This tool includes two sample audit reports that outline the approach employed by internal audit to develop an audit plan for core audits and hot spots.
In these samples, core foundational audits are conducted each year that focus on key-risk areas, processes, and SEC and other regulatory requirements. Sarbanes-Oxley (SOX) audits are performed and include a financial reporting process; financial systems; audits for finance, operations and IT areas; and cyber risk and data privacy. Hot spot audits are top-of-mind audits that directly relate to risk areas impacting company business. These hot topic/top-of-mind audits address key-risk areas and ongoing initiatives are consistently referenced during risk assessment sessions and risk council meetings and/or identified during prior year audits. Example hot topic areas in these samples include:
Third-party access to IT systems
Development/acquisition due diligence and underwriting