Section 2: Audit Plan

Overall Audit Strategy (Audit Approach)

A. Introduction
Our audit strategy begins where the PHC does – with your strategies and objectives. We
understand your goals and risks through discussions with management.
Then, we narrow our focus to the risks that could have a significant impact on financial
statements.
Our “top-down” management discussions identify not only from the business objectives and
risks, but also the key controls in place to manage those risks. We put those management
controls to the test. We then decide how we will substantively test significant account balances
and transaction classes.
Our approach for the execution of this audit engagement will consist of interviews with key
employees, review of documents, inspections, data extractions and the usage of applicable audit
tools.

Acceptance/Continuance assessment

Market Overview
Strategy
Value Creating ActivitiesFInancial Performance

Validatin Scoping
g

Audit
Comfort
Cycle

Evaluati
Underst
ng
anding
 No/Limited Significant
controls controls
comfort comfort

Substantive audit evidence

Mainly test of details Mainly substantive analytical procedures

Other audit procedures financial statements completion

B. Audit Scope and Period Covered

The objective of this audit is to assist PHC in reviewing its financial statements. The G
Consulting estimates this engagement will require approximately 12 weeks of effort, and we
are prepared to begin fieldwork on a date mutually agreed upon with PHC. The scope for this
audit will consists of three months. The auditor will conduct a team audit at your hospital as
part of the healthcare industry, specifically at PHC sites on its accounting department, which
has 32 employees. In addition, we understand the final report for this audit must be
completed not later than September 16, 2021.

We will create and agree on a three- The performance of

In addition to being We will collaborate with
auditors will be
PLANNING

Hospitals and Services, as year audit plan. Every 12 months, more

PERFORMANCE
PARTNERSHIP

professionals, we
PROFESSIONALISM

detailed planning will take place to monitored and

will provide our well as staff representatives
ensure that adequate notice is provided reported to a variety
auditors with to ensure that each audit
and auditing resources are planned and of stakeholders,
recognized auditing adds value and benefits. We
allocated appropriately. We will including those
skills, which will will engage early and
consult with a variety of stakeholders listed above. We
enhance their frequently, establishing a
while developing the audit plan, will also monitor
competence and clear and defined scope of
including: and report on the
raise professional each audit with
audit strategy's
standards. Through Heads/Hospital Managers, •Consultative Committee; performance. We
closer collaboration or Hospital Heads as • Safety & Health Services; will collaborate with
with the Hospital’s needed. We will actively • Audit Committee; schools and services
internal auditors, we encourage and ensure their
• Internal Audit. to evaluate and
will provide them participation throughout the
The following drivers will influence provide feedback to
with opportunities to audit process and ensure
the audit plan including: help identify and
gain experience and that any findings, as well as
• Mandatory audits (as required by improve
insight into the role any resulting
performance where
auditors will be appropriate in order
credible and upon. Following that, we including enforcement or regulatory
authorities to maintain high
trustworthy, will provide post-audit
levels of assurance.
providing objectivity advice and guidance to • Accidents/incidents; As part of our
and independent assist the hospitals/services • Changes in legislation/best practice. dedication to
opinion and advice. in addressing any areas for The program will include audits continuous
improvement identified conducted by Safety and Health improvement We
during the auditing process. Services (including food safety and, will solicit feedback
Audit Framework where applicable, occupational health on the audit
audits) as well as external audits experience and the
We will create an auditing framework that (including
combines the four those
keyconducted
elementsby listed below: audit process's
enforcing/regulatory agencies and effectiveness.
authorities). This is to ensure that we
. have a clear understanding of the
resources required not only to conduct
Risk Assessment audits but also to administer and
facilitate them.
Based on the information provided by PHC during our initial conversation, along with our
understanding of the business environment in which PHC operates, we have established the
following considerations that we believe are relevant to your company. Our goal is to incorporate
these risk factors in our auditing program.
Risk Area that could Management Controls Audit Approach
materially affect the
Financial Statements
Accounts Receivables Accounts receivable are We examine a sample of
 higher doubtful subject to a review for accounts receivable for issues
accounts collectability at the end of the with collectability. We
 many accounts to be fiscal year. Accounts that are thoroughly examine the
write off past due are investigated reconciliation and conduct of
analytical reviews.

Revenue and Expenses
 Are not complete
Net Assets
 Are not supported by
appropriate detail.
Fraud
 Fraudulent billings to
contracts.
 Reporting of
performance
Information Technology
 Systems may fail
during
Monthly, accounts are
reviewed for unusual trends.
The budget-to-actual ratio is
being tracked.
Management creates a year-
end breakdown of net assets
by category and ensures that
this details reconciles to the
financial statements.
Policies, procedures, and
controls to ensure job
segregation, compliance with
state regulations, and
manager oversight.
Management is concerned
with system-related issues.
In connection with other audit
areas, we vouch for specific
revenues and expenses. We
analyze account changes and
take into account the work
completed by internal audit.
We set up balance analysis
procedures and look over
year-end reconciliations. To
ensure proper categorization,
we review a sample of
balances.
In every audit, we consider
incentives and pressures,
have expanded and will
continue to expand our
interviews, and consider the
possibility of fraud. We also
review internal audit reports
and maintain an early
indicator of fraud.
We will go over general
computer controls and
security as they apply to the
 implementation,
resulting in incorrect
data.
Financial Reporting
 Omissions or
inadequacies in
disclosure
 Errors in basic
statements, such as
classification or
monetary amounts
Prior to completion, draft
financial statements are
subjected to numerous
internal reviews.
general computer
environment.
The financial statements are
reconciled with the
underlying accounting
records. We use a disclosure
checklist to ensure that all
significant disclosures are
traceable back to the
underlying support. We
obtain a legal letter in order
to comprehend the nature of
any potential claims against
the Hospital.

Performance Evaluation
In this phase, the auditor will conduct a collection and review of evidence associated with the
scope and objectives of the theme/risk as set out in the audit planning memorandum. The auditor
will have an internal and external review of the PHC in order to assessed thoroughly their quality
service performance.

A. Internal Review B. External Review

This are the following documented working papers that
is reviewed each year by head of internal audit:
 QMS - Quality Management System
 CPAR - Corrective Preventive Action Report
 IQA - Internal Quality Audit
 Internal Documents – documents internally
generated/originated in the organization
 External Documents – documents, specifications,
requirements and other written information from
suppliers, clients, government and system standards
which are not created in the organization.
There are more detailed processes description and
process interactions that we can provide by referring to
each of the specific department, division, unit or
section’s documented information. As we audit the PHC,
it should maintain documented information to support
the operation of its processes through its Quality
Manual, Quality Policy and Objectives and also retain
documented information to have confidence that the
processes are being carried out as planned through
records, monitoring reports etc.
We as auditors, determined the standard work program
of the PCH which is in-lined with their quality policy. It
commits to provide the highest standard of
comprehensive Cardiovascular Care, Education and
Research. As well as committed in satisfying all relevant
statutory and regulatory requirements.
Based on the information provided by the PCH
regarding their working standard, the auditor has the
The Philippine Heart Center provided the auditors the
information about the scope of their objectives. They
establish quality objectives at all relevant functions and
levels within the organization. Which define its quality
objectives in the Office Breakthrough and Department and
Division Breakthrough for every department and for every
member of the unit or section, respectively, which are in
conformity with their Strategic Performance Management
System (SPMS).
As the auditor assess the effectiveness of their
objective, the PHC must be consistent with the quality
policy, it must be measurable and will take into account
applicable requirements. Their objective shall also be
relevant to conformity of products and services and to
enhance customer satisfaction which should be monitored,
communicated to the interested parties and updated as
appropriate.
PHC has defined and documented quality
procedures consistent with the requirements of the
standard. QMS documentation includes both documents
and records required by PHC to ensure effective operation
and control of processes. The extent of documentation that
has been developed is based on:
 size of the organization
 complexity and interaction of the processes
 skills needed and training required by the personnel
involved in carrying out these activities
 identified risks and opportunities and,
 demand and needs of clients
C. Benchmarking
After we evaluate the performance of the Philippine Heart Center, the results will have recorded and
brought to the attention of the personnel having responsibility in the audited area. The management
responsible in the area being audited shall take appropriate correction and corrective actions without
undue delay. It is advised that the follow-up activities shall be conducted to verify and record the
implementation and effectiveness of the actions taken. The summary of our audit and results of
verification activities will be reported to the Top Management during Management Review. PHC shall
conduct internal audit semi-annually and additional internal audit may be conducted as per
management decision.

Action Plans and Improvement (Review and Improvement)

The auditor describes the effectiveness of actions taken over time of the PCH in response
to identified internal audit nonconformance. The specific nonconforming activities determine
whether immediate actions, corrective actions or both are executed.
We identified that PHC maintains a Corrective Action Procedure to ensure that it reacts to the
nonconformity and as applicable, take action to control and correct it or deal with the
consequences. The procedure also provides a system for reviewing, analyzing, determining the
causes and if similar nonconformities exist, or could potentially occur, to ensure that appropriate
corrective actions are taken. Records of the nature of the nonconformities and any subsequent
actions taken and results of any corrective action are maintained.
The PHC also provide a preventive action to eliminate the causes of identified potential
nonconformities to prevent initial occurrence. These are the appropriate sources of information
such as processes and work operations results which affect product quality, concessions, audit
results, quality records, service reports, and customer complaints are analyzed to detect
preventive action possibilities. Preventive actions taken are appropriate to the impact of the
potential problems.
This audit point out necessary actions for them to be able enhance and improve the
PHC’s quality performance and action plans such as:
1. Review immediate correction for effectiveness. This may include reviewing specific logs
(after a period of time determined by the remediation plan) to ensure non-conformances
effectiveness. are appropriately documented.
2. Review corrective cations for effectiveness. This may include updating a Standard
Operational Procedure (SOP), retraining and monitoring periodically over a longer period
of time (typically 3 months to 1 year)
- Documentation of findings from the review should indicate whether the actions
taken were effective. If so, the results should be shared with staff and
acknowledgements signed by appropriate management.
- If the results were not effective, with a new plan and another review for follow –
up effectiveness.
As an auditor, we will provide the Director of PHC with an overview of the audit to
ensure that they are satisfied that the audit has met its objectives. With that, will then meet with
the senior representative/s from the area/theme audited to run through the findings of the audit
including positive observations & strengths as well as areas for improvement. Each
recommendation will be given a priority based on the risk arising from the finding identified.
This risk will be clearly articulated under each finding. It is important that the senior
representatives are given opportunity to challenge or question each finding and recommendation.
Following the meeting, we will provide the senior representatives with a draft copy of our report
with findings and recommendations. This will provide a further opportunity to reflect on the
findings and provide a management response to the recommendation. If the recommendation is
agreed, then the senior representative must provide a proposed target date for completion plus a
suitably senior named individual responsible for the delivery of that recommendation.
Monitoring Effectiveness
The PCH’s non-conformance/deficiencies should be documented and tracked by
management or delegated to staff as appropriate and should be monitored for trends over time.
We advise that PHC shall include an assessment which are written whenever an audit finds a
nonconformance/deficiency, also include timeliness for expected action and it should be
documented using an assessment tool such as root cause analysis form.
Based on our audit, they shall plan and manage the processes necessary for their continual
improvement and to determine whether they are being effectively implemented, PHC shall
continually improves the applicability, adequacy and effectiveness of the manual through what
are the results of audits, analysis and evaluation of data and the outputs from the corrective and
preventive action and management review.
In order to appropriately monitor the effectiveness of the actions taken by the organization, it is
recommended to do the following:

 more detailed planning which will take place every 12 months to ensure that sufficient
notice can be given and auditing resource can be planned and allocated appropriately.
 monitor and report the performance of the audit strategy itself and the auditors.
 work in partnership services to evaluate and provide feedback to help identify and
improve performance where required and where appropriate to maintain high levels of
assurance.
 seek ways of identifying areas for improvement and acting upon them
 provide the Director of PCH with an overview of the audit to ensure that it satisfied that
the audit has met its objectives.

References:
QM_NEW_revised.pdf (phc.gov.ph)

https://www.phc.gov.ph/Images/accomplishments/annual_reports/2019/PHC%20Annual%20Report
%202019.pdf#toolbar=0&view=fitV

safety-health-audit-strategy-po.pdf (bris.ac.uk)

Audit Plan_App2 Audit Plan Template (06/03) (universityofcalifornia.edu)