The Board’s Utilization of Internal Audit

Board Self-Assessment Tool

Too often boards segment the function of internal audit into one solely of financial reporting. In this world of fast-paced change, this perspective severely limits the opportunity for effective risk mitigation. Internal audit can position the Board to assess risk more effectively. While boards typically rely on management for risk information, internal audit plays an essential, but too often an underutilized role in the information flow between senior management and the board.

D&O Questionnaire

Limiting the function of internal audit to financial risk reporting, leaves the board vulnerable to missing threats from other risks such as data privacy and cyber security. Internal audit brings value in its ability to provide assurance as to the accuracy, completeness, or transparency of allinformation sent by management to the board. Yet, boards rarely utilize internal audit for assurance of the information they are given. In a recent study nearly 60% of chief audit executives indicated that internal audit “rarely or never provides assurance on the quality of information given to the board nor does internal audit have formal discussions about the information with the board and management.” Nearly one-third reported providing assurance to boards “only for unusual situations.”

Analysts and those who critique governance are beginning to take note. Certainly the seeming rise in governance failures that have made headlines recently begs the question, did the board not have the right information to know what was going on? If they had had the right information, could the risk have been mitigated? Because the board’s risk oversight role requires directors’ close attention to the accuracy of all information provided to them, boards must commit to utilizing internal audit to provide assurance consistently for all information, and to asking these pertinent questions to make certain the information provided to them is reliable.

  1. Is the financial information accurate?
  2. Are business and strategy plans realistic?
  3. Who is managing third-party risk and is it being updated regularly?
  4. Are management and the board aligned on addressing fraud opportunity risks?
  5. Does the company culture breed integrity?
  6. Who is responsible for protecting the company’s crown jewels and what are the threats?

We use cookies to give you the best online experience. By agreeing you accept the use of cookies in accordance with our cookie policy.

CBE Privacy Settings

When you visit a website, it may store or retrieve information on your browser, mostly in the form of cookies. Control your personal Cookie Services for our website here.

These cookies are necessary for the website to function and cannot be switched off in our systems.

In order to use this website we use the following technically required cookies wordpress_test_cookie wordpress_logged_in_ wordpress_sec

Decline all Services
Accept all Services