The Institute of Internal Auditors (IIA) published a position paper on September 19, 2019 about the importance of Relationships of Trust - Building Better Connections Between the Audit Committee and Internal Audit.
The position paper highlights the critical relationship between internal audit and the audit committee. A strong supportive relationship between these groups creates and enhances the independence and objectivity necessary for an effective internal audit function. To create such a relationship, it is imperative for internal audit and the audit committee to have a clear understanding of their roles, reporting responsibilities, and expectations.
What the Audit Committee Should Expect from Internal Audit
The audit committee should establish certain expectations for the internal audit function. At the minimum, these expectations should include:
- The internal audit function adheres to IIA Standards
- The internal audit staff obtain and maintain relevant professional certifications demonstrating professional acumen, knowledge, and competence
- The Chief Audit Executive’s (CAE) should:
- Confirm that management’s actions/behaviors conform to its words. The CAE should ensure the internal audit function is an independent and reliable source for management representations and reports provided to the audit committee.
- Define what support the audit committee can provide to the internal audit team to help them be more effective
The audit committee should set greater expectations for mature internal audit functions. These advanced expectations should include:
- Development of a formal “Internal Audit Strategic Plan” that sets the overall long-term vision and direction for the internal audit function
- Regular updates from internal audit about progress against the plan and any changes/ deviations from the plan
- Obtain feedback from management about the internal audit findings and CAE engagement
- An effective relationship between internal and external audit with evidence of synergistic benefits occurring
- A balance of traditional audit coverage and strategic objective reviews including new or emerging risk coverage
- The CAE compile periodic 360-degree feedback reports from his/her direct reports and from management and submit a comprehensive report to the audit committee
The audit committee should also expect the CAE, as the leader of the internal audit function, to be engaged in strategy and operations discussions at C-Level executive management meetings.
What Internal Audit Should Expect From the Audit Committee
Similarly, internal audit should be clear in their expectations from the audit committee in terms of support and direction. It is especially crucial for internal audit to know they have the audit committee’s solid support if any concerns over management retaliation or the CAE’s efforts to gain a seat at the management table arise.
The internal audit function should establish certain expectations for the audit committee. At the minimum, these expectations should include:
- The audit committee will be attentive to the needs of the internal audit function and provide guidance through the year (not just during quarterly audit committee meetings)
- A quarterly briefing session consisting of, at minimum, a 30-minute phone call between the internal audit function and the audit committee chair to discuss relevant items such as:
- staff turnover
- upcoming complex audits requiring co-sourcing support
- new or upcoming regulations affecting the profession
- feedback from the chair about what they hear from management or within the committee
- emerging activities in the company that may impact the annual audit plan and audit coverage
Enhanced audit committee support should include meeting with the CAE and internal audit’s senior leaders on a regular basis to discuss:
- Audit strategy and methodology
- Internal audit’s use of data analytics
- Risks affecting organizational success
- Engagement in investigations of ethics and compliance matters
- Feedback from the audit committee about their views of risk
- Scope limitations and challenges from senior management
The relationship between the audit committee and the internal audit function is critical to establish and maintain good corporate governance. An open relationship helps build an effective and efficient internal audit activity that provides assurance to the audit committee and the Board of Directors about the organization’s risk management framework and internal controls and can help the organization reach its strategic goals and objectives. The commitment of both parties is essential to develop that relationship into a trusting and dynamic partnership.
How ACA Telavance Can Help
ACA Telavance offers a unique blend of banking, risk management, regulatory compliance, and technology expertise. We provide the following services to assist with your institutions internal audit needs:
- Fully outsourced or co-sourced internal audit
- Internal audit training & internal audit quality assurance review
- Targeted internal audits /risk and controls testing assessments
- AML regulatory audits and remediation
- FIDICIA audits
- IT governance general and security controls assessments
- Identity and access management solutions
- Policy, procedures design, implementation and testing support
- Targeted risk assessments – BSA/AML/OFAC, regulatory compliance risk assessments
- Internal Audit Analytics
For more information about our Internal Audit services, click here to submit an inquiry.
- 7 Vital Components of an Internal Audit Charter
- IIA Releases an Exposure Draft To Revise Their Three Lines of Defense Model
About the Authors
Uday Gulvadi has over twenty years’ experience in internal audit, risk, and compliance advisory services and a unique blend of finance, corporate governance, risk, compliance, and information technology skills. He leads ACA Telavance’s Internal Audit, Risk, and Compliance Advisory services.
Prior to joining ACA Telavance, Uday gained extensive international business experience managing projects with international clients and held partner and director positions within the internal audit and risk management practices at leading, nationally recognized accounting and advisory firms.
Uday earned his Bachelor of Commerce degree from the University of Mumbai (India). He is also a Certified Anti Money Laundering Specialist (CAMS), a Certified Public Accountant, a Certified Internal Auditor, a Certified Information Systems Auditor (CISA), and a Chartered Accountant (India).
Uday serves on the Board of Governors of the Institute of Internal Auditors, New York Chapter and is the immediate Past President of the Chapter.
Neha Borkar is an Associate at ACA Telavance with expertise in internal audit, controls testing, independent assessment of BSA/AML Programs, AML/KYC compliance, model validation, transaction & risk assessment monitoring, statistical analysis and database management(SQL Server/T-SQL).
Neha earned her Master’s Degree in Information Technology from Rutgers Business School.