- Annual Internal Audit Planning & Resource Management — Internal Audit · 12 steps
Run the chief audit executive's annual internal audit planning cycle: refresh the audit universe and the documented understanding of governance, risk, and control processes, develop the risk-based strategy and plan, secure the budget, staffing, and technology to deliver it, obtain board approval, and reassess the plan and resource sufficiency each quarter as the risk landscape changes. - Audit Engagement Planning — Internal Audit · 21 steps
Establish the scope, risk assessment, control population, and sampling plan for an audit engagement, culminating in an approved planning memo and seeded audit record. - Audit Report Drafting — Internal Audit · 19 steps
Compile fieldwork findings into a formal audit report, from issue drafting and executive summary through management responses and final issuance. - Cybersecurity Assurance Review — Internal Audit · 23 steps
Execute a CAE-owned cybersecurity assurance review using IIA Topical Requirement coverage while referencing technical control catalogs. - Finding Remediation & Action-Plan Monitoring — Internal Audit · 16 steps
Track audit findings and agreed actions from registration through evidence validation, escalation, risk acceptance, and committee reporting. - Fraud & Forensic Investigation Engagement — Internal Audit · 19 steps
Run a predication-gated fraud and forensic investigation from allegation intake through evidence preservation, forensic procedures, interviews, loss quantification, audit-committee reporting, and referral and remediation handoffs. - Internal Audit Charter, Independence & Board Governance Cycle — Internal Audit · 11 steps
Run the internal audit function's board-governance cycle: deliver the CAE's functional reporting and executive sessions to the audit committee, secure committee action on the CAE's appointment, evaluation, remuneration, and the audit plan and budget, and reaffirm the function's organizational independence in writing. Lead the periodic board review and reapproval of the audit mandate and charter with its unrestricted-access provisions, execute the stakeholder communication plan across the board, management, regulators, and external auditors, and retain the governance evidence. - Internal Audit Engagement Lifecycle — Internal Audit · 20 steps
Run an IIA-aligned engagement from evidence requests and fieldwork through findings, conclusions, report issuance, and action registration. - Internal Audit Ethics, Objectivity & Competency Program — Internal Audit · 11 steps
Run the internal audit function's annual professional-practice cycle: every auditor and assisting party attests to the ethics and professional-courage expectations with deviations documented and resolved, signs conflict-of-interest declarations backed by per-engagement conflict screening, assignment rotation, and recusal, and completes confidentiality acknowledgments while access to audit files is reviewed and restricted; the cycle closes with competency assessment against role requirements and approved, tracked continuing-professional-development plans for each auditor. - Quality Assurance & Improvement Program Cycle — Internal Audit · 25 steps
Operate the QAIP cycle across ongoing review, internal assessment, external quality assessment, improvement planning, and board reporting. - Third-Party Vendor Assurance Engagement — Internal Audit · 23 steps
Run an IA-led third-party assurance engagement covering governance, risk tiering, control environment, monitoring, exclusions, and reporting.