Because internal audit can operate across the entire spectrum of industries, from
financial services to chemical manufacturing to government, the audit charter
allows the scope of internal audit activity to be defined specifically to unique needs
of the organization.
The charter can provide — in great detail if desired — what work internal audit will
undertake and the support it will receive from senior management and the
governing body to achieve that work. Finally, the audit charter serves as a
reference point to measure the effectiveness of the internal audit activity.
Vital Components of an Internal Audit Charter
The IIA has identified seven key areas that support the overall strength and
effectiveness of the activity and should be covered in the internal audit charter.
While some internal audit charters may not include all of these elements, any area
the charter fails to address threatens to weaken it and, ultimately, the activity.
Mission and Purpose:
o Internal audit’s mission is to enhance and protect
organizational value by providing risk-based and objective
assurance, advice, and insight.
o Internal audit’s purpose is to provide independent, objective
assurance and consulting services designed to add value and
improve the organization’s operations.
International Standards for the Professional Practice of Internal Auditing:
o The internal audit activity will govern itself by adherence to the
mandatory elements of The IIA’s International Professional
Practices Framework (IPPF) including its Standards, Core
Principles for the Professional Practice of Internal Auditing,
Definition of Internal Auditing, and Code of Ethics.
Authority – The charter should include:
o A statement on the CAE’s functional and administrative
reporting relationship in the organization.
o A statement that the governing body will establish, maintain and
assure that the internal audit activity has sufficient authority to
fulfill its duties by:
Approving the internal audit charter.
Approving a timely, risk-based, and agile internal
audit plan.
Approving the internal audit budget and
resource plan.
Receiving timely communications from the CAE
on performance relative to its internal audit plan.
Actively participating in discussions about and
ultimately approving decisions regarding the
appointment and removal of the CAE.
Stakeholders must send a clear
and unambiguous message
about internal audit’s role in
the organization.
Here are five key questions they
should be asking:
1.
Has the governing body created
an internal audit charter that
establishes the activity’s
purpose and mission, scope,
authority, responsibility, and
reporting relationships?
2.
Does the charter address
establishing reporting
relationships that enable
independence and objectivity of
the CAE?
3.
Does the charter clearly establish
and unfettered access to all
records and people to the extent
necessary to carry out its work?
4.
Does the audit charter clearly
define the responsibility of
the CAE?
5.
In addition to requiring internal
audit to comply with IIA global
internal audit standards, does the
audit charter require the activity
to report on its effectiveness?