1. Establish the internal audit scope and objectives:
The internal audit scope should be established before the start of any audit. It should include a description of the products, services, operations, and other areas that will be included in the audit. The objectives of the audit should also be established at this time. These objectives should be specific and measurable and should be designed to improve the effectiveness of the internal auditing process.
2. Perform risk assessment:
The risk assessment should be conducted in order to identify the areas of the business that are most likely to experience problems or that pose a significant risk to the organization. This information can then be used to help prioritize the audits.
3. Develop an audit plan:
The audit plan should be developed based on the results of the risk assessment. It should include a description of the audits that will be conducted, as well as the timing and manner in which they will be conducted.
4. Execute the audit plan:
The audits should be conducted in accordance with the plan, and all findings should be documented.
5. Document findings and conclusions:
The findings and conclusions of each audit should be documented in a timely manner so that they can be acted on quickly.
6. Present results of the audit to management:
The results of each audit should be presented to management in a clear and concise manner so that they can understand them and take appropriate action.
7. Follow up on management’s actions taken in response to the audit findings:
Management’s actions taken in response to the findings of an internal audit should be monitored to ensure that they are effective. Any problems that are identified should be addressed promptly.