(1) audit plan. The audit plan includes comprehensive risk analysis, aiming at finding out the most risky business varieties as the object of this audit; Business process check, that is, after selecting the audit object, understand the business operation process of the selected object and the corresponding risk control settings; Individual risk analysis refers to the auditor's evaluation of whether internal control is effective, sufficient and appropriate for all risk points according to the business flow chart.
(2) On-site inspection. On-site inspection is the stage to obtain the reliability evidence of internal control at each risk point. The methods of obtaining evidence can be divided into conformity test and substantive test. The last link of on-site inspection is to communicate the problems found in the inspection with the relevant personnel of the audited unit, which is actually the final verification of the problems found in the audit.
(3) Audit report. The audit report stage is a process of evaluating the problems found in the audit and forming audit opinions and suggestions, and the final result is the audit report. The audit report should be issued as soon as possible after the audit, so as not to affect the timeliness of the audit.
(4) follow up. The follow-up stage is to check whether the audit recommendations have been effectively implemented and evaluate the implementation effect of the recommendations, so as to ensure that the audit recommendations can become specific measures of internal control and ensure that the audit can really play its role.