ISQM 1 evaluation cycle ACTIVE lobal

FRC / PCAOB inspections 2026 PLANS FILED

SOCPA peer review UNDERWAY

PDPL fully enforceable — SAR 5M exposure

EU audit reform oversight RAMPING

IRBA, ICPAK, FRC Nigeria QR CYCLES LIVE

Audit firms live on falconry.one across 4 REGIONS

ISQM 1 evaluation cycle ACTIVE — global

FRC / PCAOB inspections 2026 PLANS FILED

SOCPA peer review UNDERWAY

EU audit reform oversight RAMPING

IRBA, ICPAK, FRC Nigeria QR CYCLES LIVE

Audit firms live on falconry.one across 4 REGIONS

ISQM 1 evaluation cycle ACTIVE lobal

FRC / PCAOB inspections 2026 PLANS FILED

SOCPA peer review UNDERWAY

PDPL fully enforceable — SAR 5M exposure

EU audit reform oversight RAMPING

IRBA, ICPAK, FRC Nigeria QR CYCLES LIVE

Audit firms live on falconry.one across 4 REGIONS

ISQM 1 evaluation cycle ACTIVE — global

FRC / PCAOB inspections 2026 PLANS FILED

SOCPA peer review UNDERWAY

EU audit reform oversight RAMPING

IRBA, ICPAK, FRC Nigeria QR CYCLES LIVE

Audit firms live on falconry.one across 4 REGIONS

The internal audit record built once, reviewed properly, approved on time.

falconry.one Internal Audit Management is the engagement record-keeping platform for in-house IA functions. Engagement planning, fieldwork, working-paper sign-off, partner approval, and final report — all on one record that survives the next external review. Aligned to IPPF and ISRS 4400. Extended for AUPs and advisory engagements where firms need the same audit trail.

IA ENGAGEMENT · PARTNER VIEW

Internal audit — FY26 Q1 cycle

Engagement plan

RISK ASSESSMENT · SCOPE · OBJECTIVES

Working papers

14 / 18 SECTIONS COMPLETE

Findings register

4 OBSERVATIONS · 2 HIGH-RISK

Draft report

VERSION 03 · AWAITING SIGN-OFF

Client delivery

SCHEDULED · 14 NOV

Every state change logged. Every approval timestamped. The audit trail your next QAR will ask for.

FIRM360 MODULE · IA TEAMS

The internal audit record built once, reviewed properly, approved on time.

falconry.one Internal Audit Management is the engagement record-keeping platform for in-house IA functions. Engagement planning, fieldwork, working-paper sign-off, partner approval, and final report — all on one record that survives the next external review. Aligned to IPPF and ISRS 4400. Extended for AUPs and advisory engagements where firms need the same audit trail.

§01 · ENGAGEMENT TYPES

One platform. Three engagement shapes.

The same record-keeping discipline that internal audit demands — extended to the other engagement types where firms need the same audit trail. Methodology overlays per engagement type; the platform underneath is one.

Type · 01 · Primary

Internal audit engagements

The full IA engagement record — from annual plan through individual engagement to follow-up. Built around the lifecycle the IPPF expects you to evidence.

Annual audit plan with risk-based prioritisation
Engagement scoping, objectives, and risk assessment
Working papers, evidence, and review notes
Findings register with management response & tracking
Final report with partner / chief audit executive sign-off
Follow-up cycle on outstanding remediation

Aligned to IPPF / IIA Standards

Type · 02

Agreed-upon procedures (AUPs)

ISRS 4400 (Revised) AUP engagements with terms-of-engagement capture, procedure-by-procedure execution, and the factual report format the standard prescribes.

Engagement letter with agreed procedures listed
Per-procedure execution and evidence capture
Factual findings register — no opinion, no assurance
Standard-compliant AUP report template
Partner and engaging-party sign-off workflow

Aligned to ISRS 4400 (Revised)

Type · 03

Advisory Engagements

Consulting and advisory engagements where the firm wants the same record discipline as audit work — scope, plan, deliverable versioning, partner approval — without the assurance overlay.

Engagement scoping with terms of reference
Workplan, milestones, and deliverable register
Document-version control on deliverables
Partner / engagement-leader review workflow
Client delivery log and acceptance tracking

For governance, risk & advisory work

§02 · WORKFLOW

Inside your engagement not next to it.

Six stages, one record. Each stage produces an artifact, names a reviewer, and logs an approval. Nothing moves to the next stage without the right person signing off — and every transition is timestamped to the user who made it.

STAGE 01

Scope & risk

Engagement-level risk assessment, scope, objectives, and resourcing locked in.

STEP 02

Plan & approve

Audit plan signed off by the head of IA / engagement partner before fieldwork starts.

STEP 03

Fieldwork

Working papers, evidence, walkthroughs, testing — all under in-engagement review.

STEP 04

Findings

Observations register with risk rating, root cause, recommendation, and management response.

STEP 05

Partner review

Draft report routed to the partner / chief audit executive. Comments captured. Final approved.

STEP 06

Client delivery

Final report released to the client / audit committee. Delivery logged. Follow-up cycle armed.

Audit trail
that holds up.

Every state change is logged. Every approval is timestamped to a named user. Document versions are immutable the version of the report that went to the client is the version that was approved by the partner. The audit trail external reviewers, regulators, and quality-assurance reviewers expect to see.

§03 · CORE CAPABILITIES

Four things that matter most.

The features the head of internal audit and the audit committee chair actually look at — not the long checklist of capabilities that look good in a procurement RFP.

Capability · 01

Engagement record & document control

Every engagement has one record. Every report has version control. The version sent to the client matches the version the partner approved — the platform proves it through immutable history and timestamped sign-offs.

Capability · 02

Partner / approver workflow

Configurable approval chains for engagement plans, working-paper sections, draft reports, and final issuance. Reviewer notes captured inside the platform. Nothing escapes review by accident.

Capability · 03

Findings register & remediation tracking

Findings carry rating, root cause, recommendation, management response, and committed remediation date. Open findings stay visible until cleared — with the head of IA and audit committee both seeing the same status.

Capability · 04

Dashboards for the partner / audit committee

The single view of the IA function: plan progress, engagements in flight, findings open / closed by risk, follow-up status, hours by engagement. Designed for the Monday-morning glance and the quarterly audit-committee pack.

§04 · FRAMEWORK ALIGNMENT

Mapped to the standards your QAR will check.

External quality-assurance reviews of internal audit functions test against the IPPF. AUP engagements get tested against ISRS 4400. falconry.one IA Management ships pre-mapped to both — not as a marketing claim, but as control mappings inside each engagement record.

IPPF / IIA

International Professional Practices Framework. Engagement planning, performance, and reporting standards (Series 2200 – 2600) embedded into the workflow as evidence requirements at each stage.

ISRS 4400

Agreed-Upon Procedures (Revised, effective 2022). Terms of engagement, procedures-and-findings format, and the factual-report template enforced by the AUP engagement type.

QAR ready

External quality assessment. Five-yearly QAR of the IA function (per IPPF Standard 1312) is supported with a pre-built evidence pack drawn from the engagement records. No archaeology required.

Audit committee

Audit-committee reporting with engagement plan vs. actual, findings dashboards, and follow-up status — in the format ACs expect to see, exportable to board pack.

§05 · EXTENSION

Run it for clients too if you want to.

A secondary use case — not the primary one. Some firms that adopt the platform internally choose to extend it to clients they serve as outsourced or co-sourced internal-audit providers. The same engagement discipline; the firm's branding on the client-facing surface.

The client-facing extension.

If your firm offers internal audit (or AUPs, or advisory) as a managed service to clients, the platform extends to give those clients a controlled view of their engagement — reports, dashboards, finding status — through a portal that wears your firm's brand, not ours.

White-label is opt-in. Most firms run the platform internally only. The client-facing extension is a separate decision, with a separate commercial layer.

Extension · 01

Client-facing reporting portal

Clients see their final reports, dashboards, and finding status — under your firm's brand. Not the working papers, not the internal review notes. Just the deliverables and the status that matters to them.

Extension · 02

Multi-client tenancy

One platform instance, separate client tenants. Engagement segregation enforced at the data layer. Useful for firms running outsourced IA mandates across multiple unrelated clients.

Extension · 03

AUP & advisory client delivery

The same model applied to AUP and advisory engagements. Final reports, deliverables, and engagement status visible to the client. The internal-audit-style record discipline behind the scenes.

§06 · ADOPTION

Used today by a small number of firms.

We're rolling deployments out selectively while the platform team scales. Today, the firms running it use it primarily for in-house internal audit; one of them runs the white-label extension for a small set of managed-service clients. If you want to be one of the next ten firms on it, talk to us.

Live Deployments

3 firms

Live Deployments

1 firm

Engagement types live

IA · AUP · Advisory

Onboarding capacity

~10 firms / 2026

NEXT STEPS

The 45-minute conversation
that pays for itself.

A live walkthrough of an ISQM 1 SoQM evaluation on the platform — against your firm's existing manual and inspection history. You see exactly what the partner view looks like, what the evidence pack contains, and what the 8-week deployment would mean for your cycle.

The internal audit record built once, reviewed properly, approved on time.

FIRM360 MODULE · IA TEAMS

The internal audit record built once, reviewed properly, approved on time.

§01 · ENGAGEMENT TYPES

One platform. Three engagement shapes.

Type · 01 · Primary

Internal audit engagements

Type · 02

Agreed-upon procedures (AUPs)

Type · 03

Advisory Engagements

§02 · WORKFLOW

Inside your engagement not next to it.

Audit trail that holds up.

§03 · CORE CAPABILITIES

Four things that matter most.

Capability · 01

Engagement record & document control

Capability · 02

Partner / approver workflow

Capability · 03

Findings register & remediation tracking

Capability · 04

Dashboards for the partner / audit committee

§04 · FRAMEWORK ALIGNMENT

Mapped to the standards your QAR will check.

IPPF / IIA

ISRS 4400

QAR ready

Audit committee

§05 · EXTENSION

Run it for clients too if you want to.

A secondary use case — not the primary one. Some firms that adopt the platform internally choose to extend it to clients they serve as outsourced or co-sourced internal-audit providers. The same engagement discipline; the firm's branding on the client-facing surface.

The client-facing extension.

If your firm offers internal audit (or AUPs, or advisory) as a managed service to clients, the platform extends to give those clients a controlled view of their engagement — reports, dashboards, finding status — through a portal that wears your firm's brand, not ours.

Extension · 01

Client-facing reporting portal

Extension · 02

Multi-client tenancy

Extension · 03

AUP & advisory client delivery

§06 · ADOPTION

Used today by a small number of firms.

NEXT STEPS

The 45-minute conversation that pays for itself.

Audit trail
that holds up.

The 45-minute conversation
that pays for itself.