Risk based internal auditing

RBIA resources - Compilation of a Risk and Audit Universe

RBIA Introduction Resources RBIA RAU compilation

The Risk and Audit Universe (RAU) is the foundation of the internal audit department’s work. It lists the objectives of the organisation, the risks hindering their achievement, the controls managing the risks and the audit checks which ensure the controls proper operation.

To illustrate how an RAU might be put together, I’m assembling one for a fictitious retail company with around 100 stores. It’s work in progress, but then an RAU is always changing.

There are three documents to download:

An explanation of what I have done so far.

The risk register (and RAU) (in progress) as a spreadsheet.

A ‘Mind Map’ web page compiled using ‘VisiMap’ software.

(See Links other sites for details of mind mapping sites)

Where risks affect the same function, such as fixed assets or accounts payable, they can be extracted into audit programmes. These are listed on a separate page


(These resources are downloaded from my site at dmgriffiths.com/rbia).

Explanation (Word version) RAU spreadsheet Explanation (pdf version)
Home Up RBIA Introduction RBIA Audit programmes RBIA Audit Manual RBIA Audit universes RBIA Implementation
Mind Map Audit Programmes