Focus On Risk Enterprises
In this issue...
Annual Audit Plan

Upcoming 

Symposium 

Liz will be speaking at

 

MIS Training Institute's

Governance, Risk, and Compliance 2011 Symposium

 

December 6 & 7, 2011

  

 in New York, NY

 

for more information go to

www.misti.com

 

____________________ 

 

"Progress is impossible without change, and those who cannot change their minds cannot change anything." 

 

George Bernard Shaw

________________________

Host a Public Seminar and receive discounts for your entire team!

Does your office have a conference or training room that can hold up to 20 people? Would you be willing to host a public seminar at your office for Focus On Risk? If so, you can receive a discount off the seminar price for each of your attendees! Contact Liz at Liz@focusonrisknow.com for more information.
  
   piggy bank podium
 

NASBA logo 

Focus On Risk Enterprises, LLC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.learningmarket.org

For more information go to:

www.FocusOnRiskNow.com

 

November Newsletter

2011

Greetings! 

 

November is that time of year that when I try to make a point of recalling all that has happened the past twelve months and count the many blessings I have received over the past year.  

  

November is also the time most internal audit managers and directors wish they had a crystal ball in order to predict the areas they should include in the coming year's annual audit plan.  In this newsletter, we share our Risk Based Integrated Auditing's process for developing the audit plan. 

 

We wish you and your family a wonderful Thanksgiving!   

  

   

- Liz Meyers, CPA, Lead Instructor

 

 

 

 

 
  ANNUAL AUDIT PLAN
 

It's that time of year again when Chief Audit Executives are developing next year's audit plan.  In the current economic climate, CAEs are feeling the pressure of needing to do more with their limited resources.  Governance and the Audit Committees' concerns on how well the organization is addressing its risks continue to grow; and their expectations for Internal Audit teams are constantly growing, including becoming more risk-based, aligning with key stakeholders' expectations, as well as streamlining the audit processes and operations.   It can seem like the Internal Audit Team doesn't have enough hours in the day to meet these expectations on top of their normal audit activities. Needless to say, planning next year's audit plan seems more daunting than ever.

 

So how does a CAE determine what to place on the audit plan? Please do not do a Stand-Alone, Annual, "this is what we think we should audit" exercise and then run it by the Audit Committee and senior executives for their approval. Instead, ask your organization's key executives for input on what they feel the focus should be. They have the best knowledge and insight of where their issues/risks are.

 

If you don't already hold one-on-one meetings with the organization's key executives, this is a great time to start.  Actually, these are meetings you and your managers (depending on your staff size) should schedule on a regular basis, preferably monthly.  During these meetings you should focus on building a rapport with them as well as gaining an understanding of what "keeps them up at night" (risk).  You should also bring up topics such as what is happening in the industry, past issues in their areas, etc. for discussion.

 

From these meetings, prioritize the biggest issues that can keep the company from achieving its business objectives.  From the priority list, you can start to develop your annual audit plan.  The risks with the highest priorities should be listed as place holders for the first quarter, the next highest priorities are listed as place holders in the second quarter, etc.   Also included in the audit plan would be the basic items you have to audit (e.g., compliance issues), requests for help from other departments for process and control improvements, and significant areas that are identified on any continuous auditing/monitoring reports.

 

 The reason the risks are listed as place holders each quarter is to allow for flexibility in the plan to address the most critical risks. Risks are constantly changing as businesses and marketplaces change. You may learn from the monthly meetings with the key executives that a particular risk has become a greater concern since the original audit plan was created.  Having a rolling four quarter audit plan, with the next quarter relatively cast in concrete and subsequent quarters flexible, will allow risks with the greatest concerns to be audited sooner.   The risks that were originally given a place holder for the quarter will shift to the following quarter or later, depending on how much of a priority it is compared to the other risks on your list.

 

This rolling audit plan will give Internal Audit a step in the right direction to address Governance and the Audit Committees' growing concerns on how well the organization is addressing its risks; and their constantly growing expectations for Internal Audit teams, including becoming more risk-based, aligning with key stakeholders' expectations, as well as streamlining the audit processes and operations.