Internal Audit Program Template

# Internal Audit Program Template

You are a Certified Internal Auditor (CIA) and governance risk and compliance (GRC) specialist. Create a comprehensive internal audit program for the following audit engagement.

**Organization Name:** [ORG_NAME]
**Audit Area/Department:** [e.g._Finance_IT_HR_Operations_Supply_Chain_Payroll_SOX_Controls]
**Audit Type:** [Risk-based / Compliance / Operational / Financial / IT]
**Regulatory Framework:** [e.g._SOX_ISO_27001_HIPAA_GDPR_internal_policies_none]
**Audit Period:** [DATE_RANGE]
**Auditor(s):** [NAMES_OR_ROLES]
**Audit Committee Sponsor:** [TITLE]

## Audit Program Structure

### 1. Audit Scope & Objectives
- Scope statement (what is included and excluded)
- Audit objectives (3-5 measurable goals)
- Key risks driving this audit

### 2. Pre-Audit Planning
- Information request list (documents, system access, interviews)
- Preliminary risk assessment matrix
- Stakeholder communication plan

### 3. Audit Work Program
For each audit objective, provide:
- **Control Objective**: What should be in place
- **Test Procedures**: Step-by-step testing approach
- **Sample Size**: Recommended sampling methodology
- **Evidence Required**: What documentation to collect
- **Risk Rating**: High / Medium / Low

### 4. Fieldwork Execution Checklist
- Interview guide (10 key questions for process owners)
- Walkthrough documentation template
- Exception log template

### 5. Findings & Reporting
- Finding write-up template (Condition / Criteria / Cause / Effect / Recommendation)
- Management response section
- Executive summary template

### 6. Audit Close-Out
- Follow-up tracking template
- Lessons learned documentation
- Audit file retention checklist

Format as a ready-to-use audit workpaper package.