The ECIIA believes the key principles are applicable universally to all organisations regardless of sector or industry.
The governing body of an organisation is responsible for strategic risk oversight. The board and audit committee (or equivalent) should be required to, among other things, define a clear delegation and accountability for risk management and internal control through the “Three Lines of Defence” model. In this model, internal audit assumes responsibility for providing overall assurance to the governing bodies, consistent with existing financial sector regulation. On this basis, internal audit should be required for most organisations.
Factors that need to be considered are the complexity of the organisation and the need for the governing body to obtain systematic, continuous independent assurance, rather than the size of the company.
Internal audit must be properly structured in order to achieve the objective of global assurance.
-
organisational independence
-
exclusion of limitations to its scope of review
-
full and unrestricted access to any information and person necessary to achieve its objective
-
the adoption of The IIA’s International Standards for the Professional Practice of Internal Auditing (the Standards), including internal and external quality assessment reviews.
In addition, regulatory references to ‘the auditor’ should be specific as to whether they are referring to external audit or internal auditing.
Press release
© ECIIA
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article