HOPEX Aquila EN

GRC - Internal Audit > Introduction to HOPEX Internal Audit > The Audit Process

The Audit Process

Audit Preparation

Audit preparation

Planning the audit and managing teams

Preparing the audit

Audit Execution

Specifying and reviewing the audit program

Executing audit tasks

Audit supervision

Circulating audit reports

Audit Follow-Up

The GRC functional administrator prepares the required work environment (team management, currency and campaign calendar management, timesheet parameterization).

For further details, see GRC Functional Administration.

The audit process is broken down into three main parts:

• preparation

• execution

• follow-up

Audit Preparation

Audit preparation

The audit director collects information from organization managers by means of interviews. He creates a list of potential audits.

The audit plan is validated through the workflow.

Planning the audit and managing teams

The audit director:

• plans audits

• assigns auditors to audits

Preparing the audit

The audit director informs auditees of the start of the audit. He specifies the calendar and nominates the lead auditor.

He defines audit scope (main theme) and communicates this to the audit team.

Audit Execution

Specifying and reviewing the audit program

The lead auditor meets main auditees in the early days of the audit. He/she gathers documents and defines the risks and/or controls to be audited, which leads to the work program definition.

The work program consists in defining audit tasks so as to cover identified risks or audited controls, workload distribution and definition of those responsible for audits.

The work program is validated by the audit director.

Executing audit tasks

Auditors execute audit tasks ("activities"):

• tests on samples

• interviews

• information collection

• editing and review of findings

• recommendation proposal

Audit supervision

The lead auditor proceeds with review of findings edited by auditors. He checks that:

• style is respected (form and content)

• the process is correctly analyzed (clear and precise indications)

• audit evidence is attached

• causes, risks and impacts are clearly identified

Circulating audit reports

When audit tasks have been executed, the lead auditor can gather findings in a first report, called audit report.

Findings are validated with responsible auditees. Modifications may be required.

A validation meeting is organized to validate the findings orally.

The final audit report is sent for comments.

After approval, the final version is sent to auditees.

Audit Follow-Up

Recommendations can be sent:

• directly to auditees, or

• to a correspondent, who subsequently ensures that recommendations are applied.

Auditees implement recommendations using action plans (set of actions).

The audit director assures action follow-up.