UC14: Internal Audit Evidence Collection

The Problem

Internal audit conducts 5-15 audits/year across the bank (operational audits, IT controls, compliance process audits, risk management reviews). Each audit requires gathering evidence: logs (access logs, transaction logs, approval chains), reports (policy violation reports, exception reports, incident summaries), approvals (policy approvals, control test results), transaction samples. Evidence gathering consumes 20-40 hours per audit (queries to databases, manual file gathering, export and organization). Auditors then spend time organizing and indexing evidence. Evidence quality is inconsistent; some audits lack complete documentation.

What the Agent Does

Receives audit scope specification: audit type (operational, IT, compliance), business process/system under audit, control objectives, testing period
Queries relevant systems for evidence: access logs (who accessed what when), approval logs (authorization chains), transaction logs (transaction details with approvals), policy violation reports, incident logs, control test results
Applies sampling logic if required: generates statistically significant transaction sample for control testing
Compiles evidence into structured audit evidence pack: organized by control objective, indexed, with extraction metadata (source system, extraction date, record count)
Identifies gaps: missing evidence, incomplete periods, data quality issues
Routes evidence pack to audit team with gap list and required remediation
Maintains audit evidence repository for audit trail and future reference

Data Requirements

Data Sources:

Core Banking System (Temenos T24, Finastra) , Access logs, approval logs, transaction logs, account master data
Identity & Access Management (IAM) System (Active Directory, Okta, SailPoint) , User access logs, role definitions, approval chains
Application Systems (trading, payments, treasury, loan origination) , Application-specific logs, transaction records, approval records
Incident Management System (ServiceNow, Jira) , Incident logs, incident records, incident closure records
Policy Management System (PolicyTech, SharePoint) , Policy control documents, control testing results, approval records
Database Audit Logs (Oracle Audit Trail, SQL Server CDC, similar) , DDL/DML changes, access logs by role/user
Audit Evidence Repository (SharePoint, Documentum, OpenText) , Prior audit working papers, evidence storage, audit trail
Internal Audit Plan (Jira, Excel, or custom system) , Audit scope, audit objectives, control testing procedures

Data Classification:

Public: None
Internal Structured: Access logs, transaction logs, approval logs, incident logs, control test results, policy documents
Internal Unstructured: Email correspondence, meeting notes related to controls
External Third-Party: None (internal controls and audit focus)
Sensitive/Regulated: Access logs (security), transaction details, user identification, control exceptions

Data Quality Requirements:

Log completeness: 100% of all access/transaction/approval logs captured for audit period. Log retention: must meet regulatory requirements (typically 3-7 years). Sampling data accuracy: statistical sampling methodology with documented sample selection and size justification. Gap identification accuracy: 100% (auditor must see all missing evidence). Evidence metadata accuracy: source system, extraction date, record count, completeness status.

Integration Complexity: Medium , Requires API access to multiple log systems (IAM, core banking, databases, incident management). Log extraction may require SQL queries or custom API calls depending on system. Sampling logic requires statistical methodology implementation (or integration with statistical sampling tool). Evidence organization/indexing requires file system or document management system. Audit evidence repository integration depends on tool (SharePoint, Documentum, OnBase). Most systems have audit logs but formats vary.

Score Breakdown

Criterion	Weight	Score (1-5)	Weighted
Time Recaptured	15%	4	0.60
Error Reduction	10%	4	0.40
Cost Avoidance	10%	4	0.40
Strategic Leverage	5%	3	0.15
Data Availability	15%	4	0.60
Process Clarity	15%	4	0.60
Ease of Implementation	10%	3	0.30
Fallback Available	10%	5	0.50
Audience (Int/Ext)	10%	5	0.50
Composite	100%		3.80

Why It Scores Well

Evidence sources are well-defined (audit scope specifies which systems/logs). Sampling logic is standard (statistical sampling methodology). High frequency (5-15 audits/year) justifies tooling investment. Clear time savings (reduce evidence gathering from 20-40 hours to 3-5 hours). Fallback is simple: auditor manually gathers evidence if agent fails. Internal audience. Clear value: faster audit execution, complete documentation, consistent evidence quality.

Regulatory Alignment

SOX Section 404 (Internal Control Assessment): Agent supports evidence-based audit of financial controls
Banking Regulations (Internal Audit Standards): Agent assists in audit execution and documentation per bank policy

Sprint Factory Fit

Sprint 0 (2 weeks) + 3 build sprints (6 weeks)

Sprint 0: Audit scope taxonomy, evidence source system identification, sampling methodology, evidence pack template design

Build Sprints 1-3: Log query and extraction, sampling logic implementation, evidence indexing, gap identification, audit evidence repository

Comparable Implementations

Deloitte: Uses AI for audit evidence collection; 70% faster audit execution
PwC: Deployed continuous audit evidence gathering; reduced manual evidence work by 75%

Deploy This Use Case with the Sprint Factory

From zero to a governed, production agent in 6 weeks.

Sprint Factory Schedule a Briefing

Related Use Cases

On-Demand Compliance

Regulatory Change Monitoring & Impact Triage

Score: 4.5/5.0

On-Demand Operations/IT

Internal IT Service Desk Triage & Routing

Score: 4.45/5.0

On-Demand Credit/Risk

Credit Risk Memo Drafting

Score: 4.4/5.0