Primary navigation:

QFINANCE Quick Links
QFINANCE Topics
QFINANCE Reference
Add the QFINANCE search widget to your website

Home > Auditing Checklists > Internal Audit Charters

Auditing Checklists

Internal Audit Charters


Definition

An internal audit charter is a formal document approved by the audit committee. It should be developed by the chief audit executive and agreed at the highest level of the organization. Standards published by the Institute of Internal Auditors (IIA) require that there be an internal audit charter, but there is no fixed requirement for what it should contain. At a minimum, the IIA standards require a charter to define the purpose, authority, and responsibility of the internal audit function. A charter establishes internal audit’s position within an organization and authorizes it to access records, personnel, and physical property that are relevant to internal audit work. It can be used, for example, by an auditor when a manager in a remote part of the business questions the auditor’s need to access particular documents, computer records, or personnel. A charter is particularly useful in large organizations but it is important to remember that such situations can also occur in smaller organizations.

The IIA refers to the need for a charter but does not provide specific guidance on what it should contain. IIA Standard 1000 says:1

“The internal audit charter is a formal document that defines the internal audit activity’s purpose, authority, and responsibility. The internal audit charter establishes the internal audit activity’s position within the organization, including the nature of the chief audit executive’s functional reporting relationship with the board; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities. Final approval of the internal audit charter resides with the board.”

Back to top

Advantages

  • A charter can be used in a positive fashion to describe the aims of internal audit.

  • It can also be used to defend the audit against hostile managers or staff.

  • A charter compels departments that need to be audited to cooperate with the auditor. Without this charter or similar authority, managers might not see the need for an audit and might refuse the auditor’s requests.

Back to top

Disadvantages

  • Such a formal document might not be necessary in a small organization.

Back to top

Action Checklist

  • Develop a precise definition of internal auditing. This should be formally worded and include the objectives of the internal audit function. It may be possible to use the definition outlined by a body such as the IIA.

  • Ensure that the charter makes it clear that internal audit engagements will cover the following four areas: reliability and integrity of financial and operational information; effectiveness and efficiency of operations; safeguarding of assets; and compliance with laws, regulations, and contracts.

Here is a suggested checklist for use in formulating an internal audit charter. The charter should:

  • detail the purpose, authority, and responsibility of the internal audit function, together with the scope of its activities;

  • establish internal audit’s position within the organization;

  • define the nature of the assurance services that will be provided by internal audit;

  • include a definition of internal auditing;

  • define the nature of the assurance services that will be provided by internal audit;

  • authorize access to records, personnel, and physical property relevant to the performance of engagements;

  • specify a periodic review of internal audit performance and of the charter itself;

  • be approved by the audit committee.

Back to top

Dos and Don’ts

Do

  • Ensure that the role of the internal audit function is clearly set out and that it is distinguished from management’s responsibilities. Management should, for example, be responsible for establishing procedures to prevent fraud, while the auditors should be responsible for establishing the effectiveness of those procedures.

  • Ensure that the charter is simple and unambiguous.

  • Make sure that senior management supports the charter or serious problems could ensue.

  • Keep the charter short and to the point.

Don’t

  • Don't forget to revisit the charter periodically to ensure that it remains relevant to the organization’s needs.

Back to top

Note

1 IIA. “1000—Purpose, authority, and responsibility.” Online at: na.theiia.org/standards-guidance/mandatory-guidance/Pages/Standards.aspx

Back to top

Further reading

Books:

  • Moeller, Robert R. Brink’s Modern Internal Auditing: A Common Body of Knowledge. 7th ed. Hoboken, NJ: Wiley, 2009.
  • Pickett, K. H. Spencer. The Internal Auditing Handbook. 3rd ed. Chichester, UK: Wiley, 2010.

Website:

Back to top

Share this page

  • Facebook
  • Twitter
  • LinkedIn
  • Bookmark and Share