Watchlist template

Chief Audit Executives need to retain and share a huge amount of information.

The Institute offers a useful tool that can be used digitally or physically.

The Watchlist that we’ve provided below is a simple way to capture risk and assurance information. Ideal for sharing with a team, keeping in a notebook, a jacket pocket or accessed digitally.

*Click thumbnail to enlarge

  • Typically, information starts in the bottom right corner. Change is a key source of risk.
  • Risks begin to emerge as knowledge improves.
  • Risks may increase in severity and, depending on their speed, may move into being monitored or added immediately to the audit plan.
  • Monitoring might be ad-hoc or continuous – either manual or automated.
  • Risk monitoring might involve internal audit, with individuals responsible for reporting back at team meetings.
  • Monitored risks move to the audit plan when assurance is required.
  • Monitored risks will drop off the list if they are no longer considered material or if there is confidence in the business response to manage them.
  • Reprioritisation of the audit plan will downgrade some risks into monitoring.