Organisational Status of Internal Auditing Function :

Where there is an internal audit function, its status is derived from the needs of the organisation and should be set at the top of the organisation, i.e. by the board and the audit committee. There is no single model for internal audit and each organisation will determine what is appropriate to suit its requirements. In general, internal audit could, if agreed by the audit committee, seek assurance that:

– The organisation has a formal governance process which is operating as intended: values and goals are established and communicated, the accomplishment of goals is monitored, accountability is ensured and values are preserved.

– Significant risks within the organisation are being managed and controlled to an acceptable level as determined by the board.

In addition, internal audit can be used to facilitate the strengthening of the governance and risk framework within the organisation.

The audit committee should consider the role that has been set for internal audit within the organisation’s overall assurance framework. The evaluation of internal audit role should be on an ongoing basis (at least annually). The audit committee should challenge the organisation’s decisions (if required) in relation to the role that has been set for internal audit and question whether its scope, authority and resources are adequate and consistent with the risks that the organisation faces and the effectiveness of the internal controls that are in place to address those risks.