A new report hopes to provide more clarity around the roles of internal audit and compliance, as they each work to fulfill separate but related duties without too much overlap and interference.
The report, which is part of the Institute of Internal Audit’s Global Perspectives & Insights series, explains why a clear understanding of roles is critical to effective compliance and independent assurance. It is titled, “Internal audit and compliance: Clarity and collaboration for stronger governance.” The report includes analysis on applying the Three Lines Model’s six principles and practical illustrations from practitioners.
“The relationship between internal audit and compliance is sometimes unclear, giving rise to important questions: Can internal audit have responsibility for compliance? Is a compliance function responsible for all compliance across an organization? As a chief audit executive, is it OK to be in charge of compliance?,” the report’s authors write. They say the paper is intended to serves as a tool for boards, management, compliance professionals, and chief audit executives, and uses the Three Lines Model as a way of explaining the relationship between internal audit and compliance.
Key takeaways:
- The IIA’s Three Lines Model provides a clear understanding of roles to ensure effective compliance and independent assurance.
- The Three Lines Model’s six principles assist in evaluation of the respective roles and responsibilities in an organization.
- Assigning compliance roles should include an analysis of how they align with the Three Lines Model and its Six Principles.
- Despite confusion on compliance roles, one thing must be clear: internal audit is the organization’s sole provider of assurance that is independent from management.
The paper is available for download on the IIA’s website.