Appendix 7A: Case Study—Developing a Multi-year, Risk-based Internal Audit Plan for a Retail Chain
7A.3. Development of a Multi-Year Internal Audit Plan
Based on the risk prioritization exercise, we will focus on the top 10 risks and develop a three-year internal audit plan. A snapshot of this three-year internal audit plan is presented below. Following the snapshot is the detailed internal audit plan showing the audit type, size, nature, and detailed description for each of the three years—2024, 2025, and 2026.
| Audit Type and Size | 2024 Internal Audit Plan | 2025 Internal Audit Plan | 2026 Internal Audit Plan |
|---|---|---|---|
| Large Audits | Cybersecurity Management Audit | Data Privacy Audit | IT Systems and Infrastructure Audit |
| Regulatory Compliance Framework Audit | Financial Controls Audit | Strategic Alignment Audit | |
| Medium Audits | Financial Reporting Systems Audit | Compliance with Environmental Standards Audit | Supplier Relationship Management Audit |
| Market Dynamics and Adaptability Audit | Inventory Management Audit | Customer Experience Audit | |
| Economic Impact Assessment | Strategic Risk Management Audit | Risk Management Framework Audit | |
| Small Audits | IT Infrastructure Review | Brand Management Review | Business Continuity Planning Review |
| Supply Chain Efficiency Review | Legal Compliance Review | Compliance Training Programs Review | |
| Privacy Policy Implementation Review | Market Adaptability Review | Economic Impact Review | |
| Consulting Projects | Cybersecurity Consulting Project | Financial Systems Consulting | IT Security Consulting |
| Supply Chain Strategy Consulting | Operational Efficiency Consulting | Supply Chain Optimization Consulting |
definition
Procedures and policies implemented to ensure the accuracy, integrity, and reliability of financial information and to safeguard assets.
Ensuring that the organization's actions and policies comply with applicable laws and legal requirements.
