Strategic Audit Plan
Essay by 24 • December 2, 2010 • 2,921 Words (12 Pages) • 1,718 Views
INDEX
1. Role of Internal Audit 1
2. Introduction and Purpose of this Strategy 1
3. Acknowledgements 1
4. Audit Approach 2
5. Audit Working Procedures and Practices 3
The Audit Toolbox 3
Audit Reporting 5
6. Internal Audit Assistance in UWCN Risk Management 5
7. Fee-Earning Work 5
8. Links To Institute of Internal Auditors (IIA) and Other Bodies 6
9. Staffing 6
10. Operational Plan 2001/02 7
11. Strategic Plan 2002/05 10
12. Annex A Ð'- Key Risks 21
13. Annex B - Audit Universe 29
14. Annex C Ð'- Analysis of Systems and Risk 35
1. Role of Internal Audit
1.1. Internal Audit (IAS) is an independent and objective appraisal service within the University College.
1.2. Internal audit's primary role is to provide an opinion to the Principal and Chief Executive, and to the Board of Governors via the Audit Committee, on risk management, control and governance, by measuring and evaluating the effectiveness of these controls and systems in achieving UWCN's agreed objectives.
1.3. In addition, internal audit provides assurance to management on systems that they are responsible for and assist management in making improvements to these systems.
1.4. Risk management, control and governance comprise the policies, procedures and operations established to ensure:
Ð'* the achievement of objectives;
Ð'* the appropriate assessment of risk;
Ð'* the reliability of internal and external reporting and accountability processes;
Ð'* compliance with applicable laws and regulations; and
Ð'* compliance with the behavioural and ethical standards set for the organisation.
1.5. Internal audit also provides an independent and objective consultancy service specifically to help line management improve the organisation's risk management, control and governance. Such consultancy work contributes to the opinion which internal audit provides on risk management, control and governance.
1.6. Establishment and maintenance of the system of internal control remains the responsibility of management under the oversight of the Board of Governors.
2. Introduction and Purpose of this Strategy
2.1. Internal Audit are required to provide a service that complies with the Standards set out in the Government Internal Audit Manual (GIAM), the Higher Education Funding Council for Wales (HEFCW) Audit Code of Practice and the Standards, Guidelines and Code of Ethics of the Institute of Internal Auditors (IIA).
2.1. This document sets out Internal Audit's proposed strategy for the delivery of assurance to the Principal and Audit Committee on the framework of control operating in UWCN for the period 2002 to 2005.
3. Acknowledgements
3.1. We would like to express our thanks to the staff in UWCN for their help and co-operation in the preparation of this document.
4. Audit Approach
Risk Analysis
4.1. Risk identification and assessment belongs to management. They, not internal audit, are accountable for the economy, efficiency and effectiveness of risk management, control and governance. It is therefore essential that the audit strategy is based on management's risk priorities. During 2001-02 UWCN, with the assistance of Internal Audit, has revised its approach to risk management. This approach provides UWCN with a structured methodology to identify, assess and manage risks to the achievement of their objectives.
4.2. Internal Audit will seek to rely on management's resulting risk analysis and evaluation to form the basis for this and future plans. In this way IAS will be able to provide assurance to management on the key risks facing UWCN as well as assist in reducing those risks through its recommendations.
4.3. As well as using UWCN's risk assessment as the basis for its planning, IAS will undertake additional work to inform its approach. We will take account of previous assessments of systems and processes in UWCN, the length of time since specific systems have been reviewed, our knowledge of the strengths, weaknesses, opportunities and threats (both internal and external) and other sources of assurance such as external audit.
4.4. IAS will have to conduct an annual review of UWCN's risk management process to ensure that it can continue to place reliance on management's risk assessment as the basis for audit planning.
4.5. IAS will review its plans annually to take account of revisions in UWCN's risk assessment, enable new developments to be taken into account and allow for the plan to be rolled forward appropriately.
Audit Coverage
4.6. IAS's overall audit objective is to provide UWCN's Principal and Board of Governors with an opinion which is positive and reasonable. Positive means that our opinion will be based on seeing evidence of adequate action. Reasonable means that there will be sufficient evidence underpinning our opinion to make it reliable, but it is not guaranteed that systems will be error free.
4.7. When determining the coverage necessary to provide our assurance, IAS will apply the following considerations:
Ð'* UWCN's risk management arrangements will have to be reviewed every year to confirm the validity of the analysis as the basis for planning;
Ð'* Some high risk areas require more frequent review;
Ð'* The need for audit coverage to encompass the whole range of risks which UWCN has identified as "key" to the achievement of its objectives;
Ð'* The
...
...