Internal audit oversight is typically part of the audit committee’s charter because of listing exchange rules. It’s also part of ensuring the directors are getting quality info about the company’s risk profile & financial results.
The Institute of Internal Auditors recently launched a tool to help audit committees make sure the internal audit function is working well. Here are the sample questions it proposes the committee consider with regard to risk management:
– Does the IA activity expand the board or AC’s knowledge about current and emerging risks to the organization?
– Are there clear links between the audit plan and the organization’s strategic objectives and risks?
– Does the CAE explain to the AC how the audit plan covers challenging and critical areas, including emerging or existing risk areas that will or could impede the organization’s objectives?
– Liz Dunshee