The purpose, authority, and responsibility of the internal audit activity must be formally defined in
an internal audit charter, consistent with the Mission of Internal Audit and the mandatory elements
of the International Professional Practices Framework (the Core Principles for the Professional
Practice of Internal Auditing, the Code of Ethics, the
Standards, and the Definition of Internal
Auditing). The chief audit executive must periodically review the internal audit charter and present
it to senior management and the board for approval.
Interpretation:
The internal audit charter is a formal document that defines the internal audit activity's purpose,
authority, and responsibility. The internal audit charter establishes the internal audit activity's
position within the organization, including the nature of the chief audit executive’s functional
reporting relationship with the board; authorizes access to records, personnel, and physical
properties relevant to the performance of engagements; and defines the scope of internal audit
activities. Final approval of the internal audit charter resides with the board.
- 1000.A1 – The nature of assurance services provided to the organization must be defined in
the internal audit charter. If assurances are to be provided to parties outside the
organization, the nature of these assurances must also be defined in the internal audit
charter.
- 1000.C1 – The nature of consulting services must be defined in the internal audit charter