What are the main steps for an audit?

 

Internal Audit’s biennial work programme is based on a risk assessment, which leads to a selection of audits to be conducted.

There are 3 main stages to each audit.

Preliminary work

Preliminary work

In co-operation with the audited area, Internal Audit:
  • Carries out a risk assessment of the audited area with a view to selecting those sub-areas or processes to be examined more closely;
  • Collects and analyses information and data;
  • Prepares the audit programme, which includes the overall objective(s) of the audit and audit techniques to be used;
  • Issues a mission letter indicating the audit objective(s), who will be conducting and supervising the audit and the estimated timeframe for completion;
  • Meets the audited area(s) through an introductory/kick-off meeting.
Fieldwork

Fieldwork

In co-operation with the audited area, Internal Audit:
  • Requests and analyses (further) information and data;
  • Conducts interviews to collect additional information and/or clarify any issues;
  • Carries out tests.
     

The results of the fieldwork lead to preliminary findings and draft recommendations, which are first discussed with the audited area as appropriate, and then laid down in a draft audit report.

Draft recommendations are prioritised. The priority level assigned to an internal audit recommendation considers the level of potential risk the recommendation aims to address (severe, major, moderate, minor).

In accordance with the International Standards for the Professional Practice of Internal Auditing[1], an audit opinion is also given for each audited area. This opinion (adequate, some room for improvement, needs corrective action, inadequate) is based on the results of the various audit procedures performed within the scope of the audit.

Communication of results

Communication of results

  • The draft audit report (including audit opinion and draft action plan) is sent to the audited area(s) for comment.
  • The final audit report is sent to the Secretary General, the audited area(s), the Oversight Advisory Committee and the External Auditor.
  • The Secretary General is informed of the follow-up to recommendations through DIO’s annual report on the follow-up of DIO recommendations.
  • The Committee of Ministers is informed of the work of Internal Audit, including the follow-up given to its recommendations, by means of DIO’s annual report, which includes the main findings for each audit or other engagement performed carried out.