Principles and approach


The aims of audit process management are to ensure efficient and effective operations via:

  1. procedures to guide the work of internal audit;
  2. processes to provide assurance over the quality of the work of internal audit;
  3. accurate and reliable management information over internal audit delivery and to meet the needs of all stakeholders; and
  4. effective management of internal audit risks.

Audit procedures

Establish audit procedures* to guide the audit work undertaken. Consider: 

  • Audit basics
    • assignment planning;
    • assignment fieldwork (risk and control assessment and testing);
    • assignment reporting;
    • follow up of management actions;
  • Management of the audit department
    • assurance planning and reporting, resource management (particularly IT and third party management);
    • process management (particularly quality assurance, relationship management and management information (MI));
    • working with other assurance providers; and
  • Auditing of highly technical business areas/risks.

Quality assurance

Establish a quality assurance and improvement program*, including:

  • checks of compliance with the aims of internal auditing and the International Standards, and an evaluation of whether internal auditors apply the Code of Ethics;
  • checks on quality within individual assignments by the assignment leader;
  • sample checks on assignment quality outside of the assignment team;
  • checks on the quality of MI produced for stakeholders; and
  • external assessments, which should be undertaken at least once every five years.

Monitoring information

Establish a suite of MI to monitor audit performance and meet stakeholders’ needs:

  • Regularly monitor your key performance indicators (also see our practitioner’s Guide on audit governance, strategy and key performance indicators (KPIs))
  • Identify your stakeholder MI needs and produce regular stakeholder reports. Consider including upcoming audits, audit results, trends of audit opinions, risks accepted, outstanding issues and issue deadlines missed and trends.

Risk management

Establish an effective audit risk management process:

  • Identify your key risks, your risk appetite and put controls in place
  • Report audit incidents arising
  • Review major incidents within the business for potential audit failings.

Hints and tips

Multiple-choice questions