Enter your organisation details
Purpose of Internal Auditing
The Internal Audit Function (IAF) of ORGANISATION NAME aims to strengthen the organisation by providing independent, objective assurance and advisory services. The IAF contributes to the improvement of operations and supports ORGANISATION NAME in achieving its objectives by applying a systematic and disciplined approach to evaluating and improving the effectiveness of risk management, control and governance.
The IAF delivers its services in accordance with the Global Internal Audit Standards (GIAS) of the Institute of Internal Auditors (IIA). This charter has been established in accordance with GIAS Standard 6.2 and is reviewed at least annually.
Mandate
2.1 Authority and positioning
The IAF has been authorised by the SUPERVISORY BODY, on recommendation of the AUDIT COMMITTEE, the BOARD OF DIRECTORS, on recommendation of the AUDIT COMMITTEE, to review all activities, systems, processes and risks of ORGANISATION NAME. This includes unrestricted access to all data, documents, information systems, personnel and physical locations required for the execution of the internal audit mandate.
The CAE reports functionally to the AUDIT COMMITTEE of the SUPERVISORY BOARD and administratively to the EXECUTIVE BOARD / CEO. the AUDIT COMMITTEE of the BOARD OF DIRECTORS and administratively to the CEO. This reporting structure safeguards the organisational independence of the IAF and enables the CAE to fulfil her responsibilities without interference.
2.2 Independence and objectivity
The IAF operates independently from the activities it reviews. Internal auditors maintain an unbiased mindset and avoid conflicts of interest. The CAE annually confirms the organisational independence of the IAF to the AUDIT COMMITTEE. the AUDIT COMMITTEE of the BOARD OF DIRECTORS.
The appointment and dismissal of the CAE are authorised by the SUPERVISORY BOARD, in consultation with the EXECUTIVE BOARD / CEO. the BOARD OF DIRECTORS, in consultation with the CEO.
2.3 Disagreements on essential conditions
If the CAE considers that senior management is making decisions that materially limit the effectiveness of the IAF, or that expose the organisation to unacceptable risks, the CAE will, after consultation with senior management, escalate this to the supervisory body. The CAE documents such situations and the actions taken in accordance with GIAS Standard 6.2.
2.4 Changes to the mandate
The CAE periodically assesses whether changes in the organisation, risk appetite or external environment warrant a revision of the mandate. Material changes are submitted to the supervisory body for approval.
Board oversight
The SUPERVISORY BOARD, represented by the AUDIT COMMITTEE, approves this charter and maintains oversight of the IAF. The responsibilities of the AUDIT COMMITTEE include:
- Approval of the internal audit charter, the annual plan and the IAF budget;
- Annual assessment of the adequacy of the IAF's resources and capabilities;
- Direct reporting by the CAE to the AUDIT COMMITTEE;
- Periodic meetings with the CAE without management present;
- Receipt and discussion of the QAIP (quality assurance and improvement) results, including the results of external quality assessments (EQA);
- Authorisation of the appointment and dismissal of the CAE.
The BOARD OF DIRECTORS, represented by the AUDIT COMMITTEE, approves this charter and maintains oversight of the IAF. The responsibilities of the AUDIT COMMITTEE include:
- Approval of the internal audit charter, the annual plan and the IAF budget;
- Annual assessment of the adequacy of the IAF's resources and capabilities;
- Direct reporting by the CAE to the AUDIT COMMITTEE;
- Periodic meetings with the CAE without management present;
- Receipt and discussion of the QAIP (quality assurance and improvement) results, including the results of external quality assessments (EQA);
- Authorisation of the appointment and dismissal of the CAE.
The EXECUTIVE BOARD / CEO supports the IAF by ensuring access to resources, personnel and information and by promoting the authority of the IAF within the organisation.
Responsibilities of the CAE
4.1 Ethics and professionalism
The CAE and all IAF staff act in accordance with the Global Internal Audit Standards and the IIA's ethical principles: integrity, objectivity, confidentiality and competency. Non-conformance with the Standards is documented and communicated in accordance with the requirements of GIAS Standard 4.1.
4.2 Objectivity
Internal auditors are free from compromises in the quality of their work. They avoid situations that may jeopardise their impartiality. When objectivity is actually or apparently impaired, this is reported to the CAE. The CAE takes appropriate measures to manage or eliminate the impairment.
4.3 Management of the Internal Audit Function
The CAE is responsible for:
- Developing a multi-year strategy and an annual risk-based internal audit plan;
- Managing the resources, budget and capabilities of the IAF;
- Ensuring sufficient competencies within the IAF, including training and continuing professional development;
- Directing assurance and advisory services in accordance with the internal audit mandate;
- Maintaining an adequate audit file for each engagement;
- Complying with laws and regulations applicable to internal auditing.
4.4 Communication with the supervisory body
The CAE reports periodically to the AUDIT COMMITTEE of the SUPERVISORY BOARD the AUDIT COMMITTEE of the BOARD OF DIRECTORS on at least the following:
- The status and progress of the internal audit plan;
- Significant findings, recommendations and their follow-up;
- Changes that affect the mandate or this charter;
- Potential impairments to the independence of the IAF;
- Results of the QAIP and any non-conformance with the Standards.
4.5 Quality Assurance and Improvement Programme (QAIP)
The CAE develops, implements and maintains a quality assurance and improvement programme (QAIP) that covers all aspects of the IAF. This programme consists of:
- Internal assessments: ongoing monitoring of engagement quality and periodic self-assessments;
- External quality assessment (EQA): at least once every five years by an independent, qualified assessor.
The results of the QAIP, including conformance with the Standards and performance against objectives, are communicated annually to the supervisory body.
Scope and types of services
The IAF provides the following types of services to ORGANISATION NAME:
- Assurance services: objective assessment of evidence to provide an independent opinion on risk management, control and governance;
- Advisory services: recommendations, guidance and support aimed at improving governance and control, without assuming management responsibility.
The scope of the IAF encompasses all activities, processes and entities of ORGANISATION NAME, including subsidiaries and outsourced activities insofar as they are relevant to managing organisational risks. The IAF has access to all processes, systems and data relevant to the execution of its engagements.
Relationship with the external auditor and other assurance providers
The CAE coordinates the activities of the IAF with those of the external auditor and other internal and external assurance providers (such as compliance and risk management). The objective is to limit duplication of effort, identify gaps in risk coverage and increase the overall added value of the assurance function. The CAE assesses the extent to which the work of other providers can be relied upon.
Performance indicators of the CAE
The performance of the CAE is assessed annually on the basis of indicators approved by the SUPERVISORY BOARD. the BOARD OF DIRECTORS. These indicators include at a minimum: audit plan completion (% completed), timeliness of reporting, client satisfaction (average auditee rating), recommendation follow-up rate and conformance with the Standards (QAIP outcome).
Effective date and version control
This charter takes effect on DD-MM-YYYY and supersedes all previous versions. The charter is reviewed at least annually, or sooner if material changes in the organisation or risk appetite so require.
Amendments are submitted to the supervisory body for approval.
Appendix A — GIAS Cross-Reference Table
The table below shows the relevant GIAS principles, standards and DO requirement numbers per charter section. ⚠ = critical requirement (non-conformance constitutes a material non-conformity).
| Charter section | Principle | Standard | DO requirement nos. | Critical |
|---|---|---|---|---|
| 1 — Purpose | PR6 Authorised by the board | 6.1 Internal audit mandate | 1, 4, 5, 8, 10 | ⚠ |
| 1 — Purpose | PR6 Authorised by the board | 6.2 Internal audit charter | 1, 2, 4 | ⚠ |
| 2.1 — Authority | PR6 Authorised by the board | 6.1 Internal audit mandate | 4, 8, 10 | ⚠ |
| 2.1 — Authority | PR6 Authorised by the board | 6.3 Board support | 1, 3, 4, 7 | ⚠ |
| 2.2 — Independence | PR7 Independently positioned | 7.1 Organisational independence | 1, 2, 3, 10, 13, 17, 18 | ⚠ |
| 2.2 — Independence | PR7 Independently positioned | 7.2 CAE qualifications | 1, 4, 7 | ⚠ |
| 2.3 — Disagreements | PR6 Authorised by the board | 6.2 Internal audit charter | 1, 4 | ⚠ |
| 2.4 — Changes | PR6 Authorised by the board | 6.1 Internal audit mandate | 5, 6 | |
| 3 — Board oversight | PR8 Under board oversight | 8.1 Interaction with the board | 1, 2 | ⚠ |
| 3 — Board oversight | PR8 Under board oversight | 8.2 Resources | 2, 4, 5 | ⚠ |
| 3 — Board oversight | PR8 Under board oversight | 8.3 Quality | 1, 2, 3, 4 | ⚠ |
| 3 — Board oversight | PR8 Under board oversight | 8.4 External quality assessment | 1, 2, 3 | ⚠ |
| 4.1 — Ethics | PR4 Professionally competent | 4.1 Conformance with the Standards | 1, 4, 6 | ⚠ |
| 4.2 — Objectivity | PR2 Ethical and objective | 2.1 Objectivity | 1, 2, 3 | ⚠ |
| 4.3 — IAF Management | PR9 Systematic and risk-based approach | 9.1 Engagement portfolio | 1, 2 | ⚠ |
| 4.4 — Communication | PR8 Under board oversight | 8.1 Interaction with the board | 2 | ⚠ |
| 4.5 — QAIP | PR8 Under board oversight | 8.3 Quality | 1, 2, 3, 4 | ⚠ |
| 4.5 — QAIP | PR8 Under board oversight | 8.4 External quality assessment | 1, 2, 3 | ⚠ |
| 5 — Scope | PR6 Authorised by the board | 6.1 Internal audit mandate | 1, 3, 4 | ⚠ |
| 5 — Scope | PR9 Systematic and risk-based approach | 9.1 Engagement portfolio | 1 | ⚠ |
| 6 — Ext. auditor | PR9 Systematic and risk-based approach | 9.5 Coordination with other assurance | 1 | ⚠ |
| 8 — Effective date | PR6 Authorised by the board | 6.2 Internal audit charter | 1, 4, 5 | ⚠ |