Domain III of the Global Internal Audit Standards defines the necessary attributes to ensure that the chief audit executive, together with the board and senior management, maintains the independence of the internal audit function, ensuring its effectiveness.
In the IPPF 2017, the attribute
standards already emphasized the need for a solid relationship between internal
audit and the board to ensure independence. The new standards expand and
strengthen this concept, consolidating essential principles.
This domain is structured into three
principles and nine standards, providing the foundation for meeting
normative requirements. Below, we highlight the key advancements compared to
the previous model.
1.
Formalization of Internal Audit Function Authorization
Principle 6
reinforces the need for the board’s formal authorization of the internal audit
function, supported by the following standards:
- Standard 6.1 - Audit Mandate
- Standard 6.2 - Audit Charter
- Standard 6.3 - Board and Senior Management Support
The mandate defines the authority, role, and
responsibilities of internal audit, which, through a systematic and disciplined
approach, aims to enhance governance, risk management, and internal controls.
The Internal Audit Charter becomes an
essential document, formalizing the purpose, scope of activities,
organizational positioning, responsibilities, and authority of internal audit.
Senior management and the board play a
fundamental role in supporting internal audit by ensuring unrestricted access
to data, information, and assets, enabling the effective execution of its work.
2.
Strengthening Organizational Independence
Principle 7
addresses the independent positioning of internal audit, supported by two
standards:
- Standard 7.1 - Organizational
Independence
- Standard 7.2 - Chief Audit Executive
Qualifications
Independence is ensured through the direct
reporting line of the chief audit executive to the board, without
interference from senior management. This communication channel must allow open
discussions, including without the presence of management.
A new addition is Standard 7.2, which
details the desired competencies for the chief audit executive, previously
addressed in a general manner under the ethical principle of competence in the
IPPF 2017. Now, five essential
competencies are explicitly defined:
- Deep understanding of the Global Internal Audit Standards
and best practices;
- Experience in establishing and managing an effective internal audit
function;
- Certified Internal Auditor® (CIA) designation or equivalent credentials;
- Leadership experience;
- Industry-specific
expertise.
This clearer definition strengthens the
relevance of internal audit and its ability to add value to corporate
governance.
3. Board
Oversight of Internal Audit
Principle 8
establishes the board’s responsibility for overseeing internal audit, ensuring
its effectiveness. The related standards are:
- Standard 8.1 - Interaction with the
Board
- Standard 8.2 - Resources
- Standard 8.3 - Quality
- Standard 8.4 - External Quality
Assessment
The board must ensure that internal audit has
adequate resources, enabling it to fulfill its mandate efficiently. The
chief audit executive must transparently communicate any resource
limitations and their impact on the audit plan’s execution.
Quality management is also reinforced,
requiring an internal and external quality assessment program, with
periodic review by the board.
4.
Challenges for Organizations Without a Formal Governance Structure
In organizations lacking a formal board, the
concept of independence may be compromised. The definition of a board,
according to the global standards glossary, includes any high-level governing
body responsible for oversight, such as audit committees or advisory boards.
To ensure compliance in these cases, a more
robust external assessment program with documented evidence is recommended,
including:
- Board meeting minutes discussing audit-related topics;
- Approved audit charter;
- Validated audit plan and budget;
- Audit manual;
- Continuing education plan for the chief audit executive;
- Records of participation in professional events.
Conclusion
Domain III of the
Global Internal Audit Standards enhances concepts already present in the IPPF
2017, emphasizing internal audit independence, qualifications, and board
oversight. The board’s role is strengthened in ensuring resources and quality
supervision, guaranteeing that internal audit has a strategic impact within the
organization.
My recommendation is to conduct a compliance
assessment against the standards in this domain and, for any identified
gaps, define the necessary actions to ensure adherence.
Be happy!
Produced with the help of human intelligence