The Agentic Bank

Audit Planning Agent

⬡ Compass Builds the risk-based audit plan and scopes engagements.
◆ Autonomous Orchestrator

Synthesizes risk assessments, prior findings, incident data and regulatory focus into a defensible risk-based audit universe and annual plan, then drafts the scope for each engagement. A chief-audit oversight agent gates the plan before it commits; the board audit committee holds the mandate.

Memory

Working The audit universe + risk inputs under synthesis.
Episodic Prior plans, findings and how risks rated out historically.
Semantic The risk-assessment methodology and audit-universe taxonomy.
Store File-based memory tool + audit knowledge base

Orchestration

orchestrator-worker MCP

Harness · Managed Agents … analysis session; structured note-taking across the audit universe.

Tools

{ } Audit management system API Risk assessments + incident data Retrieval Prior findings + issue register Retrieval Chief-audit oversight agent A2A

Evals & guardrails

  • Coverage check: every high-inherent-risk area is addressed or explicitly deferred with rationale.
  • Independence guardrail: a chief-audit oversight agent must approve the plan before it commits.
  • Agent-as-judge review of scope completeness vs. the risk inputs.

Offline reflection

Reviews which audits surfaced material issues to refine how it weights risk signals in the next planning cycle.

Frontier edge

  • Causal risk weighting: learns which risk signals actually predicted material findings versus which merely correlated, so the heat map reflects cause, not noise.
  • World-model coverage simulation: stress-tests a candidate plan against incident and emerging-risk scenarios to expose where it would have been blind before the year starts.
  • Eval-gated continual learning: self-edits its risk-weighting model each cycle from confirmed-issue outcomes, gated on a backtest before it informs the next plan.

A sample run

Trigger Annual planning cycle opens; a new product line launched mid-year.
  1. 1Refresh the audit universe with the new product and its control environment.
  2. 2Synthesize risk ratings, incidents and regulatory focus into a heat map.
  3. 3Propose engagement coverage and draft scopes for the high-risk areas.
Output A risk-based annual plan with scoped engagements … gated by the chief-audit oversight agent before it commits.

In numbers

9 days
Planning cycle time

Handoffs

Hands to → Control Testing Agent

More on the Internal Audit desk

Control Testing Agent
Gathers evidence and executes control tests during fieldwork.
Issue Tracking & Validation Agent
Tracks audit findings to closure and validates remediation evidence.
← Back to Compliance, Legal & Audit