1

STUDY UNIT SEVEN

PLANNING AND SUPERVISING THE ENGAGEMENT

7.1
7.2
7.3
7.4
7.5
7.6

Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Objectives, Risk Assessment, and Survey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Scope and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Work Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Supervision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Study Unit 7 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2
4
7
8
10
13

An engagement consists of (1) planning, (2) performing the engagement, (3) communicating
results, and (4) monitoring progress. The internal auditors responsibility is to plan and perform the
engagement, subject to review and approval by supervisors. This study unit concerns the first phase of
the engagement. Supervision is included because it begins with planning.
In this study unit, we present the pronouncements by The IIA that are relevant to the planning
phase. This study unit also contains supplementary information about certain aspects of the
engagement and the relevant pronouncements on supervision.

Core Concepts

Internal auditors should develop and document a plan for the engagement. It should include the
(a) scope, (b) objectives, (c) timing, and (d) resource allocations.
Internal auditors should make a preliminary assessment of the relevant risks. Objectives of the
engagement should reflect the risk assessment.
The engagement scope should suffice to meet the engagement objectives.
Engagement resource allocation depends on the nature and complexity of the engagement, time
limitations, and available resources.
Engagement work programs should meet the engagement objectives, be recorded, and receive
prior approval. They consist of the planned engagement procedures.
The preliminary survey is a process for gathering information to (a) understand the activity
reviewed, (b) identify areas for special emphasis, (c) obtain useful information, and (d) determine
whether further auditing is needed.
Engagement supervision ensures that objectives are achieved, quality is assured, and staff is
developed.

Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com

SU 7: Planning and Supervising the Engagement

7.1 PLANNING
1.

This subunit describes the planning process and provides criteria for evaluating that
process. The engagement planning process is addressed by one General Performance
Standard, one Specific Performance Standard, one Assurance Implementation Standard,
one Consulting Implementation Standard, and one Practice Advisory.

2.

2200

a.

Engagement Planning Internal auditors should develop and record a plan for
each engagement, including the scope, objectives, timing, and resource
allocations.
PRACTICE ADVISORY 2200-1: ENGAGEMENT PLANNING
1.

The internal auditor is responsible for planning and conducting the engagement
assignment, subject to supervisory review and approval. The engagement
program should:

Document the internal auditors procedures for collecting, analyzing,

interpreting, and documenting information during the engagement.

State the objectives of the engagement.

Set forth the scope and degree of testing required to achieve the
engagement objectives in each phase of the engagement.

Identify technical aspects, risks, processes, and transactions that should

be examined.

State the nature and extent of testing required.

Be prepared prior to the commencement of engagement work and be

modified, as appropriate, during the course of the engagement.

2.

The chief audit executive is responsible for determining how, when, and to
whom engagement results will be communicated. This determination should
be documented and communicated to management, to the extent deemed
practicable, during the planning phase of the engagement. Subsequent
changes that affect the timing or reporting of engagement results should also
be communicated to management, if appropriate.

3.

Other requirements of the engagement, such as the engagement period

covered and estimated completion dates, should be determined. The final
engagement communication format should be considered because proper
planning at this stage facilitates preparing the final engagement communication.

4.

All those in management who need to know about the engagement should be
informed. Meetings should be held with management responsible for the
activity being examined. A summary of matters discussed at meetings and any
conclusions reached should be prepared; distributed to individuals, as
appropriate; and retained in the engagement working papers. Topics of
discussion may include:

Planned engagement objectives and scope of work

The timing of engagement work

Internal auditors assigned to the engagement

The process of communicating throughout the engagement, including the

methods, time frames, and individuals who will be responsible

Business conditions and operations of the activity being reviewed,

including recent changes in management or major systems

Concerns or any requests of management

Matters of particular interest or concern to the internal auditor

Description of the internal auditing activitys reporting procedures and

follow-up process

Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com

SU 7: Planning and Supervising the Engagement

PA Summary

3.

2201

The internal auditor plans and conducts the engagement, subject to supervisory
review and approval. The engagement program (1) documents procedures,
(2) states the engagements objectives and scope, (3) identifies risks and other
matters to be examined, and (4) states the nature and extent of testing.
The program is prepared before work begins and is modified during the work.
The CAE determines how, when, and to whom results are communicated. If
appropriate, these documented determinations are communicated to management
during planning. Subsequent changes that affect the timing or reporting of
engagement results also should be communicated.
Other engagement requirements to be determined are the period covered,
completion dates, and the communication format.
Managers should be informed on a need-to-know basis.
Meetings should be held with responsible managers. Summaries of discussions
and conclusions should be prepared, distributed, and retained. Topics of
discussion may include: (1) engagement objectives and scope, (2) timing of
work, (3) auditors assigned, (4) the process of communicating throughout the
engagement, (5) conditions and operations of the activity reviewed,
(6) management concerns or requests, (7) matters of particular interest to the
auditor, and (8) the IAAs reporting and follow-up process.
Planning Considerations In planning the engagement, internal auditors should
consider:

The objectives of the activity being reviewed and the means by which the
activity controls its performance.
The significant risks to the activity, its objectives, resources, and operations
and the means by which the potential impact of risk is kept to an acceptable
level.
The adequacy and effectiveness of the activitys risk management and
control systems compared to a relevant control framework or model.
The opportunities for making significant improvements to the activitys risk
management and control systems.

4.

2201.A1 When planning an engagement for parties outside the organization, internal
auditors should establish a written understanding with them about objectives, scope,
respective responsibilities and other expectations, including restrictions on distribution of
the results of the engagement and access to engagement records.

5.

2201.C1 Internal auditors should establish an understanding with consulting engagement

clients about objectives, scope, respective responsibilities, and other client expectations.
For significant engagements, this understanding should be documented.

Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com

SU 7: Planning and Supervising the Engagement

7.2 OBJECTIVES, RISK ASSESSMENT, AND SURVEY

1.

This subunit defines objectives, procedures, the scope of work, and the purpose of the
preliminary risk assessment. These concepts are covered in one Specific Performance
Standard, two Assurance Implementation Standards, one Consulting Implementation
Standard, and two Practice Advisories.

2.

2210
a.

Engagement Objectives Objectives should be established for each

engagement.
PRACTICE ADVISORY 2210-1: ENGAGEMENT OBJECTIVES
1.

Planning should be documented. Engagement objectives and scope of work

should be established. Engagement objectives are broad statements
developed by internal auditors and define what the engagement is intended to
accomplish. Engagement procedures are the means to attain engagement
objectives. Engagement objectives and procedures, taken together, define the
scope of the internal auditors work.

2.

Engagement objectives and procedures should address the risks associated

with the activity under review. The term risk is the possibility of an events
occurring that could have an impact on the achievement of objectives. Risk is
measured in terms of impact and likelihood. The purpose of the risk assessment during the planning phase of the engagement is to identify significant
areas of activity that should be examined as potential engagement objectives.
PA Summary

3.

Planning should be documented. Engagement objectives are broad statements

of what is to be accomplished. Engagement procedures are the means of
attaining the objectives. Together, they define the engagement scope.
Objectives and procedures should address the risks associated with the activity
under review. The preliminary risk assessment identifies significant activities to
be examined as potential objectives.

2210.A1 Internal auditors should conduct a preliminary assessment of the risks relevant to
the activity under review. Engagement objectives should reflect the results of this
assessment.
a.

PRACTICE ADVISORY 2210.A1-1: RISK ASSESSMENT IN ENGAGEMENT

PLANNING
1.

Background information should be obtained about the activities to be

reviewed. A review of background information should be performed to
determine the impact on the engagement. Such items include:

Objectives and goals

Policies, plans, procedures, laws, regulations, and contracts that could
have a significant impact on operations and reports
Organizational information, e.g., number and names of employees, key
employees, job descriptions, and details about recent changes in the
organization, including major system changes
Budget information, operating results, and financial data of the activity to
be reviewed
Prior engagement working papers

Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com

SU 7: Planning and Supervising the Engagement

2.

Results of other engagements, including the work of external auditors,

completed or in process
Correspondence files to determine potential significant engagement
issues
Authoritative and technical literature appropriate to the activity

If appropriate, a survey should be conducted to become familiar with the

engagement clients activities, risks, and controls; to identify areas for
engagement emphasis; and to invite comments and suggestions from
engagement clients. A survey is a process for gathering information, without
detailed verification, on the activity being examined. The main purposes are
to:
Understand the activity under review
Identify significant areas warranting special emphasis

Obtain information for use in performing the engagement

Determine whether further auditing is necessary

A survey permits an informed approach to planning and carrying out
engagement work. It is an effective tool for applying the internal audit activitys
resources where they can be used most effectively. The focus of a survey will
vary depending upon the nature of the engagement. The scope of work and the
time requirements of a survey will vary. Contributing factors include the
internal auditors training and experience, knowledge of the activity being
examined, the type of engagement being performed, and whether the survey is
part of a recurring or follow-up assignment. Time requirements will also be
influenced by the size and complexity of the activity being examined, and by the
geographical dispersion of the activity.

3.

4.

A survey may involve use of the following procedures:

5.

Discussions with the engagement client

Interviews with individuals affected by the activity, e.g., users of the
activitys output
On-site observations
Review of management reports and studies
Analytical auditing procedures
Flowcharting
Functional walk-through (tests of specific work activities from beginning
to end)
Documenting key control activities

A summary of results should be prepared at the conclusion of the survey. The

summary should identify:

Significant engagement issues and reasons for pursuing them in more

depth
Pertinent information developed during the survey
Engagement objectives, engagement procedures, and special
approaches such as computer-assisted audit techniques (CAATs)
Potential critical control points, control deficiencies, or excess controls
Preliminary estimates of time and resource requirements
Revised dates for reporting phases and completing the engagement
When applicable, reasons for not continuing the engagement

Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com

SU 7: Planning and Supervising the Engagement

PA Summary

The auditor obtains and reviews background information about the activities
audited. Such items include (1) objectives; (2) policies, plans, procedures, laws,
regulations, and contracts; (3) organizational information, e.g., details about
recent changes; (4) budgets, operating results, and financial data; (5) prior
working papers; (6) results of other engagements; (7) correspondence; and
(8) literature appropriate to the activity.
A survey is usually performed to (1) become familiar with the clients activities,
risks, and controls; (2) identify areas of emphasis; and (3) invite comments from
the client. A survey gathers information, without detailed verification, on the
activity being examined. Its purposes are to (1) understand the activity, (2) identify
areas for emphasis, (3) obtain information, and (4) determine whether further
auditing is necessary.
A survey permits informed planning and performance of the work. Its focus,
scope, and time required will vary with the circumstances, including (1) the
auditors training and experience, (2) knowledge of the activity, (3) the type of
engagement, (4) size and complexity of the activity, and (5) geographical factors.
Possible survey procedures include (1) client discussions, (2) observations,
(3) user interviews, (4) report reviews, (5) analytical tests, (6) flowcharting, (7) a
walk-through, and (8) control documentation.
A summary of survey results should be prepared that identifies (1) significant
issues; (2) information developed; (3) objectives, procedures, and special
approaches (e.g., CAATs); (4) critical control points, deficiencies, or excess
controls; (5) time and resource requirements; (6) revised reporting dates; and
(7) any reasons for not continuing the engagement.

4.

The preliminary or on-site survey allows for the gathering of information, without detailed
verification, about the activities to be reviewed. It is also an opportunity for the internal
auditor and the client to begin a participative engagement.

5.

The survey should result in thorough internal auditor familiarity with the engagement
clients
a.
b.
c.
d.
e.

Objectives
Organizational structure
Operations
Physical facilities
Risk management, control, and governance systems (including documentation and
procedures)
1)

f.
g.
6.

Internal auditors must consider all such policies and procedures, not merely
those relevant to a financial statement audit.
Personnel
Information systems

The survey should become the basis for an efficient, effective engagement work program
that
a.
b.

Concentrates on matters of significance.

Reduces the time allocated to areas in which risk appears to be minimal.

Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com

SU 7: Planning and Supervising the Engagement

7.

The survey should set a cooperative tone for the field work that follows.

8.

The more complex and extensive the activity, the greater the need for the overview
provided by the preliminary survey.

9.

The survey requires certain abilities. The internal auditor must

a.
b.
c.

d.
e.
f.
g.

Ask intelligent questions

Prepare suitable questionnaires
Have a clear understanding of
1) The information needed,
2) Sources of that information, and
3) How to obtain the information.
Understand and be adept at flowcharting and other means of documenting the
information obtained
Understand managements objectives and be able to identify the objectives of each
activity reviewed.
Understand the purposes of risk management, control, and governance policies
and procedures
Identify the risks implicit in the areas under review

10. Defects in risk management and control processes discovered during the survey should be
immediately communicated to the person who can best take corrective action.
a.
b.

The initial communication should be oral. If corrective action is taken, no further steps
are needed until the final engagement communication.
If corrective action is not taken, the defect is significant, and, in the internal auditors
opinion, correction cannot be safely delayed, management should be alerted in an
interim or progress communication.

11. The overall results of the survey, if warranted, may be communicated to management in an
oral presentation.
12. The results should be documented.
13. 2210.A2 The internal auditor should consider the probability of significant errors,
irregularities, noncompliance, and other exposures when developing the engagement
objectives.
14. 2210.C1 Consulting engagement objectives should address risks, controls, and
governance processes to the extent agreed upon with the client.
7.3 SCOPE AND RESOURCES
1.

This subunit contains the pronouncements on the established engagement scope and
resource (especially staffing) allocation. These topics are addressed in two Specific
Performance Standards, two Assurance Implementation Standards, one Consulting
Implementation Standard, and one Practice Advisory.

2.

2220

Engagement Scope The established scope should be sufficient to satisfy the

objectives of the engagement.
2220.A1 The scope of the engagement should include consideration of relevant
systems, records, personnel, and physical properties, including those under the
control of third parties.

Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com

SU 7: Planning and Supervising the Engagement

2220.A2 If significant consulting opportunities arise during an assurance

engagement, a specific written understanding as to the objectives, scope, respective
responsibilities and other expectations should be reached and the results of the
consulting engagement communicated in accordance with consulting standards.
2220.C1 In performing consulting engagements, internal auditors should ensure
that the scope of the engagement is sufficient to address the agreed-upon
objectives. If internal auditors develop reservations about the scope during the
engagement, these reservations should be discussed with the client to determine
whether to continue with the engagement.
3.

2230

a.

Engagement Resource Allocation Internal auditors should determine

appropriate resources to achieve engagement objectives. Staffing should be
based on an evaluation of the nature and complexity of each engagement, time
constraints, and available resources.
PRACTICE ADVISORY 2230-1: ENGAGEMENT RESOURCE ALLOCATION
1.

In determining the resources necessary to perform the engagement, evaluation

of the following is important:

The number and experience level of the internal auditing staff required
should be based on an evaluation of the nature and complexity of the
engagement assignment, time constraints, and available resources.
Knowledge, skills, and other competencies of the internal auditing staff
should be considered in selecting internal auditors for the engagement.
Training needs of internal auditors should be considered because each
engagement assignment serves as a basis for meeting developmental
needs of the internal audit activity.
Consideration of the use of external resources when additional
knowledge, skills, and other competencies are needed.
PA Summary

Resource allocation decisions are based on evaluation of (1) the number and
experience of staff required; (2) the knowledge, skills, and competencies of the
staff; (3) training needs; and (4) whether external resources are needed.

7.4 WORK PROGRAMS

1.

This subunit is devoted to engagement work programs (also see PA 2200-1 in Subunit 7.1).
They are addressed in one Specific Performance Standard, one Assurance Implementation
Standard, one Consulting Implementation Standard, and two Practice Advisories.

2.

2240

a.

Engagement Work Program Internal auditors should develop work programs

that achieve the engagement objectives. These work programs should be
recorded.
PRACTICE ADVISORY 2240-1: ENGAGEMENT WORK PROGRAM
1.

Engagement procedures, including the testing and sampling techniques

employed, should be selected in advance, if practicable, and expanded or
altered if circumstances warrant. More detailed guidance is described in
Practice Advisory 2200-1.

Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com

SU 7: Planning and Supervising the Engagement

2.

The process of collecting, analyzing, interpreting, and documenting information

should be supervised to provide reasonable assurance that the auditors
objectivity is maintained and engagement goals are met.
PA Summary

3.

Procedures should be selected in advance and modified as needed.

Performance of the engagement should be supervised so that objectivity is
maintained and goals met.

2240.A1 Work programs should establish the procedures for identifying, analyzing,
evaluating, and recording information during the engagement. The work program should
be approved prior to its implementation, and any adjustments approved promptly.
a.

PRACTICE ADVISORY 2240.A1-1: APPROVAL OF WORK PROGRAMS

1.

In obtaining approval of the engagement work plan, such plans should be

approved in writing by the chief audit executive or designee prior to the
commencement of engagement work. Adjustments to engagement work plans
should be approved in a timely manner. Initially, approval may be obtained
orally, if factors preclude obtaining written approval prior to commencing
engagement work.
PA Summary

Work programs should be approved in writing by the CAE. Adjustments should

be timely approved.

4.

2240.C1 Work programs for consulting engagements may vary in form and content
depending upon the nature of the engagement.

5.

A pro forma work program is designed to be used for repeated engagements related to
similar operations. It is ordinarily modified over a period of years in response to problems
encountered in the field. The canned program assures at least minimum coverage,
provides comparability, and saves resources when operations at different locations have
similar activities, risks, and controls.
a.

However, a pro forma (standard) work program is not appropriate for a complex or
changing operating environment. The engagement objectives and related
procedures may no longer be relevant.

Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com

10

SU 7: Planning and Supervising the Engagement

7.5 SUPERVISION
1.

This subunit includes the pronouncements relevant to supervision of engagements as well

as some supplementary guidance. Engagement supervision is the subject of one Specific
Performance Standard and one Practice Advisory.

2.

2340
a.

Engagement Supervision Engagements should be properly supervised to

ensure objectives are achieved, quality is assured, and staff is developed.
PRACTICE ADVISORY 2340-1: ENGAGEMENT SUPERVISION
1.

The chief audit executive is responsible for assuring that appropriate

engagement supervision is provided. Supervision is a process that begins with
planning and continues throughout the examination, evaluation,
communication, and follow-up phases of the engagement. Supervision
includes:

Ensuring that the auditors assigned possess the requisite knowledge,

skills, and other competencies to perform the engagement.
Providing appropriate instructions during the planning of the
engagement and approving the engagement program.
Seeing that the approved engagement program is carried out unless
changes are both justified and authorized.
Determining that engagement working papers adequately support the
engagement observations, conclusions, and recommendations.
Ensuring that engagement communications are accurate, objective,
clear, concise, constructive, and timely.
Ensuring that engagement objectives are met.
Providing opportunities for developing internal auditors knowledge, skills,
and other competencies.

2.

Appropriate evidence of supervision should be documented and retained.

The extent of supervision required will depend on the proficiency and
experience of internal auditors and the complexity of the engagement. The
chief audit executive has overall responsibility for review but may designate
appropriately experienced members of the internal audit activity to perform the
review. Appropriately experienced internal auditors may be used to review the
work of other less experienced internal auditors.

3.

All internal auditing assignments, whether performed by or for the internal audit
activity, remain the responsibility of the chief audit executive. The chief audit
executive is responsible for all significant professional judgments made in
the planning, examination, evaluation, communication, and follow-up phases of
the engagement. The chief audit executive should adopt suitable means to
ensure that this responsibility is met. Suitable means include policies and
procedures designed to:

Minimize the risk that professional judgments may be inconsistent with

the professional judgment of the chief audit executive resulting in a
significant adverse effect on the engagement.
Resolve differences in professional judgment between the chief audit
executive and internal auditing staff members over significant issues
relating to the engagement. Such means may include: (a) discussion of
pertinent facts, (b) further inquiry or research, and (c) documentation and
disposition of the differing viewpoints in the engagement working papers.
In instances of a difference in professional judgment over an ethical issue,
resolution may include referral of the issue to those individuals in the
organization having responsibility over ethical matters.

Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com

11

SU 7: Planning and Supervising the Engagement

4.

Supervision extends to staff training and development, employee performance

evaluation, time and expense control, and similar administrative areas.

5.

All engagement working papers should be reviewed to ensure that they

properly support the engagement communications and that all necessary
procedures have been performed. Evidence of supervisory review should
consist of the reviewers initialing and dating each working paper after it is
reviewed. Other review techniques that provide evidence of supervisory review
include completing an engagement working paper review checklist or preparing
a memorandum specifying the nature, extent, and results of the review.

6.

Reviewers may make a written record (review notes) of questions arising

from the review process. When clearing review notes, care should be taken to
ensure that the working papers provide adequate evidence that questions raised
during the review have been resolved. Acceptable alternatives with respect to
disposition of review notes are:

Retaining the review notes as a record of the questions raised by the

reviewer and the steps taken in their resolution.
Discarding the review notes after the questions raised have been resolved
and the appropriate engagement working papers have been amended to
provide the additional information requested.
PA Summary

Supervision is relevant to all phases of the engagement from planning through the
examination, evaluation, communication, and follow-up.
Evidence of supervision should be documented and retained. Its extent depends
on the auditors proficiency and experience and the nature of the engagement.
The CAE may appropriately delegate the responsibility for supervisory review.
The CAE is responsible for all significant professional judgments. The CAE
should adopt suitable means to (1) minimize the risk of applying inconsistent
professional judgments and (2) resolve differences in professional judgment
between the CAE and staff members.
Supervision extends to administrative areas.
All working papers should be reviewed to ensure that they support the
engagement communications and that all necessary procedures have been
performed. Evidence of review should be provided consisting of the reviewers
initialing and dating each working paper after it is reviewed.
Written review notes record questions arising from the review. When clearing
review notes, care should be taken to ensure that the working papers provide
adequate evidence that questions raised have been resolved.

3.

The internal audit activity should maintain the same degree of control over its own activities
as it expects from other subunits of the organization.

4.

All projects should be formally assigned. Each should have

a.
b.
c.

5.

An assignment sheet, i.e., a work order authorizing expenditure of engagement work

hours.
An engagement title indicating the activity covered.
A number identifying the engagement and indicating its nature, e.g., a regular or
special internal audit, a consulting engagement, or a fraud investigation.

The chief audit executive should review the progress of each engagement periodically in
terms of budgeted employee-days, actual employee-days, and estimated completion date.
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com

12

SU 7: Planning and Supervising the Engagement

6.

Schedules for job completion should be set early, usually before the midpoint of the
assignment.

7.

Requests for budget adjustment also should be made well before job completion, i.e., as
soon as it becomes apparent that the actual project differs significantly from that described
in the engagement work schedule.

8.

Adjusted budgets normally will be carried forward to future budgets and work schedules.
Temporary obstacles, e.g., those created by inexperienced assistants and unexpected
problems, should not justify budget adjustments.

9.

Projects should be formally closed upon the issuance of a final engagement

communication if no matters are unresolved when it is released. Otherwise, they should be
closed by the submission of a closure communication to the CAE. This submission occurs
when action on all unresolved matters discussed in the final engagement communication is
complete.

10. Activity reports should be prepared for senior management and the board at least
annually. These activity reports
a.
b.

Highlight significant engagement observations, conclusions, and recommendations.

Explain major deviations from approved engagement work schedules, staffing plans,
and financial budgets.

11. All engagements should be kept under budgetary control.

a.
b.

Project budgets are usually stated in employee-hours or employee-days.

Financial budgets should include items other than internal audit activity staff
payroll, e.g.,
1)
2)
3)
4)
5)
6)
7)

c.
d.
e.

Administrative and clerical support

Engagement-related and training-related travel
Outside service providers
Telephone
Supplies
Library
Staff professional society membership dues

Budgets for recurring engagements should be the same as those shown in the
engagement work schedule.
Budgets for engagements for which the IAA has no prior experience should be set as
soon as possible after the scope of the engagement becomes known.
Because no projects are precisely the same (even those covering the same activity),
budgets should be reevaluated after the preliminary survey.
1)
2)

f.

Excessive budgets should be reduced.

Insufficient budgets should be expanded or the scope of the engagement
reduced.
3) Adjustments and the reasons for them should be documented for future
engagement work schedules.
Budget adjustments should be justified. They should be approved at a level higher
than the engagement supervisor. Requests for budget adjustment should show
1)
2)
3)

The operational activities to be reviewed according to the engagement work

schedule
The activities actually being carried on
The employee-days attributable to the difference

Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com

SU 7: Planning and Supervising the Engagement

13

12. Administrative records should provide the CAE with control over engagements in progress
and with sufficient information for useful reports to management on engagement
accomplishments.
a.

Staff auditors should submit time sheets periodically, showing the employee-days
charged against their projects and accounting for all employee-days in the reporting
period.
1)

b.
c.

Time should be accumulated in registers by project, including time off, vacations,

holidays, etc.
Staff auditors should report weekly to their supervisors on the time spent and the
status of the job.
The internal audit activity should maintain records to gather data for
1)
2)
3)
4)
5)

Status reports on all ongoing engagements

Communication of results
Suggestions adopted
Savings accomplished as a result of recommendations
Time expended by type of engagement in comparison with amounts budgeted

7.6 STUDY UNIT 7 SUMMARY

1.

Internal auditors consider (a) the objectives, resources, operations, and risks associated with
the activities reviewed; (b) the relevant risk management and control systems; and
(c) possible improvements in those systems. The internal auditors can then (a) establish
the engagements objectives, (b) determine its scope, (c) allocate resources appropriate to
the achievement of the objectives, and (d) develop a work program.

2.

The engagement program (a) documents engagement procedures, (b) states the
engagements objectives and scope, (c) identifies risks and other matters to be examined,
and (d) states the nature and extent of testing. The program is prepared before work
begins and is modified during the work.

3.

Engagement objectives are broad statements of what is to be accomplished. Engagement

procedures are the means of attaining the objectives. Together, they define the
engagement scope.

4.

Internal auditors should conduct a preliminary assessment of the risks relevant to the activity
under review. Engagement objectives should reflect the results of this assessment.

5.

A survey is usually performed to (a) become familiar with the clients activities, risks, and
controls; (b) identify areas of emphasis; and (c) invite comments from the client.

6.

The established scope should be sufficient to satisfy the objectives of the engagement.

7.

Internal auditors should determine appropriate resources to achieve engagement

objectives. Staffing should be based on an evaluation of the nature and complexity of each
engagement, time constraints, and available resources.

Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com