CAE’s Reporting Responsibilities for effective Internal Audit Governance (Part 5/5)

The role of the Chief Audit Executive (CAE) is pivotal in establishing effective governance within the internal audit function. The CAE's responsibilities include providing insight into their qualifications, aligning with the board’s expectations, and ensuring the internal audit function's independence and efficacy.

By adhering to these standards, the CAE can uphold the governance structure and deliver high-quality internal audit services that support organisational objectives.

This article covers key CAE responsibilities and how they contribute to the governance of the internal audit function.

1. Variations in Nature of the Board from the Definition in the Standards

The term “board” in internal audit standards generally refers to the highest-level governance body. This body may vary across organisations, representing groups like boards of directors, audit committees, trustees, or elected officials (Global Internal Audit Standards).

In cases where an organization has multiple governing bodies or a non-standard board structure, the CAE must document these variations to clarify the governance structure and demonstrate consistency with the internal audit standards’ intent.

This documentation helps the CAE maintain alignment with the board’s governance authority, ensuring transparency in the internal audit reporting structure.

2. Mandate of the Internal Audit Function

The internal audit mandate defines the scope and authority of the internal audit function, as outlined in Standard 6.1. The CAE is responsible for providing the board with information essential for establishing the internal audit mandate, which may also be partially dictated by legal requirements.

The mandate should be detailed in an internal audit charter, approved by the board, and reviewed periodically to ensure it aligns with evolving organisational needs.

Should any changes occur, the CAE must facilitate discussions with the board to reassess the internal audit mandate’s relevance and authority, as required by Standard 6.2.

3. Examples of Common and Leading Qualifications and Competencies for a Chief Audit Executive

To effectively manage the internal audit function, the CAE must possess qualifications and competencies that align with Standard 7.2. It is essential for the CAE to keep the board informed of the qualifications necessary for effective internal audit leadership.

Examples of common competencies include expertise in governance, risk management, compliance, and strong communication skills. By maintaining these qualifications and continuously improving, the CAE ensures that they can lead the internal audit function to meet both current and future governance needs.

4. Disagreements on Essential Conditions

If disagreements arise regarding essential conditions for internal audit operations, the CAE must emphasize the importance of these conditions to the board and senior management. Standard 7.2 dictates that the CAE document these disagreements and propose alternative conditions to meet standard requirements.

Should a resolution be unattainable, the CAE may document why the standards are not met, ensuring transparency and accountability with external assessors.

5. Information Needed by the Board and Senior Management to Support and Promote Recognition of the Internal Audit Function

Standard 6.3 specifies that the CAE must provide necessary information to the board and senior management to support and promote the internal audit function within the organisation. This support may include a communication matrix, which details what information the CAE will share with the board and how frequently.

By fostering this transparency, the CAE enables organisational recognition of internal audit’s role in governance.

6. Confirmation of Organisational Independence of the Internal Audit Function

Organisational independence is fundamental to internal audit's objectivity, as emphasised in Standard 7.1. The CAE must confirm independence to the board annually and discuss any potential impairments that could compromise objectivity.

Should the governance structure limit independence, the CAE is required to document these challenges and employ safeguards to maintain independence.

7. Roles and Responsibilities that Have Potential to Impair Independence of the Internal Audit Function

When roles or responsibilities could impair the internal audit function’s independence, Standard 7.1 requires the CAE to communicate these to the board and senior management. This communication includes proposed safeguards to manage any actual or perceived impairments.

By actively addressing potential conflicts, the CAE ensures that the internal audit function remains unbiased and credible.

8. The Internal Audit Strategy, Plan, and Budget and Subsequent Significant Revisions to Them

As per Standard 9.2, the CAE must develop a strategic plan for the internal audit function that aligns with organisational objectives and board expectations. The internal audit plan must be dynamic, addressing organisational changes and emerging risks.

The CAE reviews and revises this plan as necessary, communicating major changes to the board. The CAE’s strategy should also include a resource plan, addressing budget and staffing needs for achieving internal audit objectives (Standard 8.2).

9. Unacceptable Levels of Risk

The CAE has a responsibility under Standard 11.5 to communicate unacceptable risk levels. When management’s risk acceptance exceeds the organisation’s tolerance, the CAE must escalate the issue to senior management and, if unresolved, to the board.

This ensures that all stakeholders are informed of risks impacting the organisation’s strategic goals, aligning with risk management principles.

10. Results of Internal Audit Services

The CAE communicates the results of internal audit services to the board, ensuring the board has an understanding of audit conclusions, root causes, and best practices observed.

Standard 11.3 requires these results to be communicated in a timely manner, facilitating the board’s oversight responsibilities and providing valuable insights into organisational effectiveness.

11. Errors or Omissions in Final Engagement Communications

If significant errors or omissions are identified in final engagement communications, the CAE must correct and communicate this information promptly to affected parties, as per Standard 11.4. This requirement upholds transparency and strengthens trust in the internal audit process.

12. Results from the Quality Assurance and Improvement Program

Quality assessments are essential for maintaining a high standard within the internal audit function. Standard 8.3 requires the CAE to communicate quality assessment results to the board annually, including plans to address any deficiencies.

This communication may cover internal and external quality assessments, improvement initiatives, and progress updates on action plans to resolve identified issues.

In conclusion

By fulfilling these responsibilities, the Chief Audit Executive plays a crucial role in upholding the governance of the internal audit function, ensuring alignment with organisational objectives, and maintaining independence and objectivity.

The standards governing these responsibilities establish a robust framework that allows the CAE to add value, promote accountability, and support the organisation’s long-term strategic success.

Contact me at julius@ditsibiconsulting.com if you or your organisation may benefit from the following:

• Global Internal Audit Standards Masterclass – 2 days
• Personal Branding for Accounting and Finance Professionals Workshop – 5 hours
• Audit Manager Onboarding Programme – 4 days over 1 Month
• Trainee/Intern Efficacy development Course – 10 days over 3 months
• Strategy Session Facilitation
• Internal Audit Services (Co-Sourcing and Outsourcing)
• Internal Audit External Quality Assessments (EQA)
• Risk Management Services (Co-sourcing and Outsourcing)