This blog is Part 3 of our four-part weekly series on building an effective audit calendar. Over the last two weeks, we have laid the foundation for effective audit calendar planning. In Part 1, we discussed the importance of understanding the company’s strategy and conducting a comprehensive risk assessment. In Part 2, we explored the subsequent activities of defining the audit universe and prioritizing audits to ensure high-risk areas are addressed effectively within limited resources.

This week, in Part 3, we turn our attention to the practical aspects of resource planning and the process of drafting and communicating a realistic audit plan for review and approval with relevant stakeholders.

Step 5: Balancing Resources and Capacity:

Even the most well-designed audit calendar fails if it does not factor the reality of team capacity and resource availability. The CAE must ensure that the plan is realistic, achievable, and adequately resourced.

Key considerations include:

• Skill sets: Certain audits require specialized expertise. For example, cybersecurity audits often need IT security specialists with technical knowledge of penetration testing, system configuration, and incident response.
• Outsourcing/Co-sourcing: Some niche areas, such as transfer pricing reviews, ESG reporting assurance, or cyber resilience testing, may need external consultants or co-sourced partners.
• Time allocation: Beyond scheduled audits, the team must reserve time for special investigations, advisory engagements, and follow-up activities. Also, not every audit requires same time allocation. Time allocation may vary depending on criticality and complexity of the audit area.
• Flexibility: It is wise to allow 10–15% capacity to take up unforeseen requirements e.g. whostleblower insights etc., especially in industries where emerging risks appear suddenly.

Practical Example: A global retailer, which experiences significant operational pressure during the December holiday season, may intentionally avoid scheduling audits in Q4 to minimize disruption to business operations. Instead, the CAE can allocate more audits to Q1 and Q2, when operations are relatively stable.

Step 6: Coordinating with Other Assurance Functions:

Internal audit does not operate in isolation. To maximize efficiency and prevent duplication, the CAE should coordinate closely with other assurance providers, such as risk management, compliance, legal, and external audit.

Benefits of this coordination include:

• Eliminating overlaps: Avoiding situations where both internal and external auditors review the same financial controls in parallel.
• Sharing insights: Leveraging results of reviews already performed by other functions.
• Holistic assurance: Providing the board with a consolidated view of how risks are managed across the organization.

Practical Example: If the external auditors are already performing extensive testing of financial reporting controls, the CAE may decide to redirect internal audit resources to focus on operational risks, such as inventory shrinkage in warehouses or safety compliance in manufacturing facilities. This not only saves resources but also broadens the assurance coverage for the board.

Wrapping Up Part 3:

By focusing on realistic resource planning and coordinating with other assurance providers, the CAE ensures that the audit function is well positioned to achieve its objectives effectively. This stage transforms strategic risk priorities into a practical, actionable roadmap.

 This concludes Part 3 of our four-part series. In Part 4, we’ll complete the series with the critical activity of drafting the audit calendar and it’s continuous monitoring — ensuring the audit calendar remains relevant, agile, and responsive to evolving risks in real time. See you all next week!

Disclaimer: The views expressed are solely those of the author and do not represent those of the publishing organization

About the author:

– Amit Sharma is the Vice President and Head of Audit – APAC at EXL, with over 24 years of experience in internal audits, risk management and compliance. As part of his commitment of giving back to the auditing profession, he also serves on the IIA India Delhi Branch Board of Governors and is the Chairperson of the Publications & Research committee of IIA India Delhi Branch.