A strong internal audit function should report directly to the audit committee. Internal Audit may be administratively accountable to the CEO, but is functionally accountable and owes its loyalty to the Audit Committee, who recommend to the Board, CEO and CFO the appointment, evaluation, compensation (at least annually, including incentive structure) and retention of the Head of Internal Audit. The Audit Committee should also have a say in reassignment or replacement of senior staff, and review and approve the mandate, work plan, budget and resources for this function.
The audit committee should help the head of internal audit to function independently from management and to be objective in the reporting of factual findings to the committee. Any action taken regarding Internal Auditors work or status should be approved by the audit committee to avoid the internal audit staff becoming dependent on the management. The head of internal audit (including senior staff) should not engage in operational duties or non-internal audit transactions or oversight and should have direct access to the audit committee chair. The audit committee should also ensure that follow up of corrective action is taken by management in response to an internal audit report and matters raised are tracked, promptly resolved and reported to the audit committee.