Internal Auditor CV — Complete Guide

Lead with how you run engagements end-to-end: scoping, risk assessment, fieldwork, issue validation and reporting. Recruiters want to see that you follow IIA-aligned audit practice and can connect findings to control objectives rather than describing tasks. Include at least one quantified example using metrics such as recommendations raised and implementation rate, e.g., “52 recommendations with 88% implemented within 6 months”. Back it up with the audit evidence method you used, such as ACL for population testing and TeamMate for maintaining audit trails and workpapers.

Make your frameworks explicit where they matter. For financial and SOX-related work, show how you mapped control testing to COSO and control design/operating effectiveness, including how you selected samples or performed analytical procedures. If you have IT audit exposure, mention access controls, change management, and how you documented testing results for management and audit committee reporting. Where relevant, reference recognised methodologies such as risk-based planning and traceability from risk assessments to test procedures, so ATS and recruiters can quickly match your approach to the job description.

A strong internal auditor CV reads like a performance log: engagement volume, the audit types you cover, and the measurable impact you drive. State the number of engagements per year and the mix across financial, operational, compliance and IT, because internal audit teams are often resourced by breadth. Add one “before and after” outcome where you improved control quality, for example reducing exceptions in reconciliations or increasing the control effectiveness rating from “partially effective” to “effective”.

Use clear KPI language that mirrors how audit functions are assessed. Examples include defect closure rates, recommendation acceptance and implementation timelines, audit findings classification (high/medium/low), and the timeliness of reporting to stakeholders. If you have experience using SAP GRC or similar governance tools to track control issues and remediation, mention it in the same bullet as your result. Where possible, quantify the turnaround time for major reporting, e.g., “draft report within 10 working days of close-out evidence”, to demonstrate operational discipline.

ATS systems and recruiters both search for recognisable governance and control frameworks, so include them in context rather than as a keyword list. Clearly state that your work aligns to IIA Standards, and then specify which frameworks you applied for the engagement type (COSO for internal control evaluation, SOX for Sarbanes-Oxley testing, and where relevant ISO 27001 for information security control assessments). If you cover fraud risk, include language such as fraud risk indicators and investigation support, and link it to your audit scope and evidence approach.

Pair each framework with the tools and reporting workflow you used to produce audit evidence. Mention data analytics tools such as ACL or IDEA for testing accuracy and completeness, and governance platforms such as TeamMate for managing workpapers and audit issue tracking. If your role included issue validation, follow-up testing and remediation verification, state how you re-tested controls and measured closure quality. This demonstrates you are not only writing reports, but verifying that control improvements persist after management action.

Certifications are often decisive in internal audit hiring, so present them clearly with status. If you hold CIA (Certified Internal Auditor), write it near the top of your CV profile; if you are CISA-qualified or pursuing CRMA, mention the progress and the area of specialism (IT audit or risk management). Recruiters also look for how your qualifications map to your real engagement work, so include a short line connecting each certification to the audit scope you delivered.

Use your specialisms to differentiate your experience. For example, if you specialise in IT general controls, highlight access management and change control testing, and reference evidence methods such as access review sampling and control design walkthroughs. If you specialise in compliance, mention how you evaluated regulatory alignment and documented testing against control requirements. This makes it easier for both ATS and humans to see that your qualifications match the audit work you claim to perform.