top of page

Audit Planning - Risk and Controls Template Workpaper

Updated: Mar 21, 2020



As we continue the audit planning process, we need to identify and understand what risks and controls are currently in place. Depending on the maturity of an organisation or a function, a business may have already identified its risks (documented in a risk register) and may already have a series of documented controls (similar to SOC). If a business is required to perform SOC testing, you would hope this is already established.