Internal audit planning is a fundamental stage to ensure the effectiveness and compliance of processes in any organization. According to the New Global Auditing Standards (GNAS), a strategic and well-structured plan is key for an effective internal audit that is aligned with the organization’s objectives.

In this article, we will explore five effective ways to plan internal audits in accordance with the GNAS, providing a comprehensive overview for internal audit professionals and business leaders interested in strengthening their control and risk management processes.

1. Define a Risk-Based Strategy

One of the fundamental principles in the GNAS is the importance of a risk-based internal audit. Principle 9 of the GNAS, which deals with Strategic Planning, states that the internal audit function must understand and evaluate governance, risk management, and control processes to design an effective strategy.

How to apply this approach?

· Identify the organization’s key risks through interviews with senior management, documentary reviews, and data analysis.

· Evaluate the probability and impact of each risk in relation to the organization’s strategic objectives.

· Prioritize audits based on the level of risk, ensuring that audit resources are focused on the most critical areas.

A risk-based audit plan ensures that resources are allocated efficiently and that audit work adds value to the organization.

2. Establish an Annual and Dynamic Internal Audit Plan

The Internal Audit Plan is a key document that should be updated regularly to reflect changes in the risk environment and priorities

organizational. Standard 9.4 of the GNAS emphasizes the importance of a plan based on risks and aligned with the strategic objectives of the organization.

Key steps to structure an annual audit plan:

1. Define the objectives of the internal audit in alignment with the organizational strategy.

2. Identify and prioritize audit work, ensuring that the highest risk areas are addressed first.

3. Allocate resources efficiently, considering the capabilities of the internal audit team.

4. Include emerging audits, maintaining flexibility to address unforeseen risks.

5. Update the audit plan regularly according to changes in the internal and external environment.

This dynamic and adaptable approach allows you to respond to new risks and challenges in a timely manner.

3. Coordinate with Other Assurance Functions

Coordination with other assurance areas, such as compliance, risk management, and external audit, is key to optimizing efforts and avoiding unnecessary duplication. According to Standard 9.5 of the GNAS, coordination and trust between the assurance functions within the organization should be encouraged.

Benefits of a well-coordinated internal audit:

· Optimization of resources, avoiding redundant audits.

· Greater coverage and depth in risk assessment by sharing information with other assurance functions.

· Improvement in the perception and confidence of stakeholders by demonstrating an integrated view of internal controls.

To achieve this, it is recommended:

· Establish regular meetings with other assurance functions.

· Share key findings and reports.

· Define clear responsibilities between each assurance function.

4. Manage Resources Efficiently

The allocation and management of resources is essential to ensure the effectiveness of the internal audit. Standard 10.2 of the GNAS states that the Director of Internal Audit must ensure that the team has the appropriate human, financial, and technological resources to fulfill its mandate.

Key actions to manage resources efficiently:

· Evaluate the skills and capabilities of the internal audit team, ensuring that they have the necessary skills.

· Consider partial or total outsourcing of certain audits, if the internal function lacks the specific skills to address certain complex risks.

· Invest in audit technology and tools, such as data analysis software, that can improve audit efficiency and quality.

A well-trained and equipped audit team can perform audit work with greater depth and effectiveness.

5. Communicate Effectively with Stakeholders

Communication is an essential element in internal audit planning. Standard 11.1 of the GNAS emphasizes the importance of establishing relationships and communicating with stakeholders.

Effective communication strategies:

· Involve senior management and the Board from the planning phase, ensuring their support and alignment with the audit objectives.

· Establish an open communication channel with the audited areas, explaining the objectives and scope of the audit to reduce resistance.

· Provide clear and actionable reports, highlighting key findings and practical recommendations.

An internal audit that maintains fluid and effective communication with stakeholders can generate greater commitment and value for the organization.

Conclusion

Internal audit planning is a critical process that must be carried out with a strategic, risk-based approach aligned with the best practices established in the GNAS. Applying these five strategies:

1. Define a risk-based strategy.

2. Establish a dynamic annual plan.

3. Coordinate with other assurance functions.

4. Manage resources efficiently.

5. Communicate effectively with stakeholders.

Organizations can strengthen their internal audit function and contribute significantly to the continuous improvement of corporate governance, risk management, and internal controls.

Internal auditors, as strategic business partners, must ensure that their planning is robust, flexible, and aligned with the expectations of senior management and the Board, thereby maximizing the added value of internal audit in the organization.

Does your organization already apply these principles in internal audit planning? Share your experience in the comments. 🚀