A STEP-BY-STEP GUIDE THROUGH THE JSA INTERNAL AUDIT PROCESS
THE "STOP AND GO" AUDIT APPROACH
To maximize Audit coverage with limited Internal Audit Resources, JSA Internal Audit utilizes a "stop and go" audit approach, which focuses on continuous risk assessment throughout all audit phases, which are outlined below.
By continuously evaluating risk, we may determine at any phase of the audit, that no further work is needed to conclude on the control environment. Upon validating this conclusion with the customer, the audit may be ended and an audit report issued.
The use of this "Stop and Go" approach enables us to focus on performing value added cost effective audits.
STEP #1 - PRELIMINARY RISK ASSESSMENT PHASE
Internal Audit facilitates discussions with operating management to identify business processes and risks. Key high-level information, including financial data and customer contact names, is obtained. Additionally, we solicit management's concerns and work with them to define expectations.
Internal Audit will analyze the business and supporting technical risks to define the audit scope and to identify key business control objectives. The business control objectives are validated with the customer to ensure that Audit's approach is in line with the business.
STEP #2 - PLANNING STAGE
Internal Audit gathers information on how management is controlling risks. Through discussions and/or walk-throughs with key contacts, the Internal Audit identifies business control processes.
An assessment is then performed to ensure that the control environment is adequate. Issues or control weaknesses are communicated and validated with the customer immediately to ensure ongoing communication throughout the audit.
Internal Audit's define the testing strategy based on the assessment of the control environment and management's concerns. If testing is necessary to determine that controls are functioning effectively, detail test programs are developed.
STEP #3 - TESTING PHASE
Internal Audit executes the test programs defined above. Throughout this phase, test results are analyzed to determine if additional test work is required, or if no further testing is necessary to conclude on the sufficiency of the control environment. We ensure timely communication of issues arising as test work is executed. Issues are communicated, validated, and drafted with the customer as they are identified.
STEP #4 - COMMUNICATING RESULTS
Communicating Results is not considered a separate phase. It is embedded in all of the above processes. Throughout the audit, all issues identified are validated with the customer and action plans are immediately developed by management. Audit recommendations and management responses are included in the Audit Report including an action plan of what will be done, by whom, by when, and to fix what problems. Reports are issued within 5 days from the end of fieldwork.