Internal auditing is an important function of any information security and compliance program and is a valuable tool for effectively and appropriately managing risk. Are we ensuring we are doing what we say we’re doing? Are there gaps in our policies and procedures? Are there any areas for improvement? Are we meeting our compliance goals? These important questions are addressed through internal auditing.


Every audit project is unique, but The audit process is similar for most engagements and normally consists of four stages: Planning (sometimes called Survey or Preliminary Review), Fieldwork, Audit Report, And Follow-up Review.

Client involvement is critical at each stage of the audit process.
As in any special project, an audit results in a certain amount of time being diverted from your department’s usual routine.

One of the key objectives is to minimize this time and avoid disrupting ongoing activities. Following is a sample flowchart of the process that you may find helpful