Engagement planning ensures each audit is clearly defined, properly scoped, and aligned with the risks and objectives of the area under review. The process begins with setting objectives—such as assessing controls, compliance, efficiency, or fraud risk—and defining the scope, boundaries, and limitations. The Chief Auditor assigns staff and establishes a preliminary timeline, while auditors conduct a risk assessment, review prior reports and documentation, and meet with key personnel to understand processes. Based on this, a tailored audit program is developed and approved, followed by an entrance meeting to confirm expectations. A formal engagement letter or notification memo then documents the audit’s purpose, scope, timeline, and cooperation requirements, ensuring clarity and collaboration before fieldwork begins.

 

During engagement planning, you can expect an internal auditor to reach out to your team to conduct meetings to learn how your unit operates and does things.  This usually begins with a preliminary meeting with your team to go over the organizations structure and operating processes.  Once all background research is complete, an entrance meeting is conducted with unit leadership to confirm the audit's objectives and scope.

 

The fieldwork phase is where auditors gather evidence, test controls, and evaluate processes to determine effectiveness, efficiency, and compliance, following the approved audit program and professional standards. Activities include interviews, observations, document review, and risk-based sampling or analytics, with auditors expected to remain objective and discreet. Internal controls are assessed for proper design, operation, and documentation, and technology or data analytics may be used to detect anomalies or trends. All work is recorded in secure electronic workpapers that support conclusions and meet quality standards. Throughout fieldwork, auditors maintain open communication with management to clarify issues and share preliminary observations, while supervisors review progress, results, and documentation to ensure accuracy, completeness, and adherence to standards.