In a typical internal audit the following procedures will be carried out 1. Understanding of the business. 2. Identifying and understanding the processes which are in place for each key business area/cycle (viz governance related, procure to pay, revenue to receipt, treasury etc.,) . 3. Identifying risk factors which are inherent and present in each of such key business area and evaluating the design of controls in place to mitigate such risks. 4. The controls and procedures in place will be tested for adequacy and effectiveness to ensure risks are largely mitigated and that defined processes are being followed. Findings, arising out of such audit, will be shared for suitable remediation. The above procedures will be carried out factoring the scope agreed. Customised scope could be for any specific business area(s) or may drill down to any particular function within such business area/cycle.

1. A brief about the business (whether documented or oral). 2. Meetings with key process owners which are in scope to understand processes in place. 3. Based on the above two interactions a detailed list of requirements will be circulated for each business area/cycle. This list of requirement will typically contain requests for documents, various evidences maintained etc. and additional financial/operational data depending upon facts and circumstances.