Professional Documents
Culture Documents
Internal Audit Guide
Internal Audit Guide
Internal Audit Guide
● The audit management team will make decisions on audit plans and share the audit announcement letter. The
announcement letter should include the following details:
○ Date and location of the audit.
○ Name of the Auditor.
○ Scope of the audit.
● After the letter is shared and acknowledgment is received from the auditee, further steps can be taken.
● After completing the pre-audit, a document known as the Audit Plan Memorandum (APM) will be prepared for
internal use. The APM should include the following details:
○ Start date of the Audit (Timeline).
○ Scope of the audit.
○ Processes of the department.
○ Identified possible risks.
○ Explanation of the audit process conducted
● This document will be useful for audits of our department and will demonstrate the effectiveness of the audit.
Fieldwork. Step -5
● Sampling tests for possible risks from the Pre-RCM document should be conducted to confirm the risks.
Confirmed risks should be added to the RCM document.
● All necessary information and evidence associated with the confirmed risks should be collected. Risks should be
discussed with the co-auditor, and a Final RCM document and Draft audit report should be prepared.
● These documents should be shared with the internal audit manager, and working papers should be collected to
provide supporting evidence to convince the auditee. Acknowledgment from the auditee about the risks in the
RCM should be obtained.
Post- Audit Step -6
● Follow-up with the auditee every month until the due date and close the audit findings by collecting evidence from
the auditee according to those findings.
● Check the effectiveness of the control evidence applied to the findings and confirm whether they are closed.
Pre-Audit Meeting:
○ Schedule a meeting with the SPOC after receiving acknowledgment.
○ Introduce internal audit processes, understand department structure, and request necessary documents.
Pre-RCM Preparation:
○ Note identified risks and associated controls in the Pre-RCM document.
○ Use Pre-RCM for detailed audit planning and risk assessment.
Fieldwork:
○ Conduct sampling tests to confirm identified risks.
○ Add confirmed risks to the RCM document with supporting evidence.
○ Prepare a Final RCM document and Draft audit report for review.
Post-Audit Follow-Up:
○ Follow up with the auditee regularly until findings are closed.
○ Collect evidence and assess control effectiveness for closure.