AuditBoard Live Webinar banner advert TeamMate ESG advertising banner 2023

How to audit

While organisations have different objectives, strategies and risks, there is a generic range of functions and subject areas that apply to most organisations.

These generic guides are written to help you start planning a review as they highlight key objectives and risks.

The guidance and resources on this page should be considered as a start point to your learning journey.

Business continuity | Culture | Cyber | Digital | ESG - Environmental | ESG - Social | ESG - Governance | Finance | Fraud | HR Information Technology | Marketing | Organisational change | Reputation | Risk management |  Strategy | Supply chains | Other A-Z  don't forget to check out the sector-specific and regulatory sections too

Business continuity, crisis management and resilience

Chartered IIA
Business continuity planning (2021) Crisis management: extreme events (2022) Operational resilience (2019)
Financial stability and resilience (2021) Financial viability (2021) Disrupted climate transition (2022)
IIA Global  
Business Continuity Management (2014) Crisis resilience (2017) GTAG10 business continuity (2008)
Pandemic and cybersecurity preparedness (2020) Resilience amid extreme change (2022)


Chartered IIA
Auditing culture (2021) Auditing cyber security culture (2021) Auditing risk culture (2021)
Culture and internal audit (2014) Culture embedding and evolving (2016) Models and tools (2017)
Organisational culture (2014) Ethical assurance to boards (2016) Making culture part of your DNA (2018)
Workforce voice (2021) Psychological Safety (2022) Conduct culture for all sectors and nonFS internal auditors (2023)
Auditing staff welfare and wellbeing (2023)    
IIA Global  
Auditing culture (2021) Auditing risk culture  (2022) Ethics programmes and activities (2012)
Diversity, Equity, and Inclusion (DEI) 101 (2022) Diversity and inclusion (2020)   

Cyber separate sections for digital and IT

Chartered IIA
Auditing cyber security culture (2021) Cyber risk (2015) Cyber security (2017)
Data breach incidents and response (2015) IT auditing and cyber security (2015) Social engineering (2019)
Ransomware auditing (2024)    
IIA Global  
Cybersecurity - SEC changes (2022) Cybersecurity - IA and the CISO (2022) Cybersecurity - Incident Response and Recovery (2022)
GTAGs - range of detailed IT guidance   

Digital separate sections for cyber and IT

Chartered IIA
Auditing artificial intelligence (2023) Analytics, data mining and big data (2015) Auditing spreadsheets (2015)
Digital governance (2021) How to audit algorithms (2020)  Auditing models (2023)
IIA Global  
GTAGs - range of detailed IT guidance  

IIA Global Data Analytics (2022)

Artificial intelligence (2017) AI: practical applications (part a) (2017) AI: practical applications (part B) (2017)

ESG | Environmental including climate risk and sustainability

Chartered IIA
Auditing climate change responses for insurers (2021) Carbon usage (2020) Climate change and impact (2019)
Climate data and reporting (2020) Climate financial risk auditing (2020) Climate impact within supply chains (2020)
Climate strategy (2020) European sustainability reporting standards (2023) Preparing for a disrupted climate transition (2022)
Sustainability: AA1000 series (2009) Sustainable product risk (2020)  
Well-being of future generations (2023) Working conditions: climate impact (2020)  
IIA Global  
Climate action: IA implications (2018) Internal audit's role in ESG reporting (2021) Corporate social responsibility (2020)
Evaluating ethics programmes (2012) Fourth wave environmentalism (2014) India's environment crisis (2018)
IIA Belgium: ESG Sustainability - A Risk or Opportunity for Internal Audit? (2021) ECIIA: Embedding ESG shifting expectations (2021)  

ESG | Social

Chartered IIA
Auditing social commitments (2020) Gender pay (2020)  Human rights reporting 
 Modern Slavery Act 2015    Reducing enterprise risk (2018) Slavery and human trafficking 
Well-being of future generations (2023)    
IIA Global
IA's role in ESG reporting Evaluating ethics programmes The effects of diversity

ESG | Governance

Chartered IIA
Auditing corporate governance (2019) Board diversity (2018) Ethical assurance to boards
Integrated reporting - overview (2013) Non-fin and integrated reporting (2017) Enhanced integrated reporting
AAP: role of internal audit How to facilitate creation of AAP Viability statements (2020)
Information for strategic decisions Auditing whistleblowing Whistleblowing - 2014 report
Auditing counter-fraud strategy   Data Governance Auditing Executive Management Information 
IIA Global  
Auditing the control environment Org gov in private sector (2012) Org gov in public sector (2012)
The ESG Risk Landscape: Part 1 The ESG Risk Landscape: Part 2 The ESG Risk Landscape: Part 3
Evaluating ethics programmes Internal audit's role in ESG reporting


Chartered IIA
Accounts payable and assurance (2021) Accounts receivable (2014) Accruals and prepayments (2017)
Asset management (2019) Bank reconciliation Financial viability
Grant funding administration (2017) IR35 - information guidance (2020) IR35 - private sector
Auditing spreadsheets Travel and expenses (2013) Treasury front office (2020)
Value for money auditing Viability statements (2020) Procurement and contracts (2022)
Auditing collections (2022) Auditing Payroll (2023)  Budgeting and Forecasting
Sanctions Prompt payment code (2022)   
IIA Global
 Budgeting and Forecasting Auditing procurement in the public sector


Chartered IIA
 Position Paper: Internal audit and corrupt practices   Fraud  Anti-money laundering
Fraud Risk Assessment - an overview    Fraud Risk Assessment Fraud Monitoring 
 Fraud Culture and Governance    
   IIA Global
Managing the business risk of fraud Using IT to prevent and detect fraud Internal Audit and Fraud: Assessing Fraud Risk Governance and Management at the Organizational Level 
Engagement planning: fraud risks

Don't forget to download your copy of the new Fraud is on the Rise: Step up to the Challenge report.

Human resources 

Chartered IIA
Board diversity (2018) Employee engagement (2015) Gender pay auditing (2020)
IR35 - information guidance IR35 - inclusion of private sector (2019) Non-exec director recruitment (2020)
Performance management (2013) Psychological Safety Recruitment and selection
Remuneration and bonuses (2019) Reward and recognition (2013) Sickness related absence (2015)
Talent Management (2014) Training and development (2014) Whistleblowing (2019)
Workforce planning (2018) Diversity and Inclusion  Auditing staff welfare and wellbeing  
IIA Global  
Auditing executive compensation and benefits   Talent management (2014)
Creating a sense of belonging at work Driving an inclusive culture (IIA & Deloitte) 
Additional resources

ACAS: Advisory, Conciliation and Arbitration Service | Guidance and information across a range of people issues

CICM: Chartered Institute of Credit Management | Insight and information

CIPD: Chartered Institute of Personnel and Development | Insight and guidance across all HR issues

IOD: Institute of Directors | Insight and guidance across a wide range of organisational issues

IT separate sections for cyber and digital

Chartered IIA
Auditing artificial intelligence (2023) Auditing IT change management  Auditing spreadsheets
 Cloud computing (2020)  IT basics for non-IT auditors   Auditing models (2023) 
Ransomware auditing (2024)    
IIA Global  
GTAGs Guide to the assessment of IT Cloud security: threats and risks


Chartered IIA
Auditing marketing (2011) Auditing social media Social media (2015)

Organisational change including projects 

Chartered IIA
Auditing agile delivery (2020) Auditing mergers and acquisitions (2021)
Auditing projects and programmes Auditing projects in the early stages (2015)  Auditing IT change management (2020)
IIA Global  
IT change management Auditing IT projects


Chartered IIA
Auditing reputational risk (2020) Managing reputation risk (2015)
IIA Global
Reducing enterprise risk - managing reputation 

Risk Management

Chartered IIA
Risk Management Auditing risk culture: a practical guide Reporting on the management of risk
Risk Appetite - the role of IA Quantitative Risk Appetite  
IIA Global  
Assessing the risk management process Risk management using ISO 31000 


Chartered IIA
Auditing strategy Auditing Strategic Alignment Auditing Strategic and Operational Resilience 
Ethical assurance to boards Presenting information to the board Well-being of future generations (2023)


Supply chain including third parties

Chartered IIA
Introduction to supply chains (2020) Auditing supply chains (2020) Climate impact within supply chains (2020)
Auditing third party risk Auditing outsourced services (2021) Auditing shared services
Outsourcing and the role of internal audit (2015) Procurement and contracts (2022)  
IIA Global  
Third party risk management India's environment crisis (2018) Auditing external relationships

Other A-Z

Chartered IIA
Customer services (2020) Auditing non-finance risk in culture Research and development (2019)
Procurement and contracts (2022) Data Governance

Additional resources 

Don't forget our technical blogs for brief insights and tips

Board briefings can be useful sources of information

Codes of practice | Financial services, private and third sector

Harnessing the power of internal audit | A good corporate governance guide for audit committees and directors

Need help to find what you are looking for? ask the resources team

Content reviewed: 24 May 2024