A brief guide to strategy, governance and KPIs
Together, audit governance, strategy and KPIs ensure clarity over the purpose and responsibilities of the audit, that there’s an official mandate and clear departmental goals are in place.
Principles and approach
Establish an audit charter for agreement by the board, covering:
- internal audit’s purpose, authority and responsibility;
- what activity you will and won’t undertake;
- your rights of access to senior management and the board;
- your rights of access to all books and records;
- your independence and objectivity;
- your duty of care to the business; and
- the nature of assurances to third parties.
Establish reporting lines to:
- ensure your independence and objectivity can’t be questioned;
- interact directly with the board as the chief audit executive; and
- report annually to the board to confirm your organisational independence.
Establish an audit strategy:
- outlining your goals, your current position, your thought plan to address the gap, the timeframe to address the gap, the measures demonstrating goal achievement; and
- which you can share with your team to drive change and improvement.
Establish audit policies outlining departmental boundaries and stances to guide the audit activity. Suggested areas for coverage include:
- conflicts of interest;
- professional education and mandatory training;
- audit documentation requirements (including retention and information security);
- travel/flexible working; and
- business continuity.
Goal congruent KPIs
Establish and monitor goal congruent KPIs. Suggested areas for coverage include:
- plan delivery;
- policy compliance;
- resource management (people, budget, third parties, IT, knowledge management);
- process management (procedural compliance, quality assurance, relationship management, risk management, delivery management and Management Information (MI)); and
- timeliness of audit reports.