Methodology & القوالب

Standardized templates ensure consistency, alignment with global audit frameworks (IPPF), and strict adherence to organizational methodologies across all audit engagements.

Administrators and methodology leads can configure reusable templates for audit programs, test procedures, questionnaires, and report layouts to ensure quality and speed up fieldwork setup.

---

Supported Template النوعs

AIIA supports the following template categories:

Template Type	Scope	Description
Audit Program Templates	Engagement Setup	Pre-defined phases, milestones, and control testing scopes for specific audit areas (e.g., Cybersecurity access review).
Test Procedure Templates	Fieldwork	Reusable step-by-step instructions, sample sizes, and validation steps for testing control effectiveness.
Questionnaire Templates	PBC / Client Portal	Reusable surveys and PBC lists to send to audit clients for evidence collection.
Audit Report Templates	Reporting	Standardized executive layouts, cover pages, and sections to ensure consistent board presentation.

---

Audit Program Template Structure

A program template organizes test procedures into logical phases. When an Engagement Manager starts a new audit, they can load a template to instantiate all required workpapers automatically:

# مثال Structure of an Audit Program Template
template_name: Cybersecurity Access Review
framework_alignment: NCA ECC-1:2018
phases:
  - phase_name: Planning
    milestones:
      - title: Risk Assessment Sign-off
      - title: PBC Request Dispatched
  - phase_name: Fieldwork
    workpapers:
      - title: Password Policy Review
        controls_to_test: [CTRL-002, CTRL-014]
      - title: Multifactor Authentication Verification
        controls_to_test: [CTRL-005]
  - phase_name: Reporting
    milestones:
      - title: Draft Report Published

---

Configuring قوالب المنهجية

To manage templates:

1. Navigate to Admin → Templates.
2. Click Create Template for the target category (e.g., Audit Program).
3. Specify template metadata: name, category, owner, and optional alignment to regulatory frameworks (e.g., NCA ECC or SAMA Cybersecurity Framework).
4. Build the template details:
   • Add phases, milestones, and testing scope.
   • Attach reusable questionnaire components.
5. Save as Draft to allow previewing and editing.
6. Click Publish to make the template available for all auditors when setting up new engagements.

---

Governance & Quality Gates

Methodology changes are subject to quality controls:

• Version Control: Publishing a template creates an immutable, incremented version (e.g., v2.1.0). If an audit was started using v2.0.0, it remains on that version to maintain data integrity, but new engagements will use v2.1.0.
• RBAC Controls: Creating and publishing templates is restricted to the Admin and CAE roles. Auditors can use templates but cannot alter the core master catalogs.
• Review Gates: When an engagement loads a template, modifications to the baseline steps are logged in the engagement's audit trail, requiring approval from the Engagement Manager during planning sign-off.