ABSTRACT

The audit plan is the result of a process to identify the engagements the internal audit function will work on. It is the result of a combination of activities, mostly anchored on the organization's risk assessment. Audit plans should be diversified and include Operational, Financial, Compliance, and IT reviews, with a portion of available resources reserved for Special Projects and Fraud Investigations. The audit plan should be approved by the Audit Committee of the Board of Directors and shared with senior management annually. The process of preparing the audit plan is a great opportunity to get the Audit Committee and Senior Management involved in the identification of auditable areas. The audit plan should be risk-based and focus on the larger risks the organization is exposed to. Audit plans should strive to diversify the reviews performed so there is a balance between the different types of audits conducted. The goal is to address organizational needs.