Plan multi-year audit coverage
Use the universe model to weight risk, set a coverage target and cycle, and let event-driven escalation re-prioritize when risk changes, so engagements follow risk rather than habit.
Try it in CybervergentOverview
Define a risk-prioritized plan that covers the universe over the cycle.
Step-by-step
- 1 In the sidebar open 'Audit' then 'Universe' and click 'New Universe'. Name it for the planning cycle.
- 2 Add the auditable entities across Business Units, Processes, Functions, and Systems, each with a criticality and inherent risk.
- 3 Set the risk-factor weights so the total reads 100%, reflecting how your organization prioritizes risk.
- 4 Choose the default audit cycle and set the minimum coverage target for the percentage of the universe audited per cycle.
- 5 Enable event-driven escalation with triggers and a cooldown so entities re-prioritize when gaps, incidents, or control failures appear.
- 6 Set the materiality threshold so engagements focus where the financial impact is significant.
- 7 Finish the Governance and Review steps, then start engagements from the highest-priority entities first and track coverage against the target.
Related articles
Internal Audit Run a risk-based internal audit cycle Take an audit from risk-weighted universe planning through fieldwork to an issued report. Internal Audit Do internal control over your entities Test the internal controls across your auditable entities through an internal control audit. Internal Audit Track findings to closure Manage findings and corrective action plans from raise to verified closure. Posture Management Manage your audit posture Establish audit coverage and prove a healthy, improving audit posture.