Skill level: Basic
An audit plan is a document used for capturing key information regarding the parts of the business to be reviewed, the manner in which the reviews will be conducted, and the frequency of reviews.
- Easy to use
- Provides repeatable and documented process for review
- Well known by process participants
How to Use
- Step 1. Identify the process to be reviewed or audited.
- Step 2. Identify the key audit points in the process.
- Step 3. Determine the frequency of audits at each process point. Determine this based on total process cycle time, cycle time of each process step, and business requirements.
- Step 4. Determine the method of capturing the data (e.g., observation, interviews, etc.).
- Step 5. Determine the method of storing the data (e.g., electronic, paper, etc.) and the length of storage (e.g., six months, two years, etc.). This determination depends on the useful life of the data and business requirements.
- Step 6. Determine the data assessment procedure.
- Step 7. Conduct a dry run, or trial, to ensure the plan works as intended.
- Step 8. Publish the plan.
Key audit points: A limited number of operations/processes/transactions that will be tested for compliance.
Frequency: Period of time during the year that the audit will be conducted (e.g., every six months). The frequency is generally defined based on risk to the business; the higher the risks, the more frequently you will want to audit.
Method of storing: How the audit results will be stored for future reference. Methods can include electronic files on a server, paper copies in a vault, or any acceptable form of storage, provided the results are easily retrieved and legible.
When conducting audits of service transactions in a local branch bank, an audit plan provides a pre-defined methodology for ease of use. In a normal banking transaction, each interaction has data collected, stored and analyzed.
The diagram below is part of the audit document. It indicates the different areas where key steps exist and elements to consider (e.g., whether forms are available, time required to complete them, etc.). Frequency of each element would be specified, along with how data are captured (e.g., customer survey), where data are captured (e.g., repository), and metrics for each question.
Sample Audit Plan