Internal Audit Closeout Phase

Uncategorized 1 Minute

The last phase of a project is the closing phase. As internal audits are a type of project, all internal audits have a closing phase. In general, internal audits are terminated by “extinction”; this is generally because once an audit is successfully completed, no further work is required. This happens after the final audit report is submitted to stakeholders and the exit meeting occurs-these are the primary closing deliverables for internal audits.

 For the final audit report, many of the same topics suggested by The PMBOK® Guide – Sixth Edition to include in a final project report are also integrated into the internal audit report. Such topics are:

  • The executive summary, which is similar to a project’s summary level description.
  • A recap of the audit objective and scope, which is similar to recapping a project’s scope objectives.
  • Summary of high-risk issues, which is similar to summarizing the risks and issues encountered during the project.

Additionally, the exit meeting held generally includes the same topics as presented in the final report and is presented to the stakeholders. Most of the items discussed are the medium and high-level issues noted throughout the audit, what the root cause is, and suggestions for remediation.

 However, there are some project closing actions that internal audit does not do during audit closeout that would benefit internal audit for performing the same audit in the future. One such action is completing a lessons learned report. Identifying lessons learned throughout the audit and summarizing them at the close of the project can be useful to the internal audit department as it describes what went well and what did not go well. This allows for, when the audit comes up again in the future, auditors to make sure they incorporate items that went well and remove, plan, or mitigate the items that did not go well.

Until Next Time,

CPack

Unknown's avatar

Published by CPack

I have been working in the field of Internal Auditing since 2010. I am a Certified Internal Auditor (CIA) who has experience in performing Gaming Regulation compliance audits for Casinos, as well as Federal Acquisition Regulation (FAR) compliance audits for government contractors. Due to the advancements in technology and how technology is used in everyday business, I am currently pursuing more knowledge in Information Systems (IS) for the purpose of being able to perform internal IS audits and provide businesses with assurances that their systems are working accurately and in compliance with internal processes, procedures, and applicable regulations. Data analytics is another area I am interested in learning more about. To learn how to look at data and use various data analytic approaches to find the potential risk areas or weaknesses with a system that can be corrected. While traditional auditing approaches have worked okay in the past, businesses capture more data these days that internal auditors can view and assess risk at a 100% instead of at a sample basis and making educated guesses as to whether a problem is systematic or not. While studying more about IS, I am learning more about Project Management. While I see many similarities in project management techniques and the Internal Audit Standards, after having worked in the Internal Audit field for eight years, I notice that Internal Audit doesn’t quite follow all the project management techniques that they “should” and that could be contributing to Internal Audit not being as affective, or value add, to the company as they could like to be. This blog will take a look at some of the project management knowledge areas and techniques that Internal Auditors should use and how these techniques can improve their audits, the reception of their audit results, and provide “value-add” to the company stakeholders.

Published

Leave a comment