Run a risk-based internal audit cycle
Build a risk-weighted universe, scope engagements to the highest-risk entities, apply controls and run tests, drive findings to closure, and issue the report under an approval workflow.
Try it in CybervergentOverview
Take an audit from risk-weighted universe planning through fieldwork to an issued report.
Step-by-step
- 1 In the sidebar open 'Audit' then 'Universe' and click 'New Universe'. Add auditable entities with criticality and inherent risk, set the risk-factor weights to total 100%, choose an audit cycle, and set the materiality threshold and minimum coverage target.
- 2 Map regulatory requirements and import controls from your compliance program so coverage is explicit.
- 3 On the highest-priority universe entry, open the actions menu and select 'Start Engagement', then complete the 'Plan Engagement' form (audit type, dates, entities, audit leads).
- 4 Open the engagement, and on the 'Assets' tab use 'Apply Control' to bring in the controls under audit.
- 5 Click 'Create Test', define each test, and record results on the 'Tests' tab, including the design sufficiency check.
- 6 Raise findings from failed tests with type, severity, and remediation, and have auditees complete the corrective action plan.
- 7 On the 'Report' tab, generate the Draft Report, Working Paper, and Final Report.
- 8 Submit the engagement for approval, then review cycle health and remediation throughput in 'Audit' then 'Assurance'.
Related articles
Internal Audit Do internal control over your entities Test the internal controls across your auditable entities through an internal control audit. Internal Audit Plan multi-year audit coverage Define a risk-prioritized plan that covers the universe over the cycle. Internal Audit Track findings to closure Manage findings and corrective action plans from raise to verified closure. Posture Management Manage your audit posture Establish audit coverage and prove a healthy, improving audit posture.