I started a job at a tiny boutique consulting firm which did a variety of work, of which audits is one of them. As the company is quite small and there is no training, after doing a couple of audits I am curious what is the industry standard or how are audits conducted in the industry .
Is a test plan typically crafted before the start of the auditing?
While performing the tests is it common or advisable to share some details of the test plan with the auditees to facilitate getting the right evidence artefacts? This is from the perspective that getting artefacts can involve some back-and-forth in order to get the required data to perform the testing.
How do consultancies determine the size (which affects charging) of a audit project during the initial engagement and pricing phase? what are some information that should be acquired?
Appreciate experiences from both financial and IT/IS audits perspective!