In my audit universe, I have 6 areas that must be audited, by regulation, annually. There are also 6 operational audit areas. I am currently auditing at least one per year. In addition, there are possible general audits, like HR or Key Control or accounting. I perform those as time permits.
I think you are asking the wrong question. If you focus on auditable entities, you can easily get sidetracked into spending most of your time auditing a bunch of things that aren’t that important, either to management or the company.
I think a better question is, “am I auditing the risks that are currently significant to the business?” For example, my company is currently engaged in spending large amounts of capital expanding our plants, so I'm putting about a third of my audit effort into that. We are also implementing some new business processes, so I am spending additional time on those. I have only about 20% of my audit plan focused on the traditional "rotational"-type audits.
Wednesday January 30, 2013 3:54 PM
