IA Clinic
Preliminary Survey
การเตรียมการตรวจสอบ
ผลการประเมินความเสี่ยง
Risk Assessment
แผนการ
ตรวจสอบ
ติดตามผล
การตรวจสอบ
ข้อตรวจพบ
แผนการ
ปฏิบตั ิงาน
รายงานผล
การตรวจสอบ
ปฏิบตั ิงาน
ตรวจสอบ
หารือ
หน่วยรับตรวจ




a Plan (list of work to be done)
has time period (starting point until complete
of job)
Assign duties to audit staff
normally comprises of:





Audit issues
Objectives
Scope
Procedures
Resources allocation
Tips
Business Plan
Specified
 Permanent Files
project/
 Risk register
job
 Previous Internal Audit Reports
 External Audit Reports
 Any third party reports (cooperation/complaints/ incidents)
 Board and Audit Committee minutes
 Staff handbooks
 Management Accounts and Financial reports (Analyse)
 Web site (emerging issues)
 Stakeholders’ expectation

Open meeting/ Audit brief with management (formal record)
 Risks
 Needed resources/ Agreed reporting lines
 Research of clients’ business
 Flowcharting of business processes
 Internal Control (exist/ enough/ effective)
 Walkthrough Test
 Test of control
 Substantive Test
 Identify Major Risks
 Determine Audit Issues (Team Briefing)
 May have a preliminary report

•
•
•
•
•
•
Assess the risks (Likelihood and Impact)
Identify level of each risk
Identify target areas (H/ M/ L)
Testing (existing control)/ Evaluate control
activities (Compliance/ Substantive)
Set the Audit Issues
Determine the objectives of the plan
ACRES
A = Achievement of Objectives/ Goals of business
C = Compliance with laws and regulations
R = Reliability of Reporting
E = Efficiency and Effectiveness of operation
S = Safeguarding of assets/ enhancing values
Anticipated Outcome




Let the client lists the areas to be audited as
outlined (consistent with audit objectives)
Ensure that everyone understands the
specific scope and also agrees with it
Caution team to keep the audit within those
bound
If the auditor cannot work within the agreed
scope, discuss with CAE





Step-by-step
Use appropriate audit techniques
Sampling methods
Working papers
How to collect this kind of information or evidence:
 Criteria
 Condition
 Effects
 Cause
 Recommendation
Avoid duplication of work/ procedures (even previous audit)
 Consider both positive and negative aspects of the area being
audited
 Cost should remains in line
 Auditors can handle audit of many concerns at the same time
 Assign competent auditors or consultants
 How to document the evidence (relevant/ reliable/ sufficient)
 Which types of Audit Program?
 Standard
 Modified
 Tailor-made











AP has always to be approved by CAE before starting the bloc
Get the feedback in order to improve better audit program
CAE can evaluate performance of audit team via Audit
Program
Can be a training instrument especially for a new staff
Do the checklist/ QAR checklist for controlling quality of AP
Work should be completed in time as stated in AP
One audit program may not fit all types of audit work
Size of audit engagement determines ‘duration’ (period of
time)
Tell client ahead of time (prepare for the audit)
Have contact person or Liaison (client)
You can change the program (if circumstances are changed)
but it always has to be approved
 Always monitoring the AP (Audit Program Management)
 Assess the accomplishment of audit objectives
 Which issue is confidential … taking care and beware of it!!!
make it confidential

Make it simple!!!
Thank you