How to audit
While organisations have different objectives, strategies and risks, there is a generic range of functions and subject areas that apply to most organisations.
These generic guides are written to help you start planning a review as they highlight key objectives and risks.
The guidance and resources on this page should be considered as a start point to your learning journey.
Business continuity | Culture | Cyber | Digital | ESG - Environmental | ESG - Social | ESG - Governance | Finance | HR | Information Technology | Marketing | Organisational change | Reputation | Risk management | Strategy | Supply chains | Other A-Z
Business continuity
| Chartered IIA | ||
| Business continuity planning | Crisis management: extreme events | Operational resilience |
| Financial stability and resilience | Financial viability |
| IIA Global | ||
| Business Continuity Management | Crisis resilience | GTAG10 business continuity |
| Pandemics and cybersecurity: rethinking preparedness | ||
Culture
Cyber separate sections for Digital and IT
| Chartered IIA | ||
| Auditing cyber security culture | Cyber risk | Cyber security |
| Data breach incidents and response | IT auditing and cyber security | Social engineering |
| IIA Global | ||
| GTAGs | ||
Digital separate sections for Cyber and IT
ESG | Environmental including climate risk and sustainability
ESG | Social
| Chartered IIA |
| Auditing social commitments | Reducing enterprise risk |
| IIA Global |
| IA's role in ESG reporting | Evaluating ethics programmes | The effects of diversity |
ESG | Governance
| Evaluating ethics programmes | Internal audit's role in ESG reporting |
Finance
| Value for money auditing | Viability statements |
| IIA Global | |
| Auditing grants in the public sector | |
Human resources
| Auditing executive compensation and benefits | Talent management |
| Additional resources | ||
|
ACAS: Advisory, Conciliation and Arbitration Service | Guidance and information across a range of people issues CICM: Chartered Institute of Credit Management | Insight and information CIPD: Chartered Institute of Personnel and Development | Insight and guidance across all HR issues IOD: Institute of Directors | Insight and guidance across a wide range of organisational issues |
IT separate sections for cyber and digital
| Chartered IIA | ||
| Auditing spreadsheets | Auditing IT change management | Cloud computing |
| IT basics for non-IT auditors | ||
| IIA Global | ||
| GTAGs | Guide to the assessment of IT | Cloud security: threats and risks |
Marketing
| Chartered IIA |
| Auditing marketing | Auditing social media | Social media |
Organisational change including projects
| Chartered IIA | ||
| Auditing agile delivery | ||
| Auditing projects and programmes | Auditing projects in the early stages | Auditing IT change management |
| IIA Global | ||
| IT change management | Auditing IT projects |
Reputation
| Chartered IIA | ||
| Auditing reputational risk | Managing reputation risk | |
| IIA Global | ||
| Reducing enterprise risk - managing reputation | ||
Risk Management
| Chartered IIA | ||
| Auditing risk culture: a practical guide | ||
| IIA Global | ||
| Assessing the risk management process | Risk management using ISO 31000 | |
Strategy
| Chartered IIA | ||
| Auditing strategy | Ethical assurance to boards | Presenting information to the board |
Supply chain including third parties
Other A-Z
| Chartered IIA | ||
| Customer services | Auditing non-finance risk in culture | Research and development |
Additional resources
Don't forget our technical blogs for brief insights and tips
Board briefings can be useful sources of information
Codes of practice | Financial services, private and third sector
Harnessing the power of internal audit | A good corporate governance guide for audit committees and directors
Need help to find what you are looking for? ask the resources team
