10 Steps for a Successful Audit Program

  • March 27, 2018
  • Andrea Tolentino

Internal auditing is a key activity to ensure that your organization is compliant with applicable regulations and laws. The internal audit process must be efficient, effective and most importantly, user-friendly. So what, exactly, comprises effective internal audit program? I would say the following are key components:

  1. Track risk assessments annually and centrally. By tracking audit risk assessments and data in one place, it allows to start comparing risk over time and build trending reports on risk. This can be value in the annual audit report to executive management.
  2. Review management requests and items for audit plans. Document any management requests and review prior to the develop of the annual audit plan. Make sure to think about any meetings and team projects, association group participation, training and development, research and development, assistance with examiners and auditors, and other administrative tasks.
  3. Manage internal and external findings with a notification tool. Track status, assigned to, due date, follow ups for all internal and external items to resolve in timely manner. Create notifications to department managers to assign and resolve findings.
  4. Determine level of management response needed and requirements. Define core management team that will be responsible for responding and mitigating findings based on requirements. Create expectations of what is to be completed and the depth of the response that is needed.
  5. Define methodology of risk assessments and audit process and add to audit plan. Make sure the audit process and methodology is well documented and added to the annual audit plan. This should be easy to understand and explain all critical items and processes that are completed within audit program.
  6. Create oversight reports for trending and gap analysis. It can make it easier to review and analyze data for the year when it is summarized in pie charts or other visuals.
  7. Mitigate and manage external findings through action items. Create reportable action items that can be assigned to management. From there, you can base notifications on due dates and hold management accountable for responses.
  8. Develop audit testing that is repeatable and has controls. Define audit tests and schedules based on a repeatable process. Then create reports and oversight charts to manage the process and make sure the testing is accurate.
  9. Use a few departments as initial launch for user level training for any software program. Once admins have been trained and data is in the software, create a few pilot department managers to help with any new process. Once confirmed there are no issues, then release to the entire group of management.  
  10. Determine realistic deadlines and timelines. Map out tasks, capacity and time to ensure that any due dates and the overall audit timeline is reasonable for the organization.