The Profession

IIA empowers internal auditors, risk managers and assurance practitioners to accelerate their value and impact — on their career, on their organisation, and on their profession.

Governance, Risk and Controls Assurance (GRC)

GRC is a very broad term. At IIA-Australia it means internal auditors, risk managers and controls assurance professionals working in or across the Three Lines of Internal Assurance.

The Three Lines

  1. Controls - operational management and business functions that own and manage risks directly as part of their daily activities through 'controls'.
  2. Risk - oversight, guidance, and compliance functions that monitor and support the organisation manage current and emerging risks.
  3. Internal Audit - independent advice and assurance for the Board and the Leadership on the effectiveness of governance, risk management, and internal controls aligned to strategic performance.
These professionals are grounded in good organisational performance and have a future-focused lens. The result is unique strategic insights and actionable recommendations that powerfully elevate their company’s ability to succeed.
While the Three Lines have always been interrelated, it is the rapid advancements in data analytics, automation and AI that is creating organisational need for integrated Three Lines of assurance.

What is Controls Assurance (Line 1)

Controls are the fundamental operational elements that have the primary purpose of achieving the organisation’s objectives: delivering the goods and services of the organisation.

Uncertainties in delivery are referred to as risks and these risks are addressed by the implementation of controls. The controls to address these risks are promulgated across the organisation through policy and procedure documents and through the design of systems and processes.  Controls such as financial or operational controls, may be so well embedded in the business that they are hardly noticed, but an ineffective control, opens the organisation to risk that would otherwise be managed. 

IIA-Australia members operating in Line 1 provide assurance, which involves assessing risk, and designing, implementing and operating controls to manage risk. This includes supervision and performance reporting, and monitoring of the business environment to ensure internal controls are effective today and for the future.

What is Risk Management (Line 2)

Line 2 assurance functions provide risk management advice and formal control monitoring.

Considered to be an essential part of any well governed organisation, risk management covers everything from compliance to highly specialised fields. As a whole, the profession is focused on identifying, assessing, and mitigating risks for optimal organisational performance.

Risk management involves various strategies and tools to analyse risks, such as financial risks, operational risks, and strategic risks, and develop plans to minimize their impact.  Risk management functions help line 1 management to select and apply the most appropriate tools for the risks to be managed.  These professionals help organisations navigate uncertainties and achieve their objectives more effectively.

Line 2 monitoring functions such as quality management or compliance functions provide continual review of prescribed control processes to give comfort that those controls are operating as intended. 

What is Internal Audit (Line 3)

Internal audit is a dynamic profession involved in helping organisations achieve their objectives. It is concerned with evaluating and improving the effectiveness of risk management, control and governance processes in an organisation. 

In best practice, risk managers and internal auditors work collaboratively, yet independently, giving the Board the best opportunity to be informed via two strategically aligned channels - its dedicated management and an independent assurance voice.  

Internal audit is the process of evaluating the structures, processes, procedures and policies within an organisation to identify unrecognised risks, assess control processes and enhance good governance. 

By remaining independent of management, internal audit provides objective, unbiased, evidence-based recommendations to management and the Board, facilitating fully informed decision-making.

Internal audit is a globally recognised profession supported by professional standards which include a code of conduct. 

Leadership

Learn more about the Board and Team behind IIA-Australia

Governance

All about IIA-Australia's governance

Chapters & SIGs

IIA-Australia is a volunteer-led organisation  

Awarded Members

Meet the best of the best in the profession

Join IIA Today

Internal auditors, risk managers and controls assurance practitioners are future-focused professionals pervasive in every organisation and prevalent in all facets of the business - they provide unique strategic insight and actionable recommendations that powerfully elevate their company’s ability to succeed.


Join | Renew