The objective is to provide an independent assessment on governance, risk management, and control activities on the processes of an organisation by an impartial and objective examination of evidence.
The assurance engagement performed by the auditor consists of several phases:
- During the planning portion of the audit, the auditor establishes the terms of the engagement with the auditee. The auditor will prepare an engagement letter to be sent to the head of the audited department: the letter will confirm the scope of work to be performed, objectives of the audit, the auditors assigned to the project and other relevant information such as the timing.
- During the understanding phase, the auditor gathers relevant information in order to obtain a general overview of operations. The auditor discusses with key personnel and reviews sources of information for a good understanding of the processes and the policies. Potential risks are identified for which the expected control measures are documented.
- The execution phase concentrates on transaction testing in order to ensure that the actual mitigating controls are adequately designed and effectively operational. It concludes with a list of significant findings, from which the auditor prepares a draft of the audit report. Upon completion of the fieldwork, the auditor will meet with the client to discuss the preliminary findings and the proposed recommendations.
- In the closing phase, the auditor prepares the report expressing the audit opinion, presents audit findings and discusses recommendations for improvements. The management will prepare an action plan as response to the audit findings. When the management’s response is incorporated in the draft audit report, the report becomes final. The auditor will present the final report to the audit committee.
The auditor should follow up on the completed audit on a regular basis to verify the resolution of the report findings. A follow-up report will be issued to the management and a copy sent to the audit committee.