The chief audit executive must report periodically to senior management and the board on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan and on its conformance with the Code of Ethics and the
Standards. Reporting must also include significant risk and control issues, including fraud risks, governance issues, and other matters that require the attention of senior management and/or the board.
Interpretation:
The frequency and content of reporting are determined collaboratively by the chief audit executive, senior management, and the board. The frequency and content of reporting depends on the importance of the information to be communicated and the urgency of the related actions to be taken by senior management and/or the board.
The chief audit executive’s reporting and communication to senior management and the board must include information about:
- The audit charter.
- Independence of the internal audit activity.
- The audit plan and progress against the plan.
- Resource requirements.
- Results of audit activities.
- Conformance with the Code of Ethics and the
Standards
, and action plans to address any significant conformance issues.
Management’s response to risk that, in the chief audit executive’s judgment, may be unacceptable to the organization.
These and other chief audit executive communication requirements are referenced throughout the Standards.