February 27, 2014
The Managing Director,
 The following document presents the Internal Audit Plan for your review and approval.
In accordance with the Internal Auditing Standards. The internal audit plan include areas
identified though risk assessment. This document presents the risk assessments
procedures and the audit plan proposed based on the results of the risk assessment.
 This document also includes the internal auditing guidelines and internal audit charter
under which the AA Joyland internal audit program will operate.
 Yours obediently
 Khalid Aziz
 Internal Audit Dept
1
PREPARED BY
KHALID AZIZ
Fellow of Institute of Chartered Managers
ICMA(Professional IV (Fin),
Associate of Public Accountant,
MBA (Marketing)
 In the light of the International
Standards of Auditing the following
Internal Audit Plan is being
prepared for AA Joyland.
 AA Joyland activities will be
identified by using the following
methods:
 By conducting an entity-wide risk
assessment
 By Using gap analysis technique
 Through review of prior findings
received as a result of the annual
financial statement audit;
 Consulting with staff and
management; and
 External Auditor findings and
judgment.
3
This Internal Audit Plan covers
AA Joyland of the Siddiqsons
group.
Internal Audit mission statement
provides a guide for daily audit
work.
Siddiqsons group Internal Audit
dept complies with the Auditing
Standards and has adopted the
definition of internal auditing as
Siddiqsons group’s internal audit
mission statement
4
 Mission Statement
 The Internal Audit dept of Siddiqsons group provides
independent, objective assurance and consulting activities
designed to add value and improve operations. It will assist all
entities of the group in accomplishing its management
objectives by bringing a systematic and disciplined approach to
evaluate and improve the effectiveness of risk management,
internal control, and various governance processes.
 Vision Statement
 The internal audit function will focus on traditional audit areas
such as risk assessment including the risk of fraud and misuse
of assets, proper internal controls, reliability and integrity of
financial and other information and safeguarding of assets 5
Mission Statement
AA Joyland is committed to provide the best services, as well as value for
their customer’s time and money. It is achieved through highly dedicated,
educated, and productive work force who are committed to the long term
growth and success of the company.
Vision Statement
 Maintaining dedication to the professionalism and standard of service,
continuance refinement of quality, expansion of capabilities, increment
in efficiency, and elevation of the superior level of customer service.
6
 This charter identifies the purpose, authority, and
responsibility of the AA Joyland Internal Auditing program.
7
Internal Auditing is an independent appraisal activity which is
established:
 to review operations and procedures and
 to report findings and recommendations to top
management.
8
 The internal audit dept will perform audit under the authorization of the Managing
Director of Siddiqsons group and will access to the AA Joyland Director to report all
issues which internal auditor believes should be reviewed by the Director.
 The Internal auditor will submit the audit reports to the Siddiqsons Managing
Director and the Director of AA Joyland.
 This report ensures independence, comprehensive audit coverage and audit
recommendations.
 The Internal Auditor, in the performance of audits and with stringent
accountabilities of safekeeping and confidentiality, will be granted unlimited access
to all AA activities, processes, records, property, and staff members.
 The Internal Auditor will have no responsibilities assigned other than those related
to developing and implementing the internal audit program for AA.
9
 The Internal Auditor is responsible for assessing the various functions and control
systems in the AA. The fulfillment of this accountability is not confined to but
includes:
 Appraising the effectiveness and application of accounting systems and controls,
administrative systems and controls, information resources systems and controls,
and other major systems and controls, so as to ensure that all the major systems and
controls are reviewed.
 Evaluating the sufficiency of and adherence to AA plans, policies, and procedures
and compliance with all governmental laws and regulations.
 Performing special reviews (if any) instructed by the MD/ Director.
 Conducting appraisals of the economy and efficiency with which resources are
employed.
 Coordinating audit planning and scheduling activities with other audit team
members.
10
It is a measurement of the likelihood
that an organization's goals and
objectives will not be achieved
&
A systematic process of assessing and
integrating judgments about probable
adverse events.
11
Financial and operating risks may be overlooked significantly if the scope of the
internal auditor’s work is limited. Therefore, internal audit would:
 Assess risk by taking into account all the major systems and controls of the AA as
part of the audit areas. The audit area refers to all auditable subjects, activities,
units, issues and functions within the organization.
 Identify the risk factors that affect the audit areas and assign weights to the risk
factors.
 Establish a method for combining and assigning risk factors and weights to develop
a annual audit work plan.
 Develop an audit plan and work schedule based on the results of the risk
assessment.
 Obtain written approval for the plan from the Managing Director of the
organization.
 Implement the plan. Significant deviations from the audit plan shall be supported by
reasonable, documented explanations."
12
 It is important to understand types of risk and how it will be measured in
performing the audit of AA Joyland.
 Controls are required to reduce risk and to improve the likelihood that goals
and objectives will be achieved. Better control means lesser risk.
 The Risk Assessment detects and evaluates the controls in place to reduce
different types of risk exposure.
13
 Financial Exposure: Financial exposure exists whenever an audit area is susceptible to
errors that affect the general ledger and financial statements and safekeeping of assets.
 Information Exposure: An information exposure exists where information is of a sensitive
or confidential nature and which could be altered or misused
 Efficiency Exposure: An efficiency exposure exists whenever company’s resources are not
being utilized in an effective or efficient manner.

 Human Resource Exposure: A human resource exposure exists when managing of human
resources is inefficient and in a way which is against the management’s policy
 Environmental Exposure: An environmental exposure exists where internal or external
factors pose a threat to the stability and efficiency of an audit area.

 Regulatory Exposure: A regulatory exposure exists whenever an event in an audit area
could cause the company to be subjected to adverse regulatory consequences. For
instance tax notices.
 Service Exposure: A public service exposure exists whenever an event in an audit area
could jeopardize existing public services or new public services.
14
 The first step in Risk Assessment
 is to define the potential audit areas. All potential auditable subjects,
activities, units, issues and functions are determined. The potential audit
areas will be identified through interviews with the AA management and
staff and by reviewing policy documents.
15
Following tentative areas have been identified and will be worked on


•
















Cost centers;
Managerial Accounting and Reporting;
Financial Accounting and Reporting;
Recording system of Financial transactions
Information Systems
Tax and corporate compliance/proceedings/procedures with regulatory bodies.
Administration;
Staffing;
Procedures to increase club Members ;
Collection and Maintenance of Member Data;
Communications with Members;
All Benefits and cost analysis
Withdrawals / Advances of funds for different purposes
Security (Goods inward and outward)
Communication with dept heads
Suppliers of Goods and Services;
Business Continuity Planning;
Cash Forecasting;
Depositing Cash;
16
 The following functional areas will go through a systematic risk
assessment process:
 Purchase and stores











Marketing and Sales
Accounting
Food Express;
Amusement Park
Banquet; and Zaiqa restaurant
Human Resources. (Performance Evaluation)
Servicing (Electrical, mechanical, plumbing)
Data Processing;
Data Authenticity and Integrity
Management Decisions;
Systems;
Internal audit will also focus on risks related to investment activities in terms of strategic
risk, poor governance, and implementation risks.
17
 Second step in the Risk assessment
Assess the risk for each potential audit area based on the knowledge of the
auditor and the information obtained from company’s staff and
management. This phase uses "Gap control analysis," tool.
18
IT, Business development, Accounting , Purchase and stores, Cost centers, human resources and regulatory
compliance.
Description
Current State
1. Obserrve and
Future State
1.Record all idealized
list all attributes
attributes relating to
need to be improved.
current state
2. identify weakness
2. Use N/A where clear
specifically and factually. idea of idealized
situation does not
exist.
Bridging the Gap
Gap Indentification
1. Record existence
of any Gap b/w
future and current
state. Yes/No
Gap Description
1. Record all the
elements that make
up the gap b/w
current and future
state
2. Maintain consistency
with Current/Future
state.
Factors and Remedies
Factors responsible for gap
Remedies,Actions,Proposals
1.List factors responsible for gap
already identified.
2. Maintain specification,relevancy
and objectivity.
1. list all possible remedies for
bridging the gaps b/w current and
furture state.
2. Relate remedies directly to the
factors listed previously.
3. Suggest practical and action
oriented remedy.
19
A worksheet will be prepared for each functional area that contained
risks and possible mitigating controls. Each functional area would be
completed by doing the following:
 Assign each risk an initial rating (inherent risk);
 Determine whether or not the risk was a fraud risk;
 Indicate whether the possible mitigating control was in place at AA; and
 Indicate whether the control affected (reduced) the risk.
20
 Is to rank and categorize every functional area. Based on the average score and the
standard deviation of the potential audit area, the potential auditable areas were
categorized as follows:



1 (Low Risk)
2 (Average Risk); or
3 (High Risk).
 Internal Audit will then compiled the results and reviewed them with the
Management. The risk analysis will also be included in the report. In addition to
these proposed audits, a follow-up review will be conducted of recommendations
made in audit reports.
21
 The AA Internal Auditing plan shall
be performed on a regular basis
viz, audits of the
 AA's accounting systems and
controls, administrative systems
and controls, Human Resource and
controls, operational system and
controls and other major systems
and controls.
22
Audit Plan
Reliability and Integrity of
Information
Internal Auditors shall review the
reliability and integrity of financial and
operating information and the means used
to identify, measure, classify, and report
such information.
Compliance with Policies, Plans,
Procedures, Laws, and Regulations
Internal auditors shall review the
systems established to ensure compliance
with those policies, plans, procedures,
laws, and regulations which could have a
significant impact on operations and
reports, and should determine whether the
organization is in compliance with them.
-
Safeguarding of Assets
Internal auditors shall review the
means of safeguarding assets and, as
appropriate verify the existence of such
assets.
Economical and Efficient Use of
Resources
Internal auditors shall appraise the
economy and efficiency with which assets
are employed.
Accomplishment of Established
Objectives and Goals for Operations
and Programs
Internal
auditors
shall
review
operations or programs to ascertain
whether results are consistent with
established objectives and goals, and
whether they are being carried out as
planned.
23
 will be based on the risk assessment as presented in
the previous section.
Audit risk scores for each
potential audit area shall be used in developing the
proposed audit areas ranked in the high risk category,
average risk category and low risk category.
24
Internal Audit on the basis of risk
assessment results will try to
maximize the limited resources
to provide reasonable coverage
to the activities that require the
most attention.
25
Since it is the first time internal audit
activity is being conducted on a
planned basis and with a wider
scope, therefore it will be ensured
that the report is factual, accurate
and free of bias.
Additionally, a self-review checklist
will be prepared to ensure the audit
reports are properly supported by
sufficient audit evidence.
26
 All audit reports will be
forwarded to the Managing
Director and Director of
AA Joyland.
27
Future Internal Audit activities
include the completion of numerous
activities each year. These activities
include, but are not limited to, the
following:
 Developing the annual audit plan;
 Developing the annual risk
assessment;
 Consulting on topics related to the
annual external financial statement
audit;
 Establishing and maintaining the
compliance procedures; and
 Maintaining the process of
following up on recommendations.
28