HOPEX V5 EN

HOPEX Internal Audit > Introduction to HOPEX Internal Audit > The Audit Process

The Audit Process

Audit Preparation

Audit preparation

Planning the audit and managing teams

Preparing the audit

Audit Execution

Specifying and reviewing the audit program

Executing audit tasks

Audit supervision

Circulating audit reports

Audit Follow-Up

The IRM functional administrator prepares the work environment for the audit (defining the team, managing currencies and campaign calendars, time sheet parameterization). For more details, see IRM Functional Administration.

The audit process is broken down into three main parts:

• preparation

• execution

• follow-up

Audit Preparation

Audit preparation

The audit director collects information from organization managers by means of interviews. He creates a list of potential audits.

The audit plan is validated by the workflow.

Planning the audit and managing teams

The audit director:

• plans audits

• assigns auditors to audits

Preparing the audit

The audit director informs auditees of the start of the audit. He specifies the calendar and nominates the lead auditor.

He defines audit scope (main theme) and communicates this to the audit team.

Audit Execution

Specifying and reviewing the audit program

The lead auditor meets the main auditees during the first days of the audit, collects documents and proceeds with evaluation of risks, leading to definition of the work program.

The work program consists of definition of audit tasks so as to cover identified risks, workload distribution and definition of those responsible for audits.

The work program is validated by the audit director.

Executing audit tasks

Auditors execute audit tasks ("activities"):

• tests on samples

• interviews

• information collection

• editing and review of findings

• recommendation proposal

Audit supervision

The lead auditor proceeds with review of findings edited by auditors. He checks that:

• style is respected (form and content)

• the process is correctly analyzed (clear and precise indications)

• audit evidence is attached

• causes, risks and impacts are clearly identified

Circulating audit reports

When audit tasks have been executed, the lead auditor can assemble findings in a first report, called audit report.

Findings are validated with responsible auditees. Modifications may be required.

A validation meeting is organized to validate the findings orally.

The final audit report is sent for comments.

After approval, the final version is sent to auditees.

Audit Follow-Up

Recommendations can be sent:

• directly to auditees

• or to a correspondent, who subsequently ensures that recommendations are applied.

Auditees implement recommendations using action plans (set of actions).

The audit director assures action follow-up.