internal audit charter template
TRANSCRIPT
-
7/29/2019 Internal Audit Charter Template
1/9
Copyright 2010 by the IAASC. All rights reserved. Page 1 of 9
[insert Organization Name] Internal Audit Charter
Approved, Acknowledged, and Accepted Month DD, YYYY
Article I
Definitions and Names
This document is referred to herein as the Charter.
[Organization Name] {and its subsidiaries are collectively}{is} referred to herein as the
{Organization.}{Company.} X, Inc. is the holding company of subsidiaries, and is referred to
as X. X, including all subsidiaries and related business ventures, is referred to as the
Enterprise. The Company has a board of directors, which assigns audit oversight to an audit
committee of [insert number] directors. The Company has {a} {an independent} {[insert name]
committee} consisting of [insert titles or names] which has audit oversight. The Companys
owner(s) {,[name owners]} {has}{have} audit oversight. The audit committees role and
responsibilities are defined in the Companys Audit Committee Charter.
The Companys Internal Audit Department is referred to herein as the Internal Audit Department,the Department, and Internal Audit, as contextually appropriate. The functions performed by
Internal Audit are referred to as internal auditing and internal auditing activities as contextually
appropriate. For purposes of this Charter, the [insert title{Vice President, Director, etc}] of Internal
Audit is referred to herein as the General Auditor, which is defined by the Internal Audit
Advancement and Standards Center (IAASC) in a manner consistent with the roles and
responsibilities assigned to the Companys [insert title] of Internal Audit. The Companys [insert
titles, for example: {Chairman, President and Chief Executive Officer (CEO), Executive Vice
President and Chief Financial Officer (CFO), Senior Vice President and General Counsel
(General Counsel), and the Vice President and Chief Accounting Officer (CAO)}] collectively
are referred to herein as the Acknowledging Officers. The Companys [insert titles, for example:
{Chairman, President and Chief Executive Officer (CEO), Executive Vice President and Chief
Financial Officer (CFO), Senior Vice President and General Counsel (General Counsel), and
the Vice President and Chief Accounting Officer (CAO)}] collectively are referred to herein as
the Principal Officers.
The IAASC is recognized as an organization that promulgates internal audit standards for internal
auditing, referred to herein as the Standards. While this Charter is not intended to fully reiterate
the Standards, it is intended to be consistent with the IAASC Standards and should be interpreted
in a manner consistent with those standards. IAASC Standards not directly incorporated into this
Charter shall nonetheless be fully and appropriately applicable to the Companys Internal Audit
Department. The Companys Internal Audit Department also considers guidance from industry
practices and other relevant sources as deemed appropriate and reasonable in relation to the
Companys needs.
Comment [gg1] : The termCompany is subsequently used template for simplicity. Simply f
replace the word Company if an
reference word is desired.
Comment [gtg2] : Optional lafor holding company or company
separated into divisions where the
acknowledging officers are locate
holding (parent) company and off
the subsidiaries or divisions are n
acknowledging officers. For exam
the CFO of the holding (parent) c
should always be an acknowledgi
officer, while the CFO of a subsid
division may not be an acknowled
officer. The author recommends
officers of the holding (parent) co
and subsidiaries / divisions be
acknowledging officers. The wor
Company throughout this documshould in this case be replaced by
the name of the company as defin
X here or the word Enterprise
appropriate.
Comment [gg3] : Optional lanin the absence of a board and/or a
committee. The audit oversight c
the responsibility of some type of
committee, or further in the absen
committee, could be the organiza
owners.
Comment [gg4] : Optional lanin the absence of a board and/or
committee. The audit oversight c
the responsibility of the organizat
owners.
Comment [gg5] : The term au
committee is subsequently used template for simplicity. Simply f
replace the words audit committe
another term is desired, such as b
or some other oversight committe
Comment [gtg6] : Language fcase when the head of audit is not
officially titled General Auditor.
Comment [gtg7] : Optional lafor principal officers who are coll
equivalent to acknowledging offic
this case, the words Acknowledg
Officers throughout this docume
should be replaced by the words
Principal Officers. Ot her terms
be, but may not be limited to Ex
Officers, Officers, or "Owners
-
7/29/2019 Internal Audit Charter Template
2/9
[insert Organization Name] Internal Audit Charter
Copyright 2010 by the IAASC. All rights reserved. Page 2 of 9
Article II
Section 1 - Purpose of this Charter
This Charter institutionalizes the responsibilities, reporting lines, and protocols of the Internal Audit
Department; it establishes the departments objective and provides for uninhibited and complete
discretion to fulfill its objective, with procedural remedies to remediate obstacles and issues. This
Charter also delineates the reporting lines of the internal audit department, and the approval of the
Audit Committee, acknowledgement of Acknowledging Officers, and acceptance by the GeneralAuditor.
Section 2 - Objective of Internal Audit
The objective of the Internal Audit Department is to serve as a board oversight function that
objectively evaluates and recommends improvements to the Companys internal control structure,
prioritizing its efforts by continuously facilitating an objective risk assessment. This objective is
consistent with that as defined by the IAASC. The Companys audit committee andAcknowledging Officers recognize the importance of an internal audit function and adopt this
objective for the Companys Internal Audit Department.
-
7/29/2019 Internal Audit Charter Template
3/9
[insert Organization Name] Internal Audit Charter
Copyright 2010 by the IAASC. All rights reserved. Page 3 of 9
Article III
Section 1 - Responsibility and Protocols
The audit committee recognizes that it is ultimately responsible for establishing and monitoring the
risk tolerance of an organization. The General Auditor shall from time to time advise the audit
committee on existing and evolving corporate governance practices as could be best suited for the
organization. The Acknowledging Officers recognize that management is responsible for the
Companys internal control structure, and thus is also responsible for adopting one or more internalcontrol framework(s) to serve as the basis for designing, monitoring, and evaluating its internal
control structure. Therefore, the Internal Audit Department shall have uninhibited and complete:
discretion to fulfill its objective; and access to all organizational records, data, information, assets, and personnel.
The General Auditor shall have open and direct access to management and the audit committee,Acknowledging Officers, and management.
The General Auditor shall be free to document and communicate specific policies and procedures
best suited for the Companys Internal Audit Department.
Management shall be obligated to respond to Internal Audits inquiries and recommendations, formal
and informal, in a timely and diligent manner. Excessive requirements for management
authorizations or permissions are deemed to inhibit access. The General Auditor has the discretion todisclose and refrain from disclosing any reasons for requests placed upon management.
The General Auditor shall report disagreements with management and instances in which a request
for access or response is not granted or provided in a reasonable time, format, and manner to the
Acknowledging Officers and the {audit committee} {designated committee member}.
Internal Audit shall hold data and information obtained during the course of its audit activities with
due care and the appropriate level of confidentiality. The General Auditor shall have authority to
grant, limit, and restrict access to work papers and records.
-
7/29/2019 Internal Audit Charter Template
4/9
[insert Organization Name] Internal Audit Charter
Copyright 2010 by the IAASC. All rights reserved. Page 4 of 9
Section 2 Risk Assessment and Planning
The General Auditor shall use a risk model to logically identify key risks within the Company, and
shall annually present and discuss the risk model to the audit committee to receive input and
feedback. As part of the aforementioned process, the General Auditor shall receive direction andinput from the audit committee as to the risk factors the committee deems most important to the
organization. The General Auditor shall then develop an annual audit plan based on a risk
assessment, and present the audit plan to the audit committee for their review, input, and approval.Quarterly, the General Auditor shall present the results of a continuous risk assessment to the audit
committee, with necessary adjustments proposed to the audit plan for their review, input, andapproval. The audit committee and General Auditor recognize that the audit plan shall be
continuously risk-based, and not coverage-based, and optimal audit plans continuously change inresponse to shifting perceptions and outcomes of risk.
The audit committee and Acknowledging Officers recognize that internal audit practitioners andinternal audit functions competently achieve the objective of an internal audit function with the
probability and timeliness of risk identification generally being in direct proportion to that risks
impact on the organization. As such, it is further recognized that:
timeliness is relative to the audit committees risk tolerance and prioritization within therisk assessment; and
the identification of risks is subject to chance and interpretation; therefore the standard ofcompetence does not ever require certain and complete identification of any and all risks.
-
7/29/2019 Internal Audit Charter Template
5/9
[insert Organization Name] Internal Audit Charter
Copyright 2010 by the IAASC. All rights reserved. Page 5 of 9
Article IV
Section 1 - Objectivity
The General Auditor is fully accountable and reports directly to the audit committee. The audit
committee will meet with the General Auditor at least quarterly in general session and privately,
ideally in person but nonetheless through any other reasonable means. For administrative purposes,
the General Auditor reports to the [insert title(s), for example: {Chairman, President and Chief
Executive Officer (CEO), Executive Vice President and Chief Financial Officer (CFO), SeniorVice President and General Counsel (General Counsel), and the Vice President and Chief
Accounting Officer (CAO)}].
Internal Audit shall not assume organizational responsibilities or authority outside the Department,
and therefore will not:
assume organizational responsibilities perform management functions, procedures, reviews, monitoring design or execute controls or processes render organizational decisions
Similarly, the Internal Audit Department shall not in any way utilize its resources to relieve orsubsidize other persons or functions in the Company.
The audit committee, Acknowledging Officers, and the General Auditor recognize that activities not
commensurate of an objective nature include repetitive audits, audits required by management, andaudits that take on more of a monitoring function rather than an assessment. As such, the Internal
Audit Department shall not serve as a substitute for management control, as an adequate internal
control structure should not necessitate the performance of any audit.
The General Auditor shall disclose to the audit committee, any and all requested, proposed, andperformed activities that are deemed as not taking the form of an objective internal audit activity, for
their acceptance or rejection.
Management shall not separately and distinctly allocate the cost of the Internal Audit Department to
other Company business units or cost centers.
-
7/29/2019 Internal Audit Charter Template
6/9
[insert Organization Name] Internal Audit Charter
Copyright 2010 by the IAASC. All rights reserved. Page 6 of 9
Section 2 - Competence
The General Auditor shall document and communicate specific requirements for professional
credentials, including education and certifications, experience, and ongoing professional
development. The audit committee, Acknowledging Officers, and the General Auditor recognize thatthe practice of internal audit can be competently executed by individuals of a variety of experiences
and credentials. The Internal Audit Department shall be comprised of a sufficient number of
individuals with internal control credentials and experience, and ideally of a variety of credentials andexperiences. The audit committee shall determine the minimum amount of relevant training required
for the internal audit practitioners, and shall exercise its authority to require personnel changes at anylevel to the internal audit function. The General Auditor shall have documented procedures in place
that deliver appropriate supervision, coaching, performance appraisals, and training to the internalaudit practitioners within the Internal Audit Department.
The General Auditor shall continuously and annually review the general level of compliance to thekey components of the adopted standards and the functions policies and procedures. Annual reviews
shall be based on key attributes deemed most important by the General Auditor and the audit
committee. Such reviews shall take the form of a condensed internal self-assessment.
Additionally, the General Auditor shall ensure that there is a periodic assessment of comprehensivecompliance to the key components of the adopted standards and the functions policies and
procedures. For the periodic assessments, the audit committee shall:
determine the frequency of such assessments, considering the more comprehensive natureof these assessments relative to the annual condensed reviews;
determine if these assessments are to be performed by internal audit department personnelor an outside third party to the organization; and
approve the scope and general approach of each periodic assessment prior to theperformance of the assessment.
The results of the periodic assessment shall be presented to the audit committee by the generalauditor and administrative report-direct for an internal assessment or the third party representative
when a third party performs the assessment. For third party assessments, the audit committee shall
meet privately with the third party representative after receiving the presented report.
-
7/29/2019 Internal Audit Charter Template
7/9
[insert Organization Name] Internal Audit Charter
Copyright 2010 by the IAASC. All rights reserved. Page 7 of 9
Article V
Fraud
The audit committee and Acknowledging Officers recognize that management is responsible for
controls to reasonably prevent and detect fraud. Furthermore, the audit committee and
Acknowledging Officers recognize that internal audit practitioners and therefore the Internal Audit
Department are not responsible to identify fraud.
The audit committee, Acknowledging Officers, and the General Auditor recognize that the internalaudit practitioners should be competent to assess the risk of fraud at the macro-regional, national,
local, industry, organizational, and functional levels for purposes of continuous audit planning andproject planning and scoping.
Management shall be responsible for all investigations, and shall report to the audit committee any
and all instances of fraud reasonably believed to have occurred and of a significance expected to be
greater than de minimis. The General Auditor shall monitor all investigations, and may opt to assistmanagement in their investigations. Management shall provide regular updates to the General
Auditor for all suspected and actual incidences of fraud, whether or not investigations are conducted.
This will aid the General Auditor in maintaining awareness of all potential risks and control
weaknesses within the Company, particularly to:
determine and recommend improvements to internal controls to reduce futurevulnerability; and
contemplate new audit procedures that may be deemed necessary to be performed in futureaudit work to assess the risk of repeated or similar fraud.
-
7/29/2019 Internal Audit Charter Template
8/9
[insert Organization Name] Internal Audit Charter
Copyright 2010 by the IAASC. All rights reserved. Page 8 of 9
Article VI
Reporting and Follow-Up
The General Auditor shall have procedures in place to ensure that reported conclusions and opinions
are supported with adequate, competent, and sufficient internal audit work.
The General Auditor shall not issue an opinion on the internal control structure. The audit committee
and Acknowledging Officers recognize that an organizations internal control structure is comprised
of and affected by many internal and external activities and elements, all of which are subjected tovariability in effectiveness. The audit committee and Acknowledging Officers further recognize that
any opinion on the overall internal control structure of an organization would be inherently subject toexcessive uncertainty, regardless of the adequacy, competency, and sufficiency of internal audit
work.
Internal Audit shall communicate results of its work and otherwise known issues to management and
the audit committee. The General Auditor shall form and report appropriate opinions based on auditevidence. Management shall provide responses to issues in a prompt and efficient manner. Written
reports shall be distributed to the CEO, CFO, General Counsel, and other members of management,
as appropriate, and the audit committee for reports containing significant issues or when there is a
disagreement with management other than of a de minimis nature. The General Auditor shall providesummary information to the audit committee pertaining to issues resulting from internal audit
procedures as well as known issues outside of internal audits and issues. Additionally, the General
Auditor shall provide the audit committee with a quarterly assessment as to the effectiveness ofmanagements attention to internal control issues.
The audit committee shall approve the conceptual framework pertaining to follow-up audit
procedures. The General Auditor shall have procedures in place to track, monitor, and evaluate thestatus of internal control issues with a tracking mechanism and with consideration to the risk of each
issue and the cost and benefit of various audit procedure alternatives.
Article VII
Amendments
Amendments shall be signed by persons consistent with those authorizing this original Charter to be
effective.
-
7/29/2019 Internal Audit Charter Template
9/9
[insert Organization Name] Internal Audit Charter
Copyright 2010 by the IAASC. All rights reserved. Page 9 of 9
Article VIII
Approvals, Acknowledgements, and Acceptance
The signatures below signify approval of the audit committee, acknowledgement of AcknowledgingOfficers, and acceptance by the General Auditor.
Signature ____________________________________ Date ________________
Insert Printed NameChairman of the Audit Committee of the Board
Signature ____________________________________ Date ________________
Insert Printed NameBoard Director and Audit Committee Member
Signature ____________________________________ Date ________________
Insert Printed NameBoard Director and Audit Committee Member
Signature ____________________________________ Date ________________
Insert Printed NameBoard Director and Audit Committee Member
Signature ____________________________________ Date ________________
Insert Printed NameChairman, President and Chief Executive Officer
Signature ____________________________________ Date ________________
Insert Printed NameExecutive Vice President and CFO
Signature ____________________________________ Date ________________Insert Printed Name
Senior Vice President and General Counsel
Signature ____________________________________ Date ________________
Insert Printed NameVice President and Chief Accounting Officer
Signature ____________________________________ Date ________________
Insert Printed NameGeneral Auditor