internal audit charter template

7/29/2019 Internal Audit Charter Template

1/9

Copyright 2010 by the IAASC. All rights reserved. Page 1 of 9

[insert Organization Name] Internal Audit Charter

Approved, Acknowledged, and Accepted Month DD, YYYY

Article I

Definitions and Names

This document is referred to herein as the Charter.

[Organization Name] {and its subsidiaries are collectively}{is} referred to herein as the

{Organization.}{Company.} X, Inc. is the holding company of subsidiaries, and is referred to

as X. X, including all subsidiaries and related business ventures, is referred to as the

Enterprise. The Company has a board of directors, which assigns audit oversight to an audit

committee of [insert number] directors. The Company has {a} {an independent} {[insert name]

committee} consisting of [insert titles or names] which has audit oversight. The Companys

owner(s) {,[name owners]} {has}{have} audit oversight. The audit committees role and

responsibilities are defined in the Companys Audit Committee Charter.

The Companys Internal Audit Department is referred to herein as the Internal Audit Department,the Department, and Internal Audit, as contextually appropriate. The functions performed by

Internal Audit are referred to as internal auditing and internal auditing activities as contextually

appropriate. For purposes of this Charter, the [insert title{Vice President, Director, etc}] of Internal

Audit is referred to herein as the General Auditor, which is defined by the Internal Audit

Advancement and Standards Center (IAASC) in a manner consistent with the roles and

responsibilities assigned to the Companys [insert title] of Internal Audit. The Companys [insert

titles, for example: {Chairman, President and Chief Executive Officer (CEO), Executive Vice

President and Chief Financial Officer (CFO), Senior Vice President and General Counsel

(General Counsel), and the Vice President and Chief Accounting Officer (CAO)}] collectively

are referred to herein as the Acknowledging Officers. The Companys [insert titles, for example:

{Chairman, President and Chief Executive Officer (CEO), Executive Vice President and Chief

Financial Officer (CFO), Senior Vice President and General Counsel (General Counsel), and

the Vice President and Chief Accounting Officer (CAO)}] collectively are referred to herein as

the Principal Officers.

The IAASC is recognized as an organization that promulgates internal audit standards for internal

auditing, referred to herein as the Standards. While this Charter is not intended to fully reiterate

the Standards, it is intended to be consistent with the IAASC Standards and should be interpreted

in a manner consistent with those standards. IAASC Standards not directly incorporated into this

Charter shall nonetheless be fully and appropriately applicable to the Companys Internal Audit

Department. The Companys Internal Audit Department also considers guidance from industry

practices and other relevant sources as deemed appropriate and reasonable in relation to the

Companys needs.

Comment [gg1] : The termCompany is subsequently used template for simplicity. Simply f

replace the word Company if an

reference word is desired.

Comment [gtg2] : Optional lafor holding company or company

separated into divisions where the

acknowledging officers are locate

holding (parent) company and off

the subsidiaries or divisions are n

acknowledging officers. For exam

the CFO of the holding (parent) c

should always be an acknowledgi

officer, while the CFO of a subsid

division may not be an acknowled

officer. The author recommends

officers of the holding (parent) co

and subsidiaries / divisions be

acknowledging officers. The wor

Company throughout this documshould in this case be replaced by

the name of the company as defin

X here or the word Enterprise

appropriate.

Comment [gg3] : Optional lanin the absence of a board and/or a

committee. The audit oversight c

the responsibility of some type of

committee, or further in the absen

committee, could be the organiza

owners.

Comment [gg4] : Optional lanin the absence of a board and/or

committee. The audit oversight c

the responsibility of the organizat

owners.

Comment [gg5] : The term au

committee is subsequently used template for simplicity. Simply f

replace the words audit committe

another term is desired, such as b

or some other oversight committe

Comment [gtg6] : Language fcase when the head of audit is not

officially titled General Auditor.

Comment [gtg7] : Optional lafor principal officers who are coll

equivalent to acknowledging offic

this case, the words Acknowledg

Officers throughout this docume

should be replaced by the words

Principal Officers. Ot her terms

be, but may not be limited to Ex

Officers, Officers, or "Owners


2/9



Article II

Section 1 - Purpose of this Charter

This Charter institutionalizes the responsibilities, reporting lines, and protocols of the Internal Audit

Department; it establishes the departments objective and provides for uninhibited and complete

discretion to fulfill its objective, with procedural remedies to remediate obstacles and issues. This

Charter also delineates the reporting lines of the internal audit department, and the approval of the

Audit Committee, acknowledgement of Acknowledging Officers, and acceptance by the GeneralAuditor.

Section 2 - Objective of Internal Audit

The objective of the Internal Audit Department is to serve as a board oversight function that

objectively evaluates and recommends improvements to the Companys internal control structure,

prioritizing its efforts by continuously facilitating an objective risk assessment. This objective is

consistent with that as defined by the IAASC. The Companys audit committee andAcknowledging Officers recognize the importance of an internal audit function and adopt this

objective for the Companys Internal Audit Department.


3/9



Article III

Section 1 - Responsibility and Protocols

The audit committee recognizes that it is ultimately responsible for establishing and monitoring the

risk tolerance of an organization. The General Auditor shall from time to time advise the audit

committee on existing and evolving corporate governance practices as could be best suited for the

organization. The Acknowledging Officers recognize that management is responsible for the

Companys internal control structure, and thus is also responsible for adopting one or more internalcontrol framework(s) to serve as the basis for designing, monitoring, and evaluating its internal

control structure. Therefore, the Internal Audit Department shall have uninhibited and complete:

discretion to fulfill its objective; and access to all organizational records, data, information, assets, and personnel.

The General Auditor shall have open and direct access to management and the audit committee,Acknowledging Officers, and management.

The General Auditor shall be free to document and communicate specific policies and procedures

best suited for the Companys Internal Audit Department.

Management shall be obligated to respond to Internal Audits inquiries and recommendations, formal

and informal, in a timely and diligent manner. Excessive requirements for management

authorizations or permissions are deemed to inhibit access. The General Auditor has the discretion todisclose and refrain from disclosing any reasons for requests placed upon management.

The General Auditor shall report disagreements with management and instances in which a request

for access or response is not granted or provided in a reasonable time, format, and manner to the

Acknowledging Officers and the {audit committee} {designated committee member}.

Internal Audit shall hold data and information obtained during the course of its audit activities with

due care and the appropriate level of confidentiality. The General Auditor shall have authority to

grant, limit, and restrict access to work papers and records.


4/9



Section 2 Risk Assessment and Planning

The General Auditor shall use a risk model to logically identify key risks within the Company, and

shall annually present and discuss the risk model to the audit committee to receive input and

feedback. As part of the aforementioned process, the General Auditor shall receive direction andinput from the audit committee as to the risk factors the committee deems most important to the

organization. The General Auditor shall then develop an annual audit plan based on a risk

assessment, and present the audit plan to the audit committee for their review, input, and approval.Quarterly, the General Auditor shall present the results of a continuous risk assessment to the audit

committee, with necessary adjustments proposed to the audit plan for their review, input, andapproval. The audit committee and General Auditor recognize that the audit plan shall be

continuously risk-based, and not coverage-based, and optimal audit plans continuously change inresponse to shifting perceptions and outcomes of risk.

The audit committee and Acknowledging Officers recognize that internal audit practitioners andinternal audit functions competently achieve the objective of an internal audit function with the

probability and timeliness of risk identification generally being in direct proportion to that risks

impact on the organization. As such, it is further recognized that:

timeliness is relative to the audit committees risk tolerance and prioritization within therisk assessment; and

the identification of risks is subject to chance and interpretation; therefore the standard ofcompetence does not ever require certain and complete identification of any and all risks.


5/9



Article IV

Section 1 - Objectivity

The General Auditor is fully accountable and reports directly to the audit committee. The audit

committee will meet with the General Auditor at least quarterly in general session and privately,

ideally in person but nonetheless through any other reasonable means. For administrative purposes,

the General Auditor reports to the [insert title(s), for example: {Chairman, President and Chief

Executive Officer (CEO), Executive Vice President and Chief Financial Officer (CFO), SeniorVice President and General Counsel (General Counsel), and the Vice President and Chief

Accounting Officer (CAO)}].

Internal Audit shall not assume organizational responsibilities or authority outside the Department,

and therefore will not:

assume organizational responsibilities perform management functions, procedures, reviews, monitoring design or execute controls or processes render organizational decisions

Similarly, the Internal Audit Department shall not in any way utilize its resources to relieve orsubsidize other persons or functions in the Company.

The audit committee, Acknowledging Officers, and the General Auditor recognize that activities not

commensurate of an objective nature include repetitive audits, audits required by management, andaudits that take on more of a monitoring function rather than an assessment. As such, the Internal

Audit Department shall not serve as a substitute for management control, as an adequate internal

control structure should not necessitate the performance of any audit.

The General Auditor shall disclose to the audit committee, any and all requested, proposed, andperformed activities that are deemed as not taking the form of an objective internal audit activity, for

their acceptance or rejection.

Management shall not separately and distinctly allocate the cost of the Internal Audit Department to

other Company business units or cost centers.


6/9



Section 2 - Competence

The General Auditor shall document and communicate specific requirements for professional

credentials, including education and certifications, experience, and ongoing professional

development. The audit committee, Acknowledging Officers, and the General Auditor recognize thatthe practice of internal audit can be competently executed by individuals of a variety of experiences

and credentials. The Internal Audit Department shall be comprised of a sufficient number of

individuals with internal control credentials and experience, and ideally of a variety of credentials andexperiences. The audit committee shall determine the minimum amount of relevant training required

for the internal audit practitioners, and shall exercise its authority to require personnel changes at anylevel to the internal audit function. The General Auditor shall have documented procedures in place

that deliver appropriate supervision, coaching, performance appraisals, and training to the internalaudit practitioners within the Internal Audit Department.

The General Auditor shall continuously and annually review the general level of compliance to thekey components of the adopted standards and the functions policies and procedures. Annual reviews

shall be based on key attributes deemed most important by the General Auditor and the audit

committee. Such reviews shall take the form of a condensed internal self-assessment.

Additionally, the General Auditor shall ensure that there is a periodic assessment of comprehensivecompliance to the key components of the adopted standards and the functions policies and

procedures. For the periodic assessments, the audit committee shall:

determine the frequency of such assessments, considering the more comprehensive natureof these assessments relative to the annual condensed reviews;

determine if these assessments are to be performed by internal audit department personnelor an outside third party to the organization; and

approve the scope and general approach of each periodic assessment prior to theperformance of the assessment.

The results of the periodic assessment shall be presented to the audit committee by the generalauditor and administrative report-direct for an internal assessment or the third party representative

when a third party performs the assessment. For third party assessments, the audit committee shall

meet privately with the third party representative after receiving the presented report.


7/9



Article V

Fraud

The audit committee and Acknowledging Officers recognize that management is responsible for

controls to reasonably prevent and detect fraud. Furthermore, the audit committee and

Acknowledging Officers recognize that internal audit practitioners and therefore the Internal Audit

Department are not responsible to identify fraud.

The audit committee, Acknowledging Officers, and the General Auditor recognize that the internalaudit practitioners should be competent to assess the risk of fraud at the macro-regional, national,

local, industry, organizational, and functional levels for purposes of continuous audit planning andproject planning and scoping.

Management shall be responsible for all investigations, and shall report to the audit committee any

and all instances of fraud reasonably believed to have occurred and of a significance expected to be

greater than de minimis. The General Auditor shall monitor all investigations, and may opt to assistmanagement in their investigations. Management shall provide regular updates to the General

Auditor for all suspected and actual incidences of fraud, whether or not investigations are conducted.

This will aid the General Auditor in maintaining awareness of all potential risks and control

weaknesses within the Company, particularly to:

determine and recommend improvements to internal controls to reduce futurevulnerability; and

contemplate new audit procedures that may be deemed necessary to be performed in futureaudit work to assess the risk of repeated or similar fraud.


8/9



Article VI

Reporting and Follow-Up

The General Auditor shall have procedures in place to ensure that reported conclusions and opinions

are supported with adequate, competent, and sufficient internal audit work.

The General Auditor shall not issue an opinion on the internal control structure. The audit committee

and Acknowledging Officers recognize that an organizations internal control structure is comprised

of and affected by many internal and external activities and elements, all of which are subjected tovariability in effectiveness. The audit committee and Acknowledging Officers further recognize that

any opinion on the overall internal control structure of an organization would be inherently subject toexcessive uncertainty, regardless of the adequacy, competency, and sufficiency of internal audit

work.

Internal Audit shall communicate results of its work and otherwise known issues to management and

the audit committee. The General Auditor shall form and report appropriate opinions based on auditevidence. Management shall provide responses to issues in a prompt and efficient manner. Written

reports shall be distributed to the CEO, CFO, General Counsel, and other members of management,

as appropriate, and the audit committee for reports containing significant issues or when there is a

disagreement with management other than of a de minimis nature. The General Auditor shall providesummary information to the audit committee pertaining to issues resulting from internal audit

procedures as well as known issues outside of internal audits and issues. Additionally, the General

Auditor shall provide the audit committee with a quarterly assessment as to the effectiveness ofmanagements attention to internal control issues.

The audit committee shall approve the conceptual framework pertaining to follow-up audit

procedures. The General Auditor shall have procedures in place to track, monitor, and evaluate thestatus of internal control issues with a tracking mechanism and with consideration to the risk of each

issue and the cost and benefit of various audit procedure alternatives.

Article VII

Amendments

Amendments shall be signed by persons consistent with those authorizing this original Charter to be

effective.


9/9



Article VIII

Approvals, Acknowledgements, and Acceptance

The signatures below signify approval of the audit committee, acknowledgement of AcknowledgingOfficers, and acceptance by the General Auditor.

Signature ____________________________________ Date ________________

Insert Printed NameChairman of the Audit Committee of the Board

Signature ____________________________________ Date ________________

Insert Printed NameBoard Director and Audit Committee Member

Signature ____________________________________ Date ________________


Signature ____________________________________ Date ________________


Signature ____________________________________ Date ________________

Insert Printed NameChairman, President and Chief Executive Officer

Signature ____________________________________ Date ________________

Insert Printed NameExecutive Vice President and CFO

Signature ____________________________________ Date ________________Insert Printed Name

Senior Vice President and General Counsel

Signature ____________________________________ Date ________________

Insert Printed NameVice President and Chief Accounting Officer

Signature ____________________________________ Date ________________

Insert Printed NameGeneral Auditor

internal audit charter template

Documents