What it is (plain English)
Runs the internal audit function: planning what to audit based on risk, executing engagements with workpapers and evidence, recording findings, and tracking remediation to closure — replacing document-and-spreadsheet audits with a managed workflow that reuses existing risk and control data.
Problems it solves
- Audits planned by habit rather than by where the risk actually is.
- Fieldwork and evidence scattered across documents and email.
- Findings that don't get tracked to remediation.
- Duplicate data gathering because audit is disconnected from risk/compliance.
What must exist first
Platform Core Setup. Strongest when Risk Management and Policy & Compliance Management already exist, so audits can draw on the shared risk and control data.
What the customer needs to provide
- Your audit universe and how audits are currently planned.
- The audit methodology and workpaper standards you follow.
- Finding/observation categories and remediation tracking expectations.
- The internal audit team structure and independence requirements.
Where it can go next
Findings feed remediation and risk updates; risk-based audit planning draws on Risk Management; control test results reconcile with Policy & Compliance Management.