Global Internal Audit Standards – Domain V

Domain V provides auditors with guidelines to effectively plan, conduct and report on engagements, and follow up on remediation.

1. Engagement communication
The following should be communicated for each engagement:

• Objectives, scope and timing, and any changes
• Engagement progress
• Engagement findings
• Recommendations and action plans
• Engagement conclusion
• Scope limitations
• Non-conformance with the Standards, reason for and impact of non-conformance

Any instances where Internal Audit and management disagree, follow agreed resolution methodology

2. Plan engagement

• Gather information to understand engagement risk for the area under review:
  • Strategy, objectives and risks
  • Risk assessment used to support Audit Plan
  • Governance, risk management and control processes
  • Relevant frameworks and guidelines

• Conduct engagement risk assessment for area under review by:
  • Determining criteria management uses to measure achievement of objectives
  • Identifying risks to achieving objectives for area under review
  • Considering fraud
  • Assessing risk significance and priority

• Articulate engagement objective (i.e. purpose and engagement goals) and scope (i.e. boundaries and focus)
• Discuss scope limitations with management
• CAE to approve scope and objective
• CAE to approve changes to objective and scope
• Establish evaluation criteria to use in engagement
• Allocate resources based on nature and complexity of engagement, timeframe and available resources
• Develop and document work programme which includes the following:
  • Evaluation criteria
  • Tasks to be performed
  • Methodologies to be used
  • Task allocation to resources
    
• CAE to approve work programme

3. Perform engagement work

• Gather information
• Evaluate if gathered information is relevant, reliable and sufficient
• Raise potential findings where sufficient, relevant and reliable information cannot be obtained
• Provide assurance where information is sufficient, relevant and reliable
• Document information and evidence to support results

4. Prepare findings, recommendations and action plans

• For each potential finding:
  • Determine significance (i.e. likelihood and impact)
  • Find root cause in collaboration with management
• Report significant findings
• Identify other findings to report
• Prioritise all reportable findings
• Develop recommendations and/or action plans for reportable findings and discuss with management
• Develop engagement conclusion aligned to engagement results

5. Follow up on remediation

Includes:

• Periodically enquiring on progress
• Performing follow-up assessment of implemented changes
• Update remedial action status on tracking system