Audit Project Management
An audit includes various activities, such as audit planning, resource allocation, determining the audit scope and audit criteria, reviewing and evaluating audit evidence, forming audit conclusions, and reporting to management. All these activities are integral parts of an audit, and project management techniques are equally applicable to audit projects.
The following are the basic steps for managing and monitoring audit projects:
Figure 2.3: Basic steps for managing and monitoring audit projects
The activities mentioned in the preceding figure are all performed to achieve specific audit objectives. These are discussed in the next section.
Audit Objectives
Audit objectives are the expected outcomes of the audit activities. They refer to the intended goals that the audit must accomplish. Determining the audit objectives is a very important step in planning an audit. Generally, audits are conducted to achieve the following objectives:
- To confirm that internal control exists
- To evaluate the effectiveness of internal controls
- To confirm compliance with statutory and regulatory requirements
An audit also provides reasonable assurance about the coverage of material items.
Audit Phases
The audit process has three phases. The first phase is about planning, the second phase is about execution, and the third phase is about reporting. An IS auditor should be aware of the phases of an audit process shown in the following tables.
|
Phase |
Audit Steps |
Description |
|
Planning Phase |
Assess risk and determine audit area |
The first step is to conduct a risk assessment and identify the function, process, system, and physical location to be audited. |
|
Determine audit objective |
|
|
|
Determine the audit scope |
|
|
|
Conduct pre-audit planning |
|
|
|
Determine audit procedures |
|
|
|
Execution Phase |
Gather data |
|
|
Evaluate controls |
|
|
|
Validate and document the results |
|
|
|
Reporting Phase |
Draft report |
|
|
Issue report |
|
|
|
Follow up |
|
Table 2.1: Phases of an audit process
For the CISA exam, please note down the following steps for the audit process:
Figure 2.4: Steps followed in an audit
It should be noted that the steps should be followed in chronological sequence for the success of the audit project and to achieve the audit objectives.
Fraud, Irregularities, and Illegal Acts
The implementation of internal controls does not necessarily eliminate fraud. An IS auditor should be aware of the possibilities, circumstances, and opportunities that can lead to fraud and other irregularities. The IS auditor should observe and exercise due professional care to ensure that internal controls are appropriate, effective, and efficient to prevent or detect fraud, irregularities, and illegal acts.
In the case of suspicious activity, the IS auditor may communicate the need for a detailed investigation. In the case of a major fraud being identified, audit management should consider reporting it to the audit committee board.
Key Aspects from the CISA Exam Perspective
The following table covers the important aspects from the CISA exam perspective:
|
CISA Questions |
Possible Answers |
|
What does an IS audit provide? |
Reasonable assurance about the coverage of material items |
|
What is the first step of an audit project? |
To develop an audit plan |
|
What is the major concern in the absence of established audit objectives? |
Not being able to determine key business risks |
|
What is the primary objective of performing a risk assessment prior to the audit? |
Allocating audit resources to areas of high risk |
|
What is the first step of the audit planning phase? |
Conducting risk assessments to determine the areas of high risk |
Table 2.2: Key aspects from the CISA exam perspective