By Chinmay Kulkarni
In this article, we will discuss an important step that everyone should take before attending an audit walkthrough meeting.
What is an Audit Walk-through?
An audit walkthrough is a meeting with the auditee where auditors understand the systems and applications within scope, before performing the actual audit.
Within the auditing context, a walkthrough call refers to an interactive session between the audit team and the client. This critical call serves as a vital catalyst in enhancing the audit process. It provides the audit team comprehensive understanding of the client’s operational environment.
During the call, auditors engage with relevant stakeholders to gain insights into the inner workings of systems, processes, applications or interfaces within the organizational framework.
As standard practice, the audit team typically schedules these meetings in advance for thorough preparation. This proactive approach ensures auditors can maximize the opportunity by guiding conversation effectively and extracting valuable information.
I still remember my first audit walkthrough with a client.
It was a meeting regarding application controls for an important business process.
I assumed my role was to attend, take notes, and later discuss the highest risks to audit with my team.
When I saw the meeting invite on my calendar, I pinged my senior colleague half an hour beforehand to confirm it was still happening. He confidently assured me that it was.
I felt excited to participate in the walkthrough discussion.
However, once the meeting began with clients and stakeholders present, it immediately shifted to evidence gathering.
The first question on my mind was –
Wait, what specific control are we discussing and what risk are we auditing against?
As the auditor, that should have been essential clarity needed upfront before a walkthrough.
Yet there we were already reviewing evidence without alignment on the scope.
I was confused as they provided screenshots and details without context of the controls and risks tied to them.
By the end of the walkthrough, I felt completely confused looking at all my disorganized notes.
I reached out to my senior colleague asking for guidance.
He suggested that I review some documentation the client provided a few weeks prior.
It then struck me.
Walkthroughs involve not just attending meetings but also preparation research about the client.
When I went back and read the materials, I finally understood the business process our walkthrough focused on.
I grasped the high risk areas within it and what controls we as auditors would test.
Had I done this groundwork ahead of time, our session could have been far more focused and productive. Instead, my lack of preparation resulted in scattered notes, missed screenshots, and insufficient evidence.
Well, since this represented my first client call, I learned through experience that
Preparation before a walkthrough meeting is critical for auditors.
By understanding the business process and key risks in advance, you can ask targeted questions and zone in on critical control points.
If you fully comprehend the process flow ahead of time, you can formulate targeted questions directly tied to inherent risks.
Prepare a list of precise questions to guide conversation toward critical control points, risk areas, or previously identified concerns.
I wish I had received one core piece of advice before my first walkthrough: be fully prepared proactively.
Read through materials the client previously furnished, including descriptions of controls, summaries of high risk facets, prior year audit work papers for related processes, and old stakeholder feedback.
This upfront work would have rendered me ready to extract maximum value, rather than fumbling through confused.
In summary, this experience gave me acute insight into how auditors should strategically approach audit walkthroughs. Performing robust preparation work leading up to the call results in heightened focus, relevant risk discussions, and informed findings.
This article first appeared on Chinmay’s IT Audit Guide and is published here with permission.