Performing the Audit Engagement.
Work programs used to document the nature, extent, and timing of the specific audit procedures.
Worksheets prepared by the internal auditor, such as a risk and control matrix used to document process-level risks, key control descriptions, the internal auditor's evaluation of control design adequacy, the tests of controls performed, and the test results.
Other types of working papers prepared by the internal auditor that reflect work performed (for example, analytical procedures, computerized data analysis, and direct tests of transactions, events, account balances, and performance measurements).
Evidence compiled by the auditee and tested by the internal auditor.
Controls performed by the auditee and reperformed by the internal auditor (for example, bank reconciliations).
Copies of source documents, such as purchase requisitions, purchase orders, receiving reports, vendor invoices, vouchers, and checks