How you conduct your audit is completely up to you, but should be risk-based. One of the challenges with a combined audit (combining regulations in one audit) when reviewing TRID (or even more so, full mortgage files) is that most risk-based considerations go out the window. Basically, you end up reviewing everything regardless of the risk-rating of specific areas. Personally, I love the efficiencies of combined audits, but have also recognized in the past when I would be spending too much time on lower-risk areas. One approach could be to include in your scope a certain number of files for a full review and then have a "targeted review" in certain areas where you expand the sample size just for higher-risk areas that you want to/need to dig deeper into.
_________________________
Adam Witmer, CRCM
All statements are my opinion, not those of my employer, and should not be taken as legal advice.
www.compliancecohort.com