The research from the European Confederation of Institutes of Internal Auditing (ECIIA) revealed that approximately 90 per cent of EU member countries require or recommend the presence of internal audit function in listed companies.
In addition, Internal audit is generally compulsory within the financial institutions sector, in relation to Basel Committee and insurance regulatory requirements.
At the same time, there is little regulation provided as to how to ensure that this function is effective mainly as regards to essential requisites such as independence and scope.
Benchmarking activity has revealed that as a consequence of the financial crisis many corporations have slashed resources in the internal audit departments while maintaining their full mandate.
The ECIIA believes the following key principles below are applicable globally to all organisations regardless of sector or industry.
The governing body of an organisation is responsible for strategic risk oversight. The board and audit committee (or equivalent) should be required to, among other things, define a clear delegation and accountability for risk management and internal control through the “Three Lines of Defence” model. In this model Internal auditingassumes responsibility for providing global assurance to the governing bodies in this model, consistent with existing financial sector regulation. On this basis, Internal auditing should be required for most organizations. Factors that need to be considered are the complexity of the organisation and the need for the governing body to obtain systematic, continuous independent assurance, rather than the size of the company.
Any recommendations as to Internal audit should consider requisites to be properly structured in order to achieve the objective of global assurance:
-
organisationally independence;
-
exclusion of limitations to its scope of review;
-
full and unrestricted access to any information and person necessary to achieve its objective;
-
the adoption of The IIA’s 'International Standards for the Professional Practice of Internal Auditing (the Standards)', including internal and external quality assessment reviews.
In addition, regulatory references to ‘the auditor’ should be specific as to whether they are referring to external audit or internal auditing.
Full paper
© ECIIA
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article