| # | Audit / Unit Name | Description / Scope | Context |
|---|---|---|---|
| 1 | 2nd Line Operational Risk Governance | Evaluate oversight roles, risk committees, and second-line monitoring of OR events | Finance – ensures robust second-line structure and risk coordination |
| 2 | 2nd Line Operational Risk – Control Testing | Assess test plans, sampling, and second-line validation of key operational controls | Finance – focuses on second-line’s day-to-day control testing efforts |
| 3 | Enterprise Risk Management (ERM) Strategy | Verify board-approved ERM policy alignment with strategic goals, risk appetite coverage | Finance – foundation for integrated risk approach across the institution |
| 4 | ERM Emerging Risk & Scenario Analysis | Confirm processes for identifying emerging risks (geopolitical, cyber, climate), scenario design, and escalation | Finance – forward-looking risk management helps strategic planning |
| 5 | Risk Appetite Setting & Cascade | Check how top-level risk appetite statements translate into business-line-level limits, triggers, and MIS | Finance – ensures risk appetite is cascaded effectively to all lines |
| 6 | Risk Oversight & Escalation Channels | Validate the escalation matrix for risk events/incidents, near misses, and threshold breaches | Finance – timely reporting to committees or board prevents major losses |
| 7 | Interest Rate Risk – Trading Book | Evaluate IRR metrics for short-term trading positions, VaR approach, limit structures, and backtesting | Finance – specialized for treasury trading desks subject to interest rate fluctuations |
| 8 | Interest Rate Risk – Banking Book Sub-Segments | Break down IRRBB by product segments (mortgages, consumer loans, corporate loans) for tailored stress testing | Finance – deeper line-of-business segmentation of interest rate risk |
| 9 | Asset-Liability Management (ALM) – Derivatives Usage | Assess derivative strategies for hedging ALM mismatches, hedge documentation, and compliance with accounting rules | Finance – advanced ALM function with derivatives for stabilizing balance sheet |
| 10 | ALM Governance & Limit Management | Check ALM committee structures, limit approvals, monthly ALCO packs, and policy reviews | Finance – core oversight ensuring consistent ALM strategy |
| 11 | Treasury Liquidity – Cash Flow Forecasting | Evaluate liquidity projections, day-to-day variance analysis, and short-term funding approach | Finance – critical for meeting short-term obligations |
| 12 | Treasury Liquidity – Stress Testing & Contingency Plans | Inspect stress scenario design, LCR/NSFR calculations, and funding contingency planning | Finance – essential for Basel III or similar liquidity regulations |
| 13 | Senior Management & Board Reporting – Data Validation | Confirm data accuracy, completeness, and lineage for board pack metrics (KRI, KPI, capital, liquidity) | Finance – ensures top-level decisions rely on robust data |
| 14 | Senior Management & Board Reporting – Timeliness & Format | Review production timelines, distribution lists, and user-friendliness (dashboards, trend visuals) | Finance – ensures quick, clear insights to leadership |
| 15 | Model Risk Management – Risk Models Library | Audit the inventory, classification, and periodic reviews of PD, LGD, EAD, liquidity, and pricing models | Finance – advanced quantitative risk environment (banking, insurance) |
| 16 | Model Risk – Validation & Stress Model Governance | Check validation approach, independence, re-calibration frequency, documentation for scenario models | Finance – advanced risk quant governance |
| 17 | Credit Risk – Retail Lending Channels | Separate audits for credit cards, auto loans, mortgages – evaluate underwriting, scoring, portfolio performance | Finance – deeper, specialized approach to each retail product |
| 18 | Credit Risk – Corporate & Commercial Portfolios | Assess credit facility structures, covenant tracking, watchlist processes, sector concentration oversight | Finance – large-exposure and corporate-level lending risk |
| 19 | Credit Risk – Specialized Lending (Project Finance, etc.) | Focus on project finance, leveraged finance, real estate developments – check due diligence, stress assumptions | Finance – high-profile, high-risk lending segments |
| 20 | Capital Adequacy – Pillar 1 & Pillar 2 Processes | Evaluate RWA calculations, ICAAP documentation, capital planning horizon, and stress test alignments | Finance – compliance with regulatory capital frameworks |
| 21 | Financial Reporting – IFRS 9/CECL Provisioning | Inspect expected credit loss models, staging criteria, macro overlays, disclosure correctness | Finance – ensures correct provisioning in line with IFRS 9 or CECL (US GAAP) |
| 22 | Financial Reporting – Consolidation & Intercompany | Check group consolidation, minority interests, eliminations of intercompany transactions, currency translations | Finance – crucial for multi-entity correctness |
| 23 | SOX / ICFR – Process-Specific Controls | Drill-down audits for procure-to-pay, order-to-cash, record-to-report cycles with control testing | Finance – ensures each major process has robust financial controls |
| 24 | Accounts Payable – Vendor Setup & Invoice Approval | Evaluate vendor onboarding, invoice matching (3-way), duplicates, and payment runs | Finance – addresses a high-risk area for fraud and errors |
| 25 | Accounts Payable – Expense Reimbursements | Specifically target T&E claims, policy compliance, receipt matching, out-of-policy claims | Finance – potential leakages and misuse in T&E |
| 26 | Revenue Recognition – Subscription/Recurring Models | Confirm revenue recognition rules for subscription services, deferral of revenues, discount/promotion accuracy | Finance – modern business models need careful revenue deferral |
| 27 | Revenue Recognition – Project-Based Billing | Inspect milestone-based or percentage-of-completion revenue, contract terms, change orders, WIP | Finance – ensures correct POC or milestone-based approach |
| 28 | Fixed Assets & CAPEX – Project Approvals | Check capital request gating, ROI analyses, budget vs. actual tracking | Finance – large-scale CAPEX often needs robust oversight |
| 29 | Fixed Assets – Disposal & Write-Off Process | Focus on disposal authorizations, gain/loss calculations, asset retirement obligations | Finance – ensures no unaccounted assets or undervalued write-offs |
| 30 | Tax Compliance – Transfer Pricing Implementation | Verify transfer pricing policies, intercompany margins, local file documentation, and Master File compliance | Finance – multinational tax environment |
| 31 | Tax Compliance – Indirect Taxes (VAT, GST) | Inspect transaction-level compliance, input credit reconciliation, cross-border complexities | Finance – critical for consumer-facing or cross-border business |
| 32 | Hedge Accounting – Documentation & Testing | Confirm formal hedge designations, hedge effectiveness testing results, rebalancing of hedge relationships | Finance – specialized IFRS 9 or US GAAP hedge accounting rules |
| 33 | Treasury – FX Exposure & Hedging | Evaluate identification of FX exposures, forward contract usage, revaluation, limit monitoring | Finance – ensures no large unhedged currency mismatches |
| 34 | Mortgage Servicing – Escrow & Insurance Tracking | Focus on escrow collection accuracy, timely insurance renewals, escrow analysis statements to borrowers | Finance – compliance for mortgage servicers |
| 35 | Factory/Plant Safety Audit – Production Lines | Assess PPE usage, safety training logs, hazard identification, and incident tracking | Non-finance – essential for manufacturing or industrial settings |
| 36 | HR – Payroll & Compensation Audit | Validate payroll runs, timesheet approvals, commission or bonus structures, tax withholdings | Non-finance – a universal HR function but critical to cost and compliance |
| 37 | HR – Recruitment & Onboarding Process | Check job requisition approvals, background checks, orientation programs, new-hire documentation | Non-finance – ensures correct workforce intake approach |
| 38 | HR – Offboarding & Termination Controls | Ensure exit interviews, system access removal, final payments, knowledge transfer | Non-finance – prevents security risk from ex-employees and handles final pay |
| 39 | HR – Performance Management & Promotions | Evaluate performance appraisal consistency, promotion criteria, pay adjustments, documentation | Non-finance – ensures fairness and transparency in promotions |
| 40 | Data Privacy & GDPR – Subject Access Request Handling | Inspect process for responding to data subject requests (access, erasure, rectification) | Non-finance – specialized data protection domain |
| 41 | Data Privacy & GDPR – Consent Management | Check if user consent for data usage is captured, tracked, and revocation is managed properly | Non-finance – compliance for marketing, data analytics, or e-commerce |
| 42 | IT General Controls – Identity & Access Management (IAM) | Evaluate user provisioning, role-based access controls, termination revocation, privileged account monitoring | Non-finance – universal for secure IT environment |
| 43 | ITGC – Change Management Process | Check developer access, code merging, test environments, and emergency changes for system updates | Non-finance – ensures stable production environment |
| 44 | ITGC – Backup & Disaster Recovery | Review backup schedules, storage encryption, DR site readiness, annual DR testing | Non-finance – essential for operational resilience |
| 45 | IT Application Controls – Core ERP System | Inspect data input validations, business rules, interface reconciliations, role-based approvals in the ERP | Finance or non-finance – depends on ERP modules but typically includes finance data |
| 46 | Cybersecurity – Network Perimeter & Firewall Config | Validate firewall rule reviews, network segmentation, intrusion detection usage, patching of perimeter devices | Non-finance but vital to mitigate cyber threats |
| 47 | Cybersecurity – Ransomware Preparedness | Check anti-ransomware tools, offline backups, incident response runs, privileged account minimization | Non-finance domain focusing on modern cyber threat |
| 48 | Business Continuity – Pandemic Readiness | Assess the continuity plan for pandemics, remote work capabilities, staff shortage scenarios | Non-finance – real-world scenario planning |
| 49 | Third-Party Vendor Mgmt – Contract Lifecycle | Evaluate RFPs, vendor onboarding checks, contract SLAs, renewal triggers, vendor risk classification | Non-finance – supply chain or outsourcing environment |
| 50 | Third-Party Vendor Mgmt – Onsite Assessments | Check if high-risk vendors undergo onsite or virtual audits, security checks, continuity provisions | Non-finance – deeper vendor oversight |
| 51 | Audit Analytics & CAATs (Computer-Assisted Audit Techniques) | Confirm usage of data analytics in audits, continuous monitoring scripts, tool governance | Finance or non-finance – modernizing the audit approach |
| 52 | Fraud Risk Assessment – Financial Transactions | Inspect fraud risk frameworks, anomalies in AP, AR, T&E, suspicious patterns, whistleblower hotline follow-ups | Finance – targeted at potential internal/external fraud |
| 53 | Fraud Risk Assessment – Non-Financial Areas | Evaluate inventory theft risk, collusion in procurement, false vendor schemes, intangible asset misappropriation | Non-finance – broad-based fraud detection beyond financial statements |
| 54 | AML (Anti-Money Laundering) – KYC & CDD | Check know-your-customer, customer due diligence processes, watchlist screening, and suspicious activity reporting | Finance – regulated banks or money service businesses |
| 55 | AML – Transaction Monitoring Systems | Validate effectiveness of AML transaction monitoring software, detection thresholds, false positive handling | Finance – ensures robust monitoring for money laundering patterns |
| 56 | Sanctions Compliance – OFAC/UN/EU | Inspect screening processes for sanctioned individuals/entities, blocked property management, escalation channels | Finance – critical for global banks operating across multiple jurisdictions |
| 57 | Corporate Card & Purchasing Card (P-Card) Program | Check issuance policy, transaction monitoring, monthly statement reviews, misuse detection | Finance – a potential area for expense abuse, usually part of T&E or procurement function |
| 58 | Treasury – Intercompany Loans & Cash Pooling | Evaluate cross-entity lending rates, approvals, pooling structures, and netting arrangements | Finance – ensures compliant, arm’s-length intercompany funding |
| 59 | Mortgage Underwriting – Specialized Lending (FHA/VA etc.) | Evaluate compliance with government-insured loan guidelines, additional disclosures, adherence to LTV/DTI rules | Finance – more granular approach to mortgage specifics |
| 60 | Pension & Benefits Fund Oversight | Inspect funding status, investment strategies, benefit disbursement controls for employee pension or 401(k) plans | Finance – ensures employee benefit obligations are properly managed |
| 61 | HR – Succession Planning & Talent Management | Check leadership pipeline identification, training programs, high-potential staff tracking | Non-finance – crucial for organizational continuity |
| 62 | HR – Diversity & Inclusion Initiatives | Assess D&I policies, representation metrics, pay equity analysis, and action plans for improvement | Non-finance – corporate culture and social responsibility |
| 63 | HR – Workforce Planning & Forecasting | Evaluate forecasting of staffing needs, budget vs. actual headcount tracking, contingent workforce usage | Non-finance – strategic approach to ensuring the right skill sets |
| 64 | Health & Safety – Chemical Handling & Storage | For labs or manufacturing, verify MSDS usage, chemical inventory logs, proper disposal methods | Non-finance – specialized EHS domain |
| 65 | Health & Safety – Personal Protective Equipment (PPE) | Inspect availability, training, and enforcement of PPE requirements for hazardous worksites | Non-finance – workplace safety compliance |
| 66 | Environment – Carbon Footprint & Emissions Tracking | Check greenhouse gas inventory, emission factors, offset strategies, external reporting | Non-finance – part of ESG initiatives |
| 67 | Environment – Waste Management & Recycling | Validate disposal vendors, recycling policies, e-waste handling, hazardous waste logs | Non-finance – key for manufacturing, labs, or large campuses |
| 68 | IT Governance – Strategy & Roadmap | Evaluate IT steering committee, alignment of IT projects with corporate strategy, ROI metrics | Non-finance – ensures strategic alignment of IT investments |
| 69 | ITGC – Patch Management & Vulnerability Scanning | Inspect patch cycle timeliness, vulnerability scanning results, remediation processes | Non-finance – crucial for security hygiene |
| 70 | Cloud Governance – Multi-Cloud Strategy | Check cloud vendor selection, cost optimization, deployment consistency, key risk acceptance | Non-finance – advanced cloud usage |
| 71 | Cybersecurity – Identity Federation & SSO | Evaluate single sign-on solutions, SAML/OAuth, role-based provisioning, multifactor enforcement | Non-finance – user-friendly but needs robust security |
| 72 | Cybersecurity – Penetration Testing Program | Confirm scope of pentests, vendor qualifications, remediation tracking, and retesting | Non-finance – advanced security approach |
| 73 | BCP/DR – Crisis Communication & Stakeholder Engagement | Assess crisis messaging templates, contact trees, media handling, management escalation for major disruptions | Non-finance – critical for brand and operational resilience |
| 74 | Logistics – Warehouse Automation & Robotics | Verify control over automated picking, sorting systems, error handling logs, and maintenance schedules | Non-finance – advanced supply chain technology domain |
| 75 | Fleet Management – Telematics & GPS Monitoring | Check route optimization, driver performance data usage, mileage recording, potential privacy concerns | Non-finance – transport domain with data analytics aspect |
| 76 | Customer Service – Omnichannel & Escalation | Inspect chat, email, phone, social media complaint resolution, system integrations, escalation triggers | Non-finance – brand reputation and customer satisfaction |
| 77 | Marketing – Digital Advertising & PPC | Evaluate spend tracking, ROI analysis, compliance with ad platforms’ guidelines (e.g., Google Ads) | Non-finance – cost management in marketing campaigns |
| 78 | Marketing – Affiliate & Partnership Programs | Check contract terms, affiliate performance monitoring, commission payouts, potential brand risk | Non-finance – ensures legit affiliates, prevents brand or reputational risk |
| 79 | Product Development – Agile Scrum Process | Assess sprint planning, backlog prioritization, daily standups, sprint retros, DevOps integration | Non-finance – relevant to software or product teams |
| 80 | R&D – Intellectual Property (Patents & Trademarks) | Inspect patent filing processes, trademark usage monitoring, external counsel coordination | Non-finance – crucial for IP-driven industries |
| 81 | Social Media – Crisis Handling & Rapid Response | Evaluate how social media teams handle viral negative events, disclaimers, brand guidelines, escalation to PR | Non-finance – modern brand protection |
| 82 | Legal & Regulatory – Litigation Management | Review legal case tracking, outside counsel fees, settlement approvals, e-discovery approach | Non-finance – corporate legal function oversight |
| 83 | Procurement – Strategic Sourcing & Vendor Negotiations | Inspect advanced sourcing strategies, vendor negotiations, cost-saving initiatives | Non-finance – major cost center, potential for big savings or corruption |
| 84 | Procurement – Contract Compliance (Post-Award) | Validate vendor performance vs. contract terms, penalty clauses, service-level achievements | Non-finance – ensures vendor accountability |
| 85 | Facilities – Fire & Emergency Systems | Check fire alarm systems, sprinkler coverage, evacuation routes, periodic drills | Non-finance – critical EHS domain |
| 86 | Facility Management – Energy Efficiency & Green Building | Evaluate building automation systems, LEED or similar certifications, ROI on energy-saving upgrades | Non-finance – cost saving, ESG synergy |
| 87 | Travel & Expense Management – Policy Adherence | Inspect flight/hotel booking compliance, meal allowances, out-of-policy approvals, traveler safety | Non-finance – broad T&E domain, complements finance AP audits |
| 88 | Government & Public Sector Grants Audit | For public entities, confirm awarding of grants, compliance with usage restrictions, reporting obligations | Non-finance – specifically for government or nonprofit sectors |
| 89 | Nonprofit – Program Effectiveness & Outcomes | Evaluate if donations/funds are used effectively per mission, outcome measurement, overhead ratio | Non-finance – philanthropic or NGO context |
| 90 | Education – Student Data Privacy & FERPA Compliance | Check student record confidentiality, access logs, parental consent for disclosures | Non-finance – specialized for academic institutions |
| 91 | Education – Research Grants & Funding | Inspect grant writing, milestone tracking, resource allocation, compliance with federal or philanthropic funding constraints | Non-finance – ensures accountability in higher education research projects |
| 92 | Healthcare – HIPAA Privacy & Security | Validate patient health info protection, HIPAA access logs, breach notification procedures | Non-finance – healthcare domain with strict privacy rules |
| 93 | Healthcare – Billing & Coding Accuracy | Check coding guidelines (ICD, CPT), claim submission processes, denial management, upcoding risks | Non-finance – healthcare revenue cycle management |
| 94 | Pharma – Clinical Trial Compliance | Assess trial protocols, subject consent, data integrity, adverse event reporting | Non-finance – specialized R&D environment |
| 95 | Pharma – Drug Safety & Pharmacovigilance | Evaluate post-marketing surveillance for adverse drug reactions, signal detection, regulatory reporting | Non-finance – ensures drug safety oversight for public health |
| 96 | Agriculture & Food – Supply Chain Traceability | Inspect traceability from farm to fork, batch labeling, recall readiness | Non-finance – critical for safety/quality in food supply chain |
| 97 | Agriculture & Food – Quality Control & Testing Labs | Validate in-house or outsourced testing labs, sampling frequency, contamination action plans | Non-finance – ensures product safety and compliance with standards |
| 98 | Automotive – Vehicle Recall & Warranty Management | Check recall processes, VIN tracking, warranty claim reviews, cost recovery from suppliers | Non-finance – brand protection and regulatory compliance in auto industry |
| 99 | Casino & Gaming Operations – Gaming Floor Controls | Assess chip/cash security, table game surveillance, machine payout verification, AML compliance | Non-finance – specialized for gaming licensing and AML obligations |
| 100 | Mining & Extractives – Environmental Impact & Permit Compliance | Evaluate permit adherence, reclamation plans, water usage, local community engagement | Non-finance – high environmental and social impact domain |
The world’s #1 internal audit resource – search below
Created for IA pros using a desktop, this is an instantaneous search engine that will instantly scour through one of our thousands of articles and pieces and deliver super useful results. Search for anything – we probably have something on it somewhere.