Auditing business functions

While organisations have different objectives, strategies and risks, there is a generic range of functions and subject areas that apply to most organisations.

Internal auditors will at some time or another review most if not all of these functions and subjects, depending upon the level of change in the organisation and the emerging risk profile.

With the exception of financial services they are not specific to a sector or type of organisation but hopefully they will help you decide how to approach a review of a particular function or subject area as they highlight the key objectives and risks.

Over time we will provide guides on all of these areas, keeping them up to date as events and circumstances change.


Asset Management

Discover the elements of a good asset management process and what to look out for in internal audit.

Auditing non-financial risk in cultural and heritage areas

Reflect on the cultural and heritage bodies or artefacts within your organisation or its remit. 

Board diversity

Gain an understanding of board diversity and assess whether a board is diverse. 

Business continuity planning

Planning for traditional business continuity incidents.


As part of an overall risk assessment, internal auditors should include compliance risk on their audit plan. Find out why. 

Coronavirus (COVID-19)

An overview of key risks and questions to consider.

Corporate killing

Learn about the actions senior managers, employees and internal auditors can take to mitigate health and safety risks to avoid possible prosecution. 

Customer service

Discover the risks involved in offering good customer service and how you can plan and conduct your review effectively. 

 Data Protection

Explore GDPR, data security, data breach incidents and response plans. 


Navigate your understanding of different financial processes and how they overlap with internal audit. 

Financial services

Guidance to help internal auditors provide a more effective service in banks and other financial organisations.


Internal audit has an important role to play in ensuring that management has effective systems in place to detect and prevent corrupt practices within an organisation. Discover why.

 Grant funding administration

This guide will help you provide assurance on how your organisation handles grant funding, and that the management control framework over grant administration is effective. 

 Health and safety

This guidance provides an introduction to the requirements of health and safety legislation and the methods managers use to manage the resulting risks.

Human resources

Our series of guidance will help you keep abreast of policies, procedures, compliance requirements and best practice.

Income generation

Public sector - how to audit and what good looks like.



Discover the strategic importance of marketing and how to conduct a review of your organisation's marketing function. 

Non-executive directors recruitment

This guidance enables internal auditors to objectively assess the non-executive director recruitment processes.

 Organisational change

How you can support the change process during a restructure. Top tips for internal auditors in a restructure.



Internal audit can play a significant role in helping an organisation achieve its strategic objectives in relation to project management. Here's why.

Remuneration and bonus arrangements

This guide provides insight into the risks associated with fixed and variable remuneration and considers the controls that may need to be in place for risk mitigation. 

 Research and development

This guide provides an introduction to R&D to help you plan an internal audit in this area.

 Social media

The guide aims to provide some initial considerations and ideas to help auditors think about their role, objectives and work programmes.


This guide offers internal auditors a tool to help them approach their organisation's strategy and evaluate its strategic management processes. 

 Supply chains

Supply chain management has become increasingly global and more complex. We examine the challenges facing internal audit in a volatile and uncertain set of circumstances.

Sustainable product risk management

How to incorporate climate and sustainability considerations into an audit of product design and development.  

 Third party risk

This guide will help you to develop an approach to providing appropriate assurance over third party risk and control environments.  


This guide lists things to consider and areas of risk to help you to audit the organisation’s whistleblowing/’speak up’ arrangements. 

Third party risk

This guide will help you to develop an approach to providing appropriate assurance over third party risk and control environments.  

Workforce planning

Gain an overview of workforce planning: why it is important, considerations to think about and the ways in which assurance can be provided by internal audit. 

Crisis management - extreme events

Insight and assurance for preparedness.  

Commercial ventures - local authorities

Informative guidance on decision making.

Deprivation of Liberty Safeguards (DoLS)

Insight and risk considerations

Auditing Safeguarding

High-level introduction


Content reviewed: 18 October 2021