
6
2.3.6.1 Documentation for any activity should be retained for an appropriate period in
a restricted access location.
2.3.6.2 Access to the network folders and SharePoint Online with Internal Audit work
are restricted to Internal Auditors only with regular reviews of access
undertaken by the GHIA (or a delegate). There are individuals with read only
access provided for information sharing and data analytics dashboards.
2.4 Responsibility, accountability and expectations
2.4.1 Internal Audit has the following responsibilities, accountability and expectations:
Internal
Audit
Charter
- Undertake an annual review of the Charter (including reviewing the Core Principles for the
Professional Practice of Internal Auditing, the Code of Ethics, the International Standards
for the Professional Practice of Internal Auditing (including the Code of Ethics known from
here out as the ‘Standards’) and the Internal Audit Code of Practice.
- Represent to the Audit Committees that Internal Audit work has been undertaken within
conformance (or without if applicable) of the Standards at least annually.
- Present the Charter to the Audit Committees for approval at least annually.
Resourcing
and budget
- Ensure there is sufficient resource (in number and quality) to achieve the annual Internal
Audit plan, including adequate technology.
- Maintain professional staff with sufficient knowledge, skills, experience, and professional
certifications to meet the requirements of this Charter.
- Secure approval from the Audit Committees of the annual Internal Audit budget and
resource plan.
- The GHIA must develop a budget that enables the successful implementation of the
internal audit strategy and achievement of the plan. The budget includes the resources
necessary for the function’s operation, including training and acquisition of technology
and tools. The GHIA must manage the day-to-day activities of the internal audit function
effectively and efficiently, in alignment with the budget.
- The GHIA should ensure that internal audit has the appropriate tools and technology to
support the function’s impact and effectiveness e.g., use of data analytics and artificial
intelligence. Tools and technology should be used in internal audit activities, including to
help auditors analyse the risk profile, to support scoping decisions, test controls, and
enhance internal audit coverage and quality. The function should regularly evaluate how
tools and technology can be used to improve its effectiveness and efficiency.
- The internal audit team should comprise internal auditors with a mix of backgrounds,
skills, and experiences who bring diversity of thought. The GHIA should recruit, retain
and promote talent in accordance with the organisation's diversity, equity and inclusion
policies and applicable legislation.
- The GHIA must communicate promptly the impact of insufficient financial resources to the
board and senior management.
Developing
the annual
audit plan
- Maintain an audit universe to demonstrate Internal Audit’s coverage of the group’s
business and operations and as the key driver for the creation of the annual Internal
Audit plan.
- Develop a flexible, risk-based annual Internal Audit plan. This shall stem from an at least
annual risk assessment as part of the audit universe refresh. This risk assessment will
include input from the Executive and Audit Committees.
- Annual planning will consider, as needed, areas for particular attention as identified in the
CIIA Internal Audit Code of Practice (2024) and regulatory guidance, including:
o Purpose, strategy and business model;
o Organisational culture;