Practice Guide: Engagement Planning: Establishing Objectives and Scope

Publicatie 14/09/2017 Practice Guide - Engagement Planning - Assessing Fraud Risks(1).pdf
Practice Guide: Engagement Planning: Establishing Objectives and Scope

Planning is part of internal auditing’s systematic, disciplined, and risk-based approach and is mandated by the International Standards for the Professional Practice of Internal Auditing. Planning internal audit engagements involves considering the strategies and objectives of the area or process under review, prioritizing the risks relevant to the engagement, determining the engagement objectives and scope, and documenting the approach. This practice guide contains the engagement planning steps necessary to fulfill Standard 2200 – Engagement Planning through Standard 2220 – Engagement Scope and related assurance (.A) and consulting (.C) implementation standards.

The exact order and details of planning an engagement, including establishing the objectives and scope, may vary according to the needs of the individual organization, internal audit activity, and engagement. However, the following planning steps are generally included:

  • Understand the context and purpose of the engagement.
  • Gather information to understand the area or process under review.
  • Conduct a preliminary assessment of relevant risks.
  • Form engagement objectives.
  • Establish engagement scope.
  • Allocate appropriate and sufficient resources.
  • Document the plan.

To plan the engagement effectively, internal auditors should start by understanding the context and purpose of the engagement, why it was included in the annual internal audit plan, and how the organization’s mission, vision, strategic objectives, and other elements align with those of the area or process under review. Internal auditors also consider whether the engagement is a request for assurance or consulting services, as stakeholder expectations and Standards requirements differ depending on the type of engagement.

Next, internal auditors gather information about the area or process under review to determine the engagement objectives, scope, and plan. Internal auditors may examine documentation from prior assurance engagements, review applicable policies and procedures, and interview relevant stakeholders to understand and map the process flow and controls in the area or process under review.

Conducting a preliminary assessment of the identified risks helps internal auditors prioritize the risks to be evaluated further during the engagement. Utilizing process maps and brainstorming potential risk scenarios are two techniques that help internal auditors identify risks and controls relevant to the area or process under review. This practice guide explains how internal auditors

Practice Guide / Engagement Planning: Establishing Objectives and Scope can use a risk and control matrix and heat map to prioritize the risks, then use the results to form the engagement objectives and scope, in conformance with the Standards. In addition, this guide explores how to allocate resources and document the process of planning and establishing the engagement objectives and scope.