Conduct independent, risk-based assessments of the effectiveness of an organization's processes, controls, and regulatory environment.


Audit activities are performed with appropriate independence from the organization's management and may be conducted internally or for an outside client organization.

The audit includes a structured risk analysis to meet business objectives.

Audit: Level 3.

Adopts a structured approach to performing and documenting audit work in the field, following agreed-upon standards. Maintains the integrity of records to support and satisfy audit trails. Identifies typical risk indicators and explains risk avoidance measures.

Audit: Level 4.

Contributes to the planning and execution of risk-based audits of existing and planned processes, products, systems, and services. Identifies and documents risks in detail. Identifies the root cause of problems during the audit and effectively communicates it in the form of risk information. Gathers evidence regarding the interpretation and implementation of controls. Prepares and communicates reports to stakeholders, providing factual basis for conclusions.

Audit: Level 5.

Plans, organizes, and conducts audits of complex areas, cross-functional areas, and the entire supply chain. Confirms scope and objectives of specific audit activities with management. Aligns audit scope with the organization's audit program and policies. Determines appropriate research methods to achieve audit objectives. Presents audit results to management, describing the effectiveness and efficiency of controls. Provides general and specific advice on audit matters. Collaborates with allied professionals to develop and integrate findings.

Audit: level 6.

Directs and manages complex audits and audit programs. Obtains and manages appropriate professionals to provide highly specialized technical knowledge and expertise. Develops organizational policies, standards, and audit guidelines. Ensures objectivity and impartiality of the audit process. Identifies risk areas and specifies audit programs. Ensures audit coverage sufficient to provide assurance to the business of adequacy and integrity. Authorizes the issuance of formal reports to management on the effectiveness and efficiency of controls.

Audit: level 7.

Leads the definition, implementation, and communication of the organization's audit function. Defines audit strategy, plans audit cycles, and ensures appropriate audit coverage of the entire organization. Ensures that the audit function benefits the organization. Maintains communication with internal and external stakeholders to ensure audit coverage is relevant and understood. Directs the use of risk analysis to identify areas requiring in-depth review. Ensures appropriate resources are in place to meet organizational audit requirements. Reports at the highest level on findings, relevance, and recommendations to improve audit activities.