20.Scope of internal audit work
The internal audit function is responsible for evaluating and commenting on the effectiveness of risk management, control and corporate governance processes.
However management remains responsible for identifying and managing risk, reporting on risk and ensuring that the right policies are in place.
An internal audit charter approved by the board of directors, and the audit committee should be put in place setting out the objectives, scope and authority of internal audit.
This should include a statement requiring access to everywhere in the organization.
Internal audit is part of the overall control framework of the organization.
Limitations of the internal audit function
Independence
Internal audit should be an independent and objective function.
However, this independence can be compromised, particularly where reporting lines are through operational areas upon which they are required to review and report.
Relationship between internal and external audit
Internal and external auditors should work closely together with reliance by external auditors on the work of internal audit.
This is dependent on the two functions having a common understanding of the organization's needs.
Internal Audit