Document Sample
Risk-Assessment-Audit-Program Powered By Docstoc
					Client Name Internal Control Framework Date Completed: Completed By: Reviewed By: Question Yes No* Comment

* For a “No” answer, cross-reference to either a compensating control or to audit work which has been performed Questionnaire or is to be performed.

Audit Program

Audit Procedure

Control Objective

Risk if Objective Not Met

Control Technique

Workpaper Reference

Performed By

Date Expected

Date Completed

Budget Hours

Actual Hours

Document Reference


Reviewed By


AREA: Risk Assessment Audit Program


Control Objective

Purpose: To identify the threats facing the program or agency under audit; identify the controls or procedures the city has in place to prevent, eliminate or minimize the threats, and to determine the probability that noncompliance and abuse, which is individually or in the aggregate material, could occur and not be prevented or detected in a timely manner by the internal controls in place. The risk assessment is utilized to sharpen the preliminary scope, methodology and objectives identified in the Scoping Statement as part of the development of the audit and work programs.


Based on information gathered during the Preliminary Survey, prepare a tentative list of threats for the major audit areas identified during Scoping Statement analysis. If information systems processed data is an important or integral part of the audit and the reliability of the data is crucial to accomplishing audit objectives, the auditor should include threats to information systems-processed data in this list. Consult with the project supervisor to determine the need for EDP audit assistance. Summarize the management (internal) controls identified that directly address the threats listed in item 1 above. This should include those controls which should mitigate the threats listed in item 1 above as well as any potential weaknesses in those controls. Add to this list any other controls identified during the Preliminary Survey (both actual and potential controls).


Assess the risk that abuse, fraud, or illegal acts could occur and materially impact the auditee’s compliance with laws, rules, or regulations or have a material effect on the auditee’s operations. Consider whether the auditee has controls that are effective in preventing or 3 detecting illegal acts. If information systems or information systems processed data are included as threats or as controls above, consult with the project supervisor to determine 4 the need for EDP audit assistance. Assess whether work requires coordination with other auditors for work completed or on-going that can be used to help carry out the project. Similarly, if there are investigations or legal proceedings initiated or in process, auditors should assess the impact upon the current audit and suggest actions as appropriate.

Identify material and significant findings and recommendations from previous reports issued by the office on the agency or program. Significant previous findings and recommendations that could affect the present audit objectives require follow-up in the current 6 project.


Control Considerations

Assertion E,A,C,V,P

Description of control

Documentation W/P Ref.

Do controls meet objective? Yes/No

Test W/P Ref

Testing exceptions noted? Yes/No

Resolution / remediation/ comments W/P Ref

Audit Program Area Global Audit Procedure Ref No, Control Objective Risks Control Activity Number Control Description KeyControl? Frequency

Owner Exceptions Type Document Reference

Mapping to Standards

Audit Program Area AUDIT PROCEDURES Ref.

Done By

Time Spent

Date Date Checked Expected Finished Remarks By:

Finding Ref #

Control Testing


Management Response & Treatment

Shared By:
Tags: Risk-, Asses
Description: Risk-Assessment-Audit-Program