Internal audit planning and assurance framework - Sept 25

Upon completion you will be able to:

• contribute to the creation of the strategic, risk-based and engagement internal audit plans; 
• contribute to the development of an internal audit strategy;
• outline the stages involved in a risk-based approach to internal audit planning and engagement;
• appreciate the importance of understanding the organisations risk maturity and the strength of its control environment;
• contribute to the internal audit tools i.e., audit universe and assurance mapping;
• identify the features of the framework in which internal audit and assurance operate;
• design an appropriate internal audit testing programme;
• assess internal audit evidence that will support recommendations / agreed actions;
• communicate internal audit findings in an appropriate format;
• conduct effective follow up work to ensure that recommendations / agreed actions have been
• implemented, and they have addressed the findings, weaknesses identified;
• gain an appreciation for the assessment of assurance, including use of the 3 Lines Model.

Strategic planning

• describe the purpose of the audit strategy
• explain the difference between strategic, risk-based and engagement plans
• describe the process of setting the audit strategy using examples from the public and private sectors
• outline how the audit strategy can be documented and communicated

Risk-based internal audit planning

• outline the stages involved in a risk-based approach to audit planning and engagement, including how to assess risk maturity and the control environment using both the risk maturity continuum and MOHICAN (managements philosophy and operating style | organisational structure | HR policies | integrity and ethical values | competency | assignment and responsibility (schedule of delegated authority) and the role of non-executive directors i.e., the audit and/or risk committees
• explore use of internal audit tools such as audit universe and assurance mapping
• explain why internal audit seeks to assure itself of the reliability of risk management process before developing the audit plan

Engagement planning

• provide examples of the key sources of information needed for the preparation of the audit engagement plan
• assess both the risk maturity and the robustness of the control environment
• explain how the audit scope is determined
• understand the elements that build the risk matrices

Undertaking an engagement to provide assurance

• ability to conduct fact-finding conversation
• design an appropriate audit testing programme
• assess audit evidence using RUST (reliable | useful | sufficient | trustworthy)
• audit communication (report) of findings in an appropriate format including the provision of a level of assurance / audit conclusion
• issue a final communication after completing the engagement and communicating the engagement results to management
• communicate with the management of the activity under review to confirm that action plans are implemented, and the implementation has provided an effective solution to address the finding.

Assessment of assurance

• understand the various levels of assurance and the definitions
• understand the 3 Lines Model

There will be some pre-course preparation for this module which you will be advised on upon confirmation of your booking.

• Performance (Engagement planning | Engagement outcomes)
• Leadership and Communication (Internal audit strategic planning | Audit plan and coordinating assurance efforts)