These are the activities to be conducted before the actual audit engagement with the Client. The preparatory work includes:
- Conduct thorough research on the Client’s industry and its businesses.
- Develop a sound understanding of the BCM subject matter.
- Have a clear understanding of the relevant stakeholders for this BCM Audit.
- Obtain information on the Client relating to the:
- Determine the Minimum Business Continuity Objectives (MBCO) of the BCM program.
- Confirm accountability of the plans
- Verify that sufficient resources are allocated to the BCM initiatives.
- Review whether the BCM program is in compliance with legislation.
- Validate that the BCM program complies with policies, standards, and guidelines.
- Understand management processes and systems.
- Review external environment affecting BCM requirement.
[2] Audit Planning
Audit Planning is the development of the overall strategy for the audit. Nature, extent, and timing of audit planning vary with the size and complexity of the organization, Auditors’ experience with the organization and knowledge of its businesses. The activities are to:
- Conduct a preliminary fact-finding
- Review of the preliminary assessment with management
- Determine the audit objectives, scope, and criteria
- Formulate an audit plan
- Develop:
- An audit checklist
- A standardized audit program
- An audit schedule
Resource
Goh, M. H. (2016). A Manager's Guide to Auditing and Reviewing Your Business Continuity Management Program. Business Continuity Management Series (2nd ed.). Singapore: GMH Pte Ltd.
Extracted from "Chapter 4: Stage 1: Audit Planning and Preparation"
Singapore Government Funding for BCM-8530 Course
The next section applied to Singaporean and Singapore permanent residents. Click the button "Government Funding Available" to find out more about the funding that is available from the Singapore government. This includes the CITREP+, SkillsFuture Credit and UTAP.
The Case Western Reserve’s Board of Trustees and management place assets at risk to achieve established priorities and goals. A key function of the Office of Internal Audit Services is to understand, audit, and report to management and the Board of Trustees how that risk is being managed. Knowing what areas to audit and where to commit resources is an integral part of managing the internal audit function.
To identify areas of potential risk, each year the Office of Internal Audit Services performs a thorough risk assessment of all university management centers, operating units, and significant departments. From this assessment, an Audit Plan is developed and presented to the Audit Committee for approval.
The plan addresses high-risk areas as well as allocates time for special ad-hoc projects. In intervening years, the risk assessment is updated through data analysis and interviews with senior executives across the university. If necessary, the audit plan is adjusted for any changes to the university's risk assessment.
We believe that the university is best served if the Audit Plan is a dynamic document that continually adjusts to changes in the environment. Therefore, if your management center or department has a need for our services, please contact us.
Depending on the relative risk associated to your need and the amount of time necessary to fulfill your request, the Office of Internal Audit Services will communicate what level of assistance we will be able to provide. At a minimum, we will be available to offer guidance and advice throughout any project you perform on your own.
In most cases, expect to receive notification when you or your department is to be audited.
- Expect to understand the audit's purpose and objective
- Expect to provide your ideas or concerns regarding the audit
- Expect to be treated with respect and courtesy
- Expect to be asked for various financial and department documentation; some may be confidential
- Expect confidential information to remain confidential
- Expect to answer all questions honestly
- Expect to receive a draft copy of the Final Audit Report prior to its release
Preparing for an Audit
- Have all requested materials/records ready when requested
- Organize files so we minimize disruption of your day
- Provide complete files
- Please make yourself available during the time of the audit and communicate any planned absences
- Provide work space for auditors if requested
Audit Process
Step 1: Planning
The auditor will review prior audits in your area and professional literature. The auditor will also research applicable policies and statutes and prepare a basic audit program to follow.
Step 2: Notification
The Office of Internal Audit Services will notify the appropriate department or department personnel regarding the upcoming audit and its purpose, at which time an opening meeting will be scheduled.
Step 3: Opening Meeting
This meeting will include management and any administrative personnel involved in the audit. The audit's purpose and objective will be discussed as well as the audit program. The audit program may be adjusted based on information obtained during this meeting.
Step 4: Fieldwork
This step includes the testing to be performed as well as interviews with appropriate department personnel.
Step 5: Report Drafting
After the fieldwork is completed, a report is drafted. The report includes such areas as the objective and scope of the audit, relevant background, and the findings and recommendations for correction or improvement.
Step 6: Management Response
A draft audit report will be submitted to the management of the audited area for their review and responses to the recommendations. Management responses should include their action plan for correction.
Step 7: Closing Meeting
This meeting is held with department management. The audit report and management responses will be reviewed and discussed. This is the time for questions and clarifications. Results of other audit procedures not discussed in the final report will be communicated at this meeting.
Step 8: Final Audit Report Distribution
After the closing meeting, the final audit report with management responses is distributed to department personnel involved in the audit, the President, Provost, and Chief Financial Officer, and CWRU’s external accounting firm.
Step 9: Follow-up
Approximately six months after the audit report is issued, the Office of Internal Audit Services will perform a follow-up review. The purpose of this review is to conclude whether or not the corrective actions were implemented.