The board or management establishes the internal audit charter of the internal audit unit. The charter sets out the nature, role, responsibility, status and authority of the unit and outlines the scope of its work.
Guideline code
GG_07100
Mechanism
Mechanism
- The internal audit office should submit an internal audit plan for board review and approval. The plan should be developed at least annually and be oriented toward compliance and performance improvement.
- The plan should identify the main risk areas of the institution including those that pertain to financial sustainability; fund investments; the administration of coverage, compliance, contribution collection, programme benefits and services; human and ICT resources; and compliance with all applicable laws, rules and regulations, including procurement and accounting standards; as well as political and other risks relevant to the institution.
- The internal audit office should assess the adequacy and effectiveness of control policies and measures to mitigate the main risks. It should perform its functions according to recognized international standards such as the International Professional Practices Framework (IPPF) of the Institute of Internal Auditors, the generally accepted accounting principles (GAAP), and the international financial reporting standards (IFRS).
- The management’s appraisal ratings should include adherence to the governing rules of the institution. Violations or lapses should be duly considered in the ratings.
- The internal audit office should regularly submit its reports and recommendations to the board, through the management and the Board Audit Committee.
- Board-approved recommendations of the internal audit office should be time bound and monitored for compliance. Delays and/or difficulties in implementation should be reported to the board through the Board Audit Committee.
- The board should consider having an independent, external and periodic quality assessment of the internal audit charter (e.g. every three to five years).
- The board should consider moving toward “continuous” auditing in pertinent areas. This refers to the real-time or near real-time capability to check and share financial information – information is constantly checked for errors, fraud and inefficiencies. This transforms auditing from being reactive and control based to being more active and risk based, enabling the internal auditor to identify not only current issues but also possible future concerns.
Structure
Structure
- There should be a unit in the institution that is dedicated to perform the internal audit function.
- The internal audit office should report directly to the board. It should be independent of the management and all other units of the institution whose activities are subject to audit.
- The board should supervise and exercise oversight of the internal audit office. It may constitute a subgroup of the board with expertise in finance, accounting and auditing as a Board Audit Committee to oversee the internal audit office on an ongoing basis. The Board Audit Committee should be responsible for maintaining the working relationship between the board and management.
- The management should be responsible for the implementation of all internal control policies, systems and processes.
Title HTML
Guideline 54. The internal audit charter
Type
Guideline_1
Weight
75