This document provides guidance on compiling a Risk and Audit Universe (RAU) which documents an organization's objectives, risks, controls, and necessary audit checks. It discusses starting with an existing Objectives, Risks, and Controls Register (ORCR) and improving it if needed. Key steps include identifying objectives, sources of risks, and methods of identifying risks like interviews, risk workshops, and reviewing accounts and compliance requirements. The document also provides tips on organizing the identified objectives and risks and managing risks through scoring, ownership, and controls. It aims to show how to develop a comprehensive RAU that can be used to plan audits and deliver opinions to management.