10 Steps for a Successful Audit Program

Internal Audit Program Steps

Internal auditing is a key activity to ensure that your organization is compliant with applicable regulations and laws. The internal audit process must be efficient, effective, and — most importantly — user-friendly. So what does effective internal audit program look like? I would say the following are key components:

1. Track risk assessments annually and centrally.

By tracking audit risk assessments and data in one place, it allows your organization to start comparing risk over time and build trending reports on risk. This can be valuable information to include in the annual audit report to executive management.

2. Review management requests and items for internal audit plans.

Document and review any management requests prior to the development of the annual audit plan. Make sure to think about any meetings and team projects, association group participation, training, research and development, assistance with examiners and auditors, and other administrative tasks.

3. Manage internal and external findings with a notification tool.

Track statuses, assignments, due dates, and follow-ups for all internal and external items to ensure they are handled in a timely manner. Create notifications to department managers to assign and resolve findings.

4. Determine the required level of management response to internal audit findings.

Define the core management team that will be responsible for responding to and mitigating findings based on requirements. Create expectations for what is to be completed and the depth of the response that is needed.

5. Define the methodology for risk assessments and audit processes and add to the audit plan.

Make sure the audit process and methodology is well documented and added to the annual audit plan. This should be easy to understand and explain all critical items and processes that are completed within your audit program.

6. Create oversight reports for trends and gap analysis.

Reviewing and analyzing data for the year is easier when it has been summarized in pie charts or other visuals.

7. Mitigate and manage external findings through action items.

Create reportable action items that can be assigned to management. From there, you can base notifications on due dates and hold management accountable for responses.

8. Develop audit testing that is repeatable and has controls.

Define audit tests and schedules based on a repeatable process. Then create reports and oversight charts to manage the process and make sure the testing is accurate.

9. Use a few departments as the initial launch group for user-level training on audit software or tools.

Once admins have been trained and data is in the audit software, create a few pilot department managers to help with any new processes. Once you’ve confirmed there are no issues, then release the solution to the entire management group.  

10. Determine realistic deadlines and timelines.

Map out tasks, capacity, and time requirements to ensure that the overall audit timeline and any due dates are reasonable for the organization.

Looking to improve your internal audit program? Explore auditing strategies and solutions:

• Discover how to align audit priorities with enterprise risk.
• Download an Audit Risk Toolkit.
• Learn about the Quantivate Audit Solution.

About the Author:

Andrea Tolentino is a certified business resilience auditor (CBRA) and principal solutions consultant at Quantivate.