For audit committees to perform their oversight responsibilities effectively in an age of permacrisis, they need internal audit’s risk-based assurance, insight, and foresight more than ever. At the same time, these oversight responsibilities continue to expand and deepen. In particular, CAEs should be mindful of how The Institute of Internal Auditors’ (IIA’s) new Global Internal Audit Standards give audit committees a yet stronger mandate to oversee internal audit.
Domain III of the Standards spells out “essential conditions” describing board activities that enable internal audit to fulfill its purpose. While the wording is new, the underlying truth has long been in place: Strong relationships and open, transparent communication between the CAE and audit committee are critical to both parties’ success.
There is, however, another underlying truth that bears acknowledging. There is often an “unfortunate” gap between audit committee expectations and internal audit’s performance — particularly that of the chief audit executive (CAE). I have surfaced this topic repeatedly over the years, such as in this 2017 roll call of the five things audit committees are often reluctant to tell the CAE. The topic has only grown in importance. One of my presentations at The IIA’s recent GAM conference focused on “Fortifying Audit Committee Relationships: CAE Strategies for Success.”
Read the full blog post by Richard Chambers here.