HOST:
Hello, welcome to Getting Started With, where our job is to make your job easier.
On this episode, we are Getting Started With the Global Internal Audit Standards, Domain Four: Managing the Internal Audit Function. You’ll learn about Domain Four’s principles and standards and what they mean for internal audit functions. If you haven’t seen our episodes on Domains One, Two, Three, and Five, be sure to check them out.
Domains Three and Four of the Standards are primarily focused on the responsibilities of the chief audit executive or CAE – the primary leader responsible for managing the internal audit function – and the two domains work together.
So, what differentiates them? While Domain Three establishes the governance foundations that characterize a robust internal audit function, Domain Four talks about the CAE’s strategic and operational responsibilities for managing the internal audit function.
Every internal auditor should understand the principles and standards in these domains because they are the basis for effective internal auditing.
So, let’s get started!
- Domain IV Requires the CAE to:
- Develop and implement a strategy and risk-based plan for the internal audit function.
- Ensure the function has the resources necessary to implement the plan.
- Manage internal audit resources effectively.
- Ensure effective communication with stakeholders.
- Maintain a quality assurance and improvement program.
Here’s a ProTip:
For the standards in Domain IV, the CAE may delegate responsibilities to other qualified professionals in the internal audit function whenever it’s appropriate. However, the CAE is ultimately accountable for the results.
Principle 9 heads up five standards, which together describe several key strategic planning considerations to position the internal audit function to fulfill its mandate and achieve long-term success.
For starters, according to Standard 9.1, the CAE must understand the organization’s governance, risk management, and control processes. A good internal audit strategy and plan starts with this foundation. This Standard presents what’s required to sufficiently understand these processes.
Now let’s talk about Standard 9.2, starting with a Term to Learn:
An internal audit strategy is a plan of action designed to achieve a long-term or overall objective.
Standard 9.2 requires the CAE to create an internal audit strategy that:
- Supports the strategic objectives and success of the organization.
- Aligns with stakeholder expectations.
- Includes a vision, strategic objectives, and supporting initiatives for the internal audit function.
Standard 9.3 requires the following:
-The CAE must establish methodologies to guide the internal audit function in a systematic and disciplined manner to implement the internal audit strategy, create the internal audit plan, and conform with the Standards.
-The CAE must evaluate the effectiveness of the methodologies and update them as necessary to improve the internal audit function and respond to significant changes that affect the it.
-The CAE must provide internal auditors with training on the methodologies.
Standard 9.4 introduces another Term to Learn: Internal Audit Plan.
The internal audit plan is a document developed by the CAE that identifies the engagements and other internal audit services to be provided during a given period.
According to Standard 9.4, the internal audit plan must be based on a documented assessment of the organization’s strategies, objectives, and risks – and that assessment must be performed at least annually. The standard lists numerous other requirements, including that the plan must be approved by the board, which links this standard back to Domain III.
Standard 9.5 Coordination and Reliance also comes into play during planning, because the CAE must coordinate with other providers of assurance services and consider relying upon their work.
Here’s a ProTip:
The CAE should regularly review and update the internal audit plan to reflect changes in the organization’s needs.
Principle 10 says simply: “The chief audit executive manages resources to implement the internal audit function’s strategy and achieve its plan and mandate.” The principle is followed by three standards:
10.1 Financial Resource Management
10.2 Human Resources Management
10.3 Technological Resources
Managing resources requires obtaining and deploying these three types of resources effectively
Financial resource management requires the CAE to develop a budget, getting the necessary board approval and support, and then accomplishing the internal audit function’s goals within that budget
Planning human resources is perhaps the most complex part of resource management. The CAE needs to recruit, develop, and retain qualified internal auditors and deploy them effectively to achieve the internal audit plan. This requires evaluating the competencies of individual internal auditors and encouraging their professional development through training and mentoring. Ensuring the human resources are appropriate and sufficient to achieve the internal audit plan is so important that Standard 10.2 requires communication with the board and senior management. If the resources are not what they need to be, the CAE must determine how to obtain the necessary resources or communicate with the board and senior management about how a lack of resources could affect the internal audit function’s objectives
To ensure the internal audit function has the technology to support the internal audit process, the CAE must regularly evaluate existing technology and pursue opportunities to improve its use, including training internal auditors to use the resources. Again, the impact of resource limitations must be communicated to the board and senior management.
TITLE: Principle 11 Communicate Effectively
Principle 11 heads up the CAE’s responsibilities to ensure the internal audit function communicates effectively with its stakeholders.
Standard 11.1 requires the CAE to play an active role by promoting formal and informal communication between the internal audit function and key stakeholders and developing an approach to building relationships and trust between them.
Standard 11.2 requires the CAE to establish and implement methodologies to promote high-quality internal audit communications.
Lastly, Standard 11.3 describes the requirements for the CAE to communicate the results of internal audit services to the board and senior management. Three main types of results are pointed out:
- Engagement conclusions,
- Themes derived from the results of multiple engagements, and
- Conclusions at the level of the business unit of organization.
And there’s so much more to effective communication than we can cover here, so be sure to check out all the standards under Principle 11.
The last principle in the Managing domain is about the quality assurance and improvement program, which is designed to evaluate and promote the internal audit function’s:
Conformance with the Standards,
Achievement of performance objectives, and
Pursuit of continuous improvement.
Standard 12.1 sets the requirements for the Internal Quality Assessment, which includes ongoing monitoring and periodic self-assessments of the internal audit function. The CAE must communicate the results to the board and senior management, including action plans to address instances of nonconformance with the Standards and opportunities for improvement. The results are also reviewed during external quality assessments.
Standard 12.2 Performance Measurement looks at how the CAE measures the internal audit function’s performance, assesses its progress toward its objectives, and promotes its continuous improvement. If there are issues or opportunities for improvement, the CAE must develop an action plan.
And Standard 12.3: Oversee and Improve Engagement Performance completes the quality assurance picture by calling for engagement supervision, which gives internal auditors opportunities to receive feedback and coaching on their engagement performance.
HOST
Congratulations on completing Getting Started With: The Global Internal Audit Standards, Domain Four!
Check out the links below to download the Global Internal Audit Standards and access helpful resources, including tools, podcasts and training.
There’s much more to learn!
