Auditing business functions

While organisations have different objectives, strategies and risks, there is a generic range of functions and subject areas that apply to most organisations.

Internal auditors will at some time or another review most if not all of these functions and subjects, depending upon the level of change in the organisation and the emerging risk profile.

They are not specific to a sector or type of organisation but hopefully they will help you decide how to approach a review of a particular function or subject area as they highlight the key objectives and risks.

Over time we will provide guides on all of these areas, keeping them up to date as events and circumstances change.


Asset Management

Asset management is the proper safeguarding and recording of assets. Discover the elements of a good asset management process and what to look out for in internal audit.

Board diversity

Gain an understanding of board diversity and assess whether a board is diverse.

Business continuity planning

For the purpose of this piece of technical guidance we will cover traditional business continuity incidents such as power outage, flood, fire and snow.


As part of the overall risk assessment of an organisation internal audit should include compliance risk within their audit plan. Find out why. 

 Coronavirus (COVID-19)

An overview of key risks and questions to consider.

Corporate killing

Learn about the actions senior managers, employees and internal auditors can take to mitigate health and safety risks to avoid possible prosecution. 

 Customer service

Discover the risks involved in offering good customer service and how you can plan and conduct your review effectively. 

 Data Protection

Data is used by all businesses – from insurance firms and banks to social media sites and search engines. We explore GDPR, data security, data breach incidents and response plans. 


Navigate your understanding of different financial processes and how they overlap with internal audit. 


Internal audit has an important role to play in ensuring that management has effective systems in place to detect and prevent corrupt practices within an organisation. Discover why.

 Grant funding administration

This guide will help you provide assurance on how your organisation handles grant funding, and that the management control framework over grant administration is effective. 

 Health and safety

This guidance provides an introduction to the requirements of health and safety legislation and the methods managers use to manage the resulting risks.

 Human resources

Our series of guidance will help you keep abreast of policies, procedures, compliance requirements and best practice.


Discover the strategic importance of marketing and how to conduct a review of your organisation's marketing function. 

Non-executive directors recruitment

This guidance enables internal auditors to objectively assess the non-executive director recruitment processes.

Organisational change

How you can support the change process during a restructure. Top tips for internal auditors in a restructure.


Internal audit can play a significant role in helping an organisation achieve its strategic objectives in relation to project management. Here's why.

 Remuneration and bonus arrangements

This guide provides an insight into the risks associated with fixed and variable remuneration and considers the controls that may need to be in place for risk mitigation.

Research and development

This guide provides an introduction to R&D to help you plan an internal audit in this area.

Social media

The guide aims to provide some initial considerations and ideas to help auditors think about their role, objectives and work programmes.


This guide provides an overview of what strategy involves. It offers internal auditors a tool to help them approach their organisation's strategy and evaluate its strategic management processes. 

Supply chains

Supply chain management has become increasingly global and more complex. We examine the challenges facing internal audit in a volatile and uncertain set of circumstances.

Third party risk

This guide will help you to develop an approach to providing appropriate assurance over third party risk and control environments.  


This guide lists things to consider and areas of risk to help you to audit the organisation’s whistleblowing/’speak up’ arrangements.


 Workforce planning

Gain an overview of workforce planning: why it is important, considerations to think about and the ways in which assurance can be provided by internal audit. 



Content reviewed: 16 June 2020