While organisations have different objectives, strategies and risks, there is a generic range of functions and subject areas that apply to most organisations.
These generic guides are written to help you start planning a review as they highlight key objectives and risks.
The guidance and resources on this page should be considered as a start point to your learning journey.
Business continuity | Culture | Cyber | Digital | ESG - Environmental | ESG - Social | ESG - Governance | Finance | Fraud | HR | Information Technology | Marketing | Organisational change | Reputation | Risk management | Strategy | Supply chains | Other A-Z don't forget to check out the sector-specific and regulatory sections too
Chartered IIA | ||
Business continuity planning (2021) | Crisis management: extreme events (2022) | Operational resilience (2019) |
Financial stability and resilience (2021) | Financial viability (2021) | Disrupted climate transition (2022) |
IIA Global | ||
Business Continuity Management (2014) | Crisis resilience (2017) | GTAG10 business continuity (2008) |
Pandemic and cybersecurity preparedness (2020) | Resilience amid extreme change (2022) |
Chartered IIA | ||
Auditing culture (2021) | Auditing cyber security culture (2021) | Auditing risk culture (2021) |
Culture and internal audit (2014) | Culture embedding and evolving (2016) | Models and tools (2017) |
Organisational culture (2014) | Ethical assurance to boards (2016) | Making culture part of your DNA (2018) |
Workforce voice (2021) | Psychological Safety (2022) | Conduct culture for all sectors and nonFS internal auditors (2023) |
Auditing staff welfare and wellbeing (2023) | ||
IIA Global | ||
Auditing culture (2021) | Auditing risk culture (2022) | Ethics programmes and activities (2012) |
Diversity, Equity, and Inclusion (DEI) 101 (2022) | Diversity and inclusion (2020) |
Chartered IIA | ||
Auditing cyber security culture (2021) | Cyber risk (2015) | Cyber security (2017) |
Data breach incidents and response (2015) | IT auditing and cyber security (2015) | Social engineering (2019) |
Ransomware auditing (2024) | ||
IIA Global | ||
Cybersecurity - SEC changes (2022) | Cybersecurity - IA and the CISO (2022) | Cybersecurity - Incident Response and Recovery (2022) |
GTAGs - range of detailed IT guidance |
Chartered IIA | ||
Auditing artificial intelligence (2023) | Analytics, data mining and big data (2015) | Auditing spreadsheets (2015) |
Digital governance (2021) | How to audit algorithms (2020) | Auditing models (2023) |
IIA Global | ||
GTAGs - range of detailed IT guidance |
IIA Global Data Analytics (2022) |
|
Artificial intelligence (2017) | AI: practical applications (part a) (2017) | AI: practical applications (part B) (2017) |
Chartered IIA | ||
Auditing climate change responses for insurers (2021) | Carbon usage (2020) | Climate change and impact (2019) |
Climate data and reporting (2020) | Climate financial risk auditing (2020) | Climate impact within supply chains (2020) |
Climate strategy (2020) | European sustainability reporting standards (2023) | Preparing for a disrupted climate transition (2022) |
Sustainability: AA1000 series (2009) | Sustainable product risk (2020) | |
Well-being of future generations (2023) | Working conditions: climate impact (2020) | |
IIA Global | ||
Climate action: IA implications (2018) | Internal audit's role in ESG reporting (2021) | Corporate social responsibility (2020) |
Evaluating ethics programmes (2012) | Fourth wave environmentalism (2014) | India's environment crisis (2018) |
IIA Belgium: ESG Sustainability - A Risk or Opportunity for Internal Audit? (2021) | ECIIA: Embedding ESG shifting expectations (2021) |
Chartered IIA |
IIA Global |
IA's role in ESG reporting | Evaluating ethics programmes | The effects of diversity |
Evaluating ethics programmes | Internal audit's role in ESG reporting |
Chartered IIA | ||
Accounts payable and assurance (2021) | Accounts receivable (2014) | Accruals and prepayments (2017) |
Asset management (2019) | Bank reconciliation | Financial viability |
Grant funding administration (2017) | IR35 - information guidance (2020) | IR35 - private sector |
Auditing spreadsheets | Travel and expenses (2013) | Treasury front office (2020) |
Value for money auditing | Viability statements (2020) | Procurement and contracts (2022) |
Auditing collections (2022) | Auditing Payroll (2023) | Budgeting and Forecasting |
Sanctions | Prompt payment code (2022) |
IIA Global | |
Budgeting and Forecasting | Auditing procurement in the public sector |
Don't forget to download your copy of the new Fraud is on the Rise: Step up to the Challenge report.
Chartered IIA | ||
Board diversity (2018) | Employee engagement (2015) | Gender pay auditing (2020) |
IR35 - information guidance | IR35 - inclusion of private sector (2019) | Non-exec director recruitment (2020) |
Performance management (2013) | Psychological Safety | Recruitment and selection |
Remuneration and bonuses (2019) | Reward and recognition (2013) | Sickness related absence (2015) |
Talent Management (2014) | Training and development (2014) | Whistleblowing (2019) |
Workforce planning (2018) | Diversity and Inclusion | Auditing staff welfare and wellbeing |
IIA Global |
Auditing executive compensation and benefits | Talent management (2014) |
Creating a sense of belonging at work | Driving an inclusive culture (IIA & Deloitte) |
Additional resources | ||
ACAS: Advisory, Conciliation and Arbitration Service | Guidance and information across a range of people issues CICM: Chartered Institute of Credit Management | Insight and information CIPD: Chartered Institute of Personnel and Development | Insight and guidance across all HR issues IOD: Institute of Directors | Insight and guidance across a wide range of organisational issues |
Chartered IIA | ||
Auditing artificial intelligence (2023) | Auditing IT change management | Auditing spreadsheets |
Cloud computing (2020) | IT basics for non-IT auditors | Auditing models (2023) |
Ransomware auditing (2024) | ||
IIA Global |
GTAGs | Guide to the assessment of IT | Cloud security: threats and risks |
Chartered IIA |
Auditing marketing (2011) | Auditing social media | Social media (2015) |
Chartered IIA |
Auditing agile delivery (2020) | Auditing mergers and acquisitions (2021) |
Auditing projects and programmes | Auditing projects in the early stages (2015) | Auditing IT change management (2020) |
IIA Global |
IT change management | Auditing IT projects |
Chartered IIA |
Auditing reputational risk (2020) | Managing reputation risk (2015) |
IIA Global | ||
Reducing enterprise risk - managing reputation |
Chartered IIA | ||
Risk Management | Auditing risk culture: a practical guide | Reporting on the management of risk |
Risk Appetite - the role of IA | Quantitative Risk Appetite | |
IIA Global |
Assessing the risk management process | Risk management using ISO 31000 |
Chartered IIA | ||
Introduction to supply chains (2020) | Auditing supply chains (2020) | Climate impact within supply chains (2020) |
Auditing third party risk | Auditing outsourced services (2021) | Auditing shared services |
Outsourcing and the role of internal audit (2015) | Procurement and contracts (2022) | |
IIA Global | ||
Third party risk management | India's environment crisis (2018) | Auditing external relationships |
Chartered IIA | ||
Customer services (2020) | Auditing non-finance risk in culture | Research and development (2019) |
Procurement and contracts (2022) | Data Governance |
Don't forget our technical blogs for brief insights and tips
Board briefings can be useful sources of information
Codes of practice | Financial services, private and third sector
Harnessing the power of internal audit | A good corporate governance guide for audit committees and directors