I.5 Engagement Quality Assurance Checklist template

Attribute Standards

1100, 1120, 1130

Independence and Individual Objectivity

1

Have all internal audit engagement team members completed a PRIA independence declaration form prior to commencing work on the engagement?

Was the independence declaration form reviewed by the Chief Audit Executive?

1200, 1210, 1220

Proficiency and Due Professional Care

2

Is the subject of the internal audit engagement included in the most recent approved annual Practice Review and Internal Audit Risk-Based Plan Is there an estimate in the internal audit plan of the resources required to complete the internal audit engagement?

3

Does the internal audit team collectively possess the knowledge, skills, and other competencies needed for team members to perform their individual responsibilities?

Does the internal audit team have sufficient knowledge to evaluate the risk of fraud, as well as key information technology risks?

Were any specialists or consultants engaged to conduct the audit? Did the consultants complete a PRIA independence declaration? Did the consultants obtain appropriate security clearance to participate in the engagement?

Assessed at conclusion of review.

4

Did the audit team exercise due professional care by considering

• the extent of work needed to achieve the engagement’s objectives?

• the relative complexity, materiality, or significance of matters to which assurance procedures are applied?

• the adequacy and effectiveness of governance, risk management, and control processes?

• the probability of significant errors, fraud, or non-compliance?

• the cost of assurance in relation to potential benefits?

Assessed at conclusion of review.

1300, 1310, 1311, 1320

Quality Assurance and Improvement Program

5

Have post-engagement client surveys, lessons learned, self-assessments, and other mechanisms to support continuous improvement been completed?

• Have the results been reported and action plans for improvement prepared?

  Performance Standards

2000, 2010, 2020, 2030

Managing the Internal Audit Activity (Planning, Communication and Approval, and Resource Management)

2200, 2201

Engagement Planning

6

Did the audit team develop and document a plan for the engagement, including the engagement’s objectives, scope, timing, and resource allocations?

Does the plan include documented consideration of the organization’s strategies, objectives, and risks relevant to the engagement?

7

In planning the engagement, did the audit team consider the use of audit and data analysis techniques?

8

Does the audit engagement plan include documented consideration of

• the strategies and objectives of the activity being reviewed, and the means by which the activity controls its performance?

• the significant risks to the activity’s objectives, resources, and operations, and the means by which the potential impact of risk is kept to an acceptable level?

• the adequacy and effectiveness of the activity’s governance, risk management, and control processes compared to a relevant framework or model?

• the opportunities for making significant improvements to the activity’s governance, risk management, and control processes?

Does the plan include a discussion of the objectives, scope, responsibilities, and other expectations of the engagement client?

2210

Engagement Objectives

9

Do the audit objectives include consideration of

• risks relevant to the activity under review?

• significant errors, fraud, non-compliance, and other exposures?

10

Does the plan include adequate audit criteria?

• Are the criteria those already established by management and/or the board to determine whether objectives and goals have been accomplished? If not, were the criteria identified in consultation with management and/or the board?

2220

Engagement Scope

11

Does the scope include consideration of relevant systems, records, personnel, and physical properties?

12

Does the file contain an internal audit engagement checklist?

2230

Engagement Resource Allocation

13

Does the engagement plan include an assessment of appropriate and sufficient resources to achieve engagement objectives, based on an evaluation of the nature and complexity of the engagement, time constraints, and available resources?

• Is this assessment in agreement with the Practice Review and Internal Audit Risk-Based Plan assessment at #2? If not, is the variance assessed and an explanation supporting the variance included in the file?

2240

Engagement Work Program

14

Does the file include audit work programs that are in line with achieving the engagement objectives?

• Do the work programs include procedures for identifying, analyzing, evaluating, and documenting information during the engagement?

• Were the audit work programs (and any adjustments) approved before the audit examination work began?

15

Are the working papers arranged in a logical fashion?

16

Is the file indexed consistently and appropriately?

17

Are all working papers properly named, referenced, and dated (reviewed and prepared) to document that a review was conducted?

• Do the documents include an assessment of the security of the information, in accordance with the OAG Security Policy?

• Do the working papers contain any extraneous or unnecessary pages or documentation?

2300

Performing the Engagement

18

Was the work completed by the audit team sufficient to achieve the engagement’s objectives?

19

Does the file contain all information required in accordance with any internal audit group standard working paper index?

20

Does the file contain a copy of the audit plan and evidence that it was executed completely?

21

Does the file contain a copy of the completed engagement risk assessment and evidence that it was developed in collaboration with the client?

22

Does the file contain a copy of the final audit program, with approval by internal audit management?

23

Are key management interviews documented?

2310, 2330

Identifying and Documenting Information

24

Did the audit team identify sufficient, reliable, relevant, and useful information to achieve the engagement’s objectives? 
Is the file documented entirely in TeamMate? Are there audit documents outside the file? If yes, why?

2320

Analysis and Evaluation

25

Are the conclusion and audit engagement results based on appropriate analyses and evaluations?

2340

Engagement Supervision

26

Was the audit engagement properly supervised to ensure that objectives were achieved, quality was assured, and staff competencies were s developed?

27

Has the validator/reviewer (internal audit engagement quality reviewer) prepared the quality assurance review and checked the reviewed working papers?

2400

Communicating Results

28

Does the audit report include

• the engagement’s objectives, scope, and results?

• applicable conclusions?

• applicable recommendations and/or action plans?

• documentation of satisfactory performance?

Is the report accurate (free from errors and distortions), objective (fair, impartial, and unbiased), clear, concise, constructive, complete, and timely?

29

Does the draft copy of the audit report provide cross-references to the applicable audit observation worksheets?

30

Does the report clearly document the subsequent analysis of the results of carrying out the audit, as well as the development of observations and conclusions?

31

Are the closing meeting discussions with supervisory staff or management on the initial observations adequately documented?

32

 Did the PRIA team document their disposition of the comments received on the draft report?

33

Was the report disseminated to the engagement clients?

34

Has the final report been signed, dated, and issued?

2500

Monitoring Progress

35

Have the results of the audit been included in a follow-up process to monitor and ensure that management actions have been effectively implemented, or that senior management has accepted the risk of not taking action?

• Have improvement action plans been received?

• Is follow-up to the audit appropriately documented?