The Risk and Audit Universe (RAU) is the foundation of the internal audit department’s
work. It lists the objectives of the organisation, the risks hindering their achievement,
the controls managing the risks and the audit checks which ensure the controls proper
To illustrate how an RAU might be put together, I’m assembling one for a fictitious
retail company with around 100 stores. It’s work in progress, but then an RAU is
There are three documents to download:
An explanation of what I have done so far.
The risk register (and RAU) (in progress) as a spreadsheet.
A ‘Mind Map’ web page compiled using ‘VisiMap’ software.