Position Paper: Audit planning approach

To manage risks effectively is an essential part of good corporate governance. An important role of each organisation is to identify all business risks and uncertainties which the organisation faces, quickly implementing risk mitigating measures and enhancing the system of internal controls.

The internal audit function, as an essential part of the corporate governance framework, provides independent assurance that those risks have been properly managed. As the global business environment and its financial and regulatory requirements have become more complex, users of the audited processes have been calling for more pertinent information for their decision making.

The rapidly evolving environment (e.g. digitalisation of services, sustainability, information technology) and a shortening life cycle of products requires organisations to embrace change. Agility and a short response time are critical to survival. This leads to new/enhanced risks which the organisation has to deal with and a new risk appetite. To be able to provide an assurance to senior management in a short time period, it is necessary to focus the audit plan on current and future risks and provide a risk-based approach for audit planning.