This page contains an updated, alphabetized list of the internal auditing work programs and IT functional audit work programs that are available on KnowledgeLeader. These audit programs are provided in downloadable versions, so they can be repurposed for use in your organization.
A
Access to Programs and Data Audit Work Program
This audit program focuses on access to programs and data and outlines the IT general controls to be tested.
Accounting Reconciliation Audit Work Program
The objective of this audit program is to assess whether accounting reconciliations are performed accurately and discrepancies are reconciled.
Accounts Payable/Invoice Processing Audit Work Program
This sample audit work program reviews the accounts payable/invoice processing function at a company.
Accounts Payable and Expense Accounting Audit Work Program
This audit program focuses on the accounts payable and expense accounting processes.
Accounts Payable Review Work Program
This work program explains the audit steps that should be followed while evaluating a company’s compliance with corporate policies, procedures and known best practices in relation to accounts payable.
Accounts Receivable/Credit and Collections Audit Work Program
This work program explains the audit steps that should be followed while evaluating a company’s compliance with corporate policies, procedures and known best practices in relation to accounts receivable and credit and collections.
Accounts Receivable & Credit Internal Audit Work Program – Segregation of Duties
Accounts receivable and credit processing can introduce significant risks to an organization. Internal audit teams can utilize this sample work program to focus on segregation of duties and general control concerns within an organization's accounts receivable and credit processes.
Accounts Receivable/Collections Work Program
This work program provides sample audit steps for evaluating a company’s compliance with policies and procedures related to the accounts receivable and collections process.
Accrued Liabilities Audit Work Program
This audit program primarily focuses on identification and reporting of contingencies and accrued liabilities.
Active Directory Audit Work Program: Architecture/Design
This work program focuses on the general, domain structure, supporting infrastructure, and failover/availability aspects of the architecture/design of an active directory.
Active Directory Audit Work Program: Infrastructure
This work program focuses on the general, platform configuration, and platform security areas of the infrastructure of an active directory.
Active Directory Work Program – Replication
This is part eight of an Active Directory work program covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with Replication.
Active Directory Audit Work Program: User Management/Administration, Powerful User Rights
This active directory audit work program focuses on the powerful user rights aspect of user management/administration. It includes questions on key controls, the goal state for production, and the status of designed controls.
Active Directory Audit Work Program: User Management/Administration, Access Request Procedures
This active directory audit work program focuses on the access request procedures within user management/administration. It includes questions on key controls, the goal state for production and the status of designed controls.
Active Directory Audit Work Program: User Management/Administration, User ID Termination
This active directory audit work program focuses on the user ID termination aspect of user management/administration. It includes questions on key controls, preferred controls, goal state for production, and intent and status of designed control.
Active Directory Work Program: User Management/Administration, User ID Maintenance
This active directory audit work program includes questions on key controls, preferred controls, goal state for production, and intent and status of designed control.
Active Directory Audit Work Program: User Management/Administration, User ID Creation
The active directory work program focuses on the user ID creation aspect of user management/administration.
Active Directory Audit Work Program: User Management/Administration – General
This active directory work program focuses on the general aspects of user management/administration.
Adoption Assistance Audit Work Program
The objective of this work program is to assess the internal controls in place for the adoption assistance process.
Advertising and Promotion Audit Work Program
This sample audit program includes an overview for understanding and engaging in a review of controls around advertising and promotions.
Appeals and Grievances Audit Work Program
This sample work program reviews the appeals and grievances function, focusing specifically on transformation.
Application Audit Work Program
The objective of this audit work program is to evaluate a business unit’s application controls to determine compliance with corporate policies and that the application environment is appropriately protected.
Application Controls Audit Work Program
This application controls audit program applies when auditing financial end-user-developed spreadsheets and other applications.
Application Controls Audit Work Program: Sample 2
This audit work program focuses on the application controls necessary to support a business.
Application Security Review and Testing Audit Work Program
Application security involves checking the security controls of an application, not the operating system or device that hosts the application. A thorough and exhaustive evaluation of the security issues related to e-business applications is best tackled using a phased approach, such as that described here.
AS400 Review Audit Work Program
This work program outlines steps for an AS400 review audit. It identifies major areas to investigate during a general or specific controls review in an AS400 installation as well as critical control validation tests to perform.
Asset and Liability Management Policy Review Audit Work Program
The objective of this audit work program is to review the policies governing the asset and liability management process. While performing this review, an auditor can determine if these policies are reviewed on a regular basis and assess the governance oversight of the asset and liability management function.
B
Balance Sheet Review Audit Work Program
This audit work program ensures that each account on the balance sheet is assigned to someone for reconciliation during the close the book process.
Bank Branch Internal Audit: Cash Audit Work Program
This audit program provides general steps used to perform a cash audit at a bank branch.
Bank Branch Internal Audit: Checking Accounts and Overdrafts Audit Work Program
This audit program outlines steps for reviewing accounts and overdrafts at a bank branch.
Bank Branch Internal Audit: Encashment and Cash Items Audit Work Program
This audit program outlines steps to perform an encashment and cash items audit at a bank branch.
Bank Branch Internal Audit: General Audit Work Program
This work program outlines the steps used to perform a general audit at a bank branch.
Bank Branch Internal Audit: Income & Expense Audit Work Program
This work program outlines steps to perform an income and expense audit at a bank branch. Audit procedures including reviewing miscellaneous disbursement reports and any debit entries to a general ledger income account over a specific dollar amount.
Bank Branch Internal Audit: Items Held on Consignment Audit Work Program
This audit program outlines steps to perform an audit of items held on consignment at a bank branch.
Bank Branch Internal Audit: Night Deposit Audit Work Program
This audit program outlines general steps for performing a night deposit audit at a bank branch.
Bank Branch Internal Audit: Safe Deposit Audit Work Program
This audit work program outlines steps to perform a safe deposit audit at a bank branch.
Bank Branch Internal Audit: Savings Audit Work Program
The purpose of this work program is to provide the general steps used to perform a savings audit at a bank branch. This document provides audit procedures for reviewing inventories on hand, savings deposit and withdrawal activity, and related reporting.
Bank Branch Internal Audit: Security Audit Work Program
This audit work program outlines steps to perform a security audit at a bank branch.
Bank Branch Internal Audit: Unissued Checks and Money Orders Audit Work Program
This audit work program outlines steps to perform an audit of unissued checks and money orders at a bank branch.
Bank Branch Internal Audit: Wire Transfers and Foreign Remittances Audit Work Program
This audit work program reviews the wire transfers and foreign remittances process at a bank branch.
Bank Deposit Cycle: Control Objectives and Audit Work Program
This tool helps management analyze the effectiveness of the internal control structure over financial reporting for the deposit cycle at a bank.
Bank Expenditure Non-Payroll Cycle: Control Objectives and Audit Work Program
This tool helps management analyze the effectiveness of the internal control structure over financial reporting for the expenditure non-payroll cycle at a bank.
Bank Expenditure Payroll Cycle: Control Objectives and Audit Work Program
This control objectives guide identifies the types of risks that can be present in a bank's expenditure payroll cycle, and lists many process and monitoring type controls that can be put in place to minimize the risks. The associated work program assists in evaluating the effectiveness of the expenditure payroll cycle internal control structure.
Bank Financial Reporting Cycle: Control Objectives and Audit Work Program
This control objectives guide identifies the types of risks that can be present in a bank's financial reporting cycle, and lists many process and monitoring type controls that can be put in place to minimize the risks. The associated work program can assist in evaluating the effectiveness of the financial reporting cycle internal control structure.
Bank Investments Department Audit Work Program
This work program outlines steps for auditing a bank's investments department.
Bank Loan Cycle: Control Objectives and Audit Work Program
This control objectives guide identifies the types of risks that can be present in a bank's investment cycle, and lists many process and monitoring type controls that can be put in place to minimize the risks. The associated work program can assist in evaluating the effectiveness of the investment cycle internal control structure.
Bank Treasury Cycle: Control Objectives and Audit Work Program
This tool helps management analyze the effectiveness of the internal control structure over financial reporting for the treasury cycle at a bank.
Bank Trust Cycle: Control Objectives and Audit Work Program
This control objectives guide identifies the types of risks that can be present in a bank's trust cycle, and lists many process and monitoring type controls that can be put in place to minimize the risks. The associated work program can assist in evaluating the effectiveness of the trust cycle internal control structure.
Banking: Operations Department Audit Work Program
The purpose of this work program is to provide the general steps used to perform an audit of a bank’s operations department. This document provides audit procedures for the review of item processing, customer accounting, retail services, ATM administration, and general ledger and suspense accounts.
Banking: Payroll Department Audit Work Program
The purpose of this work program is to provide the general steps used to perform an audit of a bank’s payroll department. This document provides audit procedures for the review of payroll calculations, methods of payment, tax remittance verification, payroll check distribution, payroll changes, bonuses, manual checks, official checks, payroll bank reconciliation, year end reconciliation, general ledger account reconciliation, and payroll controls and reconciliation.
Baseline Controls Audit Work Program - Healthcare
The purpose of this work program is to provide the general steps used to perform an audit of baseline controls for a company in the healthcare industry. This document provides audit procedures for the review of billing and collections, cash controls, accounts payable/general accounting, payroll, and claims processing/compliance.
Billing and Collections Review Audit Work Program (Healthcare)
This work program reviews billing, collections and account follow-up processes for a healthcare organization.
Budgeting Process Audit Work Program
The purpose of this sample audit program is to evaluate the overall process for planning and completing budgeting, to determine the effectiveness of compliance with corporate policies and procedures, and to ensure that the budget process is operating as planned.
Business Continuity Management Audit Work Program
This audit work program focuses on the appropriateness of enterprise-wide business continuity planning, oversight and support, business impact analysis, and risk management.
Business Continuity Management Audit Work Program: Sample 2
This audit work program assesses the effectiveness of an organization's business continuity management process.
Business Continuity Planning Audit Work Program: Sample 3
This sample audit program determines the quality and effectiveness of an organization’s business continuity planning process.
C
Capital and Authorization for Expenditures Audit Work Program
This audit program outlines steps to analyze the effectiveness of the capital and authorization for expenditure process. The sample focuses on understanding and analyzing the activities, setting objectives and plans, identifying and prioritizing risks, identifying and evaluating controls, testing controls, reporting, monitoring and follow-up, and adding value.
Capital Asset Management Review Audit Work Program
This audit work program outlines steps for a capital asset management review, including capital asset procurement, tracking and monitoring, recording and reporting, and disposal and retirement.
Capital Expenditure Review Audit Work Program
This work program on capital expenditures auditing provides an example of steps to include in a review of internal controls surrounding fixed assets.
Capital Leasing Audit Work Program
The purpose of this work program is to provide the general steps used to perform a capital leasing audit.
Capital Projects Audit Work Program
This work program focuses on the capital projects process. It focuses on identifying and prioritizing risks, evaluating internal controls and assessing the maturity of this business process.
Capital Raise Audit Work Program
This audit program reviews an organization’s capital raise process, ensuring that processes exist to report accurate and complete information.
Cash Accounts Audit Work Program
This work program covers existence, accuracy and cut-off of cash balances.
Cash Collections, Security and Recording Review Audit Work Program (Healthcare)
This audit work program assesses the controls related to cash collections at multiple locations for a healthcare organization.
Cash Controls Audit Work Program: Healthcare Organizations
The purpose of this work program is to provide the general steps used to perform a cash controls audit for an organization in the healthcare industry, including reviewing and testing controls related to cash box security, check acceptance, receipts, reconciliation and deposits.
Casino Audit Work Program
This casino audit work program covers reviews of live gaming tables, electronic gaming devices, cashiering and credit, currency transaction reporting, and more.
Change Management Audit Work Program
This audit work program focuses on the technology change management process, specifically covering documentation, approvals, testing and migration to production.
Charge Master Maintenance Audit Work Program (Healthcare)
The objective of this audit program is to analyze and evaluate the adequacy of the charge master maintenance process to verify that all charges are developed in accordance with hospital policy and philosophy.
Charity Care Audit Work Program
The objective of this program is to perform a high-level review of charity care program practices to validate compliance with hospital policy. Steps include a detailed analysis of selected charity accounts and bad debt accounts.
Child Care Audit Work Program
This audit work program sample outlines steps to review a company’s child care program and related reimbursement process.
Close the Books Audit Work Program
This document provides two sample work programs that provide general steps for a "close the books" audit. These work programs help ensure that related systems are fully integrated, verify that the company is in compliance with established close schedules, and determine whether segregation of duties is adequate.
COBRA Work Program
This work program outlines the steps to audit the COBRA process.
Commercial Property Lease Application Review Audit Work Program
This audit program reviews an application that handles transactions related to leasing and renting commercial property.
Commissions Audit Work Program
The objective of these three sample work programs is to comprehend and assess the steps involved in the processing of sales commissions and to ensure that commissions’ policies and agreements are documented.
Computer Operations/Job Scheduling Audit Work Program
This work program focuses on computer operations and IT job scheduling. Audit objectives and test steps help determine and review the role of computer operations within an organization, the responsibilities of the computer operations department, and the ability to proactively manage computer operations.
Conflict of Interest (Trust Company) Audit Work Program
This audit work program focuses on the conflict of interest between a trust company and its affiliates.
Consolidation of Finance Functions Audit Work Program
The purpose of this work program is to provide the general steps used to perform an audit on consolidation of finance functions. This document provides the audit steps needed to address the finance functions associated with the accounts payable, accounts receivable, accounting operations, payroll, cost accounting, information systems, human resources and transfer pricing departments.
Construction Contracts Audit Work Program
This document provides two sample audit work programs for reviewing construction contracts, focusing on the adequacy of internal controls over a construction project and the extent of compliance with the terms of a contract.
Construction Contracts Audit Work Program: Sample 2
This audit work program reviews construction contracts, focusing on obtaining contractors, approval of change orders, regular administration and monitoring of contracts, review of contract budgets, and processing of contract payables.
Consumer Credit Lending Audit Work Program
This sample work program can be downloaded and reviewed for ideas and comparison with your own work programs.
Consumer Lending Department Audit Work Program
The consumer lending audit work program focuses on physical safeguards, adequate documentation, substantiation of loan balances and substantiation of collateral.
Contract Review Audit Work Program
The objectives of this work program are to assess whether contracts are executed in accordance with agreed upon terms and to ensure that all contracts are valid and properly authorized and mitigate risk of loss.
Control Environment Audit Work Program
This audit work program focuses on the control environment component of the COSO Framework.
Controls Monitoring Work Program
This sample work program provides steps to perform a quarterly assessment of management’s monitoring of company-level controls.
Corporate Responsibility Audit Work Program
The objectives of this audit work program are to assess the effectiveness of a corporate responsibility program (CRP) and to ensure that the company is continuing to put into practice the seven elements of an effective compliance program.
Corporate Treasury Audit Work Program
This audit work program focuses on policies and procedures for the corporate treasury department to ensure they are current and approved by the board of directors.
Corporate Treasury Review Audit Work Program
The purpose of this work program is to provide the general steps used to perform an audit of corporate treasury. This document provides objectives covering the overall financial control environment, financial and accounting controls, and processes within cash management, investments, and foreign exchange exposure management.
Cost Estimation Audit Work Program
This audit program sample covers several cost estimation areas, including bids, labor/material cost, engineering, other allocations and change orders.
Credit Limits Audit Work Program
This work program focuses on the credit process. Its objectives are to verify whether the credit limits are properly approved and the terms of the credits in the subsidiary records agree to the documentation.
Customer Care & Order Fulfillment: Control Analysis & Segregation of Duties Audit Work Program
This work program evaluates the adequacy of internal controls in the customer order fulfillment and cash handling processes. It includes a checklist of control activities and a related cash handling segregation of duties matrix.
Customer Credit Data Analytics Work Program
This eight-page work program utilizes data analytics to review the customer credit process.
Customer Service and Support Renewal Audit Work Program
This audit program provides steps to review the overall effectiveness of the customer service and support renewal function.
D
Data Center Walkthrough Audit Work Program
This work program will help determine whether information resources are protected against unauthorized access and environmental hazards.
Data Conversion Review Audit Work Program
The objective of this work program is to determine whether the appropriate project management controls are in place to ensure a successful and effective conversion of data from a legacy system to a new system.
Data Conversion Audit Work Program
This work program outlines steps for conducting a data conversion audit, specifically focusing on data extraction, transfer and accuracy.
Database Administration Audit Work Program
The purpose of this document is to provide the general steps of a database administration review audit. This work program identifies audit steps in the areas of general security, access, database availability, backup and recovery, development and integrity, and database host operating system security.
Database Audit Program
This database audit work program covers the following applications: DB2, Oracle 8i, Oracle 9i, Oracle RDB7, Sybase, and Progress. The work program is in the form of an Excel workbook, with a separate spreadsheet covering each of the following areas: Security; Change Management; and Monitoring.
Desktop Management Audit Work Program
This document outlines steps to audit the process used to deploy software to desktop computers.
Direct Charges Audit Work Program
This sample audit work program provides steps to review the direct charges process, including investigating the build-up of direct charge transactions (debits) in the direct charge clearing account.
Direct Deposit of Royalty Payments - Audit Work Program
This audit work program focuses on determining whether the sensitive information collected for the direct deposit of royalty payments is properly stored, processed, distributed and accessed by appropriate users.
Disaster Recovery Plan Review Audit Work Program
This audit work program reviews an organization’s disaster recovery plan, including the creation of the plan, evaluation of the risks covered, their impact on the business, and whether or not the plan provides for appropriate methods to recover from threats.
Disaster Recovery Risk Assessment Audit Work Program
This disaster recovery risk assessment audit work program addresses environmental, man-made, business and IT threats.
Disaster Recovery Work Program
The purpose of this work program is to act as a guide for the controls needed to minimize the business recovery time in case of a disaster. The steps covered in this work program include: business impact analysis; plan development, documentation, and maintenance; and recovery testing.
Distribution Center/Consigned Inventory Audit Work Program
The purpose of this work program is to provide the general steps used for an audit of a distribution center for consigned inventory, including reviewing the shipping and receiving processes and inventory cycle counts.
Diversify Workforce Audit Work Program
This audit work program evaluates a company's diversity and inclusion compliance processes.
Drug-Free Workplace and Work Force Audit Work Program
The purpose of this work program is to provide the general steps used to perform a drug-free workplace and workforce audit.
E
E-Commerce Website Audit Work Program
This sample work program provides a framework and checklist for testing to be performed by the internal audit or quality assurance team in reviewing a web site. It can be downloaded and reviewed for ideas and comparison with your own work programs.
EDI Audit Work Program
This review focuses on the processes to set up, design, and test client and carrier interfaces, and understand the documentation that is maintained for each interface.
Elder Care Audit Work Program
This sample audit work program outlines steps to review a company’s elder care program and the related reimbursement process.
Electronic Signature (E-Sign) Audit Work Program
The objective of this work program is to assess documented policies and procedures, including business requirements documentation, to determine if the provisions of the Electronic Signatures Act (E-Sign Act) are adequately addressed.
Employee and Labor Management Relations Audit Work Program
This audit program sample evaluates the effectiveness and efficiency of the employee and labor/management relations process, related internal controls, and supporting information systems.
Employee Benefits Audit Work Program
This audit program reviews the administration of the employee benefits program, eligibility of benefits, and authorization and issuing of benefit disbursements.
Employee Leave Benefits Audit Work Program
This audit work program reviews a company’s processes and procedures related to employee leave benefits.
End-User Computing Audit Work Program
This work program focuses on auditing end-user computing, specifically concentrating on identifying the IT controls to be tested, reviewing the results of management’s testing and documenting the procedures used to test each control.
Entity-Level Controls Audit Work Program
This sample audit work program evaluates the entity-level controls in an organization, specifically focusing on the control environment, risk assessment, information and communication, control activities, and monitoring.
Ethical Business Conduct Guidelines Audit Work Program
The purpose of this work program is to provide the general steps used to perform an audit of ethical business conduct guidelines. This document provides guidance on obtaining a list of all executives and directors, determining who is required to sign an ethical business conduct form, obtaining access to employees’ human resource files, and other steps needed to complete this audit.
Ethics Program Review Audit Work Program
An organization’s ethics program is increasingly important in the current regulatory environment and critical to minimizing reputation risk. is responsible for evaluating the effectiveness of ethics programs that can significantly reduce reputation risk exposure; however, evaluating a relatively intangible area such as ethical behavior can be challenging. This work program can assist with developing a comprehensive review.
Executive Bonus Audit Work Program
This sample work program reviews the executive bonus program of an organization.
Executive Compensation Audit Work Program
This audit program sample reviews an organization’s executive compensation process.
Executive Compensation Plan Payout Audit Work Program
This audit program sample helps to review an organization’s executive compensation plan payout process.
Expenditure Cycle Audit Work Program
This document provides two sample audit work programs for reviewing the expenditure cycle, with one leveraging computer assisted auditing techniques (CAATs) in the audit process. They both look at expenditure cycle activities such as purchasing, accounts payable, travel and entertainment charges, and payroll.
Export Compliance Audit Work Program
This audit program sample evaluates the effectiveness of export compliance policies and procedures and related processes.
F
Facilities Management Audit Work Program
The purpose of this work program is to provide the general steps used to perform a facilities management audit. This document provides guidance on reviewing facilities management best practices, understanding essential processes, and obtaining information regarding the cost of facilities maintenance.
Financial Institution Security Audit Work Program
This work program is an aid to assess the quantity of risk and the effectiveness of a financial institution’s risk management processes as they relate to the security measures instituted to ensure confidentiality, integrity, and availability of information, instilling accountability for actions taken on the institution’s systems.
Financial Reporting (External) Audit Work Program
The objective of this audit work program is to evaluate the operating effectiveness of internal controls identified in the external financial reporting process. It specifically focuses on controls related to the earnings release, filing forms 10-Q and 10-K, and debt compliance sub-processes.
Firewall Administration Audit Work Program
This audit program provides general steps for a firewall administration audit, including documentation, logical access, configuration, operating systems logs, firewall tests, application logs, physical security and continuity of operations.
Firewall Audit Work Program
This firewall audit program focuses on internet and firewall configuration security, internet and firewall configuration change management, network monitoring and intrusion detection, and firewall vulnerability assessment.
Fixed Asset Accounting Review Audit Work Program
The purpose of this audit program is to review the adequacy and efficiency of current capital asset management policies and procedures.
Fixed Assets and Property Audit Work Program
This audit work program reviews an organization’s fixed assets and properties to determine that they are correctly capitalized and depreciated.
Flexible Benefits Audit Work Program
This sample work program reviews the flexible benefits provided by a company.
Foreign Corrupt Practices Act (FCPA) Audit Work Program
This sample audit program assists audit teams when reviewing compliance with the Foreign Corrupt Practices Act of 1977.
Fraud Prevention and Detection Audit Work Program
This audit program sample focuses on understanding current fraud prevention and detection program activities.
Fraud Prevention Process: Debit and Credit Card Transactions Audit Work Program
This audit program identifies and evaluates the effectiveness of a debit and credit card service provider’s fraud prevention process.
Freight Management Audit Work Program
The purpose of this audit program is to understand and evaluate the freight management process, which includes reviewing process performance measures, process effectiveness and efficiency, and contract terms and management.
G
Global Human Resources Effectiveness Review Audit Work Program
This sample audit work program reviews the effectiveness of global HR capabilities using the capability maturity model (CMM) and determines action plans to achieve future-state assessments.
H
Health, Safety and Security Work Program
The purpose of this work program is to evaluate the health, safety and security processes of an organization.
Health Care Dependents Audit Work Program
This sample audit work program outlines the steps to audit the health care dependents process.
Healthcare Provider Contracting Audit Work Program
This healthcare audit work program is intended to determine whether internal controls in the provider contracting and capitated payment processes are in place and working effectively.
Hotel Accounts Receivable and Credit Review Audit Work Program
This audit work program focuses on the accounts receivable and credit areas of a hotel or hospitality property.
Hotel Audit Work Program
This audit work program provides guidelines for auditing a hotel and can be modified for other hospitality and service operations.
Hotel Expenditure Cycle Audit Work Program
This robust work program will assist in a comprehensive review of the expenditure cycle. Although the program is tailored to a hotel it includes review of the purchasing, receiving, inventory and supervisory operational and financial expenditure areas. Related Computer Assisted Audit Techniques (CAATS) or ACL type tests are included to leverage IT audit team members.
Hotel Financial Reporting and Revenue Recognition Review Audit Work Program
This audit work program provides a comprehensive review of hotel revenue. Objectives of this audit include: evaluate the reliability of financial reporting and discuss and obtain a general understanding of the current system of internal controls related to the hotel revenue areas; assess the adequacy of hotel revenue procedures under review in accordance with established policies; assess the adequacy of related procedural monitoring, including actions to mitigate revenue area-related risks during exception processing beyond established policies; and to develop, as necessary, recommendations to improve the efficiency and effectiveness of key processes, including management of related business risks.
Hotel Financial Reporting and Management Contract/Lease Agreement Areas Review Audit Work Program
This audit program outlines steps to perform a comprehensive review of a hotel's financial reporting area and its compliance with its management contract/lease agreement.
Hotel Financial Reporting and Treasury Review Audit Work Program
This audit work program assists with a comprehensive review of the treasury area for a hotel or hospitality property.
Hospital Compliance Department Work Program
This work program is intended to provide an team with steps and questions for reviewing a hospital's compliance program.
Human Resources Review Audit Work Program
This sample work program evaluates the effectiveness and efficiency of a company’s human resources (HR) process.
I
Incentive Compensation Audit Work Program
This document provides guidance on reviewing incentive policies and procedures, speaking with key individuals, and gaining understanding of key incentive compensation processes.
Information and Communication Audit Work Program
The purpose of this audit work program is to assess, at a high level, and validate key controls in place for the information and communication component of the COSO Framework. Inadequate or ineffective controls in this area give rise to financial and operational risks.
Information Security Work Program
This 11-page work program is intended to provide an team with guidance and direction when evaluating information security programs. It lists key project execution steps in the areas of strategies and policies, event monitoring, architecture and solutions, and managing deployment.
Insurance Claims Review (Healthcare) Audit Work Program
This audit work program addresses topics such as duplicates, insurance claim approvals, system interfaces, and refund status.
International Site Visit Audit Work Program
The purpose of this audit program is to document general procedures used to perform an audit of an international office.
Inventory Audit Work Program
This document includes three sample work programs for reviewing the inventory procedures at a company.
Investment Management Firm Audit Work Program
The purpose of this work program is to provide the general steps used to perform an audit at an investment management firm.
Investments in Securities, Derivative Instruments and Hedging Activities Audit Work Program
The objective of this audit program is to review the controls related to a company’s investment procedures.
IT Application Management Audit Work Program
This sample IT application management audit work program is designed around key risk indicators of potential problems.
IT Architecture and Physical Security Work Program
This work program highlights the general policies, procedures and other aspects related to IT Architecture and physical security, including change management, unauthorized access, security incidents and monitoring.
IT Asset Management Audit Work Program
These two sample work programs focus on the IT asset management process, specifically adequacy of controls, overall efficiency and effectiveness of processes, and compliance with policies and procedures.
IT Change Management Audit Work Program
This audit program focuses on assessing controls that mitigate the risks inherent within IT change management processes.
IT Data Management Audit Work Program
This document outlines steps to audit an organization’s data management process and includes a self-assessment questionnaire that gives the auditee an opportunity to inform internal audit about controls and processes employed.
IT General Controls: Computer Operations Audit Work Program
This work program focuses on auditing computer operations. It concentrates on the IT general controls to be tested, reviews the results of management’s testing, and documents the procedures used to test each control.
IT General Controls Design Assessment – Work Program
This work program evaluates the design of the IT general control environment, including infrastructure, applications, policies and procedures.
IT General Controls: Program Development Audit Work Program
This work program focuses on auditing the program development process. It concentrates on the IT general controls to be tested, reviews the results of management’s testing, and documents the procedures used to test each control.
IT Help Desk Audit Work Program
This document outlines steps to audit an organization’s IT help desk process.
IT Operations Management Audit Work Program
This document outlines steps to audit an organization’s IT operations management process.
IT Organization Audit Work Program
This document outlines steps to perform an IT organization audit.
IT Platform Management Work Program
This document outlines steps to audit an organization’s IT platform management process.
IT Project Governance Audit Work Program
This audit work program outlines steps for executing an IT project governance audit.
IT Strategy Management Work Program
This document outlines steps to audit an organization’s IT infrastructure management strategy process.
IT Vendor Management Audit Work Program
The objective of this audit work program is to evaluate the controls and processes required for conducting an IT vendor management audit.
IT Vendor Management Audit Work Program: Sample 2
This sample audit work program reviews the vendor management processes of the IT department of a company.
J
Journal Entries Audit Work Program
This audit program reviews company procedures focused on creating, posting and retaining journal entries between operating locations.
M
Manage Labor-Management Relationships Audit Work Program
This sample work program provides a test plan for managing labor-management relationships.
Management Reporting Audit Work Program
The objective of this work program is to evaluate the management reporting process. It outlines the checkpoints in preparing, compiling and reviewing management reports.
Marketing and Off-Take Agreement Audit Program
This work program can be used as a template for reporting the assessment of a client's internal accounting system with respect to a marketing agreement.
Material Receiving Internal Controls Audit Work Program
The purpose of this work program is to provide the general steps used to perform an audit of material receiving internal controls. This document provides audit steps that include: checking limits placed on quantities to be maintained in inventory, confirming controls are adequate to prevent theft and diversion of material, and assuring that store records maintained by employees are functionally independent of storekeepers.
Materials Management and Purchasing Audit Work Program
This work program reviews compliance with established procedures for the purchasing function.
Membership and Billing Audit Work Program
This sample audit program reviews the membership and billing process within a healthcare cooperative.
Monitoring Audit Work Program: Sample 2
The objective of this audit work program is to evaluate the operating effectiveness of the monitoring component of COSO. It specifically focuses on the attributes of ongoing monitoring, separate evaluations and reporting deficiencies.
Monitoring Controls (Entity-Level) Audit Work Program: Sample 2
The purpose of this audit work program is to evaluate the operating effectiveness of the monitoring component of COSO, as it relates to the attributes of ongoing monitoring, separate evaluations and reporting deficiencies.
N
Network Access and Infrastructure Audit Work Program
This audit program outlines steps to test the effectiveness of an organization’s network access and infrastructure. The test steps focus on the organization’s related policies and procedures, review and follow up of prior audit recommendations, custom reports, segregation of duties, business continuity/disaster recovery, laws and regulations, general ledger, outsourced processes, and fraud consideration regarding the network infrastructure.
Network Infrastructure Audit Work Program
These two sample work programs provide general steps for an IT network infrastructure audit.
O
Order Entry/Customer Service Audit Work Program
The purpose of this work program is to provide the general steps used to perform an order entry/customer service audit. This document identifies risks such as customer master records may not be accurate or created in a timely manner, sales order information may not be correct or timely, and change orders that exceed established credit limits are not communicated to the factory in an appropriate amount of time or are unauthorized. The work program describes how to best test these risks.
Order Management Process Audit Work Program
This work program provides key steps for a review of the order management process, including identification of performance metrics and computer-assisted auditing steps.
Order-to-Bill Audit Work Program
Specific objectives of this order-to-bill audit program sample include ensuring orders are accurately filled, using old/obsolete inventory, and accurate customer billing.
Original Equipment Manufacturer (OEM) Qualification Audit Work Program
This sample audit work program focuses on processes and controls a company may use to select, qualify, approve and maintain OEM customers.
Other Assets Audit Work Program
This sample audit program reviews the "other assets" account maintenance process and related accounting controls.
Other Liabilities Audit Work Program
This audit program sample reviews "other liabilities" to determine if the processes of approval, maintaining subsidiary ledgers, and periodic reconciliation to the general ledger accounts are adequately controlled.
P
Payment Review Audit Work Program
This work program focuses on identifying unauthorized payments.
Payroll and Leave Management Audit Work Program
This audit work program focuses on the payroll and leave management process, specifically assessing whether the organization has established an adequate control environment and properly addressed associated risks.
Payroll Audit Work Program
The purpose of this work program is to provide the general steps used to perform a payroll audit. This document provides details for interviewing personnel, reviewing and discussing payroll policies, and testing randomly selected transactions.
Payroll Cycle Data Analytics Audit Work Program
This six-page work program describes 22 risks associated with payroll cycle data analytics, with a focus on the tests used to identify them.
Payroll/Human Resources Review Work Program
These two sample work programs focus on adequacy of controls, overall efficiency and effectiveness of processes, and compliance with policies and procedures. Specific areas include reviewing the adequacy of system and manual check processing functions, proper review of payroll information, adequacy of supporting documentation, appropriate review and authorization of manual checks, and existence of proper segregation of duties.
PCI Review Work Program
This work program covers a high-level PCI review. Objectives include the processing of PINs, cryptographic key creation, and secure key transmission, loading, and administration.
Physical Security Audit Work Program
This 45-page work program outlines physical security best practices for data centers and information processing/storage facilities.
Physical Security for Information Technology Facilities Audit Work Program
The purpose of this work program is to provide the general steps used to perform an audit of physical security for IT facilities. This document gives specific questions related to risks such as unauthorized physical access, damaged cables and wiring, and power failures.
Physician Credentialing Audit Work Program
The audit objective of this review is to analyze and evaluate the current hospital credentialing process and identify the key controls governing the process.
Plant Operation Safety Audit Work Program
This sample work program reviews the safety of plant operations, ensuring compliance with company and governmental requirements.
Plant Operation Security Audit Work Program
This audit program template focuses on assessing a plant’s safety environment, ensuring compliance with company and governmental requirements related to safety, and reviewing to see if safety issues identified in various audits have been addressed appropriately.
Pricing & Discounts Audit Work Program
Product pricing can have a significant impact on revenue; internal audit can help to assure that controls over pricing and discounts are effective. This sample audit program will assist with a thorough review of this area.
Privacy Controls Audit Work Program
This audit program provides audit steps for a privacy controls review, including verifying management direction and support for privacy controls.
Procurement/Accounts Payable Audit Work Program
This document includes three sample work programs that provide key steps for reviewing the procurement and accounts payable process.
Procurement and Accounts Payable Controls Review Audit Work Program
This audit work program reviews the procurement and accounts payable controls at an organization to ensure that these activities and related controls are valid and properly authorized and mitigate risk of loss.
Procurement Card Audit Work Program
The purpose of this work program is to provide the general steps used to perform a procurement card audit.
Procurement Internal Controls Audit Work Program
This sample audit work program reviews the internal controls in an organization’s procurement process.
Product Development Audit Work Program
This sample product development audit program includes risk analysis, special and operational considerations, and evaluation components for an audit review.
Product Lifecycle Risk Audit Work Program
This sample work program reviews the risks in the planning and initiation, requirements analysis, design, development, testing, implementation and roll-out, and post implementation areas of IT projects.
Program Changes Audit Work Program
This audit program focuses on auditing program change controls. It concentrates on the IT general controls to be tested, reviews the results of management’s testing, and documents the procedures used to test each control.
Project Environment Risk Audit Work Program
This sample audit program reviews the risks inherent in project environments.
Project Management Risk Assessment Audit Work Program
This sample work program reviews the risks associated to project management in detail.
Project Risk Management Audit Work Program
This sample audit program provides the internal audit team with guidance and direction when executing audits of projects and/or program management office activities.
Project Support Risk Audit Work Program
This sample audit program reviews an organization’s program office risk areas and KPIs and outlines the corresponding work program tasks and leading practices.
Property, Plant and Equipment Audit Work Program
This audit program primarily focuses on the existence, additions, disposals, and depreciation of fixed assets and leases.
Purchase-to-Pay Cycle Data Analytics Work Program
This eight-page work program utilizes data analytics to review the purchase-to-pay cycle.
Purchasing, A/P, Travel and Entertainment Audit Work Program
The purpose of this work program is to provide the general steps used to perform an audit of purchasing, A/P, travel and entertainment, including the use of data analytics.
Purchasing Rebate Review Audit Work Program
The objective of this audit work program is to review the controls in place for the following areas of the Purchasing Rebate process: Supplier Rebate Set-Up, Maintenance and Forecasting; Rebate Processing; and Rebate Accounting and Financial Reporting.
Purchasing Rebates Audit Work Program
This sample audit program focuses on the following areas of the purchasing rebates process: supplier rebate set up, maintenance and forecasting, rebate accounting and financial reporting, and rebate processing.
Purchasing Work Program
The purpose of this work program is to provide the general steps used to perform a purchasing audit. The detailed steps in this document provide an understanding of the purchasing process, including how to create process maps, review departmental policies, and compare current practices to best practices.
Q
Quality Assurance and Inspection Process Audit Work Program
The purpose of this work program is to provide the general steps used to perform a quality assurance audit. This document provides audit steps that include procedures for the review of materials receiving, subcontractor quality control, metrology and calibration, and quality assurance data.
R
RACF Mainframe Controls Review Audit Work Program
This audit work program outlines detailed steps to review the controls for an RACF mainframe.
Remote Site Visit Audit Work Program
These three sample work programs provide general steps for a remote site audit.
Restaurant Regional Office Internal Control Audit Work Program
The purpose of this work program is to conduct an internal control review at a restaurant company’s regional office. Example audit areas covered in this work program include: payroll, overtime, inventory, bank reconciliations, and approved vendors.
Restaurant Site Review Audit Work Program
This audit program provides the steps for performing a restaurant site review, including cash control, asset control, operations management, inventory control, information systems, and human resources.
Restaurant Visit Internal Control Audit Work Program
This audit work program focuses on conducting internal control reviews at restaurant operating sites.
Retail Audit Work Program
This exclusive work program for KnowledgeLeader subscribers provides retailers with an overview of operational audit steps to ensure compliance with key regulations.
Returns Management Audit Work Program
This work program focuses on transaction and controls testing for a company's returns management process.
Revenue Forecasting Audit Work Program
The purpose of this work program is to provide the general steps used to perform a revenue forecasting audit. This document provides steps to review forecasting development/methodology and forecast execution.
Risk Assessment Audit Work Program
This sample audit work program assesses and validates key controls in place for the risk assessment component of the COSO framework.
S
Sales Compensation Audit Work Program
This audit work program suggests steps for a review of a company's sales compensation and commission payment process.
Sarbanes-Oxley Process Documentation Review Audit Work Program
The objective of this audit program is to ensure that Sarbanes-Oxley (SOX) Section 404 processes are documented to communicate a clear understanding of business activity, including its related risks and controls, roles, and responsibilities.
Security Administration Audit Work Program
The purpose of this work program is to determine whether company policy and the structure of the security administration function provide for adequate administration of logical security.
Security Management Audit Work Program
This document outlines steps to audit an organization’s security management process.
Security Policy Review Audit Work Program
The purpose of this work program is to determine whether the right security policies exist and determine if existing policies cover the necessary issues and are disseminated to the right people.
Service-Level Agreement Controls Audit Work Program
This audit program assesses internal controls specific to a service-level agreement (SLA).
Shipping and Receiving Audit Work Program
This document provides two sample audit work programs for the shipping and receiving process, focusing on the importance of identifying shipping and receiving process improvement opportunities.
Siebel/Oracle Information Security Audit Work Program
This sample work program provides procedures to evaluate six system control objectives relating to Siebel/Oracle information security.
Social Responsibilities Programs Audit Work Program
This audit program sample helps internal audit functions to help identify social responsibility issues that an organization may not be adequately addressing and to assess controls around those programs.
Software Licensure Compliance Audit Work Program
This sample work program can be modified for scope considerations that will depend on the extent of the software agreement under review.
Spare Parts Inventory Audit Work Program
The purpose of this work program is to provide the general steps used for a spare parts inventory audit, including reviewing procurement, storage and distribution of spare parts.
Spending Authority Review Audit Work Program
This work program provides steps and considerations for reviewing spending authority policies and processes.
Stock Administration Review Work Program
This work program focuses on the internal responsibilities of corporate stock program administration.
Stock Option Review Audit Work Program
This internal audit work program focuses on understanding and evaluating a company's stock option management process, performing testing, and investigating control weaknesses.
Supply Chain Audit Program
This audit program focuses on the supply chain management process, including: policies, organizational risks, process risks, major processes, cost-control, and performance measures.
System Backup Review Audit Work Program
The purpose of this work program is to review an organization’s system backup procedures. This includes identifying all applications key to the organization, identifying the responsible person for the backup procedure, analyzing actual procedures performed, and determining the appropriateness of handling related media.
System Implementation Audit Work Program
The purpose of this work program is to provide the general steps used to review the system implementation process.
System Intrusion Audit Work Program
The objective of this audit work program is to evaluate a business’s ability to detect unauthorized system access attempts.
System Management Risk Assessment and Control Audit Work Program
Since most financial transactions are processed and maintained in the IT environment, the IT function is critical for all financial audits performed. This work program will assist audit teams with identifying risks and related controls for logical security administration and monitoring, physical security, change management, problem management, and system availability.
System Pre-Implementation Review Audit Work Program
The purpose of this document is to provide the general steps used to execute a pre-implementation review audit. This document provides audit objectives and procedures to help evaluate items such as the project management strategy, mechanisms that limit the ability to make changes to the application, and associated infrastructure testing strategies and procedures.
Systems and Application Audit Work Program
The purpose of this work program is to provide the general steps used to perform a systems and application audit. Testing examples include systems designs, component integration, interfaces and data conversion routines.
T
Temporary Employee Management Review Work Program
The purpose of this work program is to provide the general steps used to perform an audit of temporary employee management. This document provides detailed objectives used to understand and evaluate the temporary employee management process, validate process performance measures and business controls, and identify opportunities for enhancement.
Third-Party Labor Contractor Audit Work Program
This audit program sample covers topics such as contract/bid processes, billing matters and time reporting controls.
Travel Agent Commissions Review Audit Work Program
This audit work program assesses and validates key controls in place for the travel agents commission process.
Travel and Expense Reimbursement Audit Work Program
This document includes two sample audit work programs that provide steps used to perform an employee travel and expense reimbursement audit.
Travel and Expense Reporting Audit Work Program
This audit program reviews the travel and expense reporting function processes, focusing on proper review and approval of reimbursement items, adequacy of supporting documentation, and efficiency of the reimbursement process.
Travel Review Audit Work Program
This audit work program reviews an organization’s travel, food service and vending areas.
Treasury and Cash Management Audit Work Program
This document includes two sample treasury and cash management work programs that focus on adequacy of controls, overall efficiency and effectiveness of processes, and compliance with policies and procedures.
U
U.S. Domestic Income and Property Tax Review Audit Work Program
This work program reviews key tax processes and systems related to a company’s U.S. operations.
UNIX Security Audit Work Program
This audit program outlines steps for reviewing the security of systems running the UNIX operating system.
V
Vendor Rebates Audit Work Program
This audit program helps determine whether vendor rebate receivables have been properly recorded and calculated.
Virtual Private Network (VPN) Administration Audit Work Program
This audit work program provides general steps for a virtual private network (VPN) administration audit. It includes test steps in the areas of documentation, logging, monitoring and user pool for VPN administration.
W
Warranty/Field Services Review Audit Work Program
This audit work program reviews controls to ensure that all service activity—above and beyond what is called for in a warranty contract—is captured, tracked and billed to the customer.
Warranty Processing Review Audit Work Program
This audit program reviews a company’s method of tracking and recording in-warranty repairs, out-of-warranty repairs, and sales credits under the warranty and service repair process.
Wire Transfer and Investment Work Program
This work program provides key steps for reviewing a company's electronic funds transfer process, which allows customers to send funds to or from another financial institution.