Sample Audit Plan
Sample Audit Plan
Sample Audit Plan
The objective of this audit is to assist a medium-sized enterprise engaged in the distribution of
mainstream food products in reviewing its real-time processing software in all areas of operation
to provide a basis for opinion on its financial statements. The scope of work for this audit will
consist of xxx hours of professional services and the objectives of this audit contains the following
control points:
Data Network Management
a. Data network governance
b. Financial Management
c. Risk Management
d. Human Resources
Audit Approach
Our audit approach for the execution of this audit engagement will consist of interviews
with key employees, review of real-time processing system and documents, inspections, data
extractions, and the usage of applicable audit tools. The audit will consist of the components
described below. The phases are listed in sequential order and should provide an overview of the
sequencing of the proposed engagement.
2. Execution phase Once the audit program has been Results from the execution of
finalized, and the appropriate resources have been the detailed Audit Program
identified, fieldwork will proceed in accordance with Working papers that support
the audit plan. the results from the detailed
Audit Program
3. Reporting phase All IT audit work is summarized Draft report for discussion
in the IT audit report. Our team will compile and containing an executive
present a draft report to the management within three summary, audit findings and
weeks of completing the execution phase. The recommendations for
purpose of this draft is discussion and incorporation improvement.
of any comments prior to issuing a final report to the Final report with edits and
company. comments from the
management
Risk Assessment
Regulatory Risk
Accept responsibility for the effectiveness of the companys internal control over
financial reporting.
Evaluate the effectiveness of the companys internal control over financial reporting
using suitable control criteria.
Support is evaluation with sufficient evidence, including documentation.
Present a written assessment of the effectiveness of the companys internal control
over financial reporting as of the end of the companys most recent fiscal year.
Operational Risk
We will be checking on the following operational risks during the conduct of the audit
specifically on:
Employee errors that may affect the validity of the data entered in the system
Systems failures during the business operations which may affect the completeness of
the documents and data provided and stored in the systems server.
Fraud or other criminal activity involved in the operations using the system that greatly
affects the integrity and validity of data.
Communications
Through regular meetings and ongoing communication with management, we will establish a
relationship of openness and teamwork through which we can discuss significant audit findings,
recommendations for improving internal controls or operations, and current industry issues (or any
other issues management wishes to discuss), and ultimately develop solid solutions without
surprises. We commit to holding regular meetings with management, both formally and
informally, to foster such a relationship.
Management letters and communication are an important element of professional service. It is our
policy to discuss our findings and recommendations with the appropriate members of management
prior to issuance so that we can verify factual accuracy. Our final report will only include findings
and recommendations considered significant. Other matters will be communicated throughout the
engagement and during our regular meetings and fieldwork.
Planned schedule
We estimate this engagement will require approximately xxxx weeks of effort, and we are prepared
to begin fieldwork on a date mutually agreed upon with the company. In addition, we understand
the final report for this audit must be completed no later than July 15, 2006.