Which of the following IS the most critical step to perform when planning an IS audit?

Audit Plan

The Case Western Reserve’s Board of Trustees and management place assets at risk to achieve established priorities and goals. A key function of the Office of Internal Audit Services is to understand, audit, and report to management and the Board of Trustees how that risk is being managed. Knowing what areas to audit and where to commit resources is an integral part of managing the internal audit function.

To identify areas of potential risk, each year the Office of Internal Audit Services performs a thorough risk assessment of all university management centers, operating units, and significant departments. From this assessment, an Audit Plan is developed and presented to the Audit Committee for approval.

The plan addresses high-risk areas as well as allocates time for special ad-hoc projects. In intervening years, the risk assessment is updated through data analysis and interviews with senior executives across the university. If necessary, the audit plan is adjusted for any changes to the university's risk assessment.

We believe that the university is best served if the Audit Plan is a dynamic document that continually adjusts to changes in the environment. Therefore, if your management center or department has a need for our services, please contact us.

Depending on the relative risk associated to your need and the amount of time necessary to fulfill your request, the Office of Internal Audit Services will communicate what level of assistance we will be able to provide. At a minimum, we will be available to offer guidance and advice throughout any project you perform on your own.

In most cases, expect to receive notification when you or your department is to be audited.

Expect to understand the audit's purpose and objective
Expect to provide your ideas or concerns regarding the audit
Expect to be treated with respect and courtesy
Expect to be asked for various financial and department documentation; some may be confidential
Expect confidential information to remain confidential
Expect to answer all questions honestly
Expect to receive a draft copy of the Final Audit Report prior to its release

Preparing for an Audit

Have all requested materials/records ready when requested
Organize files so we minimize disruption of your day
Provide complete files
Please make yourself available during the time of the audit and communicate any planned absences
Provide work space for auditors if requested

Audit Process

Step 1: Planning

The auditor will review prior audits in your area and professional literature. The auditor will also research applicable policies and statutes and prepare a basic audit program to follow.

Step 2: Notification

The Office of Internal Audit Services will notify the appropriate department or department personnel regarding the upcoming audit and its purpose, at which time an opening meeting will be scheduled.

Step 3: Opening Meeting

This meeting will include management and any administrative personnel involved in the audit. The audit's purpose and objective will be discussed as well as the audit program. The audit program may be adjusted based on information obtained during this meeting.

Step 4: Fieldwork

This step includes the testing to be performed as well as interviews with appropriate department personnel.

Step 5: Report Drafting

After the fieldwork is completed, a report is drafted. The report includes such areas as the objective and scope of the audit, relevant background, and the findings and recommendations for correction or improvement.

Step 6: Management Response

A draft audit report will be submitted to the management of the audited area for their review and responses to the recommendations. Management responses should include their action plan for correction.

Step 7: Closing Meeting

This meeting is held with department management. The audit report and management responses will be reviewed and discussed. This is the time for questions and clarifications. Results of other audit procedures not discussed in the final report will be communicated at this meeting.

Step 8: Final Audit Report Distribution

After the closing meeting, the final audit report with management responses is distributed to department personnel involved in the audit, the President, Provost, and Chief Financial Officer, and CWRU’s external accounting firm.

Step 9: Follow-up

Approximately six months after the audit report is issued, the Office of Internal Audit Services will perform a follow-up review. The purpose of this review is to conclude whether or not the corrective actions were implemented.

Audit planning is the essential first step in the audit process, the foundation of a successful audit. Plan effectively, and your entire audit workflow will be made smoother and swifter. Get the process right, and your fieldwork, analytics, issue management and reporting will be more robust, comprehensive and accurate. Planning enables you to identify the key risks and controls your audit should cover, ensuring nothing is missed. The benefits cannot be underestimated. “Fail to plan and plan to fail” is a well-known maxim: but what should the audit planning process be? What does best practice look like? There are numerous factors to consider when planning an audit; here, we look at what they are, examine the benefits of the audit planning phase, and explore what any audit planning software or tool should deliver to help.

What Is Audit Planning?

Internal audits and control are vital, but they can be costly and complex without the proper structure. Whether you are auditing for your internal control purposes or complying with external regulations like Sarbanes-Oxley, effective audit planning enables you to bring order to the process and focus on the right risks to drive strategic insight. Audit planning should be your first step when starting an audit. Done effectively, it will drive efficiency across your entire audit workflow; it should encompass the audit’s scope, nature, and timing. Planning your audit ensures that all areas of the process are covered and given appropriate attention. It can also help you identify any potential problems or obstacles with the auditing process, map out activity so that it is carried out in a timely way, and manage your audit workflow for maximum efficiency.

Why Is It Important?

Businesses today face numerous and evolving risks. Effective audit planning ensures that you measure the right risks — and as a result, derive the strategic insights you need to manage and mitigate the threats your business faces. In a world of ever-increasing governance, risk and compliance obligations, your audit process cannot be a tick-box exercise. It’s a real-world measurement of your ability to manage your business processes and policies and the controls you put in place to measure them. Your audit process needs to deliver value to your board and top executives; effective audit planning will allow you to achieve this.

Benefits of Audit Planning

Taking the necessary steps will:

Identify priority areas to ensure you focus where it matters.
Make audit workflows and processes more efficient.
Help you to identify — and engage at an early stage — key process owners, and your “first line of defense” reduces costs by minimizing duplicate work.
Identify where manual and repetitive internal controls work can be automated, increasing robustness and assurance.
Enable you to pinpoint and capture the metrics you need to measure and manage enterprise risk across your organization.
Drive optimum scheduling and project management.
Audit planning helps you approach the audit process. You may be transitioning from paper-based, spreadsheet-led auditing processes to a more integrated, risk-driven approach. You may already use technology solutions to support your audits.

Whatever your approach, planning minimizes wasted time and duplication and brings crucial focus to the audit process.

What Is Best Practice in Audit Planning?

So you’ve identified audit planning as the holy grail for a successful audit. What happens next? — you may be wondering how to do it, what the essential steps are and whether you can draw on a best practice example to help you.

5 Best Practice Steps

Assemble your team. Who needs to be involved in the audit planning phase? Ensure you include the right people — those with a comprehensive understanding of the audit and control process and the right skillsets and experience.
Assess the risks you face. What is the scope of your audit? Your planning needs to capture all the areas that need to be audited to ensure a comprehensive approach. What are your high-priority risks, either because they’re particularly material or more frequently occurring? Review previous years’ audits and identify any new risks that have arisen since the last one.
Decide on your audit approach. This will be determined by how you manage audits (using software or manual processes, or a combination of both), how you categorize the risks identified in step 2, and the resources at your disposal.
Brief your audit team — ensure they are clear on their roles, your process, timescales and next steps.
Create a risk-based audit plan for your entire audit universe, including an activity schedule, to ensure a smooth and comprehensive audit process.

Best Practice and Audit Planning Tools

Best practice audit planning will cover the steps above, giving you complete oversight of your risk landscape and the controls that your organization uses to manage its risks. Many businesses are turning to audit planning tools and audit management software to manage this planning process and the broader audit. Employing software can bring structure and rigor to the audit, including your audit planning process; good audit workflow software supports planning, scheduling and project management, and document management — capturing a library of past audits and templates that minimize rework and maximize consistency. The latest audit software can be used offline or via apps, enabling you to conduct planning and fieldwork on-site. Harness technology to send requests and reminders to members of the audit team, and speed reviews and sign-offs. From planning through to the entire audit, the innovation and technology characterized by Diligent’s audit solutions are making the modern audit process quicker, simpler and more reliable. You can keep up to date with all the latest innovations in audit planning, audit processes and audit technologies — as well as other governance, risk and compliance hot topics, in Diligent’s GRC Newsletter. You can sign up for the newsletter here.

Which of the following is the most critical step when planning an IT audit?

Set the audit Scope: This is the most significant step in the planning phase, since the audit committee must identify the system, business processes, services, or units to be audited. Setting the audit scope allows the audit team to better grasp the nature of the environment being audited.

What is the most critical stage of an audit and why?

#1 – Planning The most important phase of an audit cycle is planning, where the audit is planned as to the aim of the audit and what criteria are best suited to arrive at the aim. Auditors. An auditor issues a report about the accuracy and reliability of financial statements based on the country's local operating laws.

What are the steps of audit planning?

Audit Process.

Step 1: Planning. The auditor will review prior audits in your area and professional literature. ... .

Step 2: Notification. ... .

Step 3: Opening Meeting. ... .

Step 4: Fieldwork. ... .

Step 5: Report Drafting. ... .

Step 6: Management Response. ... .

Step 7: Closing Meeting. ... .

Step 8: Final Audit Report Distribution..

What are the 5 steps of an audit?

What happens during an audit? Internal audit conducts assurance audits through a five-phase process which includes selection, planning, conducting fieldwork, reporting results, and following up on corrective action plans.