tailieunhanh - GOVERNMENT INTERNAL AUDIT STANDARDS GOOD PRACTICE GUIDE AUDIT STRATEGY

Federal agencies are entitled to use the corresponding free services provided by the BSI. When there are resource bottlenecks, federal security agencies are given top priority. More detailed information on the IS audit service is offered by the BSI on our web page (). The BSI can be contacted at sicherheitsberatung@ to answer questions or co- ordinate schedules. External ”IS audit” service provider: External service providers also offer IS audit services. Federal agencies should use IT security service providers accredited by BSI. Information on the corresponding call for tenders procedure can be found in section . The BSI is planning to publish a list. | GOVERNMENT INTERNAL AUDIT STANDARDS GOOD PRACTICE GUIDE AUDIT STRATEGY HM TREASURY HM Treasury Audit Policy Advice May 2002 CONTENTS PAGE SECTION PAGE Foreword I 1 Introduction 3 2 Overview of the audit strategy 5 3 Pre-requisites for developing the audit strategy 7 4 Identifying audit coverage cecessgry I I 5 Looking for opportunity to rely on the work of others I 3 6 The audit toolbox 15 7 Identifying and procuring skills and resources necessary 17 8 Reporting 19 9 Quality Assurance 21 ANNEXES 23 Annex 1 Criteria to define the optimum audit opinion 23 Annex 2 Developing a strategic approach to audit coverage 25 GOVERNMENT INTERNAL AUDIT STANDARDS - GOOD PRACTICE GUIDE AUDIT STRATEGY FOREWORD This guide offers good practice guidance on the development of a comprehensive internal audit strategy which will be capable of delivering an opinion to the Accounting Officer on the whole of an organisation s risk management control and governance. It is important to note that in practice the scope of the audit opinion may be constrained by factors such as the scope of audit access or availability of resources to deliver audit work. Nevertheless strategic planning should start from the premise of aiming to deliver the optimum audit product and only be constrained when the circumstances mean that the Head of Internal Audit encounters circumstances that prevent them from delivering it. This document sets out guidance aimed at helping Heads of Internal Audit to deliver the optimum audit product and also offers some direction in the key potential circumstances in which it may not be achievable such as a management risk analysis which is not adequate for the approach set out here or inadequate resources to deliver the optimum audit product . It should also be noted at the outset that the provision of an audit opinion does not necessarily deliver assurance in the colloquial sense of that word it may deliver a lack of assurance or discomfiture if the state of risk control and .