An effective relationship between the audit committee and the internal auditors is fundamental to the success of the internal audit function. It has become increasingly important for audit committees to assess whether the internal auditors are monitoring critical controls and identifying and addressing emerging risks. The specific expectations for internal audit functions vary by organization, but should include the following elements:
- Objectively monitor and report on the health of financial, operational, and compliance controls.
- Provide insight into the effectiveness of risk management.
- Offer guidance regarding effective governance.
- Become a catalyst for positive change in processes and controls.
- Deliver value to the audit committee, executives, and management in the areas of controls, risk management, and governance to assist in the audit committee’s assessment of the efficacy of programs and procedures.
- Coordinate activities and share perspectives with the independent auditor.
Questions about Internal Audit for Audit Committees to Consider
- Is the internal audit function properly funded and as cost-effective as possible?
- Is internal audit responsive to the needs of today's environment?
- Is internal audit cognizant of new laws, regulations, and leading practices?
- Do internal audit personnel proactively consult on internal controls and risk management?
- Is the internal audit process designed to identify whether the organization is controlling those areas that are important to control, and not just those that are easy to control?
- Have the audit committee, senior management, and the CAE reconciled their expectations for internal audit? Have they agreed on how to measure performance?
- How does internal audit relate to, and interact with, other risk management-related functions, such as legal, security, environmental health and safety, loss prevention, quality and risk management, compliance, and
credit risk? Are there duplications of effort or gaps between internal audit and these groups?
- How does internal audit interact with the external auditor?
- Has management reached a supportable conclusion regarding whether internal audit complies with IIA standards?
- Is internal audit viewed as objective and competent by the independent auditors?