The basics that matter - scoping and work programme design delivery

Presented by James Patterson

At present, with the impact of Covid, a number of audit teams are questioning some of the basics of their audit approach. Specifically audits that suffer from scope creep and work programmes that take time to create and can easily miss the wood for the trees.

Who should attend?

Internal audit managers and experienced audit staff.

What will I learn?

Upon completion you will be able to:

• be clearer about how to scope effectively – with clear priorities (exam questions) and rigorous consideration of what is in/out of scope
• be clear about the depth of assignment that is appropriate and which controls should be tested
• how to create a work programme that is fit for purpose – sharing of good practices around a library of key control objectives
• being clear about which controls to test first – using a sprint approach
• how to assess whether controls have been designed effectively
• approaches to test controls in a streamlined way
• being able to see the difference between symptoms and causes
• thinking about impact and compensating controls to avoid the pushback “so what”.

Course programme

• improve assignment planning – be clear about the “golden thread” between the plan and the assignment so you don’t lose focus
• what are the 2-3 exam questions we must really prioritise
• different assignment types (e.g. review, audit or investigation) and the levels of assurance they provide
• using diagrams/tables to explain what is in/out of scope
• sharing work programme templates – learning when they are too short and when they are too complex
• sharing control objectives – using these to help create a library of key controls that can be quickly referred to ahead of each assignment
• how do you decide what is a key risk and a key control
• how to test the design of controls individually using SMART
• how to test the design of controls in aggregate using COSO and risk appetite
• benchmarking to judge the impact of control failure – when it is helpful to do this at an individual level and when it is best done in aggregate
• being clear about causes to see the wood for the trees.

CPE competency areas covered

• Professionalism
• Performance (Risk management | Internal control | Engagements)
• Environment (Organisational strategic planning and management)
• Leadership and communication (Audit plan and coordinating efforts)

7 CPE points