ABSTRACT
The audit universe consists of the complete range of potential audit activities and auditable entities. It generally includes programs, initiatives, units, risks, and activities an organization is engaged in, exposed to, and that collectively contribute to the achievement of the organization's objectives. The audit universe can be treated as a risk universe as well, as it constitutes the foundation for the risk assessment, whose elements are analyzed to prioritize the internal audit function's efforts. The audit or risk universe identifies all risks that could be subject to audit. Organizations are in a constant state of change, caused by internal and external factors, so the audit universe, risk assessment and audit plan, are also subject to change. Organizations generally align their audit universe to coincide with their multi-year audit plan, so that all items in the audit universe are reviewed at least once during the multi-year cycle.
