Treasury Internal Audit Framework Revised ... - National Treasury
Treasury Internal Audit Framework Revised ... - National Treasury
Treasury Internal Audit Framework Revised ... - National Treasury
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Establishment of IAA<br />
changing priorities and emerging audit needs.<br />
The AC should approve material changes to<br />
the operational IA plan.<br />
3.5.1 Risk Based Planning<br />
Risk based planning means finding the correct<br />
balance of risk based versus cyclical based<br />
audits. This balance depends on the maturity<br />
of an organisation’s systems and processes,<br />
the extent to which policies and procedures<br />
and internal controls are entrenched and<br />
complied with, and the general strength of the<br />
wider control environment. Best practice is<br />
that the IAA spends most of its time on riskbased<br />
audits, and the rest on cyclical based<br />
audits, follow-up audits and ad hoc requests.<br />
3.5.1.1 Risk based audits<br />
Given the results from the risk assessments<br />
performed (which generally indicate only a<br />
satisfactory-to-weak control environment) it<br />
may be appropriate for the IAA to focus its<br />
attention on the high risk areas, mostly<br />
concentrating on ensuring that key controls<br />
are in place and adhered to.<br />
37 <strong>Internal</strong> <strong>Audit</strong> <strong>Framework</strong>