China's Specific Standard for Internal Auditing No. 2201 – Internal Control Audit emphasizes that in order to conduct audits effectively, internal audit institutions need to develop a thorough annual audit plan based on organizational risks, management needs, and audit resources. These plans are designed to rationalize audit work, improve audit efficiency, and ensure the smooth completion of annual audit tasks.
The development of the annual audit plan should be followedThree basic principles
Compliance with Laws and Regulations:The audit work must comply with the requirements of the law and reasonably determine the audit focus. Assurance of audit quality and professional competence:Enhance the capacity of auditors to prevent risks and improve audit quality. Follow the Code of Professional Ethics:Auditors should maintain integrity and objectivity to ensure the independence and integrity of the audit program.
1.Comply with the relevant provisions of laws and regulations
Laws and regulations are the bottom line for the implementation of internal audit work and the minimum requirements for the preparation of audit plans. The internal audit management department shall, within the scope of its responsibilities and authority required by law, determine the focus of audit work that meets the requirements of the law and reasonably arrange the audit tasks according to the requirements of the organization's management or the board of directors, and on the basis of fully considering the status of existing audit resources.
2.Ensure the professional competence of the personnel of the internal audit department
Ensuring the quality of audit work is one of the basic requirements of internal audit work. Improving the professional competence of internal audit personnel, attaching importance to audit quality, and preventing audit risks are one of the important themes of internal audit work, and it is also the basis for internal audit work to be continued. When formulating the audit plan, the internal audit management department should fully understand the relationship between audit risk and audit quality, reasonably assess audit risks, reduce audit errors, and improve audit quality. The leader of the internal audit management department shall plan the order of the implementation of the audit project according to the risk level of each audit project, and reasonably arrange the required audit resources according to the nature, complexity and time sequence of the audit project.
3.Strictly adhere to the Code of Ethics
Exercise due professional careInternal auditors must be honest and objective in developing their internal audit plans, maintain the independence and integrity of the audit plans, exercise due professional care, be vigilant about the level of materiality of risks, and be within the scope of their professional competence. At the same time, the managers of the internal audit department should serve the organization honestly, follow the principle of confidentiality, and must not do anything detrimental to the interests of the state and the organization.
Develop an annual audit planBasic ideaIncludes:
1.Before formulating an annual audit plan, it is necessary to clarify the audit objectives
The relevant content of the internal audit objectives should be clearly specified in the internal audit charter of the organization. Before formulating an annual audit plan, it is necessary to fully understand the relevant provisions of the internal audit charter on the internal audit objectives, and then combine the tasks and objectives of the organization at different times, and closely integrate with the external audit to form the basis for the development of the internal audit plan.
2.Determine the specific audit project and the implementation time
The scope of internal audit, i.e., the scope of the structure of the organization itself, does not change much. However, depending on the audit objectives, internal audit management is sometimes carried out on specific projects. Therefore, when formulating the annual audit plan, it is necessary to determine the specific audit project, and formulate an audit plan that is suitable for the specific project according to its own characteristics, such as project maturity, change and relevance. At the same time, after the specific audit items have been established, the audit time and tasks should be reasonably arranged according to the distribution of the organization's internal audit resources and the existing capacity of the internal audit department, so as to maximize the efficiency of the audit resources and not miss the areas that need to be controlled and may cause fraud.
3.Evaluate the risks of specific audit projects and determine audit priorities
Before preparing the annual audit plan, the internal audit management department should evaluate the risks and audit priorities of the specific audit project by paying attention to the strategic and annual objectives of the organization, the focus of business activities, the legal and policy factors that have a significant impact on the specific audit project, the effectiveness of internal control and the level of risk management, the complexity of relevant business activities, recent changes and changes in other factors. The personnel of the internal audit department should reasonably arrange audit resources according to the risk, nature and complexity of the specific audit project.
4.Develop long-term plans and annual plans
The long-term plan is a 3-5 year rolling cycle plan, which focuses on the achievement and implementation of audit objectives within the cycle. The annual plan is the arrangement of the organization's annual audit operations and audit objectives on the basis of the long-term plan. The long-term plan should be able to rationalize the internal auditors and audit time, and also control the audit process and audit business processes. In a long-term plan, the focus of the audit plan can change in response to changes in the organization's operations and the most recent annual plan. Organizations can also maintain the stability and continuity of their audit work by developing long-term plans. The annual plan should be more detailed and specific than the long-term plan, and the overall annual plan should include the work objectives, the specific audit projects and the implementation time, the audit resources required for each audit project, and the follow-up audit arrangements. The specific conditions of the internal audit function will also need to be taken into account when developing the annual audit plan. Other factors should be integrated in the planning process to ensure the thoroughness and completeness of the audit plan.
Key elements of the annual audit plan
The annual audit plan is an important part of the organization's work plan, which is prepared by the head of the internal audit organization and approved by the Audit Committee before the beginning of the following year. According to the Specific Standard for Internal Auditing No. 2101 – Audit Plan, the annual audit plan mainly consists of the following four aspects:
Annual Audit Objectives: Ensure compliance with regulations and internal audit standards based on organizational strategy, long-term goals and development priorities. Specific audit items and schedules: Select specific audit items according to factors such as organizational objectives, activity priorities, and business risk management level, and reasonably arrange the audit sequence and time. Audit Resource Allocation:According to the characteristics and requirements of each audit project, the auditors, budget and other resources are reasonably allocated. Follow-up audit arrangement:A follow-up audit of the corrective actions and effects of the problems identified in the audit is planned to be carried out, and the necessary audit resources are retained.
1.Annual audit objectives
The objectives of the annual audit are determined in accordance with the organizational strategy, the long-term planning objectives of the organization, the development focus of the organization and the operational needs of the internal audit department. In addition, the annual audit objectives are in line with laws and regulations and internal audit standards, and are also consistent with the internal audit charter to ensure the achievement of the organization's annual goals.
2.Specific audit items and implementation time
The scope of operational activities and internal control activities within an organization is very large, and internal audit cannot conduct a complete and systematic audit investigation of all behaviors and activities. Therefore, the annual audit plan needs to be selected and determined according to the organization's own goal setting, the focus of the organization's activities, the control effectiveness and risk management level of the relevant business, the complexity of the relevant business and the requirements of laws and regulations.
3.Audit resources required for each audit project
Internal audit resources are limited, so internal audit managers must allocate their own audit resources according to the characteristics and requirements of each specific audit project, including the number of auditors, audit budget arrangements, and information and intelligence.
4.Follow-up audit arrangement:
Follow-up audit arrangement refers to the audit carried out by the internal audit department to check the corrective measures taken by the audited department on the problems found in the audit and the effect. Follow-up audit is one of the indispensable and important components of internal audit, and it is also one of the characteristics that distinguishes internal audit from external audit. The head of the internal audit department must set aside the necessary audit resources for subsequent audits when developing the annual audit plan.
Important factors that should be considered in the development of an annual audit plan
Organizational Risk:Assess your organization's exposure to external and internal environmental risks, prioritizing areas of higher risk audits.
Management Requirements:Consider the specific audit requirements of top management and the risks in management processes to improve management and internal controls.
Degree of risk: Plan the order of implementation according to the risk level of each audit project, and give priority to the implementation of projects with higher risks.
Audit Resources:According to the nature and complexity of different audit projects, the auditors and other resources are reasonably allocated.
Internal Audit Human Resource Management:Ensure that auditors have professional competence and ethical standards, and enhance their competencies through continuous education.
Recruitment and training of internal auditors:Reasonably arrange the size and responsibilities of personnel, select personnel with professional ability, and implement effective training.
Appraisal and motivation of internal auditors:Establish an appraisal system, regularly evaluate the performance of auditors, and implement rewards and incentives.
1.Organizational Risk:
Organizational risk is the possibility that the organization's goals will not be achieved, and is generated by the uncertainty of the external and internal environment that the organization faces in modern society. Keeping risk below a level acceptable to the organization is a necessary condition for achieving the organization's goals. Organizational risk is mainly affected by the organization's development goals and annual work priorities, changes in laws, regulations and policies affecting the organization's related business activities, the improvement of the organization's internal control, the complexity and recent changes in business activities, and changes in the overall quality and responsibilities of personnel in relevant positions. When selecting specific audit projects, the internal audit management department should give priority to the areas with serious risks, so that through the supervision and evaluation functions of internal audit, it can improve the business activities and internal control in these areas, reduce, avoid and control risks, and promote the realization of organizational goals.
2.Management needs
Internal audit is for the sake of an organization. The management needs of the organization's senior management, which are required by the internal audit management to carry out specific audit engagements out of concern for the organization's performance and operations, are also factors that the internal audit management department needs to take into account when formulating the annual audit plan. In addition, the internal audit management department should also supervise and evaluate the process risks existing in the management process, improve the internal control in the management process, and reduce and avoid the process risks in the management process.
3.Degree of risk
Each specific project has its own level of risk, and different levels of risk have different impacts on the achievement of organizational goals. The head of the internal audit organization shall plan the sequence of the implementation of the audit project according to the risk level of the audit project. Internal auditors should prioritize higher-risk projects after examining all aspects of the risks of each audit project in accordance with the risk factors listed in the standards, as failure to monitor and evaluate the project in a timely manner may seriously affect the achievement of the organization's objectives.
4.Audit Resources:
Audit resources refers to the general term of the basic conditions required to achieve the audit objectives, generally refers to the audit institutions have or can dispose of, the sum of various resources such as manpower, property, methods and technology, information and intelligence to serve the audit law enforcement, the most important of which is the audit human resources, because "people" is the most active factor in various resource elements. Each audit project consumes and occupies a certain amount of audit resources. The person in charge of the management of the internal audit department shall consider assigning internal auditors with corresponding knowledge and ability according to the different nature of the audited project and the complexity of the business; According to the time constraints of the audit project, a sufficient number of internal auditors are arranged for the audit project that needs to be solved urgently.
5.Internal Audit Human Resource Management:
The most important of the audit resources is human resources. The China Internal Auditing Standard No. 1101 – Basic Standards for Internal Auditing clearly stipulates that an organization shall set up an internal audit organization that is suitable for its objectives, nature, scale, governance structure, etc., and be equipped with internal auditors with corresponding qualifications; Internal auditors shall abide by professional ethics and exercise due professional care in the conduct of internal audit engagement; Internal auditors should have the appropriate professional competencies and maintain and improve them through follow-up education. From this, we can see that internal auditors should have a certain level of professional competence and ethics, with good professional competence, appropriate knowledge structure, rapport and good literacy, and increase knowledge, skills and other competencies through continuous professional development. Management activities such as follow-up education and evaluation and incentives for personnel will help improve the professional competence of internal auditors.
6.Recruitment and training of internal auditors:
The organization should reasonably arrange the size allocation and division of responsibilities of internal audit personnel, analyze the demand for internal audit human resources in combination with the organization's development strategy, audit requirements, audit workload and other factors, and formulate a corresponding demand plan for internal audit human resources, so as to formulate a scientific and effective employment plan for internal audit personnel.
When hiring internal auditors, the selection and hiring of personnel shall be carried out in accordance with the following criteria.
(1) Professional competence
The professional competence of internal auditors determines the effectiveness of internal audit in helping the organization achieve its objectives. Internal auditors should not only possess professional knowledge and professional competence sufficient to be competent for the current work, be familiar with internal auditing standards and financial accounting systems, but also possess professional competence in risk management, organizational governance and internal control, be familiar with the Organization's business activities and behavioral arrangements, and be able to identify existing or potential problems in the organization's business process and put forward suggestions to solve them.
(2) Abide by professional ethics and maintain due professional prudence
Internal auditors must have basic moral character, abide by professional ethics, be honest, objective and responsible, and carry out internal audit business with due professional prudence. The professional ethics standards that internal auditors should abide by are: auditing in accordance with the law, being loyal to their duties, adhering to principles, being objective and impartial, being honest and honest, and keeping secrets; They must not abuse their powers, twist the law for personal gain, divulge secrets, or derelict their duties.
In addition, in accordance with the relevant provisions of the China Internal Auditing Standard No. 1101 - Basic Standards for Internal Auditing, the organization should also provide training to internal auditors to maintain and improve their professionalism and competence through follow-up education. Internal auditors should learn and master the development and changes of relevant laws and regulations, professional knowledge, technical methods and auditing practices through follow-up education and professional practice, so as to maintain and improve their professional competence.
Training is an important way for auditors to update their knowledge and build their capacity. The organization should improve the training system combining job training and vocational training, (more content can pay attention to the internal auditor station) according to the characteristics of the unit and the basic quality of internal auditors to develop a feasible training plan, to provide training and learning opportunities for internal auditors. The organization can develop an assessment questionnaire to assess the skills of the internal auditor in response to the requirements of the internal auditor's competency, and develop a training plan and training course based on the evaluation results. At the same time, self-study is an important supplementary way for internal auditors to follow up their education. Auditors can adopt.
Internal audit department and personnel relationship handling
Internal auditors should establish and maintain good interpersonal relationships to facilitate effective audit work. According to the Specific Standard for Internal Auditing No. 2305 – Human Relations, the main relationships are as follows:
1.Organizational management and related personnel
In order for the internal audit department to serve the management of the organization, the smooth implementation of the internal audit work must obtain the authorization and support of the head of the organization. Therefore, it is important for the management of the internal audit department to establish good interpersonal relationships with the management of the organization and related personnel. Internal auditors should be proactive in communicating with management. Internal auditors communicate with the organization's management to reach a consensus on the audit plan; It is necessary to submit the draft audit work plan, audit report and other relevant documents to the management of the organization on a regular basis, and at the same time, it is necessary to communicate the difficulties and problems encountered in the internal audit work with the management of the organization in a timely manner, and obtain the understanding and support of the management when conducting the audit work. In the event of errors or deviations in the internal audit work, it is necessary to report to the management in a timely manner and propose remedial measures. Internal audit staff should work together with the organization's management to implement the audit plan and achieve the organization's strategic objectives.
2.Audited units and related personnel
Internal audit work is the internal audit management department to send auditors to supervise and inspect the work of the audited unit, so as to identify risks and avoid the occurrence of fraud. In order to better carry out audit activities, improve audit efficiency, avoid misunderstandings in the work, and ensure the smooth development of audit work, auditors should communicate and communicate with the audited unit before the audit activities begin, and obtain the understanding and support of the audited unit and staff. In the course of the audit, through inquiries, meetings, conversations, questionnaires, etc., to understand the business activities, internal control and risk management of the audited entity. Internal auditors should also communicate with the auditee through informal means such as oral communication about the difficulties and problems encountered in the audit process, so as to facilitate further cooperation between the two parties. Before the results of the audit report are released, the auditors should also exchange opinions with the audited unit or department to ensure the fairness and objectivity of the audit opinions and audit conclusions, and achieve the objectives of internal auditing.
3.All functional departments and related personnel within the organization
In conducting internal audit, internal auditors coordinate with other functional departments and personnel within the organization. Only with the support and cooperation of other functional departments, such as the production department, the human resource management department, the sales department and the warehousing department, can the audit work be carried out normally and smoothly. Internal auditors should understand the situation of other relevant functional departments within the organization, and seek problems encountered in the audit and corresponding solutions in communication and cooperation with these departments and personnel.
4.Relevant institutions and personnel outside the organization
The organization or enterprise needs to entrust the third-party intermediary structure in the society to conduct independent audit and asset evaluation in accordance with the relevant national regulations and work requirements, and the internal auditors of the organization should actively cooperate with the work of these external relevant institutions and third-party auditors, maintain necessary contact and communication, and do a good job of coordination with external auditors, so as to obtain more recognition, support and collaboration. Maintaining a good relationship between internal and external audits can improve audit efficiency and save audit resources.
5.Other members of the internal audit body
The necessary interaction between internal audit staff should also be maintained. The personnel of the internal audit department should attach importance to the interpersonal relationship between colleagues in the internal audit department, cooperate with each other and tolerate each other. The leaders of the internal audit management department should actively encourage internal auditors to exchange work experience, share audit resources and audit evidence, and communicate audit results and audit opinions, so as to achieve information exchange and information sharing among internal auditors more efficiently, complete audit activities better and faster, and achieve audit objectives.
Lack of necessary and timely communication, different evaluations of the same thing, inconsistent values of each person, and differences in professional ethics are the main causes of interpersonal conflicts among internal auditors. When there is a conflict in interpersonal relationships, internal auditors should resolve interpersonal conflicts and resolve conflicts in a timely and appropriate manner, and the main solutions that can be adopted are: temporary avoidance, finding an appropriate opportunity to coordinate contradictions, rational persuasion, appropriate compromise, mutual cooperation, etc.
Establishment of internal audit system and preparation of work manuals
Organizations and enterprises shall, in accordance with the requirements of relevant national laws and regulations and relevant policies, build a complete and systematic internal audit work system within the organization to standardize and guide the internal audit work.
1.Construction of internal audit system
The construction of the internal audit system helps to promote the orderliness, integrity and reliability of the internal audit work, so that the internal audit work has rules to follow and rules to follow. A complete internal audit system can ensure the healthy development of an organization's internal audit.
The internal audit system can include three levels: internal audit charter, management measures and implementation rules.
(1) Internal Audit Charter
The internal audit charter is the top-level document in the internal audit system and one of the most important documents in the management of the organization, which has a strong binding force on the internal audit activities and is the basis for the internal audit department and auditors to conduct audit activities. The internal audit charter should be in writing to define the objectives, authority and responsibilities of the internal audit activities and should be approved by top management in order to be effective.
China's "Specific Standards for Internal Auditing No. 24 - Management of Internal Audit Institutions" stipulates that the internal audit charter should include the following contents: internal audit objectives, the status of internal audit institutions in the organization, and the responsibilities and scope of authority of internal audit institutions.
The organization should regularly check the implementation of the internal audit charter and make timely and necessary amendments to the internal audit charter to ensure that the internal audit charter can better guide the internal audit work.
(2) Management Measures
Under the guidance of the internal audit charter, the internal audit department can standardize the business process and management work in the operation of the internal audit department by formulating and implementing management measures as required. Under the condition that the management methods are consistent with the internal audit charter, appropriate management measures should be formulated according to the organization's own organizational form and internal management system.
(3) Implementing Rules
The third layer of the internal audit system is the implementation rules. Under the premise of the internal audit charter and management methods, the internal audit department should summarize the inherent models and routines for the common phenomena and problems in the audit work and the handling methods in combination with the actual situation of the unit or specific audit project, formulate the implementation rules, and provide reference models or routine guidance for the development of the internal audit work, so as to improve the audit efficiency and save audit resources.
2.Preparation of internal audit work manuals
An internal audit workbook refers to a specific guide used to standardize a certain audit content or a certain business process. The internal audit management department is organized according to the nature, size and characteristics of the organization.
Internal Audit Workbook to guide the work of internal auditors. According to the relevant provisions of the Specific Standard for Internal Auditing No. 24 - Management of Internal Audit Institutions, the internal audit workbook shall include the following:
1) A description of the objectives, powers and responsibilities of the internal audit organization;
2) Descriptions of the organization, management and work of the internal audit organization;
3) The position setting and job description of the internal audit institution;
4) Key audit workflows;
5) Internal audit quality control policies and procedures;
6) Internal audit ethics and incentives and punishments;
7) Matters to be noted in internal audit work.
The following is an example of the "internal audit system of the company".
Saisheng Pharmaceutical: Internal Audit System (January 2024).
The copyright of the article belongs to the author, part**From the Internet, the author's information has been marked, and some of the author and the first release cannot be identified**, only for peer study and research.