Principles and approach


Establish an audit charter for agreement by the board, covering:

  • internal audit’s purpose, authority and responsibility;
  • what activity you will and won’t undertake;
  • your rights of access to senior management and the board;
  • your rights of access to all books and records;
  • your independence and objectivity;
  • your duty of care to the business; and
  • the nature of assurances to third parties.

Reporting lines

Establish reporting lines to:

  • ensure your independence and objectivity can’t be questioned;
  • interact directly with the board as the chief audit executive; and
  • report annually to the board to confirm your organisational independence.

Audit strategy

Establish an audit strategy:

  • outlining your goals, your current position, your thought plan to address the gap, the timeframe to address the gap, the measures demonstrating goal achievement; and
  • which you can share with your team to drive change and improvement.

Audit policies

Establish audit policies outlining departmental boundaries and stances to guide the audit activity. Suggested areas for coverage include:

  • conflicts of interest;
  • professional education and mandatory training;
  • audit documentation requirements (including retention and information security);
  • travel/flexible working; and
  • business continuity.

Goal congruent KPIs

Establish and monitor goal congruent KPIs. Suggested areas for coverage include:

  • plan delivery;
  • policy compliance;
  • resource management (people, budget, third parties, IT, knowledge management);
  • process management (procedural compliance, quality assurance, relationship management, risk management, delivery management and Management Information (MI)); and
  • timeliness of audit reports.

Hints and tips

Multiple-choice questions