The common internal audit framework for financial institutions typically includes the following steps:

1. Risk assessment: The internal audit team assesses the organization's risk exposure and identifies areas that require audit attention.

2. Planning: Based on the results of the risk assessment, the internal audit team develops an audit plan that includes objectives, scope, timing, and resource requirements.

3. Fieldwork: The internal audit team performs audit procedures to evaluate the adequacy and effectiveness of controls in place, assess compliance with laws and regulations, and identify areas for improvement.

4. Reporting: The internal audit team documents the results of the audit and prepares a report that includes findings, recommendations, and management responses.

5. Follow-up: The internal audit team follows up on previous audit findings to ensure that corrective actions have been implemented and are effective.

6. The internal audit framework for financial institutions also typically includes a quality assurance and improvement program, which is designed to ensure that the internal audit function operates effectively and provides value to the organization. This program includes ongoing monitoring of the internal audit activity, periodic reviews by independent parties, and implementation of appropriate corrective actions. Additionally, the internal audit function should be independent and objective, with sufficient resources and expertise to carry out its responsibilities effectively.