What evidence supports model risk governance in an audit file?
Good evidence shows that model risk decisions were assigned, reviewed, approved, monitored, and escalated. Examples include the model risk policy, model inventory, risk-tiering rationale, validation report, approval minutes, limitation notices, monitoring reports, threshold breach logs, change tickets, and issue remediation records.
The auditor should also connect governance evidence to actual use. For example, if a model was approved only for new consumer loans, internal audit should test whether the business also used the score for renewals, collections, or cross-sell decisions.
Governance is not proved by a committee name alone. The audit file should show what criteria applied, what decision was made, what evidence supported it, who owned follow-up, and whether the model stayed within approved use.
Master CIA Part 2 with our CIA Course
45 lessons · 90+ hours· Expert instruction
Related Questions
What should an auditor do if a supervisor weakens a supported finding?
How should auditors prepare for a technical exit meeting?
When should audit quality concerns be escalated beyond the engagement team?
How does business knowledge affect internal audit quality?
Where should an auditor begin a full-company internal control audit?
Related Articles
Join the Discussion
Ask questions and get expert answers.