A baseline definition of internal auditing provides a starting point for understanding the roles and responsibilities of internal audit function. The Institute of Internal Auditors ("IIA") offers the following description:
"Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation's operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes."
Major roles and responsibilities of internal audit function are summarised as below:
Existing corporate governance regulations do not address the interaction between the audit committee and the internal audit function, or the responsibilities of the function.
In most companies, the internal auditor traditionally reported to either the Chief Financial Officer or the Chief Risk Officer, though other may have existed in some companies. Today, the internal auditor may either report directly to the Audit Committee, or the Audit Committee will have a role in hiring, firing, evaluating and compensating the Chief Audit Officer. The Audit Committee’s increasing role with regard to the internal audit is being undertaken to help ensure the internal auditor’s "independence" and objectivity.
The relationship between the Audit Committee and the internal audit function should be clearly defined and addressed in the Audit Committee’s charter.
By providing assurance on the risk management, control, and governance processes within an organisation, internal auditing is one of the key cornerstones of effective organisational governance. The guidance was issued by IIA and it was designed to help internal auditing in its assurance and advisory role with regard to specific aspects of organisational governance. This guidance is available at http://www.theiia.org/ under the "Professional Guidance / Standards and Practices / Position Papers & Responses / View Position Papers" section.
This report is based on research developed under the leadership of The IIA Research Foundation and the Research Department of The Institute of Internal Auditors. It reviews the reporting relationships of the chief audit executive as an integral part of the governance process. This report is available at http://www.theiia.org/ under the "Research Foundation / Research Reports / Chronological Listing Research Reports" section.
The purpose, authority, and responsibility of the internal audit activity should be defined in a charter. A sample of Internal Audit Department Charter is available at http://www.theiia.org/ under the "Professional Guidance / Standards and Practices / Additional Resources / Audit Committees & Board of Directors / Sample Charters" section.