Use case #0003

Compliance Calendar AI and your internal audit cycle: how they sync

The internal audit function and the compliance function share a common objective — assurance that the institution is operating within its regulatory and policy framework — but they typically operate in parallel rather than in sync. The internal audit team announces an audit, the compliance team scrambles to gather evidence of compliance for the period under review, and the audit team spends a significant portion of the audit period waiting for documentation that the compliance team is assembling retrospectively. The Compliance Calendar Agent AI eliminates this by maintaining a continuous, prospective audit evidence file — a structured folder of compliance evidence for every obligation, built as each obligation is completed, so that when the internal audit team announces its schedule, the evidence is already organised, dated, and cross-referenced to the audit checklist.

The audit preparation problem: why evidence gathering takes 3 weeks and should take 3 hours

An internal audit of the compliance function for a 6-month period requires evidence of every regulatory obligation met, every policy exception approved and documented, every Board briefing sent and acknowledged, every grievance received and resolved, every staff training completion recorded. This evidence exists — it is scattered across email inboxes, portal acknowledgement pages, Excel logs, CBS reports, and HR systems. The 3 weeks that compliance teams typically spend preparing for an internal audit is largely spent finding and organising evidence that should have been filed at the time of each compliance event, not assembled retrospectively.

The Compliance Calendar Agent AI files the evidence automatically. When the GSTR-3B is submitted, the portal acknowledgement screenshot is saved to the GSTR-3B folder under the correct month. When the CIBIL data submission is acknowledged, the bureau's confirmation email is saved to the CIBIL submission folder. When the DNBS return is filed, the RBI portal acknowledgement is saved and timestamped. When the Board briefing is distributed, the distribution record (who received it, when, which version) is saved. The internal audit team's evidence request receives a folder structure that is complete, organised, and continuous — because it was built continuously, not assembled in a hurry.

"The 3 weeks compliance teams spend preparing for internal audit is not audit preparation — it is evidence recovery for compliance that was completed but not documented at the time. The Compliance Calendar AI converts compliance events into audit evidence simultaneously."

The internal audit schedule sync: Q3 FY26 audit

Audit Preparation Status — Q3 FY26 Internal Audit · October–December 2025

Audit announced: Dec 10 · Audit period: Oct 1–Dec 31, 2025 · Evidence pre-filed: 94.2% complete

Evidence pre-filed94.2% (Oct–Nov)

Outstanding (Dec obligations)5.8% — December still in progress

Est. audit evidence preparation time3–4 hours (vs 3 weeks manual)

Audit start dateJan 5, 2026

Regulatory filings audit · Oct 1 – Dec 31, 2025Audit area 1 of 6

30 monthly filings across 3 months (10 per month) · Evidence: portal acknowledgements, submission confirmations, payment receipts. All October and November evidence pre-filed in folder structure. December evidence accumulating automatically as each December obligation is completed.

GSTR-3B ack.CIBIL bureau conf.DNBS RBI ack.CERSAI fee receiptTDS challan

Oct + Nov READY · Dec accumulating

Credit exception register audit · Oct 1 – Dec 31, 2025Audit area 2 of 6

All exception records (EXC-series) for Q3: 847 total, each with 9 documentation fields, approval chain, and DPD monitoring flag. Exception register exported as dated PDF each month-end and saved to audit folder. Pattern analysis report (Q3) prepared January 3 — pre-filed. Vijay Associates investigation file: all investigation records, email trail, and compliance findings being accumulated.

EXC register (847 records)Approval chainsDPD performance dataDSA investigation file

READY · October + November · December in progress

Board reporting compliance · Oct 1 – Dec 31, 2025Audit area 3 of 6

3 monthly BRC briefings (Oct, Nov, Dec) + Q3 full Board quarterly compliance review. Evidence: each briefing document (dated version), distribution record (who received it), acknowledgement log, and Board meeting minutes confirming item was tabled. October BRC: complete. November BRC: complete. December BRC: distributed Dec 1, meeting Dec 5 — minutes available Dec 8.

BRC briefings (3)Distribution recordsBoard minutesBRC member acknowledgement

Oct + Nov READY · Dec BRC minutes due Dec 8

FPC adherence audit · Oct 1 – Dec 31, 2025Audit area 4 of 6

Monthly FPC monitoring data for October, November, December: KFS compliance, collections conduct monitoring, grievance log, interest rate disclosure updates, and MD certification. All October and November FPC monitoring reports pre-filed with source data extracts. MD certification for October and November: signed, dated, and filed. December: monitoring data accumulating, MD certification due December 25.

FPC monitoring reports (3)MD certifications (3)Collections monitoring logGrievance resolution log

Oct + Nov READY · Dec MD cert due Dec 25

Staff training compliance · Oct 1 – Dec 31, 2025Audit area 5 of 6

Monthly training completion reports for all mandatory modules, pulled from HR system. October: 97.4% completion. November: 96.8% completion (2 branches below threshold, remediation scheduled December 8–12). December: will include remediation completion. All training records individual-level (staff name, module, completion date, score where applicable) — audit team can sample and verify.

Training completion reports (3)Individual recordsRemediation records (Dec)

Oct + Nov READY · Dec remediation due Dec 15

Policy version control audit · Current statusAudit area 6 of 6

Full version history for all 6 core documents (Credit Policy, Digital Lending Policy, Collections Manual, KFS template, FPC, LSP Policy) — all versions from the last 24 months, with approver identification, change record, and distribution log. Circular response timeline for RBI/DOR/2025-26/84: analysis to approval to distribution, fully documented. This evidence set is always current — no Q3-specific assembly required.

6 document version historiesCircular response timelineApproval chainsDistribution logs

ALWAYS CURRENT · No Q3 assembly required

● 94.2% audit evidence pre-filed as of Dec 10 (audit announcement date) · Remaining 5.8% is December obligations still in progress · Expected 100% by Jan 1 audit start

The sync between the compliance calendar and the internal audit plan

Audit plan received · Compliance Calendar reads the scope

When the internal audit team issues their annual audit plan, the Compliance Calendar AI maps it to the obligation register

The annual internal audit plan typically specifies which compliance areas will be audited in each quarter. When the plan is published, the Compliance Calendar AI reads the audit scope and identifies which obligation categories and evidence types are relevant to each planned audit. It then ensures that evidence filing for those categories is prioritised — not just the standard monthly filing but the additional documentation (commentary, variance explanations, investigation files) that audit teams typically request.

→ Audit plan → obligation mapping → enhanced evidence filing for flagged categories

Pre-audit evidence package prepared automatically

30 days before each planned audit, the Compliance Calendar AI generates a pre-audit evidence summary for the compliance team

Thirty days before the audit start date, the Compliance Calendar AI generates a pre-audit briefing for the compliance team: which evidence categories are complete, which are still accumulating (because the period is not over), and which require manual supplement (items that cannot be automatically filed, such as narrative explanations for exceptions or Board meeting minutes that are still being minuted). This gives the compliance team a clear 30-day to-do list rather than a 3-week scramble from the audit announcement.

→ 30-day pre-audit briefing → compliance team to-do list → no retrospective evidence recovery required

Audit team receives structured evidence folder on Day 1

The audit team's first day is spent reviewing evidence, not waiting for it — because the evidence was filed in real time

On the audit start date, the internal audit team receives an access link to the structured evidence folder: one folder per audit area, organised by month, with each file named by obligation type and dated. The audit team can begin sampling and testing immediately. The compliance team's role in the audit week is to answer questions and explain exceptions — not to locate and produce documentation. This typically reduces the audit duration by 30 to 40% and improves the quality of audit engagement (discussions about substance rather than document status).

→ Day 1: audit team reviews, not waits · Compliance team explains, not retrieves · Audit duration: −30–40%

Audit findings fed back into the compliance calendar

Audit observations become calendar obligations — any corrective action required by the audit becomes a tracked deadline

When the internal audit report is issued, any corrective actions or management representations are logged as compliance calendar obligations with specific deadlines. The Compliance Calendar AI tracks these exactly as it tracks regulatory deadlines — 5-day and 48-hour alerts, escalation to the backup officer if the primary is unavailable, and a confirmation record when the action is completed. Audit findings are not just filed — they are followed up as rigorously as regulatory deadlines, because in a subsequent audit or an RBI examination, incomplete corrective actions are a finding themselves.

→ Audit corrective actions → compliance calendar obligations → same alert and escalation system as regulatory deadlines

3–4 hrsEstimated audit evidence preparation time — vs 3 weeks manual · 94.2% pre-filed at audit announcement · No retrospective recovery

94.2%Evidence pre-filed at audit announcement (Dec 10) — October and November complete · December accumulating as obligations are met

30 daysPre-audit briefing generated — 30 days before audit start · Compliance team to-do list · No scramble from announcement to start

Day 1Audit team begins reviewing on Day 1 — not waiting · −30–40% audit duration · Discussions are substantive, not administrative

The institution that takes 3 weeks to prepare for an internal audit is proving, in the preparation itself, that its compliance documentation was not maintained in real time — which is itself the finding the audit was looking for

An internal audit team that waits 3 weeks for a compliance team to produce the evidence of compliance for the last 6 months is being shown, by the waiting, that the compliance function did not systematically document its activities as they occurred. The evidence is being assembled retrospectively — which means it may be incomplete, may have gaps that are now unfillable, and was not a real-time record but a post-hoc reconstruction. The Compliance Calendar Agent AI converts compliance events into audit evidence at the time of the event — so the evidence that reaches the internal audit team is not a reconstruction, it is the original record. The compliance programme that is genuinely operating in real time does not need 3 weeks to prove that it was operating in real time. It needs 3 hours to point the audit team to the folder where the proof already lives.