Case Study
Guidelines to conform with Domain V
Domain V provides auditors with guidelines to effectively plan, conduct and report on engagements, and follow up on remediation.
1. Engagement communication
The following should be communicated for each engagement:
- Objectives, scope and timing, and any changes
- Engagement progress
- Engagement findings
- Recommendations and action plans
- Engagement conclusion
- Scope limitations
- Non-conformance with the Standards, reason for and impact of non-conformance
Any instances where Internal Audit and management disagree, follow agreed resolution methodology
2. Plan engagement
- Gather information to understand engagement risk for the area under review:
- Strategy, objectives and risks
- Risk assessment used to support Audit Plan
- Governance, risk management and control processes
- Relevant frameworks and guidelines
- Conduct engagement risk assessment for area under review by:
- Determining criteria management uses to measure achievement of objectives
- Identifying risks to achieving objectives for area under review
- Considering fraud
- Assessing risk significance and priority
- Articulate engagement objective (i.e. purpose and engagement goals) and scope (i.e. boundaries and focus)
- Discuss scope limitations with management
- CAE to approve scope and objective
- CAE to approve changes to objective and scope
- Establish evaluation criteria to use in engagement
- Allocate resources based on nature and complexity of engagement, timeframe and available resources
- Develop and document work programme which includes the following:
- Evaluation criteria
- Tasks to be performed
- Methodologies to be used
- Task allocation to resources
- CAE to approve work programme
3. Perform engagement work
- Gather information
- Evaluate if gathered information is relevant, reliable and sufficient
- Raise potential findings where sufficient, relevant and reliable information cannot be obtained
- Provide assurance where information is sufficient, relevant and reliable
- Document information and evidence to support results
4. Prepare findings, recommendations and action plans
- For each potential finding:
- Determine significance (i.e. likelihood and impact)
- Find root cause in collaboration with management
- Report significant findings
- Identify other findings to report
- Prioritise all reportable findings
- Develop recommendations and/or action plans for reportable findings and discuss with management
- Develop engagement conclusion aligned to engagement results
5. Follow up on remediation
Includes:
- Periodically enquiring on progress
- Performing follow-up assessment of implemented changes
- Update remedial action status on tracking system
