Audit Phase

Audit is where you validate the current state and package it for internal readiness review. The goal is not a last-minute scramble, but a confirmable snapshot backed by evidence and audit trail.

ScopeDefine the system and governance scope

ImplementExecute controls and attach evidence

MonitorKeep governance continuously current

AuditPrepare internal review and exports

Outcome

You leave this phase with:

• a validated readiness snapshot (requirements, controls, evidence)
• exports that represent the current state
• an audit trail that supports internal assurance review

Time to first value: 30–60 minutes
Prerequisites: governance work is underway and evidence is attached to priority controls

Internal audit focus

This phase focuses on internal readiness and internal audit review. It is about traceability, evidence quality, and defensible status snapshots.

Path at a glance

1

Freeze scope

Confirm frameworks, versions, and project context

2

Validate statuses

Ensure fulfilled and executed reflect evidence

3

Export the pack

Generate the internal audit package

4

Review the trail

Validate decisions and status changes

Step 1: Freeze scope for the review window

Goal: ensure you’re reviewing the right version of the truth.

Where in Modulos

• Project → Settings → Frameworks
• Project → Settings → General settings

Do this

• Confirm frameworks and versions are correct for the review window.
• Confirm the AI system description and lifecycle stage match what is being reviewed.

You’re done when

• the scope is stable enough for internal review and sign-off

Step 2: Validate statuses against evidence

Goal: ensure statuses match reality.

Where in Modulos

• Project → Requirements
• Project → Controls
• Project → Evidence

Do this

• For fulfilled requirements, spot-check mapped controls and their evidence.
• For executed controls, verify evidence demonstrates execution and is not stale or irrelevant.

You’re done when

• readiness claims are defensible from evidence and mappings

Step 3: Export an internal audit pack

Goal: produce a package that can be reviewed without live navigation.

Where in Modulos

• Project → Exports

Do this

• Export the evidence package and summary reports needed for internal review.
• Use consistent naming and storage so the pack is easy to retrieve later.

You’re done when

• you can hand off a single pack that represents the current state

Step 4: Review the audit trail for key decisions

Goal: make decisions and status changes traceable.

Where in Modulos

• Notifications and Project objects → Comments and Logs
• Project → Reviews for review requests and approvals

Do this

• Review key events: ownership changes, status changes, and approvals.
• Resolve any inconsistencies before final sign-off.

You’re done when

• the audit trail supports the story your status snapshot is telling

Next

Monitor phase

Keep governance continuously current between review windows

Reviewer & Internal Audit path

A role-based walkthrough for internal review and assurance

Related reference pages

• Reviews & Statuses
• Reports & Exports
• Audit Trail