Domain III - Engagement planning

Question 1

Name 4 reasons why planning is important.

Answer 1

1. Increased chance of success
2. A more comprehensive outcome
3. Ensuring the availability of resources
4. Better management of expectations.

Question 2

How can you increase the chance of a successful audit?

Answer 2

As with any project, taking time to plan the internal audit engagement increases the chances that you will complete it to the agreed quality standards in the agreed time and with the available resources.

Question 3

Why does planning help get a more comprehensive outcome?

Answer 3

The real outcomes of internal audit depend on the relationships between the internal auditor and the organisation’s managers and governors. Planning provides an opportunity to establish or develop those relationships, establishing the foundation for communications later in the engagement.

Done well, planning makes communicating engagement results easier and quicker.

Question 4

What are the relevant standards in terms of engagement planning?

Answer 4

Standard 2200 Engagement planning
Standard 2201 Planning considerations
Standard 2210 Engagement objectives
Standard 2220 Engagement scope
Standard 2230 Resource allocation
Standard 2240 Engagement work program

Question 5

What are the 7 steps of the engagement planning process?

Answer 5

1) Understand the context and purpose
2. Gather information
3. Conduct a preliminary risk assessment
4. Form the objectives
5. Establish the scope
6. Allocate resources
7. Document the plan

Question 6

What information will help in understanding the context of an engagement?

Answer 6

Information that will help you understand the context include the:

internal audit strategic plan
annual plan of engagements
organisational mission, vision and strategy
policies and procedures
risk priorities.

Question 7

Why is understanding the context and purpose of an audit so important?

Answer 7

They enable you to plan effectively and ensure that the goals and objectives set out in the annual internal audit plan are accomplished.

Question 8

What kind of information would you gather prior to an engagement/audit?

Answer 8

Gather information about the area or process under review, such as its business objectives, the processes in place to achieve those objectives, the risks that could affect the achievement of those objectives, and the controls in place to mitigate those risks.

Question 9

What might you do to gather information prior to an engagement/audit?

Answer 9

To gather information, you might do the following:

review prior assessments of the area or process under review
understand and map the process flow and controls in the area or process under review
interview relevant stakeholders
brainstorm potential risk scenarios.

Question 10

Why is it important to conduct a preliminary risk assessment prior to an engagement/audit?

Answer 10

Due to time and resource constraints, not all risks can be reviewed during an engagement. Therefore, conduct a preliminary risk assessment and prioritise risks according to significance.

Question 11

What tools can you use to conduct a preliminary risk assessment?

Answer 11

Risk and control matrices

Heat maps

Question 12

What is the next step after these?

1) Understand the context and purpose
2. Gather information
3. Conduct a preliminary risk assessment

Answer 12

Form the objectives.

Question 13

What do engagement objectives articulate?

Answer 13

What the engagement is specifically attempting to accomplish.

Question 14

What should the engagement objectives be like?

Answer 14

the objectives should have a clear purpose, be concise, and be linked to the risk assessment.

Question 15

Why is establishing the scope important?

Answer 15

Because an engagement generally cannot cover everything, you must determine what will and will not be included. The engagement scope sets the boundaries of the engagement and outlines what will be included in the review.

Question 16

Why is considering the boundaries of the engagement important?

Answer 16

to ensure that the scope will be sufficient to achieve the objectives of the engagement.

Question 17

What comes after these steps?

1) Understand the context and purpose
2. Gather information
3. Conduct a preliminary risk assessment
4. Form the objectives
5. Establish the scope

Answer 17

6. Allocate resources

7. Document the plan

Question 18

Resources are allocated based on….. what?

Answer 18

the knowledge you acquire during engagement planning

the nature and complexity of the engagement.

time constraints and the number of hours budgeted for the engagement.

Question 19

Other than internal resources, what else should be taken into consideration in allocating resources?

Answer 19

Consideration needs to be given to whether external resources (eg specialists or supplemental resources) or technology will be necessary when the internal audit activity does not have appropriate or sufficient resources.

Question 20

What is created to communicate the objectives, scope and timing of the engagement?

Answer 20

You may create a terms of reference (ToR) or engagement planning memorandum (memo) to communicate the objectives, scope, and timing of the engagement.

Question 21

What does the document that communicates the objectives, scope and timing of the engagement provide in terms of opportunity?

Answer 21

This document provides an opportunity for you to ensure that management of the area or process under review understands and supports the engagement plan. If management disagrees with any elements of the plan, you can either make adjustments or document the rationale for why the engagement will not be modified despite management’s disagreement.

Question 22

Which step in the planning process is the most important?

Answer 22

They are equally important. Weakness in any one of the steps will impact upon the others, so give each one the attention it deserves.