A baseline definition of internal auditing provides a starting point for understanding the roles and responsibilities of internal audit function. The Institute of Internal Auditors ("IIA") offers the following description: "Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation's operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes." Major roles and responsibilities of internal audit function are summarised as below: * evaluates and provides reasonable assurance that risk management, control, and governance systems are functioning as intended and will enable the organisation's objectives and goals to be met * reports risk management issues and internal controls deficiencies identified directly to the audit committee and provides recommendations for improving the organisation's operations, in terms of both efficient and effective performance * evaluates information security and associated risk exposures * evaluates regulatory compliance program with consultation from legal counsel * evaluates the organisation's readiness in case of business interruption * maintains open communication with management and the audit committee * teams with other internal and external resources as appropriate * engages in continuous education and staff development
* provides support to the company's anti-fraud programs.
Reporting Structure of Internal Audit Function
Existing corporate governance regulations do not address the interaction between the audit committee and the internal audit function, or the responsibilities of the function. In most companies, the internal auditor traditionally reported to either the Chief Financial Officer or the Chief Risk Officer, though other may have existed in some companies. Today, the internal...