MaRisk Internal Audit Memo
Regulatory anchor: BaFin MaRisk AT 4.4
Pulls a MaRisk audit scope (e.g. "credit risk Q1", "outsourcing", "new product process") through a complete internal-audit memo workflow. Maps the scope to MaRisk chapters, identifies the relevant controls, designs testing procedures, synthesises findings against evidence, and drafts a memo with management responses pre-structured.
Agent topology
4 levels · 6 agentsCoordinates the audit workflow, ensures methodology aligns with the internal audit standard, and assembles the final memo.
Owns scope + testing design. Maps the audit to MaRisk chapters first, then delegates the test design to a dedicated sub-lead.
Maps the audit scope to specific MaRisk chapters (AT, BT, BTO, BTR, BTH) and identifies in-scope controls per chapter.
compliance.marisk_control_mapDesigns the testing plan — sequences the procedure designer and the sampling designer, ensures they cover every in-scope control.
Designs the audit testing procedures — what evidence to inspect, what to re-perform, what to observe — using IIA standards.
Picks sample size and sampling method (random / risk-based / 100%) per control based on population and risk rating.
Runs the field-work track. Pulls evidence first, then synthesises findings against the control design supplied by Audit Planning.
Queries audit-trail systems for the evidence needed to test each control. Returns evidence summaries with retrievable identifiers.
compliance.audit_evidence_pullCompares evidence against control design. Synthesises findings with severity (High / Medium / Low) and impacted MaRisk paragraph.
compliance.finding_synthesizeDrafts the memo: scope, methodology, findings, management response slots, and a one-page executive summary for the audit committee.