Skip to main content

Internal Audit Process: Questions and Answers 

Internal Audit Regulation

Other procedures and principles regarding the functioning and management of the internal audit unit and the execution of internal audit activities are determined by the internal audit regulation prepared by the internal audit units with the approval of the Audit Committee and put into effect by the senior manager.

Audit Resource Allocated for Prudence

It refers to the audit resource allocated for audit and consultancy activities that cannot be foreseen at the planning stage.

Opening Meeting

It is the meeting held by internal auditors with the unit managers to be audited after they have sufficient knowledge about the area being audited after preliminary research.

Internal Audit Plan

It is the annual plan prepared by the Internal Audit Manager, in consultation with senior managers and unit managers, including the field and subjects of the audit, the required workforce and other resources, and training activities to ensure that the internal audit is carried out effectively, economically, and efficiently.

Audit Universe

It refers to all areas that can be controlled. The general principle is to include all administration activities within the audit universe’s scope. The audit universe can be divided into audit areas to ensure flexibility in auditing and limit the audit task to a manageable area.

Control Area

Audit universe: It is divided into auditable sections by evaluating units, activities, processes, projects, or a combination of these. A single activity process or project in the audit universe can also be designated as an audit area.

Task Work Schedule

In the task work schedule, which inspection tests will be carried out by whom, where, and between which dates are recorded.

Preliminary study

It is the preparation phase of audit activities carried out to ensure that internal auditors fully understand the activities (audit area) within the scope of the audit task they will carry out and to facilitate their fieldwork efficiently and effectively, thus ensuring that the audit can focus on the right areas.

Field Study

It is the phase that begins after the approval of the work plan, and at this stage, the tests in the task work program annexed to the work plan are carried out. Performing audit tests involves obtaining appropriate evidence that the controls in the control practices column of the risk control matrix exist and are working effectively.

Determination of Materiality Level

It is the decision of which level of errors or mistakes will harm the reliability and accuracy of financial statements. Not including information in the financial statements or misrepresenting it incorrectly undermines the reliability of the financial report in question and may affect the decisions to be taken. The impact level of information is the primary indicator of the materiality level in terms of financial statements. The internal auditor must evaluate whether the materiality of the errors is reflected in the financial statements.


For the internal auditor to evaluate the audit findings and evidence about the specific characteristics of the selected elements to conclude or to help conclude the population (population), which represents all the works and transactions to be audited, audit procedures must be performed at less than 100% of that population. It is applied to the part.

Sampling unit

It is the unit/document/person, etc., selected from the central mass, depending on the purpose of the audit tests to be used in the field study.

sample size

It refers to the part of the population that the internal auditor will use to conclude the population. When determining the sample size, the internal auditor must consider sampling risk, acceptable error amount, and the extent of expected errors.

Judicial Sampling

It is a sampling method in which the internal auditor applies a certain bias when determining the sample (for example, all sample units above a certain value, all those with negative values, all new users, etc.). However, it should be noted that a judicial sample is not based on statistical foundations, and the results should not be extended to the entire population, as the sample may not represent the people.

What do Working Papers mean?

Working papers: These are documents prepared during audits to record the information obtained, analyses, conclusions reached, and their basis.

Any document prepared during the audit – even though a different name calls it – is a working paper. Documents such as risk control matrix, closing meeting minutes, workflow chart, and findings form are also working papers.

Audit Test

It is the examination, through processes, records, and documents, of whether the corporate governance, risk management, and control processes stated to exist in the relevant audited unit regarding the issues decided to be included in the audit scope are working as required.

Workflow Diagram

It is a diagram that allows visualization of the business processes of the unit to be audited and the stages and process steps from the beginning to the completion of an activity, and shows the process steps with geometric shapes.

Workflow charts, which are also used to recognize the system, identify and evaluate possible risks between process steps, and set boundaries, also help identify inefficiencies and control weaknesses such as points of blockage in the system, situations where the principle of separation of duties is not followed, and repetition of the same job in more than one place, and critical control in processes. It helps reveal their activities.


It tests whether the same result is achieved by repeating a calculation or operation.

This test gives the internal auditor an idea about how much confidence can be given to the transactions carried out by employees of the audited unit.


It is when the internal auditor confirms the accuracy of the information obtained from one source with the information obtained from another information source with the same or higher degree of reliability.


It is the information and documents collected and used to support or prove audit findings.

Oral Evidence

It is information obtained from the Company’s internal and external stakeholders, usually as a result of inquiry or interview. Within the scope of auditing studies, it provides the opportunity to obtain vital clues that cannot be obtained with other auditing techniques and to understand the subject much better. However, instead of using verbal evidence directly, supporting it with documents as much as possible will ensure that the audit objectives are achieved with sufficiently reliable and appropriate evidence. When assessing the reliability and appropriateness of oral evidence, the interviewee’s role, knowledge, expertise, credibility, and sincerity should be considered.

Audit Evidence

It is the information and documents collected and used to support or prove the audit findings and the conclusion reached by the internal auditor due to the audit. To achieve the audit purpose, the internal auditor evaluates the evidence collected in three aspects: suitability, reliability, and adequacy. The appropriateness of audit evidence requires a clear and logical connection between the evidence and the audit objectives and criteria. To determine the reliability of audit evidence, It must be evaluated in terms of its source (such as internal, external, etc.), nature (such as written, oral, visual, or electronic), and authenticity (such as originality, signature, seal). Audit evidence can be considered sufficient if it answers critical questions regarding the purpose and scope of the audit.

Risk of Discovery

It is the risk that the internal auditor cannot detect existing errors and inaccuracies despite applying audit techniques and procedures.

Audit Risk

The internal auditor may reach an incorrect opinion or conclusion as a result of his audit work. Audit risk: structural risk is equal to the product of control risk and detection risk. (DR=YR x KR x BR)

Finding Form

It is a type of working paper created by the internal auditor by classifying the issues identified during the audit according to their degree of importance. 

In finding form: The current situation, the reason for the difference between the current situation and the situation that should be, the risks that the institution or individuals may be exposed to due to the current situation and the effects of these risks, the criteria to be followed and recommendations regarding these risks and their effects should be included.

Closing meeting

It is the meeting with the audited unit after the findings and recommendations are shared to ensure that both parties fully understand each other regarding the issues included in the results.

Audit Opinion

It is reaching a general opinion regarding the issues subject to audit in accordance with the purpose and scope of the task, in line with the information and evidence collected during the audit task. With this opinion, information is provided to the audited unit manager and senior manager about the general situation of the audit area.

Comprehensive View

Apart from the audit opinion given at the micro level regarding each audit task, it is the opinion given by the IDB Manager in line with his professional judgment based on the audit tasks and other activity results for a certain period. The comprehensive opinion is created for a specific time period (e.g., annually) and presented to senior management.

Audit Report

It is the report prepared due to audit tasks and presented to the top manager by the IDB Manager.

Internal Audit Activity Report

It is a report that includes information about internal audit activities, including those carried out outside the program, the performance of the internal audit unit, its findings, and recommendations, the reasons for disapproval or non-implementation of suggestions if there are any that are not approved or implemented, the training of internal auditors, consultancy services provided to the management and other activity results. The general evaluation of the company’s management and control system, significant risks, management and control problems, and suggestions regarding these are also included in the annual report.

Analysis report

It is a report prepared by internal auditors as a result of investigations regarding allegations and findings of irregularities and corruption.



  • IPPF (International Professional Practice Framework) – Standards, Practice Recommendations, Practice Guides)
  • Public Internal Audit Guide (Public Internal Audit Coordination Board Ankara September 2013)
  • İSMMMO-Practical Information for Internal Audit in SMEs 2013
  • Teolupus Internal Audit Guide Studies

Bu gönderi şu adreste de mevcuttur: Türkçe