Risk-based internal audit planning aligns the audit function with strategy, objectives, and key risks. It ensures efficient allocation of limited audit resources and Standard 9.4 requires the Chief Audit Executive (CAE) to base the plan on a documented risk assessment.

This module deals with engaging with board and senior management, clarifying expectations: reporting frequency, criteria, change approvals, and considering assurance providers and external risk environment (eg assurance mapping).