In a typical internal audit the following procedures will be carried out 1. Understanding of the business. 2. Identifying and understanding the processes which are in place for each key business area/cycle (viz., governance related, procure to pay, revenue to receipt, treasury etc.,). 3. Identifying risk factors which are inherent and present in each of such key business area and evaluating the design of controls in place to mitigate such risks. 4. The controls and the procedures in place will be tested for adequacy and effectiveness to ensure risks are largely mitigated and that defined processes are being followed. Findings, arising out of such audit, will be shared for suitable remediation.

1. A brief about the business (whether documented or oral). 2. Meetings with key process owners to understand processes in place. 3. Based on the above two interactions a detailed list of requirements will be circulated for each business area/cycle. This list of requirement will typically contain requests for documents, various evidences maintained etc. and additional financial/operational data depending upon facts and circumstances.