Bruce Turner AM CRMA, CGAP, CISA, CFE, PFIIA, FFin, FFA, FIPA, FIML, MAICD, JP
Andrew Cox MBA, MEC, GradDipSc, GradCertPA, DipBusAdmin, DipPubAdmin, AssDipAcctg, CertSQM, PFIIA, CIA, CISA, CFE, CGAP, CSQA, MACS Snr, MRMIA
|This publication provides guidance to boards of directors, audit committees, chief executive officers, chief audit executives, and senior executives who have an interest in how their organisations are governed. It should be helpful for new internal auditors and emerging internal audit leaders. It should also be a useful reference for new chief audit executives who may be appointed from a non-audit background. It will help people seeking information on internal audit such as external auditors, risk managers, governance professionals, compliance officers, recruitment agents, graduates and students.|
- Internal audit is a key pillar of governance in any organisation.
- Internal audit provides risk-based review of the effectiveness of governance, risk management and control processes.
- Internal audit serves the board of directors, audit committee, chief executive officer and senior executives, while external stakeholders may include shareholders and regulators.
- Good practice reporting arrangements for internal audit are functionally for operations to the audit committee through the chair and administratively to the chief executive officer.
- If an organisation does not have an internal audit function, it should explain why not.
The ‘International Standards for the Professional Practice of Internal Auditing’ are universally applicable internal audit standards. Unlike external audit standards, they apply unchanged wherever there is internal audit in the world.
- The internal audit charter approved by the audit committee gives internal audit the mandate for its work.
- The scope of internal audit work comprises assurance services and consulting (advisory) services.
Internal audit work should leverage the work of risk management.
- There are various types of services that internal audit can provide to its organisation.
- There are a number of models that can be used to resource internal audit services to an organisation.
An assurance map can clearly demonstrate the links between internal audit work and organisational risks, together with the level of assurance brought by the various assurance activities in an organisation.
- Good practice internal audit measures and reports on its performance.
- Internal auditors should enhance their knowledge, skills and other competencies through continuing professional development.