Purpose: To prepare a risk-based audit program.
To Access: Risk Management - Audit & Compliance - Prepare Audit Program.
The Prepare Audit Program function is used to create an audit program. An audit program must first be prepared before an audit can be performed. An audit program is a collection of audit procedures to be performed during an audit. Usually, an audit program will cover an organisation unit, a function or a special topic of interest (eg. review fire protection equipment of all offices, factories and warehouses globally).
Note: Audit programs can only be prepared by users with Audit Write access except for Self Assessment programs which can be prepared by users with Organisation Write access. Contact your system administrator regarding access levels.
To start, select the company from the dropdown list:
The Organisation Unit panel will display the organisation units for the selected company.
Select the type of audit. Only one type of audit can be selected for one audit program.
To prepare a special audit program, select a Special Audit Type.
These audit programs are special because they do not require a user to have auditor access level and there is a short cut access to a Control Checklist from the main menu.
Select the organisation units to be included in the audit program.
Determine whether you want to include only the key controls, no key controls only or all controls and optionally select the risk levels:
Click the Preview button to see what the audit program includes.
if you are satisfied with the audit program, complete the rest of the details for the audit program:
Audit Program Name: A unique name given to the audit program. Duplicated names will not be accepted by the system.
Audit Coverage: Enter the start and end dates of the period the audit covers. The system date is defaulted to the English format, which is day/month/year. To avoid confusion if your system is set to a different date format, eg. USA users, use the name of the month, for example, 8-Sep-2007 or Sep-8-2007. If the American short date format 9-8-2007 is entered, the system will interpret that as 9 August 2007 instead of the intended 8 September 2007. The Financial Year of the audit coverage is the financial year of the audit end date. For example, if the audit end date is 15-Sep-2008 and the organisation's financial year starts 1-Jul, then the financial year of the audit program is 2009.
Auditor: The person in charge of the audit. Auditors can be assigned to individual audit procedures within a program in the Enter Audit Results screen.
Click the Save button to save the audit program.
Note: To ensure the audit program covers all controls identified, run the Controls with No Audit Procedures report to identify recently created controls where audit procedures have not been attached.
See also:
Scheduling and costing an audit program