1. IA Clinic

2. การเตรียมการตรวจสอบ แผนการ ตรวจสอบ แผนการ ปฏิบัติงาน ตรวจสอบ หารือ หน่วยรับตรวจ รายงานผล การตรวจสอบ ติดตามผล การตรวจสอบ ผลการประเมินความเสี่ยง Risk Assessment ข้อตรวจพบ Preliminary Survey

3.  a Plan (list of work to be done)  has time period (starting point until complete of job)  Assign duties to audit staff  normally comprises of:  Audit issues  Objectives  Scope  Procedures  Resources allocation

4. Tips

5. Business Plan Permanent Files Risk register Previous Internal Audit Reports External Audit Reports Any third party reports (cooperation/complaints/ incidents) Board and Audit Committee minutes Staff handbooks Management Accounts and Financial reports (Analyse) Web site (emerging issues) Stakeholders’ expectation Specified project/ job

6. Open meeting/ Audit brief with management (formal record) Risks Needed resources/ Agreed reporting lines Research of clients’ business Flowcharting of business processes Internal Control (exist/ enough/ effective) Walkthrough Test Test of control Substantive Test Identify Major Risks Determine Audit Issues (Team Briefing) May have a preliminary report

7. Assess the risks (Likelihood and Impact) Identify level of each risk Identify target areas (H/ M/ L) Testing (existing control)/ Evaluate control activities (Compliance/ Substantive) Set the Audit Issues Determine the objectives of the plan

8. A = Achievement of Objectives/ Goals of business C = Compliance with laws and regulations R = Reliability of Reporting E = Efficiency and Effectiveness of operation S = Safeguarding of assets/ enhancing values A C R E S Anticipated Outcome

9.  Let the client lists the areas to be audited as outlined (consistent with audit objectives)  Ensure that everyone understands the specific scope and also agrees with it  Caution team to keep the audit within those bound  If the auditor cannot work within the agreed scope, discuss with CAE

10.  Step-by-step  Use appropriate audit techniques  Sampling methods  Working papers  How to collect this kind of information or evidence:  Criteria  Condition  Effects  Cause  Recommendation

11. Avoid duplication of work/ procedures (even previous audit) Consider both positive and negative aspects of the area being audited Cost should remains in line Auditors can handle audit of many concerns at the same time Assign competent auditors or consultants How to document the evidence (relevant/ reliable/ sufficient) Which types of Audit Program? Standard Modified Tailor-made

12.  AP has always to be approved by CAE before starting the bloc  Get the feedback in order to improve better audit program  CAE can evaluate performance of audit team via Audit Program  Can be a training instrument especially for a new staff  Do the checklist/ QAR checklist for controlling quality of AP  Work should be completed in time as stated in AP  One audit program may not fit all types of audit work  Size of audit engagement determines ‘duration’ (period of time)  Tell client ahead of time (prepare for the audit)  Have contact person or Liaison (client)

13.  You can change the program (if circumstances are changed) but it always has to be approved  Always monitoring the AP (Audit Program Management)  Assess the accomplishment of audit objectives  Which issue is confidential … taking care and beware of it!!! make it confidential Make it simple!!!

14. Thank you