Internal Audit Report

Detects internal audit reports containing control assessments and organisational vulnerability findings.

Type: keyword_list
Confidence: medium
Confidence justification: Medium confidence: keyword-based detection requires corroborative evidence for accurate identification.
Jurisdictions: au
Regulations: IPA 2009 (Qld), Privacy Act 1988 (Cth), SOCI Act 2018 (Cth)
Frameworks: DISP, ISO 27001, NIST CSF
Data categories: audit, governance
Scope: narrow
Risk rating: 8

Should match

Internal audit report: audit finding and recommendation with management letter — Test match 1
Audit report with control assessment and risk assessment within audit scope — Test match 2
Internal audit plan follow-up audit and audit opinion summary — Test match 3

Should not match

Tax audit by the ATO — Non-match 1
Audit the financial statements — Non-match 2

Known false positives

External audit or financial audit references. Mitigation: Require internal audit specific terms like internal audit plan or management letter.