Risk assessment and substantive audit procedure based on walkthrough Review of Risk Control Matrix (RCM) to identify design deficiency Substantive procedures for testing of the operating effectiveness Review of the outsourced activities & business applications Discussion of control gap and audit findings with process owners Reporting of key audit findings to Internal Control Committee - Key audit areas dealt Customer & vendor payouts Customer receipts Policy servicing & customer claims Anti-Money Laundering (AML) Customer communication Legal audit Regulatory aspects - Review of reporting made to Financial Intelligence Unit (FIU) - Review of adherence to regulatory guidelines, circulars, regulations, etc. - Review of SOX processes & reporting of deficiencies