How to audit

While organisations have different objectives, strategies and risks, there is a generic range of functions and subject areas that apply to most organisations.

These generic guides are written to help you start planning a review as they highlight key objectives and risks.

The guidance and resources on this page should be considered as a start point to your learning journey.

Business continuity | Culture | Cyber | Digital | ESG - Environmental | ESG - Social | ESG - Governance | Finance | HR | Information Technology | Marketing | Organisational change | Reputation | Risk management |  Strategy | Supply chains | Other A-Z  don't forget to check out the regulatory section too

Business continuity

Chartered IIA
Business continuity planning Crisis management: extreme events Operational resilience
Financial stability and resilience Financial viability Disrupted climate transition
IIA Global  
Business Continuity Management Crisis resilience GTAG10 business continuity
Pandemic and cybersecurity preparedness Resilience amid extreme change


Chartered IIA
Auditing culture Auditing cyber security culture Auditing risk culture guide
Culture and internal audit Culture embedding and evolving Models and tools
Organisational culture Ethical assurance to boards Making culture part of your DNA
Workforce voice  
IIA Global  
Auditing culture Diversity and inclusion Ethics programmes and activities

Cyber separate sections for digital and IT

Chartered IIA
Auditing cyber security culture Cyber risk Cyber security
Data breach incidents and response IT auditing and cyber security Social engineering
IIA Global  
GTAGs   Cybersecurity in 2022  

Digital separate sections for cyber and IT

Chartered IIA
Auditing spreadsheets Analytics, data mining and big data Digital governance
How to audit algorithms  
IIA Global  
Artificial intelligence AI: practical applications (part a) AI: practical applications (part B)

ESG | Environmental including climate risk and sustainability

Chartered IIA
Auditing climate change responses for insurers Preparing for a disrupted climate transition  
Carbon usage Climate change and impact Climate data and reporting
Climate financial risk auditing Climate impact within supply chains Climate strategy
Sustainable product risk Sustainability: AA1000 series Working conditions: climate impact
IIA Global  
Climate action: IA implications Internal audit's role in ESG reporting Corporate social responsibility
Evaluating ethics programmes Fourth wave environmentalism India's environment crisis

ESG | Social

Chartered IIA
Auditing social commitments Reducing enterprise risk  Gender pay 
 Slavery and human trafficking  Modern Slavery Act 2015  Human rights reporting 
IIA Global
IA's role in ESG reporting Evaluating ethics programmes The effects of diversity

ESG | Governance

Chartered IIA
Auditing corporate governance Board diversity Ethical assurance to boards
Integrated reporting - overview Non-fin and integrated reporting  Enhanced integrated reporting
AAP: role of internal audit How to facilitate creation of AAP Viability statements
Information for strategic decisions Auditing whistleblowing Whistleblowing - 2014 report
Auditing counter-fraud strategy   Data Governance Auditing Executive Management Information 
IIA Global  
Auditing the control environment Org gov in private sector  Org gov in public sector
The ESG Risk Landscape: Part 1 The ESG Risk Landscape: Part 2 The ESG Risk Landscape: Part 3
Evaluating ethics programmes Internal audit's role in ESG reporting


Chartered IIA
Accounts payable and assurance Accounts receivable Accruals and prepayments
Asset management Bank reconciliation Financial viability
Grant funding administration IR35 - information guidance IR35 - private sector
Auditing spreadsheets Travel and expenses Treasury front office
Value for money auditing Viability statements Procurement and contracts
Auditing collections  Prompt payment code  
IIA Global
Auditing grants in the public sector Auditing procurement in the public sector

Human resources 

Chartered IIA
Board diversity Employee engagement Gender pay auditing 
IR35 - information guidance IR35 - inclusion of private sector Non-exec director recruitment 
Performance management Recruitment and selection Remuneration and bonuses 
Reward and recognition Sickness related absence Talent management
Training and development Whistleblowing Workforce planning
IIA Global  
Auditing executive compensation and benefits   Talent management
Additional resources

ACAS: Advisory, Conciliation and Arbitration Service | Guidance and information across a range of people issues

CICM: Chartered Institute of Credit Management | Insight and information

CIPD: Chartered Institute of Personnel and Development | Insight and guidance across all HR issues

IOD: Institute of Directors | Insight and guidance across a wide range of organisational issues

IT separate sections for cyber and digital

Chartered IIA
Auditing spreadsheets Auditing IT change management  Cloud computing
IT basics for non-IT auditors  
IIA Global  
GTAGs Guide to the assessment of IT Cloud security: threats and risks


Chartered IIA
Auditing marketing Auditing social media Social media

Organisational change including projects 

Chartered IIA
Auditing agile delivery Auditing mergers and acquisitions
Auditing projects and programmes Auditing projects in the early stages  Auditing IT change management
IIA Global  
IT change management Auditing IT projects


Chartered IIA
Auditing reputational risk Managing reputation risk
IIA Global
Reducing enterprise risk - managing reputation 

Risk Management

Chartered IIA
Auditing risk culture: a practical guide 
IIA Global  
Assessing the risk management process Risk management using ISO 31000 


Chartered IIA
Auditing strategy Ethical assurance to boards Presenting information to the board


Supply chain including third parties

Chartered IIA
Introduction to supply chains Auditing supply chains Climate impact within supply chains 
Auditing third party risk Auditing outsourced services Auditing shared services
Outsourcing and the role of internal audit Procurement and contracts  
IIA Global  
Third party risk management India's environment crisis Auditing external relationships

Other A-Z

Chartered IIA
Customer services Auditing non-finance risk in culture Research and development
Procurement and contracts Data Governance

Additional resources 

Don't forget our technical blogs for brief insights and tips

Board briefings can be useful sources of information

Codes of practice | Financial services, private and third sector

Harnessing the power of internal audit | A good corporate governance guide for audit committees and directors

Need help to find what you are looking for? ask the resources team

Content reviewed: 16 May 2022