Abstract

In an increasingly complex regulatory environment, insurance and financial services organizations face significant challenges in maintaining compliance while ensuring operational resilience. This paper proposes an integrated audit and internal control modeling framework that unifies IT General Controls, internal audit loops, and risk prioritization matrices into a cohesive, adaptive compliance system. Drawing from established theories such as COSO, COBIT, and the Three Lines of Defense, and grounded in regulatory mandates including SOX, Basel III, Solvency II, and IFRS, the framework addresses critical gaps in siloed control implementations. Through architectural modeling, scenario-based applications, and a feedback-driven control ecosystem, the study demonstrates how the integrated approach enhances control assurance, improves risk visibility, and fosters proactive governance. Practical implications include shifts in corporate governance, internal audit methodologies, and IT policy development. Limitations related to empirical validation and industry-specific variability are acknowledged, with future research avenues identified in AI-enhanced auditing and real-time compliance analytics.