Internal Audit

How Internal Audit Uses CoComply

Internal Audit teams use CoComply as both a source of governance evidence and a platform for tracking the remediation of audit findings. Rather than requesting documentation packages from business lines, auditors can directly access certification records, policy attestations, and data quality histories within CoComply.

• Pull certification evidence for any report, CDE, or data asset directly from the platform
• Review audit trails showing who certified what and when
• Log audit findings with severity ratings and remediation owners
• Track finding remediation through structured workflow stages
• Generate audit evidence packages for regulatory examiners

Validating the Certification Program

One of Internal Audit's core responsibilities is validating that the certification program itself is operating as designed. CoComply supports this through governance health metrics that show program completeness, ownership coverage, and exception rates over time.

• Review ownership assignment rates across the full data asset inventory
• Assess certification completion rates by report, schedule, and business line
• Identify CDEs that have repeatedly failed certification to flag systemic issues
• Compare current governance posture against prior period benchmarks

Issue Management and Tracking

When audit findings are raised, CoComply structures them with full metadata including issue description, root cause, risk rating, regulatory reference, remediation owner, and target date. Audit teams can monitor remediation progress in real time without waiting for status update emails.

Supporting Regulatory Examinations

CoComply generates structured evidence packages aligned to common examiner request formats for OCC, Federal Reserve, and FDIC examinations. These packages include certification records, policy documentation, issue logs, and governance metrics that demonstrate program maturity to examiners.