• constantiaconsulting

Internal Audit Charter

The Internal Audit Charter is a formal document that defines internal audit's purpose, responsibility, authority and position within the organisation. The charter should set out the nature of services that internal audit will provide and how internal audit will help the organisation to achieve its objectives.


Components of an Internal Audit Charter

The following should be included in the charter:

  • Mission - The charter should define the purpose and function of the internal audit activity. This should be to enhance and protect organisational value by providing risk-based and objective assurance, advice and insight.

  • Adherence to the International Standards for the Professional Practice of Internal Auditing - The charter should include details about how the internal audit activity governs itself and how it adheres to the IIA's International Professional Practices Framework (IPPF).

  • Authority - The charter should define the Chief Audit Executive's functional and administrative reporting relationship in the organisation. A statement should be included that confirms that the internal audit activity has sufficient authority to fulfil its duties.

  • Independence and Objectivity - The charter should state that the Chief Audit Executive will ensure independence and objectivity of the internal audit activity to carry out its duties in an unbiased manner. In addition to this, internal audit should have no direct operational responsibility or authority over any of the activities audited.

  • Scope - The charter should define the scope of the internal audit activity. The scope should include providing independent assessments of the adequacy and effectiveness of governance, risk management and control processes.

  • Responsibility - The responsibility of the internal audit activity should also be described in the charter and following should be performed at least annually:

  1. Creation of a risk-based internal audit plan.

  2. Confirmation that the internal audit activity has access to appropriate, competent and skilled resources.

  3. Verification that the internal audit activity is fulfilling its mandate.

  4. Assurance of compliance with the IIA standards.

  5. Communication of the results of its work and follow up of agreed corrective actions.

  • Quality Assurance and Improvement Program - The charter should define the internal audit's Quality Assurance and Improvement Program, which covers all aspects of the internal audit activity including an evaluation of conformance to the IIA standards, and an external assessment of the activity at least once every five years.


It is a key benchmarking tool against which the organisation can measure the effectiveness of internal audit, and is a useful tool for ensuring there is a clear understanding of the role, purpose and position of internal audit within the organisation.


The charter should be reviewed on a regular schedule and approved by the board. If there are any changes in the activity or IPPF, the charter should be updated to reflect this as soon as practicable.

4 views0 comments

Recent Posts

See All

Risk evaluation uses the information obtained during the analysis to make decisions about whether the risk is acceptable in its current state or whether further action needs to be taken to mitigate th

Risk analysis is the process of developing an understanding of each risk. This involves analysing the causes of risk, consequence and likelihood, identification of the effectiveness of existing contro

Establishing the context defines the parameters within which risks should be identified, prioritised and managed. Some areas that can be considered in determining the context include: Scope and struct