To optimize an internal audit function it is necessary to:
conform with the International Professional Practices Framework of the global Institute of Internal Auditors;
define the role, responsibilities, and authority of the internal audit function within a formal charter approved by the board;
report to the board;
embrace both assurance and consulting roles within the internal audit mission;
ensure that no business areas are “off-limits” to internal audit;
plan future audit engagements based on the chief audit executive’s risk assessment;
Internal auditing is defined by The Institute of Internal Auditors (IIA) as follows:
“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”1
It is widely accepted that whether or not the staff of an internal audit function are affiliated to The IIA, if the internal auditing corresponds to the above definition, best-value internal auditing will only result when generally accepted internal auditing standards are applied. Internal auditing should be a valued part of the total assurance process. To be so it requires independence from the activities it audits and it needs to report independently to all those who rely on the assurance that internal audit provides.
Today, internal audit is a service for management and also for those, such as boards and audit committees, charged with governance. Particular internal audit functions may also have certain obligations to report to outside parties, such as regulators. It is important that the roles, responsibilities, and authority of internal audit are clearly set out and supported within the organization.
- Page 1 of 6
- Next section Essential Prerequisites for Internal Auditing