What is an Audit Program?
Audit program is a consolidation of the audit procedures in which the auditor need to review and follow those procedures to complete the audit assignment. It is usually written out of the audit procedures by navigating the auditor to the roadmap, audit engagement testing goal, and to keep the auditor focused on the objective of engagement.
The audit program contains a variety of content procedures based on the scope, nature of the auditing, and the business processes activities by the audit client.
The auditor shall sign off on the agreed audit program or audit procedures and these should be included in the working paper as guidance to the auditor to complete their assignment.
The audit program develops based upon the identified risks. To design an effective audit program, the audit must understand and clearly identify the role and responsibilities of the department/units to be audited. Furthermore, the auditor must understand the departmental/unit objective, unit strategies, understand the management concerns, workflow, document flow, and identify the related links.
Why an audit program is very important for both external and internal auditors?
Audit programs are important and are usually used by external and internal auditors. Basically, audit program combines all the audit steps to present for an overall audit performance that will be conducted.
The audit program consolidates the essential parts in audit planning which are very frequently used by the internal auditor. For instance, an audit program includes:
(1). identified key risks,
(2). Audit Objectives,
(3). Audit procedures,
(4). Staffing and
(5). Scheduling or timeline.
When preparing the audit program, the management in charge should consider the 5 elements in the planning stage above.
Auditors should understand these important elements, especially; the internal auditor because most of the internal auditors are mostly assigned to perform the testing based on the identified key and verify the procedures to ensure the fieldwork is completed with more effectiveness.
As recommended, the audit program is required to be reviewed, verified by the experienced or qualified management team so that the audit program is deemed reliable before the testing and fieldwork could be started.
Despite of the fact that the audit program present and guide the auditor on the key risks as well as what should be tested, why, what and how it can be identified with regard to the testing sample size, it is not 100% certain that the requesting documents presented in audit procedures are aligned with the creating documents that the auditor requested from the client.
Auditors should also keep in mind that after completing the design of the audit program and the testing after the fieldwork, there may have some changes on the risks and the auditor should revisit and determine if there are no large impact on to business process plan/ unit activities.
In case the auditor conducts an audit visit and encountered a situation similar to that of previous year, hence; the auditor should enhance the performing testing process and the procedures could be reduced so that the changes to those processes could be better evaluated and conditioned.