A system and method for facilitating auditing a client-service provider relationship. An example method includes determining a scope of an audit with reference to an audit plan; ascertaining one or more business entities or processes that are subject to audit based on the scope; and automatically retrieving one or more business controls associated with the one or more business entities or processes. In an illustrative embodiment, the example method further includes electronically accessing one or more Service Level Agreements (SLAs) associated with the one or more business entities to extract one or more descriptions of controls. A description of each control is electronically stored in association with one or more descriptions of one or more risks associated with each control. A description of each control is stored, in a library of risks and controls, in association with one or more risks.
展开▼