Effectiveness of Internal Control and Risk ManagementRegulations on internal audit

Regulatory framework for internal audit.

Review of the regulations established for the internal audit (IA) function. The central IA function must be located in the executive branch of government and be responsible for coordinating all internal audit activities, including training for IA staff. For criterion 8, if the IA function is fully centralised then internal audit units are not established and the criterion is automatically fulfilled. The criteria below are based on the IIA IPPF Standards 2017, and INTOSAI GOV 9140 professional standards.

Subindicators fulfilled per country

The regulatory framework specifies the operational arrangements for IA.

The regulatory framework specifies the scope of work and size of IA units (minimum two persons per unit).

The regulatory framework allows IA arrangements to differ depending on the type and size of the institution.

Standards directly aimed at the conduct and ethical behaviour of internal auditors are published.

The regulatory framework stipulates that the head of the IA function has direct and unrestricted access to political staff and senior managers of all public sector bodies.

The regulatory framework stipulates the independence of the IA function in determining the scope of internal auditing, performing work, and communicating results.

The regulatory framework prohibits or establishes cooling-off periods for internal audit staff to audit operations for which they have previously been responsible to avoid any perceived conflict of interest.

The regulatory framework requires the Internal Audit Units (IAUs) to develop an internal audit activity manual based on a standard methodology approved by the CHU or a central IA function

The regulatory framework requires external quality assessments of IA activity to be performed no less than once in 5 years by an independent party.

The regulatory framework stipulates that the head of IAU must provide annual activity reports to the CHU or the central IA function.