Thursday, 2 June 2016

Management’s Role in Audit Assessment

An internal audit assessment typically has 3 phases: Planning, Testing and Reporting. Management has an important role to play in each of the above phase of the assessment

Planning
During planning, the auditors prepare the audit plan that outlines the guidelines to be followed during assessment. It also covers the risks / impacts and the planned responses for the same. It is then the responsibility of the management to guarantee that the plan is understood by the senior officials. Management should make sure that senior officials agree with the audit purpose and approach. An open end discussion with the audit team on the approach on how to go about the whole process of audit is important. This helps the management and the audit team to align on the prospects in advance. Management talks about the assessment criteria that the auditors will use in testing the controls with the employees in the company, helping them understand on what needs to be done for the successful accomplishment of the audit.

Testing
During testing, the Management allows the auditors to investigate the company’s critical systems and frameworks. Management agrees with the audit results by checking the procedures and information so as to gain trust in the audit findings. The audit group and senior officials of different departments that were audited meet frequently throughout the audit procedure – generally weekly or monthly – to talk about audit progress, identified issues, and potential activities.

Such open, straightforward meetings between senior officials from both Management and the audit groups help avoid misunderstandings before the audit group issues its draft report. The auditors should convey all crucial findings to management at the earliest, even before the planned meetings. These findings are investigated during regular meetings, however proactive notification is essential.

Reporting
Once the auditors complete the assessment, they prepare the final audit report which outlines the gaps in the processes and corrective actions that need to be taken by the management. This will help in making the processes more effective and efficient. The management checks the findings, analyzes the gaps in the processes and thereby implements the corrective actions as suggested by auditors.

Audit Communication flow


  • During planning, the audit team prepares and communicates the audit plan to the management. The meeting is then conducted between the management and auditors to discuss the audit goals and scope of the assessment
  • Once the audit plan is finalized, auditors then test the controls by checking the evidences submitted by the management. Management also validates testing processes and meets frequently with the audit teams to discuss audit progress and issues
  • Post assessment, audit team issues draft report and conducts meeting with management. After all the discussions, the audit team issues the final report, which is then reviewed and agreed upon by the management
  • The management then starts to work on the gaps found in the processes by implementing the remediation as suggested by the auditors
  • The auditors then follow up to check how well the Management has implemented the corrective actions suggested in the report

Conclusion:
The point of all this is: Audit team and Management should work in a joint effort throughout the audit assessment to guarantee that auditors meet objectives and have legitimate knowledge of IT and business forms. Great correspondence throughout the audit process guarantees that audit findings are applicable and can be utilized for the progress of the company.

About Author:
Nisha Bhatt is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, she actively contributes to the areas of Technology and Information Security. She can be contacted at: nisha.bhatt@spluspl.com

2 comments: