Risk based internal auditing

Book 2: Compiling a Risk and Audit Universe

Introduction RBIA Compiling an RAU

Book 1 gives an overview of risk based internal auditing; this book (book 2) gives a practical example for a fictitious retail company with around 100 stores. It’s work in progress, but I hope it will provide you with some ideas.

The book concentrates on compiling the Risk and Audit Universe (RAU) which is the foundation of the internal audit department’s work. It lists the objectives of the organisation, the risks hindering their achievement, the controls managing the risks and the audit checks which ensure the controls proper operation.

There are three documents to download:

Book 2: Compiling a Risk and Audit Universe

The risk register (and RAU) (in progress) as a spreadsheet.

A ‘Mind Map’ web page compiled using ‘VisiMap’ software.

(See Links to other sites for details of mind mapping sites)

Where risks affect the same function, such as fixed assets or accounts payable, they can be extracted into audit programmes. These are listed on a separate page


Book 2 (Word version) RAU spreadsheet Book 2 (pdf version)
Home Up RBIA Introduction RBIA Implementation RBIA Audit Manual RBIA Audit universes RBIA Audit programmes Links introduction
Mind Map Audit Programmes Changing guard in Whitehall London