Introduction
The Institute of Internal Auditors (IIA) published the Global Internal Audit Standards (GIAS) in January, 2024. The GIAS will become effective January 9, 2025.
Domain III on Governing the Internal Audit Function includes Standard 6.2 Internal Audit Charter.
From a governance perspective, this is the most important Standard as the Internal Audit Charter includes Standard 6.1 the Internal Audit Mandate.
The Internal Audit Mandate specifies the authority, role and responsibilities of the Internal Audit Function.
Internal Audit Charter
What is it?
It is a formal document that establishes the purpose, authority and responsibility of the Internal Audit Function and includes its organisational position, reporting relationships, scope of work, types of services, and other specifications.
Who must develop and maintain it?
The Chief Audit Executive
Who approves it?
The Board Audit Committee or the Board of Directors
Is there a required format?
No. It should be tailored to address the unique organisational aspects that may affect the Internal Audit mandate, scope and services.
Minimum Requirements
Specify the Internal Audit Function’s:
- Purpose of Internal Auditing
- Commitment to adhering to the Global Internal Audit Standards
- Mandate
- Scope and type of services to be provided
- Board’s responsibilities
- Expectations regarding management support
- Organisational position and reporting relationships
Additional Topics
Unrestricted Access
Full, free, and unrestricted access to all records, data, information, physical properties, personnel to fulfil the Internal Audit mandate.
Independence
The standards focus on safeguards to independence and objectivity, meaning how you address potential impairments and frequency of their review. However, I would add that the Charter should explain the way independence is established and the requirement to confirm such to the board at least annually.
Communication
The nature and timing of communicating with the Board and senior management.
Audit Process
How the process of a review is managed before, during and after an engagement. Also how disagreements are managed. Although not a minimum requirement, this helps remove ambiguity and sets a clear approach.
Quality Assurance and Improvement
Arrangements for developing and conducting internal and external assessments (usually 5 years) of the Internal Audit Function and communicating the results
Approvals
Formal approval and endorsement should be obtained from the Chief Audit Executive and the Board Audit Committee/Board of Directors. Also note any other circumstances. Remember to maintain evidence via minutes and dates.
Final Thoughts
Perhaps obvious but always include general policy governance such as who owns the Charter, who reviews and approves, version control, define the Charter, frequency of document review etc.
There are always other potential additions that I have seen used such as mission, responsibilities and objectives but these invariably cover the same points.
You don’t want a laundry list of duplicative sections. Capture the main elements to ensure clear understanding.
Reach out to us if you require Internal Audit services. We provide Outsourcing, Co-Sourcing and Quality Assurance.
Ghassan Zeidan, Founder & CEO of Paragon Consulting Partners