample project plan utilized during the planning phase of implementing ERM across an organization. The project plan supports a phased implementation approach detailing tasks, deliverables, and a project timeline.
Self-Assessment on Internal Controls Report - Sample
An internal audit department led a self-assessment initiative to evaluate the effectiveness of the design of internal controls for their company’s operations and budget process. This report describes the approach, the results, and the recommendations that resulted from the initiative.
SOX Testing Documentation Template – Sample
This template provides a format to document SOX internal control testing procedures, results, and conclusions. It allows the user to detail the control being tested, testing procedures, test results to answer test procedures, and management’s response.
Property Management System Control Requirements Matrix - Sample
This matrix provides sample application controls to consider within a property-management accounting system. This document guides the user in assessing the priority and vendor capability of each control. The control assessment is then summarized to develop an action plan.
Request for Proposal – Quality Assessment Review of Internal Audit Department - Sample
This is a sample request for proposal (RFP) and vendor questionnaire from a company seeking a service provider to conduct a quality assessment review of its internal audit department and coverage of its entities.
Request for Proposal – Quality Assessment Review: Financial Institution - Sample
This is sample request for proposal (RFP) from a financial institution seeking a service provider to conduct an evaluation of its internal audit approach and coverage of its regulated subsidiaries.
Request for Proposal – External Quality Assessment Review - Sample
This sample request for proposal (RFP) document focuses on finding a service provider to perform an external quality assessment review of an internal audit department. It details the process and timeline for responding to the RFP. In addition, it documents proposal requirements and the acceptance or rejection process.
SOX Control Deficiency Assessment Form - Sample
This form assists in evaluating SOX control deficiencies and documenting management responses. Users can also assess the severity of deficiencies noted during the documentation and testing process. The evaluation criteria includes: evidential deficiencies, potential impact to financial statements, safeguarding of assets and antifraud controls, likelihood that an error could occur, compensating controls, and multiple similar control deficiencies.
SOX – Section 404 – Documentation of Tax Compliance Process Report - Sample
This is an example of how a Sarbanes-Oxley (SOX) team can report their findings related to the tax compliance process. This document reviews the business processes related to the tax compliance process, identifies manual and system-based controls, and documents issues and weaknesses.
Risk, Controls, and Responsibilities for Disaster Recovery and Business Continuity - Sample
This guide outlines the risks, control objectives, manual controls, IT controls, and responsibilities related to creating, maintaining and executing disaster recovery and business continuity plans within an organization.
Entity-Level Fraud Risk Assessment Process - Sample
Section 404 of SOX requires that each company have a documented, on-going process to identify, assess and evaluate fraud risks related to internal control over financial reporting. This example provides an overview of the process one company undertook to satisfy the requirements of evaluating fraud risk that pertain to internal control over financial reporting.
SAS 70 Review – Report on Assessment of Controls - Sample
Type II SAS 70 reports are an integral part of assessing a company’s internal controls over financial reporting if a company uses an outsource provider. The SAS 70 report is intended to communicate, from auditor to auditor, the testing performed around the outsource provider’s internal controls, particularly controls over IT processes. This report can help an organization communicate the findings of a Type II SAS 70 review and assess how the results of the report impact the company’s internal controls over financial reporting.
Spreadsheet Controls Procedures and Checklists for Sarbanes-Oxley Compliance - Sample
Lack of controls over spreadsheets can present a risk to the accuracy of financial statement information and may be identified as a deficiency under Sarbanes-Oxley Section 404. This document contains an example of spreadsheet control procedures. The procedures outline the access and change control steps that could be applied for financial spreadsheets. Also included is a checklist that tracks the spreadsheet control procedures and can be used in SOX spreadsheet testing.
Security Policy and Procedure Evaluation – Controls and Responsibilities - Sample
This sample report records the result of an evaluation of security policies and procedures at a hypothetical company. The sample illustrates security policy issues and best practices regarding controls and responsibilities that could be incorporated into a review, and provides a useful format for reporting the results.
RFP. IA and SOA Compliance: Sample
This sample RFP for Internal Audit Co-sourcing and Sarbanes-Oxley compliance services provides a number of interesting questions to be asked of a potential outsource or co-source partner. A thorough RFP that asks the for the right information can save time and help identify the best company for the job.
Security Policy and Procedure Evaluation Report: Administrative Personnel - Sample
This sample report records the result of an evaluation of security policies and procedures at a hypothetical company. The sample illustrates administrative and personnel security policy issues and best practices that could be incorporated into a review, and provides a useful format for reporting the results.
Security Policy and Procedure Evaluation Report: Communications - Sample
This sample report records the result of an evaluation of security policies and procedures at a hypothetical company. The sample illustrates communications security policy issues and best practices that could be incorporated into a review, and provides a useful format for reporting the results.
Security Policy and Procedure Evaluation Report: Application Development and Change Control - Sample
This sample report records the result of an evaluation of security policies and procedures at a hypothetical company. The sample illustrates application development and change control policy issues and best practices that could be incorporated into a review, and provides a useful format for reporting the results.
Security Policy and Procedure Evaluation – Data Security
This sample report records the result of an evaluation of data security policies and procedures at a hypothetical company, Company X. The purpose of this sample is to illustrate: A report format that can be used to communicate the status of company policies, and also to present recommendations for policy changes to management, including details of specific policy and procedure findings, gaps, and recommendations regarding policy changes; Data security policy issues and practices that could be incorporated into your own review.
Security Policy and Procedure Evaluation – Software
This sample report records the result of an evaluation of software security policies and procedures at a hypothetical company, Company X. The purpose of this sample is to illustrate: A report format that can be used to communicate the status of company policies, and also to present recommendations for policy changes to management; Software Security Policy issues and practices that could be incorporated into your own review.
Request for Proposal (Sample 3) – Internal Audit Co-Sourcing/Outsourcing
This sample Request For Proposal (RFP) illustrates the types of questions can be asked of a potential internal audit outsourcing/co-sourcing service provider.
Construction Project Risk Management Manual - Sample
This risk management manual contains a methodology that can be modified and used by other construction companies, or by businesses that are themselves undertaking construction projects. The methodology allows for project risk analysis and deciding whether or not to proceed with the project.
Request for Proposal (Sample 2) – Internal Audit Co-Sourcing/Outsourcing
This sample Request For Proposal (RFP) contains many questions to be considered when outsourcing or co-sourcing any part of an internal audit function. Many or all of the questions presented on the list can be placed in the RFP to potential service providers.
Request for Proposal (Sample 1) – Internal Audit Co-Sourcing/Outsourcing
This sample Request For Proposal (RFP) illustrates the types of questions that can be asked of a potential internal audit outsourcing/co-sourcing service provider.
Benford’s Law Analysis Spreadsheet - Sample
Benford's Law demonstrates that seemingly random numbers in large volumes of data have digits that can be predicted to occur with certain frequencies. Internal auditors can use this principle to analyze large volumes of numerical data. This spreadsheet contains formulas for calculating expected frequencies using Benford's Law.
Fraud Detection: Financial Ratio Calculator - Sample
This calculator identifies some common fraudulent and/or deceptive financial accounting practices, and gives the user examples of substantive audit tests and ratios to help catch the activity.
Internal Audit Meeting Scheduling Template and Overview - Sample
These internal audit meeting and schedule planning templates can be used in the planning and scheduling of meetings.
Audit Test Selection: Case Studies
These case studies describe internal audit situations for different business processes.
Self Assessment: Sample Session
The following is taken from an actual self assessment session, investigating possible process improvements for the Foreign Exchange process.
Quality Assurance Review (QAR) Implementation Report - Sample
This presentation provides an example of how recommendations and action plans can be presented to management upon completion of a Quality Assurance Review (QAR).
Balanced Scorecard Performance Measures for Internal Audit - Sample
Balanced scorecards look at performance from four perspectives, rather than from a single bottom-line measure. Balanced scorecards can be used to demonstrate the value of departments to their companies, and to make departments more responsive to corporate needs.
Risk Assessment and Control Activities Worksheet - Sample
"This worksheet can be used as a template for documenting and linking business risks,
process objectives, related controls, and an auditor's evaluation. It is based on the COSO framework."
Audit Opinion/Conclusion Writing - Sample
This report-writing example illustrates how different types of opinions/conclusions could be issued at the completion of an audit.