Using Audit Planning & Quality

The Audit Planning & Quality use case supports the following processes.

On this page

Managing audit readiness

The Audit Planning use case provides a central repository for any information you require about audit staff members and external contacts. Document your teams and capture the availability, skills, education, and training history of each team member in order to help assign the right auditors to audit engagements. You can also create a library of standard audit programs and procedures that can be copied into individual audit engagements for greater overall consistency.

Defining audit entities and evaluating risk

The Audit Entity application provides a single, centralized location to capture details about each area that could be the subject of audit scrutiny, based on the audit methodology or approach. If the Audit methodology chosen is risk-based Audits, then the subject of scrutiny could be one of the following: Business Units, Business Processes, Facilities, Applications, or Risk Register records. If the methodology chosen is control-based Audits, then the subject of scrutiny could be one of the following: Business Units, Business Processes, Facilities, Applications, Process Narratives, Compliance Scope, or Control Procedure records.

The Audit Entity application also has two mechanisms that provide you with insight into organizational risk:

  • Residual Risk, defined by the Audit Entity Risk Assessment.
  • Management risk information: the nature and impact of risks as determined by your organization's Operational Risk Management (ORM) team or a similar function.

Creating the audit plan

The Audit Plan application allows internal audit teams to define which entities out of their entire audit universe they plan to audit in the upcoming period (typically a quarter or year). IA can use the results of the audit entity risk assessments and the last/next audit dates to determine which entities should be included in the plan. Once the entities are identified, the Plan Entity application allows audit teams to define the scope of the audit for the particular plan. Then, they can review projected and planned hours and expenses for the overall plan, and make any adjustments necessary before submitting the audit plan for review.

Managing audit engagements

Use the Audit Engagement application to manage the audit engagement through its lifecycle. Create and scope the engagement, assign and schedule resources, out scope content ignored for the current audit engagement, generate workpapers, document and review observations, complete fieldwork, manage observations and findings, capture observations, track the tasks associated with the resolution, and complete wrap-up on the engagement.

Evaluating the audit team

The Archer Audit Planning & Quality use case uses surveys to comply with the International Professional Practices Framework of IIA, which defines a Quality Assurance and Improvement Program (QAIP) as an ongoing and periodic assessment of the entire spectrum of audit and consulting work performed by the internal audit activity. All CAEs are required to develop a QAIP that includes both internal and external assessments. Under the QAIP, quality should be assessed at both an individual audit engagement level as well as at a broader internal audit activity level.

The Audit Planning & Quality use case includes a QAIP through the use of the following surveys:

  • Internal Audit Customer Survey
  • Internal Audit Quality Assurance Review Checklist
  • Internal Audit Annual Review