An internal audit of a project management system reviews many critical processes in a control environment where various policies and procedures are validated and consolidated. Therefore, a properly planned standard audit is required based on a few guidelines which have been explored in this article.
How to Plan a Project Audit
A robust system of checks and balances is necessary at an organizational level to ensure accountability, risk mitigation and responsible governance. Internal audits form an integral part of this system and are an opportunity for the business to get an assurance that organizational goals and objectives are achieved within the framework of established policies and procedures and comply with mandated external and internal standards, and that losses are minimized by effective risk management.
The lack of internal controls and a system of periodic assurance/audit have led to the downfall of many big corporations in recent years, highlighting the need for regular internal audits, which have a clearly defined scope and management buy-in. However, it is also important that internal audits are planned such that they provide relevant and timely information and assurance, helping the management implement immediate course-correction measures in case any deviations or shortcomings are highlighted during the internal audit.
Some helpful guidelines on planning an internal audit project are discussed below.
Scope and Resources
When planning for an internal audit, it is important to ensure that the scope is clearly defined and the resources required to complete the audit are readily available, without any impact on the day-to-day operations of the organizations. The planning process should cover the following aspects:
- Previous internal and external audit reports, concern areas and gaps highlighted, management response on addressing gaps, recommended resolution and control measures to be implemented and whether these have been adequately and effectively addressed.
- Business or department to be reviewed in the upcoming audit, management hierarchy and responsibilities, policies and procedures pertaining to daily activities and operations carried out in that business or department, impact or contributions to the overall business objectives and criticality of the unit in the organizational structure.
- Key personnel and composition of the internal audit team, whether representatives from business functions will be included in the team and the roles and responsibilities that will be assigned to them, main liaison or contact point from the unit being audited, etc.
A detailed audit plan and schedule which is accepted by the management and circulated to all involved parties.
Audit Objectives and Procedures
Internal audits are primarily concerned with the identification of risks arising from doing business and whether these are effectively addressed with control procedures in place. A comprehensive internal audit covers the objectives and follows the procedures listed below.
- Crucial business objectives and goals, policies and procedures implemented to achieve the same, key personnel and resources employed in the course of business.
- Possible and probable risks which can significantly impact the achievement of business goals, how these risks occur and what are the controls implemented to manage and mitigate these risks.
- Losses due to lack of adequate controls – financial, operational, regulatory, etc; each loss is properly identified and categorized as per risk management policies; how future recurrences of such losses are prevented.
- Review of all documentation pertaining to operational activities such as process manuals, organization charts, job descriptions and responsibilities of employees in the department/business, technology and systems used in the course of business, linkages and relationships with other internal units and external entities – regulators, vendors, outsourcing partners, etc.
Interviews with key personnel and discussions with a random base of employees to gauge their understanding and knowledge of policies and procedures, job responsibilities and delegated authorities, awareness of present and potential risks and the controls for mitigation of such risks.
- Review of critical processes, security and access control measures for data management, MIS and reports generated as part of daily activities, archival procedures and control measures instituted to manage outsourced activities and vendors.
Internal audits play a crucial role in ensuring that business goals are achieved in accordance with mandated standards and, therefore, the importance of effective planning for internal audits cannot be emphasized enough.
Image Source: Wikimedia Commons