Case Study
Guidelines to conform with Domain IV
Domain IV provides the CAE with guidelines on how to manage the Internal Audit function.
- Develop Internal Audit strategy
- Understand the organisation’s governance processes.Governance includes:
- Strategy
- Structure
- Culture
- Risk Management
- Performance management
- Communication
- Understand how the organisation:
- Safeguards assets
- Complies with laws and regulations
- Ensures that financial and operational information is reliable and trustworthy
- Ensures operations and programmes are efficient and effective
- Use above information to develop Internal Audit strategy and audit plan that:
- Supports the organisation’s strategy
- Aligns with stakeholder expectations
- Fulfills Internal Audit’s Mandate
- Provides the vision for the Internal Audit function
- Sets out Internal Audit’s strategic objectives
- Describes action plans to achieve these objectives
- Establish methodologies
- Methodologies provide specific instructions and criteria to:
- Develop and execute Internal Audit strategy
- Develop and execute Audit Plan
- Communicate within Internal Audit function and with stakeholders
- Manage operational matters
- Perform administrative duties
- Oversee the Internal Audit function
- Periodically review methodologies
- Create Internal Audit Plan
- Plan must be:
- Designed to support business activities aligned to organisation strategy
- Informed by organisation’s strategy, objectives and risks, and the governance, risk and control processes
- Have stakeholder buy in
- The plan should consider the following:
- Internal Audit Mandate
- Agreed upon Internal Audit services
- Coverage of high-risk areas such as IT governance, fraud risk, ethics management
- Resource requirements (i.e. people, technology, financial)
- Reliance on other assurance providers
- Co-ordination with other assurance providers
- Plan must be dynamic and revised as changes happen in the environment (i.e. organisation strategy, objectives, and governance, risk and control processes, Internal Audit Mandate, Internal Audit services, and high risk areas)
- Communicate changes to stakeholders
- Operationalise Strategy and Internal Audit Plan
- Implement the following actions:
- Budget that successfully enables Internal Audit strategy and Audit Plan
- Human resources that are appropriate, sufficient and effectively deployed
- Technology that supports strategy and Audit Plan
- Plans to obtain sufficient resources and effectively and efficiently deploy human and technology resources
- Board approval
- Notify Board if people, and financial and technology resources are insufficient to operationalise strategy and Audit Plan
- Communicate in a way that engenders trust and builds relationships, and contributes to common understanding of organisation’s objectives, concerns, roles and responsibilities, and processes
- Communicate results and Acceptance of Risk in accordance with stakeholder expectations
- Implement internal and independent quality assurance and improvement processes and report results