Checklist for Internal Audit Planning
Process
Internal Audit Charter/ Terms of
Internal Audit Engagement
where it is an outsources
engagement
Developing / Enhancing Business
Knowledge
Audit Universe
Plan Linkages with Enterprise
Risk Assessment
Independent Risk Assessment for
various Auditable units (i.e.,
Risk Description
Risk that internal audits are not in line with the
objectives of the internal audit function, as per the
internal audit charter of the entity (and terms of
engagement, where it is an outsourced
engagement) and also not in line with the overall
objectives of the organization.
Risk of leaving key elements of risk unattended
due to lack of Business / regulatory environment
knowledge.
Missing of Key Risk Area for coverage in
Overall Internal Audit Plan
Lack of Audit Planning process linkage with
Risk faced by the Organisation
Risk of not prioritizing high risk area or missing
Control
A documented process, listing detailed
process for preparing Annual audit plan
keeping in view various facets of coverage
required. It can be part of Audit Manual or a
separate document.
Process of continuous engagement with
stakeholders both inside and outside the
organization.
1. Having Audit Universe for
Organization / Auditable Entity.
2. Review of the Audit Universe at regular
intervals.
Inputs from Enterprise Risk Management
Team on key risk facing organization and
factoring the same in overall audit planning
process
1. Doing Independent Risk assessment of
each auditable unit to arrive at correct
Test Performed
1. Check the comprehensiveness of the
Auditing plan,
2. Check the Adherence to the Annual
Audit planning process as per document
Check the interactions Internal Audit has with
inside and outside stakeholders and other
research and documents as referred by the
auditor.
1. Check the availability of Audit Universe
for the Organization/ Auditable Entity
2. How many areas added or deleted from
Audit Universe.
3. See the risk rating of Various Audit
Universe areas and any change in the
risk ratings.
Communication of inputs to and from
Enterprise Risk Management Team
1. Check Independent risk assessment
 Process
locations, functions, business
units and legal entities including
third parties, wherever relevant).
Resource and time allocation
Inputs for Audit plan for
Executive Management
Approval of Audit Plan with
Audit Committee / Board
Periodic review of Overall
Internal Audit plan
Risk Description Control
them altogether. risk attributable to each auditable unit.
2. Having adequate coverage in terms of
scope/ frequency/ resource allocation to
address the same.
Allocation of resources and skill set
Risk of inadequate resource allocation and
depending upon criticality and complexity
available skill set of the auditable unit along with proper time
duration for the review
1. Communication of Audit Planning
Risk of Audit Plan not in sync with process with executive management
Organizational realities/ Organization objectives
2. Various meeting to capture inputs
and strategies
3. Circulation of approved audit plan
1. Inputs from Audit Committee/ Board
Risk of Audit Planning not aligned with those
charged with governance 2. Approval of Final Audit plan by Audit
Committee
Risk of derailment or non-alignment of Overall Review of the Overall audit plan on regular
basis by Chief Audit Executive and periodic
Internal Audit Plan
reporting to Audit Committee / Board
Test Performed
along with methodology
2. See the coverage for scope/ frequency /
resource allocation, etc.
Assessment of resources and skill set
allocation vis a vis criticality and complexity
of the auditable unit. Sufficiency of the time
duration to have adequate coverage of
Auditable unit
1. Reviewing communication with
executive management
2. Check various minutes of the meetings/
or other documents to capture inputs
3. Review approved and circulated audit
plan
Review of Audit Committee minutes to check
inputs and approval
Check the review performed by Chief Audit
executive and periodic reporting to Audit
Committee / Board