GBQ’s internal audit/agreed-upon procedures methodology and framework helps to ensure consistency in approach, execution and quality—and most importantly—your satisfaction with our services. The framework is comprised of five phases, summarized as follows:

1.   Understand the business
2.  Internal controls framework
3.  Assess risk and develop a strategic plan
4.  Audit execution
5.  IA Governance and reporting

 

1.  Understand the business

GBQ’s primary goal for the initial year of our relationship will be to facilitate a smooth integration of the testing plan into your organization with minimal disruption to your operations.

The first step we perform in approaching a new engagement is to develop a full understanding of the objectives and operations of your organization. Management discussions help us understand your organization, culture, dynamics and processes. And a review of appropriate materials allows us to understand your business environment, market, customer base and operations.

2.  Internal controls framework

GBQ will review your internal controls framework, policies and standards. This may include, but not be limited to, the review of all internal controls, quality standards and methodology. To the extent that those as mentioned above have not been developed, GBQ will work with management to create these policies and standards.

3.  Assess risk and develop a strategic plan

Our risk assessment and strategic audit planning methodology is followed to perform the annual risk assessment and development of a strategic audit plan.

4.  Audit execution

Based on the risk assessment and approved strategic audit plan and resourcing needs, appropriate resources will be identified and deployed. The GBQ team will use a standard but flexible audit approach and process, ensuring consistent execution regardless of location or function.

The audit approach can be easily modified to accommodate each of the various types of audits that would be in your credit union’s strategic internal audit plan.

5.  IA Governance and reporting

Communication is the key to effective reporting and follow-up procedures and to ensure timely resolution of audit issues. GBQ will take the following proactive steps:

    • Present and discuss draft audit reports at each closing meeting following fieldwork.
    • Deliver final reports with management comments within an agreed-upon timeline.
    • Conduct—under your direction—a follow-up assessment upon the completion of each audit.
    • Establish a quarterly process for reporting on the status of open issues.

 

See the Internal Audit/Agreed-Upon Procedures document – Approach Matrix (PDF)