Why audit
Independent assurance
Audits verify that controls are designed effectively and operating as intended — protecting organisations from risk, fraud, and regulatory breach. Without audit, compliance remains unverified and controls remain untested.
What is an audit
Evidence-based examination
A systematic review of controls, processes, and systems against a defined standard or expectation — resulting in documented findings, actionable recommendations, and a formal audit opinion.
Types of audit
Internal, external, regulatory
First-party internal audits, second-party supplier audits, and third-party regulatory audits. Each serves a distinct purpose — from continuous improvement to formal compliance certification.
Audit lifecycle
Four structured phases
Planning → Fieldwork → Reporting → Follow-up. Each phase has defined objectives, deliverables, and responsibilities for both auditors and auditees across every domain.
Filter by domain
Filter by framework
IT general controls audit
Step-by-step methodology for auditing logical access, change management, SDLC, and computer operations.
Cybersecurity audit
Testing procedures for vulnerability management, firewall security, IAM, and endpoint protection controls.
Application controls audit
Testing input, processing, and output controls for data accuracy and integrity within applications.
Cloud & infrastructure audit
Audit procedures for cloud security configuration, infrastructure hardening, and data residency controls.
Data & privacy audit
Audit procedures for data classification, retention, privacy compliance, and personal data handling.
Vendor & third party audit
Audit procedures for vendor onboarding, third party risk assessments, and contract security requirements.
Business continuity & DR audit
Audit procedures for BCP plans, disaster recovery testing, and continuity of critical operations.
AI & emerging technology audit
Audit procedures for model risk, AI governance, bias and fairness controls, and AI system access management.
Audit standards this library follows
The methodology in this library is aligned with internationally recognised audit standards and professional guidance — rewritten in plain language for practitioners at every level.
IIA — IPPF
International Professional Practices Framework
The global standard for internal audit practice, methodology, and professional conduct.
ISACA — COBIT
Control Objectives for IT
IT governance and audit framework covering control objectives and testing guidance.
PCAOB — AS 2201
Auditing Internal Control Over Financial Reporting
The standard for SOX ICFR audits of publicly listed US companies.
AICPA — AT-C 205
Examination Engagements
Attestation standards governing SOC 1 and SOC 2 audit engagements.
ISO 19011
Guidelines for Auditing Management Systems
International guidance for planning, conducting, and reporting management system audits.
NIST SP 800-53A
Assessing Security and Privacy Controls
Assessment procedures for security and privacy controls in federal information systems.
Securitora is an independent knowledge resource and is not affiliated with or endorsed by any of the organisations listed above. All standard names are the property of their respective owners.