Internal Audit Office Audit Procedures
Step 1. Notification of Audit Given
- notice given to auditee prior to commencement of audit
- notification can be in writing, by phone or email
Step 2. Audit Plan
- pre-audit research performed including prior audit reports and best
- preliminary risk assessment completed and used as the basis of the
- purpose and scope defined and approved by Director, Internal Audit
Step 3. Entry Interview & Service Agreement
At the entry interview the auditee is given a copy of the service agreement.
The service agreement contains details of the scope and perceived risk
areas and key dates. After discussion with the auditee details listed
on the service agreement can be amended to ensure both parties are in
agreement. The Service Agreement also includes information on Internal
Audits reporting procedures.
Step 4. Fieldwork
- work on the audit program is commenced
- during the fieldwork the auditee is kept informed on the progress
of the audit
Step 5. Reporting
- a preliminary report is issued/discussed at the exit interview with
- the preliminary report requires a response within ten working days; and
- on receiving the signed response to the preliminary report a final
report including the executive summary is prepared and sent to the
Step 6. Follow-up review
- where recommendations have been made timeframes for implementation
must be provided to audit in line with the Protocol
- Audit must be advised once recommendations have been put into place
with progress reports to the Director, Internal Audit.
- A follow-up review of all substantive matters (medium-high risks)
will be performed.
- Findings of follow-up reviews are reported to Audit and Risk Committee where
recommendations are found not to have been implemented.