You are on page 1of 4

SAMPLE AUDIT PLAN

The objective of this audit is to assist a medium-sized enterprise engaged in the distribution of
mainstream food products in reviewing its real-time processing software in all areas of operation
to provide a basis for opinion on its financial statements. The scope of work for this audit will
consist of xxx hours of professional services and the objectives of this audit contains the following
control points:
Data Network Management
a. Data network governance
b. Financial Management
c. Risk Management
d. Human Resources

Data Network Operation


a. System Development
b. System Testing
c. System Monitoring
d. Data Network Architecture
e. Logical Security
f. Data Transmission
g. Problem Management

Audit Approach
Our audit approach for the execution of this audit engagement will consist of interviews
with key employees, review of real-time processing system and documents, inspections, data
extractions, and the usage of applicable audit tools. The audit will consist of the components
described below. The phases are listed in sequential order and should provide an overview of the
sequencing of the proposed engagement.

Phase description Deliverables


1. Mobilization phase GF Consulting will perform Advanced data requests (see
the following: appendix for a sample request)
Develop and provide an advanced data request Interview lists of key
(ADR) of the relevant documents and employees that we would like
materials that will support our fieldwork. to interview (see appendix for
a sample list)
Develop and provide an initial interview list of
those business and IT professionals that we Detailed Audit Program
document(s) for each of the
anticipate needing to meet with in order to following areas: Data
perform this audit. Warehouse Management, Data
Warehouse Operations and
Develop an audit program to guide activities
Business Integration.
during the course of this audit. The audit
program guide should include a list of the
controls that would be reviewed along with a
defined approach for understanding the design
of the control and how it would be tested to
determine if it was operating effectively.

2. Execution phase Once the audit program has been Results from the execution of
finalized, and the appropriate resources have been the detailed Audit Program
identified, fieldwork will proceed in accordance with Working papers that support
the audit plan. the results from the detailed
Audit Program
3. Reporting phase All IT audit work is summarized Draft report for discussion
in the IT audit report. Our team will compile and containing an executive
present a draft report to the management within three summary, audit findings and
weeks of completing the execution phase. The recommendations for
purpose of this draft is discussion and incorporation improvement.
of any comments prior to issuing a final report to the Final report with edits and
company. comments from the
management

Risk Assessment
Regulatory Risk
Accept responsibility for the effectiveness of the companys internal control over
financial reporting.
Evaluate the effectiveness of the companys internal control over financial reporting
using suitable control criteria.
Support is evaluation with sufficient evidence, including documentation.
Present a written assessment of the effectiveness of the companys internal control
over financial reporting as of the end of the companys most recent fiscal year.

Operational Risk
We will be checking on the following operational risks during the conduct of the audit
specifically on:
Employee errors that may affect the validity of the data entered in the system

Systems failures during the business operations which may affect the completeness of
the documents and data provided and stored in the systems server.

Fraud or other criminal activity involved in the operations using the system that greatly
affects the integrity and validity of data.

Any event that disrupts business processes

Communications
Through regular meetings and ongoing communication with management, we will establish a
relationship of openness and teamwork through which we can discuss significant audit findings,
recommendations for improving internal controls or operations, and current industry issues (or any
other issues management wishes to discuss), and ultimately develop solid solutions without
surprises. We commit to holding regular meetings with management, both formally and
informally, to foster such a relationship.
Management letters and communication are an important element of professional service. It is our
policy to discuss our findings and recommendations with the appropriate members of management
prior to issuance so that we can verify factual accuracy. Our final report will only include findings
and recommendations considered significant. Other matters will be communicated throughout the
engagement and during our regular meetings and fieldwork.

Planned schedule
We estimate this engagement will require approximately xxxx weeks of effort, and we are prepared
to begin fieldwork on a date mutually agreed upon with the company. In addition, we understand
the final report for this audit must be completed no later than July 15, 2006.

You might also like