Skip to content

Global Internal Audit Standards – Domain V

Guidelines to conform with Domain V

Domain V provides auditors with guidelines to effectively plan, conduct and report on engagements, and follow up on remediation.

1. Engagement communication
The following should be communicated for each engagement:

  • Objectives, scope and timing, and any changes
  • Engagement progress
  • Engagement findings
  • Recommendations and action plans
  • Engagement conclusion
  • Scope limitations
  • Non-conformance with the Standards, reason for and impact of non-conformance

Any instances where Internal Audit and management disagree, follow agreed resolution methodology

 

2. Plan engagement

  • Gather information to understand engagement risk for the area under review:
    • Strategy, objectives and risks
    • Risk assessment used to support Audit Plan
    • Governance, risk management and control processes
    • Relevant frameworks and guidelines
  • Conduct engagement risk assessment for area under review by:
    • Determining criteria management uses to measure achievement of objectives
    • Identifying risks to achieving objectives for area under review
    • Considering fraud
    • Assessing risk significance and priority
  • Articulate engagement objective (i.e. purpose and engagement goals) and scope (i.e. boundaries and focus)
  • Discuss scope limitations with management
  • CAE to approve scope and objective
  • CAE to approve changes to objective and scope
  • Establish evaluation criteria to use in engagement
  • Allocate resources based on nature and complexity of engagement, timeframe and available resources
  • Develop and document work programme which includes the following:
    • Evaluation criteria
    • Tasks to be performed
    • Methodologies to be used
    • Task allocation to resources
  • CAE to approve work programme

 

3. Perform engagement work

  • Gather information
  • Evaluate if gathered information is relevant, reliable and sufficient
  • Raise potential findings where sufficient, relevant and reliable information cannot be obtained
  • Provide assurance where information is sufficient, relevant and reliable
  • Document information and evidence to support results

 

4. Prepare findings, recommendations and action plans

  • For each potential finding:
    • Determine significance (i.e. likelihood and impact)
    • Find root cause in collaboration with management
  • Report significant findings
  • Identify other findings to report
  • Prioritise all reportable findings
  • Develop recommendations and/or action plans for reportable findings and discuss with management
  • Develop engagement conclusion aligned to engagement results


5. Follow up on remediation

Includes:

  • Periodically enquiring on progress
  • Performing follow-up assessment of implemented changes
  • Update remedial action status on tracking system