Reviewer & Internal Audit Path

Run an internal readiness review: validate that governance work is traceable, evidence-backed, and consistent with your organization’s operating model.

Outcome

You leave this path with:

• a clear view of what is executed, fulfilled, and still in progress
• validated traceability from requirements → controls → evidence
• an export-ready internal audit pack and supporting audit trail

Time to first value: 30–60 minutes
Prerequisites: you have a project role as Reviewer or Auditor

Internal review focus

This path is for internal governance assurance and internal audit readiness. It focuses on traceability and evidence quality, not external audit procedures.

Path at a glance

1

Confirm scope

Understand the frameworks and what the project is claiming

2

Review requirements

Check readiness and how controls map to requirements

3

Sample controls

Validate execution and evidence quality

4

Export the pack

Produce internal-ready reports and audit trail artifacts

Step 1: Confirm scope and what’s in claims

Goal: understand what governance work is in scope for this project.

Where in Modulos

• Project → Dashboard for high-level status and rollups
• Project → Settings → Frameworks for scope and versions

Do this

• Confirm which frameworks are attached to the project.
• Confirm the AI system description and lifecycle stage match the context you are reviewing.

You’re done when

• you can state what “in scope” means for this project and review cycle

Step 2: Review requirement readiness

Goal: validate what is fulfilled and what is still open.

Where in Modulos

• Project → Requirements

Do this

• Review the requirements marked as fulfilled and spot-check the mapped controls.
• For requirements not fulfilled, confirm there is a clear owner and plan.

You’re done when

• requirement status matches what the mapped control execution and evidence actually support

Step 3: Sample controls and evidence

Goal: confirm that “executed” controls are actually supported by evidence.

Where in Modulos

• Project → Controls
• Project → Controls → select a control to inspect evidence, reports, and assessments
• Project → Evidence to inspect evidence artifacts directly

Do this

• Sample across frameworks and lifecycle stages to reduce blind spots.
• For each sampled control:
  • confirm the status is correct
  • review attached evidence for relevance and sufficiency
  • use saved assessments and reports to speed up review where available

You’re done when

• executed controls are demonstrably executed and traceable to evidence

Step 4: Export an internal audit pack

Goal: create a reusable package for internal sign-off and governance records.

Where in Modulos

• Project → Exports
• Notifications and Project objects → Comments and Logs

Do this

• Export the evidence package and governance summaries needed for internal review.
• Use the audit trail to validate key decisions and status changes.

You’re done when

• you can hand off a complete internal pack without additional context from implementers

Next handoff

Compliance Lead

Drive gaps to closure and keep evidence ready for ongoing internal review

Monitor stage

Keep governance continuously current so audits are a state, not a scramble

Related reference pages

• Requirements
• Controls
• Evidence
• Reviews & Statuses
• Reports & Exports
• Audit Trail