This page contains many of the sample internal auditing work programs and IT functional audit work programs that are available on KnowledgeLeader. These audit programs are provided in downloadable versions so they can be repurposed for use in your organization.
Select one of the areas below to view summaries of these audit programs, or click to view the full list by Date, Title, or by Topic.
Capital Projects Audit Work Program
This work program focuses on the capital projects process. It focuses on identifying and prioritizing risks, evaluating internal controls and assessing the maturity of this business process.
Application Audit Work Program
The objective of this audit work program is to evaluate a business unit’s application controls to determine compliance with corporate policies and that the application environment is appropriately protected.
Adoption Assistance Audit Work Program
The objective of this work program is to assess the internal controls in place for the adoption assistance process.
Treasury and Cash Management Audit Program (Sample 2)
This work program lays out audit procedures for treasury and cash management. Specific areas of review include: cash disbursements, cash receipts, timely identification and resolution of exceptions, bank account analysis, investing/borrowing, capital management, foreign exchange exposure management, cash flow forecasting, IT assessment and derivatives.
Accounting Reconciliation Audit Work Program
The objective of this work program is to assess whether accounting reconciliations are performed accurately and discrepancies are reconciled.
Credit Limits Audit Work Program
This work program focuses on the credit process. Its objectives are to verify whether the credit limits are properly approved and the terms of the credits in the subsidiary records agree to the documentation.
Disaster Recovery Work Program
The purpose of this work program is to act as a guide for the controls needed to minimize the business recovery time in case of a disaster. The steps covered in this work program include: business impact analysis; plan development, documentation, and maintenance; and recovery testing.
Financial Institution Security Audit Work Program
This work program is an aid to assess the quantity of risk and the effectiveness of a financial institution’s risk management processes as they relate to the security measures instituted to ensure confidentiality, integrity, and availability of information, instilling accountability for actions taken on the institution’s systems.
IT Asset Management Diagnostic Audit Work Program
This work program covers a complete IT Asset Management (ITAM) diagnostic audit. Areas covered within this work program include the IT Asset Management Function, IT Asset Management Processes, and IT Asset Financial Management.
Data Center Walkthrough Audit Work Program
This work program will help determine whether information resources are protected against unauthorized access and environmental hazards.
PCI Review Work Program
This work program covers a high-level PCI review. Objectives include the processing of PINs, cryptographic key creation, and secure key transmission, loading, and administration.
Payroll and Leave Management Audit Work Program
This audit work program focuses on the payroll and leave management process. This document assesses objectives such as whether the organization has established an adequate control environment and properly assesses risks associated with this process.
Windows Server 2003 Configuration and Supporting Processes Audit Work Program
This work program covers areas specific to configuration and the supporting processes for systems running Microsoft Windows Server 2003. Topics covered include Active Directory, platform configuration settings, policies and procedures, Remote Access Service (RAS), and more. This work program provides specific control objectives, general procedures, and detailed test steps for evaluating Active Directory configuration, RAS settings, security policies, and much more.
Windows Server 2003 Network and Environment Controls Work Program
This work program covers network and environment controls for systems running Microsoft Windows Server 2003. Topics covered include monitoring intrusion detection software, ensuring authorized access to packet sniffing utilities, and proper filtering of all network ports. Review this work program to learn more about these topics and many more.
Windows Server 2003 System Logging and Auditing Work Program
This work program covers areas specific to user account management for systems running Microsoft Windows Server 2003. Topics covered include: remote access, default accounts, access control groups, reviewing contractor/temporary accounts, unique user IDs and more.
Windows Server 2003 Access Control Work Program
This work program covers areas specific to Access Control management for systems running Microsoft Windows Server 2003. Topics covered include access control objectives for: administration tools and system utilities, DNS queries and zone transfers, Microsoft Management Console, and more.
Windows Server 2003 User Account Management Work Program
This work program covers areas specific to user account management for systems running Microsoft Windows Server 2003. Topics covered include: remote access, default accounts, access control groups, reviewing contractor/temporary accounts, unique user IDs and more.
System Pre-Implementation Review Audit Work Program
The purpose of this document is to provide the general steps used to execute a pre-implementation review audit. This document provides audit objectives and procedures to help evaluate items such as the project management strategy, mechanisms that limit the ability to make changes to the application, and associated infrastructure testing strategies and procedures.
Computer Operations/Job Scheduling Audit Work Program
The purpose of this document is to provide the general steps used to execute an audit on computer operations and IT job scheduling. This work program provides audit objectives and test steps to help determine and review the role of computer operations within an organization, the responsibilities of the computer operations department, and ability to proactively manage computer operations. Use this work program to test these steps and many more.
IT Project Governance Work Program
The purpose of this document is to provide the general steps used to execute an IT project governance audit. This work program identifies major areas to be investigated during an IT project governance review as well as critical control validation tests to perform.
Data Conversion Work Program
The purpose of this document is to provide the general steps used to evaluate a data conversion project. This work program provides audit objectives and work steps to ensure proper extraction of source data, confirm that controls are in place to verify accurate data conversion, and make certain that appropriate testing is done with converted data.
Database Administration Audit Work Program
The purpose of this document is to provide the general steps of a database administration review audit. This work program identifies audit steps in the areas of general security, access, database availability, backup and recovery, development and integrity, and database host operating system security.
AS400 Review Audit Work Program
The purpose of this document is to provide the general steps of an AS400 review audit. This work program identifies major areas which should be investigated during a general or specific controls review in an AS/400 installation as well as critical control validation tests that should be performed.
VPN Audit Work Program
The purpose of this document is to provide the general steps of a Virtual Private Network (VPN) Administration audit. This work program provides tasks descriptions and test steps in the areas of documentation, logging, monitoring, and user pool for VPN Administration.
Firewall Audit Work Program
The purpose of this document is to provide the general steps of a firewall administration audit. This work program provides tasks descriptions and test steps for areas such as: documentation, logical access, configuration, operating systems logs, firewall tests, application logs, physical security, and continuity of operations.
Change Management Audit Work Program
The purpose of this document is to provide the general steps of a technology change management audit. This work program includes tasks descriptions and test steps in the following areas: documentation, approval process, testing, and migration to production.
Network Infrastructure Audit Work Program
The purpose of this document is to provide the general steps of an IT network infrastructure audit. This work program addresses three general risks -- confidentiality, integrity, and availability -- in four major areas.
AuditNet Premium Content
This page will link you to AuditNet.org and will take you to AuditNet’s Premium Content - typically only available to paid, registered AuditNet users. Subscribers have access to all of AuditNet's Premium Content as a part of the KnowledgeLeader service. Protiviti disclaims all warranties as to the accuracy, completeness or adequacy of information contained therein or for interpretations thereof. Protiviti accepts no liability or responsibility to the user for the selection of materials from AuditNet.org or for reliance by any user or reader on such information.
Restaurant Visit Internal Control Audit Work Program
The purpose of this work program is to conduct an internal control review at a restaurant company’s operating sites. Example audit areas covered in this work program include: payroll, overtime, inventory, bank reconciliations, and approved vendors.
Restaurant Regional Office Internal Control Audit Work Program
The purpose of this work program is to conduct an internal control review at a restaurant company’s regional office. Example audit areas covered in this work program include: payroll, overtime, inventory, bank reconciliations, and approved vendors.
Risk Assessment Audit Work Program
This audit work program focuses on the risk assessment component of the COSO framework. Sample risks addressed in this audit work program include: management does not have a business planning process in place that examines existing objectives and establishes new objectives when necessary; senior management does not develop plans to mitigate significant identified risks; and changes in risks are not identified in a timely manner.
Information and Communication Audit Work Program
This audit work program focuses on the information and communication component of the COSO Framework. Sample risks addressed in this audit work program include: adequacy of the information technology structure is not considered by senior management; there is not a regular back-up of application programs and data files; and reported problems are not investigated in a timely manner and disciplinary actions are not taken when necessary.
Control Environment Audit Work Program
This audit work program focuses on the control environment component of the COSO Framework. Sample risks addressed in this audit work program include: a code of conduct and other policies does not exist regarding acceptable business practices, conflicts of interest, or expected standards of ethical and moral behaviour; adequate staffing levels are not maintained to effectively perform required tasks; and an independent governing body that provides oversight for management's activities does not exist.
Monitoring Audit Work Program - Example 2
This audit work program focuses on the monitoring component of the COSO Framework. Sample risks addressed in this audit work program include: internal and/or external audit comments and management responses are not provided to the audit committee or board of directors and internal audit does not have the authority to review any aspect of the entity's operations.
End User Computing Audit Work Program
This work program focuses on auditing end user computing. It concentrates on the IT controls to be tested; reviews the results of management’s testing; and documents the procedures used to test each control.
Computer Operations Audit Work Program
This work program focuses on auditing computer operations. It concentrates on the IT general controls to be tested; reviews the results of management’s testing; and documents the procedures used to test each control.
Program Development Audit Work Program
This work program focuses on auditing the program development process. It concentrates on the IT general controls to be tested; reviews the results of management’s testing; and documents the procedures used to test each control.
Program Changes Audit Work Program
This work program focuses on auditing program change controls. It concentrates on the IT general controls to be tested; reviews the results of management’s testing; and documents the procedures used to test each control.
E-Commerce Audit Work Program
This extensive e-Commerce audit work program is tailored towards the requirements of a credit union. It can be downloaded and reviewed for ideas and comparison with your own work programs.
Active Directory Work Program - Infrastructure
This is the final section of an Active Directory work program covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with the Infrastructure.
Active Directory Work Program - Replication
This is part eight of an Active Directory work program covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with Replication.
Active Directory Work Program - Architecture/Design
This is part seven of an Active Directory work program covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with Architecture/Design.
Active Directory Work Program - User Management/Administration - Powerful User Rights
This is part six of an Active Directory work program covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with the rights of Powerful User.
Active Directory Work Program - User Management/Administration - Access Request Procedures
This is part five of an Active Directory work program covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with user Access Request procedures.
Active Directory Work Program - User Management/Administration - ID Termination
This is part four of the Active Directory work program covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with user ID termination.
Active Directory Work Program - User Management/Administration - ID Maintenance
This is part three of an Active Directory workprogram covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with user ID maintenance.
Active Directory Work Program - User Management/Administration - ID Creation
This is part two of an Active Directory workprogram covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. The second section deals with ID creation.
Active Directory Work Program - User Management/Administration - General
This is part one of an Active Directory workprogram covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. The first section deals with general aspects of user management and administration.
Access to Programs and Data Audit Work Program
The purpose of this work program – focused on access to programs and data – is to outline the IT general controls to be tested, review the results of management’s testing, and document the procedures to test each control.
Travel Agent Commissions Audit Work Program
The purpose of this internal audit work program is to assess, at a high level, and validate key controls in place for the travel agents commission process. Steps in this document include examining the travel agent commission review and approval process; adequacy of supporting documentation; and compliance with company policies and procedures.
Warranty Processing Review Audit Work Program
The purpose of this audit work program is to review a company’s method of tracking and recording in-warranty repairs, out-of-warranty repairs, and sales credits under the warranty and service repair process in accordance with company policy and United States Generally Accepted Accounting Principles (GAAP).
U.S. Domestic Income and Property Tax Review Audit Work Program
This work program focuses on key tax processes and systems related to a company’s U.S. operations. This review focuses on related business strategies and policies, business and risk management processes, management reports, methodologies, people and organizational structure, and systems and data.
Disaster Recovery Plan Review
This work program provides a review of a Disaster Recovery Plan, including the creation of the plan, evaluation of the risks covered, their impact on the business, and whether or not the plan provides for appropriate methods to recover from the threats covered by the plan.
EU Data Directive Work Program
This work program can be used to audit compliance with the European Union Data Directive (EUDD). It includes an overview of the EUDD requirements as they relate to privacy and security of personal data, and initial survey questions intended to provide the audit team with an overview of the auditee’s high-level privacy knowledge and awareness.
Payroll/Human Resources Review Work Program
This payroll/HR review work program focuses on adequacy of controls, overall efficiency and effectiveness of the processes, and compliance with policies and procedures. Specific areas of review include the adequacy of system and manual check processing functions; proper review of payroll information; adequacy of supporting documentation; appropriate review and authorization of manual checks; and existence of proper segregation of duties.
Conflict of Interest (Trust Company) Audit Work Program
The purpose of this audit work program is to review conflict of interest procedures between a trust company and its affiliates. This includes reviewing guidelines on appropriate financial trades, obtaining necessary board of director approval for these transactions, and determining appropriate fee structures.
Journal Entries Audit Work Program
The purpose of this audit work program is to review procedures regarding the creation, posting and retention of journal entries. This includes determining if evidence exists and supports the amount booked in the accounting system; proper approval; and completeness and accuracy of each journal entry.
Electronic Signature (E-Sign) Audit Work Program
The audit objective of this review is to assess documented policies and procedures, including business requirements documentation, to determine if provisions of the Electronic Signatures Act and Department of Education are adequately addressed. Auditors are asked to verify that the IT Infrastructure supporting the electronic signature process is appropriately configured to protect critical data from unauthorized access, disclosure, modification, corruption, or destruction.
Physician Credentialing Audit Work Program
The audit objective of this review is to analyze and evaluate a hospital’s physician credentialing process and identify the key controls governing the process. This work program has been updated with detailed steps focused on verifying applicants’ education and certification background, hospital staff system access rights to physician profiles, and maintaining a log of current physicians on staff.
Database Audit Program
This database audit work program covers the following applications: DB2, Oracle 8i, Oracle 9i, Oracle RDB7, Sybase, and Progress. The work program is in the form of an Excel workbook, with a separate spreadsheet covering each of the following areas: Security; Change Management; and Monitoring.
Service Level Agreement Controls Audit Work Program
The purpose of this audit work program is to assess the controls specific to a Service Level Agreement (SLA). This includes determining the business requirements of the service provider; identifying frameworks and methods used by the service provider; and reviewing key performance indicators, controls, and critical success factors used to ensure delivery of business requirements.
Freight Management Audit Work Program
The purpose of this work program is to understand and evaluate the freight management process. This includes reviewing process performance measures, process effectiveness and efficiency, and contract terms and management.
System Backup Review Audit Work Program
The purpose of this work program is to review an organization’s system backup procedures. This includes identifying all applications key to the organization, identifying the responsible person for the backup procedure, analyzing actual procedures performed, and determining the appropriateness of handling related media.
Entity-Level Controls Audit Work Program
The objective of this audit work program is to evaluate the entity-level controls at an organization. The work program specifically focuses on entity-level topics such as integrity and ethical values; management commitment to competence; effective Board of Directors; and management's philosophy and operating style.
Shipping and Receiving Audit Work Program – Sample 2
The objective of this audit work program is to evaluate the accuracy of the shipping and receiving process. The audit work program specifically focuses on ensuring that all deliveries/shipments are accurately received/issued and ensuring the integrity of order information as it flows through the systems.
Purchasing Rebate Review Audit Work Program
The objective of this audit work program is to review the controls in place for the following areas of the Purchasing Rebate process: Supplier Rebate Set-Up, Maintenance and Forecasting; Rebate Processing; and Rebate Accounting and Financial Reporting.
Monitoring Controls (Entity-Level) Audit Work Program
The objective of this audit work program is to evaluate the operating effectiveness of the monitoring component of COSO. The audit work program specifically focuses on the attributes of on-going monitoring, separate evaluations, and reporting deficiencies.
Fraud Prevention Process – Debit and Credit Card Transactions Audit Work Program
The objective of this audit work program is to identify and evaluate the effectiveness of a debit and credit card service provider’s fraud prevention process. This work program reviews the reports utilized to monitor fraudulent activities involving debit and credit cards and system settings intended to identify potentially fraudulent transactions
Employee Benefits Audit Work Program
This document focuses on auditing a company employee benefits program. This audit work program reviews the administration of the employee benefits program, eligibility of benefits, and authorization and issuing of benefit disbursements.
Financial Reporting (External) Audit Work Program
The objective of this audit work program is to evaluate the operating effectiveness of internal controls identified in the external financial reporting process. The audit work program specifically focuses on controls related to the earnings release, filing Forms 10-Q and 10-K, and debt compliance sub-processes.
Investments in Securities, Derivative Instruments, and Hedging Activities - Audit Work Program
The objective of this audit work program is to review the controls related to a company’s investment procedures. The work program reviews whether investment transactions were initiated in accordance with management’s established policies, the accuracy of investment information, and the results reported in the financial statements.
SOX Process Documentation Review Audit Work Program
The objective of this audit program is to ensure that SOX 404 processes are documented to communicate a clear understanding of the business activity, including its related risks and controls, roles, and responsibilities. In addition, these steps are intended to ensure all changes made to process documentation are reviewed for accuracy and completeness.
Data Center Review Audit Work Program
The objective of this work program is to evaluate access controls and environmental controls for the data center, and to develop recommendations to create meaningful change.
Disaster Recovery Risk Assessment Audit Work Program
This disaster recovery risk assessment work program provides an outline for standard business models. It is not intended to be an all-inclusive list, but a starting point in the risk assessment process. Key areas and related risks considered include environmental, man-made, business, and IT threats.
Asset and Liability Management Policy Review Audit Work Program
The objective of this audit work program is to review the policies governing the asset and liability management process. While performing this review, an auditor can determine if these policies are reviewed on a regular basis and assess the governance oversight of the asset and liability management function.
Capital Raise Audit Work Program
The objective of this audit work program is to review the capital raise process. While examining this process, an auditor can verify whether processes exist to report accurate and complete information; transactions are in adherence with company policies; and sufficient supporting documentation exists.
Commercial Property Lease Application Review Audit Work Program
This is a sample work program for reviewing an application that handles transactions related to leasing and renting commercial property.
Business Continuity Management Audit Work Program
This extensive business continuity management work program covers the following areas: general BCP, preliminary steps, examination scope and objectives, appropriateness of enterprise-wide BCP, oversight and support, business impact analysis, risk management, testing, IT documentation, hardware backup and recovery, software backup and recovery, preparation for data center recovery, inclusion of security procedures, critical outsourced activities, conclusions, and final steps.
Siebel/Oracle Information Security Audit Work Program
This sample Siebel / Oracle information security work program provides procedures to evaluate six system control objectives.
Balance Sheet Review Audit Work Program
This sample balance sheet review audit work program can be downloaded and reviewed for ideas and comparison with your own work programs.
Insurance Claims Review (Healthcare) Audit Work Program
This healthcare audit work program is intended to assist in determining whether internal controls in the health insurance claims review process are in place and working effectively. This audit work program addresses topics such as duplicates, claim approvals, system interfaces, and refund status.
Corporate Responsibility Program Effectiveness Assessment Audit Work Program
The objectives of this audit work program are to assess the effectiveness of a Corporate Responsibility Program (CRP), and to ensure that the company is continuing to put into practice the seven elements of an effective compliance program.
Construction Contracts Audit Work Program
The audit objectives of this work program is to evaluate the adequacy of internal controls over the construction project; determine the extent of compliance with the terms of the contract; verify the propriety of the amounts paid for construction; identify and quantify overcharges to the construction project; and determine that assets are properly classified and componentized. Steps in this work program include reviewing bid documentation, evidence of contractor and subcontractor billings, and approval of change orders.
Healthcare Provider Contracting Audit Work Program
This healthcare audit work program is intended to determine whether internal controls in the provider contracting and capitated payment processes are in place and working effectively.
Charity Care Audit Work Program
The objective of this program is to perform a high-level review of charity care program practices to validate compliance with hospital policy. Steps include a detailed analysis of selected charity accounts and bad debt accounts.
Charge Master Maintenance Audit Work Program
The audit objective of this hospital work program is to analyze and evaluate the adequacy of the Charge Master Maintenance process. These steps verify that all charges are developed in accordance with policy, determine the degree of compliance by employees with administrative and financial policies as prescribed by management, and confirm if charges are developed timely and accurately.
IT Audit Work Program – Application Controls
This sample work program covers various application controls necessary to support the business, focusing primarily on access and change controls.
Vendor Rebates Audit Work Program
This sample audit work program can be used to determine whether vendor rebate receivables have been properly recorded and calculated, to determine whether the General Reserve for vendor rebates and the inventory adjustment are adequate, and to review supporting documentation.
Controls Monitoring Quarterly Assessment Audit Work Program
This sample work program provides steps to perform a quarterly assessment of management’s monitoring of company-level controls. Specific objectives of this work program include: evaluate the effectiveness of management’s controls monitoring process; assess management’s progress with respect to the implementation of action plans designed to address deficiencies; provide management with an internal audit framework to use in monitoring key controls on an ongoing basis and evaluate whether those controls are operating as designed.
Audit Work Programs - Other Resources
This page is provided as a resource for linking to work programs that other organizations have posted on the Internet.
IT Change Management Audit Work Program
IT change management is a process to manage changes to production hardware, network devices, operating systems, and application software. This sample audit work program helps assess IT change controls.
Customer Service and Support Renewal Audit Work Program
This sample work program provides steps to review the customer service and support renewal function. Specific objectives of the work program include: determine compliance with certain customer service and support renewal local policies and procedures; evaluate overall effectiveness of the customer service and support renewal business functions; and identify internal control and process improvement opportunities.
Plant Operations Security Audit Work Program
This sample work program provides steps to review plant operations security. Specific objectives of the work program include: determine the plant’s safety environment; ensure compliance with company and governmental requirements related to safety; and review that safety issues identified in various audits are addressed appropriately.
Direct Charges Audit Work Program
This sample work program provides steps to review the direct charges process. Specific objectives of the work program include: understand procedures relating to the processing, payment, billing and reconciliation of direct charges; evaluate the control environment within the direct charge process; and investigate build up of direct charge transactions (debits) in the direct charge clearing account.
Treasury and Cash Management Audit Work Program
This sample work program provides steps to audit the treasury process. Specific areas of review include the wire transfer process, foreign exchange exposure management, and interest rate swaps.
Plant Operations – Safety Audit Work Program
This sample work program reviews the safety of plant operations. Specific objectives of the work program include assessing the plant’s safety environment; ensuring compliance with company and governmental requirements related to safety; and verifying that safety issues identified in various audits are addressed.
RACF Mainframe Controls Audit Work Program
This is a sample work program to assist in an RACF controls review. Specific objectives of the work program are to ensure system software is inventoried and maintained, change controls are in place, procedures for initial program load (IPL) are clearly documented and distributed, and procedures exist to monitor system capacity and performance.
Privacy Controls Audit Work Program
This sample work program provides audit steps for a privacy controls review. Specific objectives of the work program include: verifying management direction and support for privacy controls; checking system implementations and changes are appropriately tested; reviewing policies and procedures; and testing that privacy controls are working effectively.
Application Controls Audit Work Program
There are five areas that should be considered when auditing financial end-user developed spreadsheets and other applications: change control; version control; access control; input control; and security and integrity of data. This audit program has a variety of audit steps you can apply depending on the complexity of the application.
Order to Bill Process Audit Work Program
This sample work program reviews the order to bill process. Specific objectives of the work program include ensure orders are accurately filled, use of old/obsolete inventory, and accurate customer billing.
Membership and Billing Audit Work Program
This work program reviews the membership and billing process within a healthcare cooperative. Specific areas of review include group contract rates, membership status, and adjustments/credits made to membership billings.
UNIX Security Audit Work Program
This sample work program covers the general security of systems running the UNIX operating system It reviews control elements, general system admin issues, account groups, remote and root logins, passwords, super users and services.
Restaurant Site Review Audit Work Program
This tool is designed to assist Internal Audit with the review of the following areas of restaurant operation: Cash Control; Asset Control; Operations Management; Inventory Control; Information Systems; and Human Resources.
Budgeting Process Audit Work Program
The purpose of this work program is to evaluate the overall process for planning and completing budgeting, to determine the effectiveness of compliance with corporate policies and procedures, and to ensure the budget process is operating as planned.
Fraud Prevention and Detection Audit Work Program
This program can be used by internal auditors as an evaluation tool or converted into a questionnaire for use with management to better understand current fraud prevention and detection program activities.
Social Responsibilities Programs Analysis Audit Work Program
Reputation risk associated with lack of social responsibility programs, instances of possible ethics violations, and other ‘red-flag’ occurrences should be considered during annual audit planning. This work program is intended to position the internal audit function to help identify social responsibility issues that the organization may not be adequately addressing and to assess controls around those programs.
Close the Books Audit Work Program (Sample 2)
The preface to this sample audit program discusses general audit procedures, other considerations, and management controls to review in auditing the close the books process.
Product Development Audit Work Program
New product development is a critical part of any enterprise and internal audit can help to assure controls over the resources are effective. This work program includes an overview for understanding and engaging in this important area. The program includes risk analysis, special and operational considerations, and evaluation components for an audit review.
Pricing & Discounts Audit Work Program
Product pricing and customer can have significant impact on revenue. Internal audit can help to assure that controls over pricing and discounts are effective. This sample audit program will assist in a thorough review of this area.
Cost Estimation Audit Work Program
Cost estimation is an important part of determining prices for deliverables. Poor controls can lead to proposal loss or project cost overruns. This work program covers areas including: bids, labor/material cost, engineering, other allocations, and change orders.
Third Party Labor Contractor Audit Work Program
Third party labor is often an important part of operations -- especially during times of expansion. This work program covers: contract/bid processes, billing matters, time reporting controls, and possible areas for improvement.
Advertising and Promotion Audit Work Program
This work program includes an overview for understanding and engaging in a review of controls around advertising and promotions. The work program includes risk analysis, special and operational considerations, and recommendations for key internal controls.
Other Assets Audit Work Program
Other assets should be reviewed to determine if the processes of approval, maintaining subsidiary ledgers, and reconciliation to general ledger accounts are adequately supervised and controlled. Although other assets are normally not significant amounts to the overall financial statements, these items, especially in the prepaid expenses area, can create surprises for management if not maintained properly.
Spending Authority Audit Work Program
Spending authority limits represent a key component of the internal control structure. Spending authority is an extension of management’s delegated authority to approve transactions. This work program provides steps and considerations for reviewing spending authority policies and processes
System Management Risk Assessment & Control Audit Work Program
Since most financial transactions are processed and maintained in the IT environment, the IT function is critical for all financial audits performed. This work program will assist audit teams to identify risks and related controls for logical security administration and monitoring, physical security, change management, problem management and system availability.
Other Liabilities Audit Work Program
Other liabilities should be reviewed to determine if the processes of approval, maintaining subsidiary ledgers, and periodic reconciliation to the general ledger accounts are adequately controlled.
Revenue Recognition Audit Work Program
This work program example focuses on the major revenue areas associated with the sales cycle particularly major customers and channel partners.
Foreign Corrupt Practices Act (FCPA) Audit Work Program
This work program will assist audit teams to review compliance with the Foreign Corrupt Practices Act of 1977. An introduction describes the basics of the Act.
Expenditure Cycle Audit Work Program with CAATs
This work program is designed to assist the audit team to perform additional review tests of the high volume expenditure areas using Computer Assisted Audit Testing (CAATs). The following tests can provide a manageable set of supervisory oversight controls through transaction analysis for line management in expenditure areas.
Software Licensure Compliance Audit Work Program
Software licensing activities are often considered a limited area of auditor concern since upgrade events and installations are limited and seemingly simple. However, there is an entry on a financial statement balance sheet representing the recorded value of property, equipment, and other durable purchased goods and the treatment of software should be carefully examined for appropriateness. This work program for can be modified for scope considerations that will depend on the extent and particulars of the licensing agreement included under review.
Capital Expenditure Audit Work Program
This work program on capital expenditures auditing provides an example of steps to include in a review of internal controls surrounding fixed assets. Included is a general discussion of the financial, operational, and technology aspects of capital expenditure auditing. A few associated CAATs testing procedures are included to assist those considering computer-assisted techniques.
Hotel Expenditure Cycle Audit Work Program
This robust work program will assist in a comprehensive review of the expenditure cycle. Although the program is tailored to a hotel it includes review of the purchasing, receiving, inventory and supervisory operational and financial expenditure areas. Related Computer Assisted Audit Techniques (CAATS) or ACL type tests are included to leverage IT audit team members.
Hotel Industry - Property Receivables & Credit Audit Work Program
This work program will assist teams to understand the controls and related processing risks for performing a review of Accounts Receivable & Credit areas of the Hotel. Topics such as guest ledgers, doubtful accounts, and inter-company accounts are included.
Hotel Property Treasury & Cash Handling Audit Work Program
This work program will assist a comprehensive review of a hotel property’s cash and treasury practices including cash floats, cashier handling and analysis. Review steps address general cashier procedures, petty cash, and aspects of front office operations.
Hotel Financial Reporting & Revenue Recognition Audit Work Program
Revenue recognition and related risk of fraud is an issue for all industries and the hospitality sector is no exception. This work program will assist a comprehensive review of hotel revenue practices including reservations, restraints, and other revenue streams. An overview of audit requirements with focus upon SAS-99 fraud considerations is included.
Hotel Financial Reporting and Management Contract/Lease Agreement Areas Review Audit Work Program
This work program is designed to assist the audit team in performing a comprehensive review of the financial reporting area and of a hotel or similar facility’s compliance with its management contract or lease agreement.
Application Security Review and Testing Audit Work Program
Application security involves checking the security controls of an application, not the operating system or device that hosts the application. A thorough and exhaustive evaluation of the security issues related to e-Business applications is best tackled using a phased approach, such as that described here.
Bank Deposit Cycle: Control Objectives and Audit Work Program
The control objectives guide identifies the types of risks that can be present in a bank's deposit cycle, and lists many process and monitoring type controls that can be put in place to minimize these risks. The associated work program assists in evaluating the effectiveness of the deposit cycle internal control structure.
Customer Care & Order Fulfillment - Control Analysis & Segregation of Duties Audit Work Program
This guide will help to evaluate the adequacy of internal controls in the customer order fulfillment and cash handling processes. It includes a checklist of control activities and a related cash handling segregation of duties matrix.
Security, Audit, and Control Audit Work Program for Windows 2000
This sample work program covers areas specific to the security of systems running Microsoft Windows 2000. Topics covered include: system administration issues, password and other logon controls, group management and separation of duties, reviewing domain names, structures, and trust relationships, maintaining the security of file system objects, auditing and event logging issues, and more.
Bank Expenditure Nonpayroll Cycle: Control Objectives and Audit Work Program
This control objectives guide identifies the types of risks that can be present in a bank's expenditure nonpayroll cycle, and lists many process and monitoring type controls that can be put in place to minimize the risks. The associated work program can in evaluating the effectiveness of the expenditure nonpayroll cycle internal control structure.
Security, Audit, and Control Audit Work Program for Microsoft Windows - General
This sample work program covers the security of systems running the Microsoft Windows family of operating systems. It looks at IT policy, organization, system development & maintenance, operations, data communication, documentation, physical security, backup and disaster recovery.
Data Conversion Controls Audit Work Program
The objective of this work program is to determine whether the appropriate project management controls are in place to ensure a successful and effective conversion of data from a legacy systems to a new system. Adequate planning and execution of a controlled data conversion process can save rework time and help ensure new system launches are successful.
Procurement and Accounts Payable Controls Audit Work Program
The expense cycle is a high transaction processing area that includes both manual and application controls. This work program provides a comprehensive controls review of the procurement and related accounts payables processes including key risk areas, processing controls (segregation of duties), and steps to uncover opportunities for process/control improvements.
Contract Review Audit Work Program
The objectives of this work program are to assess whether contracts are executed in accordance with agreed upon terms and to ensure all contracts are valid, properly authorized and mitigate risk of loss.
Sales Commissions Audit Work Program
Sales commissions structures can be complex, posing the risk of over- or under-paying sales professionals and running afoul of regulations and policies. The following work program can be used as a template to create a sales commission review plan. Any plan will need to be customized to the features of your organization’s sales compensation structures.
Security Policy Audit Work Program
The purpose of this work program is to determine whether the right security policies exist, and for those policies that do exist, to determine whether they cover the necessary issues and are disseminated to the right people.
Ethics Program Audit Work Program
An organization’s ethics program is increasingly important in the current regulatory environment and critical to minimizing reputation risk. Internal audit is responsible for evaluating the effectiveness of ethics programs that can significantly reduce reputation risk exposure. However, evaluating a relatively intangible area such as ethical behavior can be challenging; this work program can assist in developing a comprehensive review.
Security Administration Audit Work Program
The purpose of this work program is to determine whether company policy and the structure of the security administration function provide for adequate administration of logical security. The information and guidelines in the work program can be used to audit the state of security administration.
Fixed Assets & Property Auditing - Overview and Audit Work Program
This work program outlines the primary controls and considerations for an internal audit of property or fixed assets. Included is a general discussion of the financial, operational, and technology aspects of property auditing. The appendix shows a sample system flow and some testing procedures to assist those considering computer-assisted techniques.
Physical Security Audit Work Program
This work program outlines physical security best practices for data centers and information processing/storage facilities. It then details the control practices and control techniques that should be investigated as part of an audit or review of physical security.
IT Strategy Management Audit Work Program
This sample IT strategy management audit program can be downloaded and reviewed for ideas and comparison with your own work programs.
IT Help Desk Audit Work Program
This sample IT help desk audit program can be downloaded and reviewed for ideas and comparison with your own work programs.
Stock Administration Audit Work Program
This work program focuses upon the internal responsibilities of corporate stock program administration. Controls may span several internal functions and external organizations. This work program includes some general and specific tests that can be modified to reflect the specific plans and administration attributes of your organization.
Platform Management Audit Work Program
This sample platform management work program can be downloaded and reviewed for ideas and comparison with your own work programs.
Network Management Audit Work Program
This sample network management work program can be downloaded and reviewed for ideas and comparison with your own work programs.
Accounts Receivable & Credit Internal Audit Work Program -- Segregation of Duties
Accounts receivables processing between sales order entry to collections can create significant risk to cash flow from aging receivables and cash handling. Internal audit teams can utilize the following work program designed to focus upon segregation of duties and general control concerns. Combined with the segregation of duties matrix this work program will assist internal audit team to evaluate management internal control assertions.
IT Organization Audit Work Program
This sample IT organization work program can be downloaded and reviewed for ideas and comparison with your own work programs.
IT Data Management Audit Work Program
This sample IT data management work program can be downloaded and reviewed for ideas and comparison with your own work programs.
>> Sign up now for a 30-day free trial or an annual subscription.
Find out more about our subscription prices and group discounts.
If you have any questions please contact us.