Chief audit executive

The Chief Audit Executive (CAE) or Director of Audit, Director of Internal Audit, Auditor General, or Controller General is a high level independent corporate executive with overall responsibility for the Internal audit.

Publicly-traded corporations typically have an internal auditing department, led by a Chief Audit Executive ("CAE") who generally reports to the Audit Committee of the Board of Directors, with administrative reporting to the Chief Executive Officer.

The profession is unregulated, though there are a number of international standard setting bodies, an example of which is the Institute of Internal Auditors ("IIA"). The IIA has established Standards for the Professional Practice of Internal Auditing^[1] and has over 150,000 members representing 165 countries, including approximately 65,000 Certified Internal Auditors.^[2]

Organizational independence

To perform their role effectively, CAEs require organizational independence from management, to enable unrestricted evaluation of management activities and personnel. => independent definition of the scope of the function; independent reporting line from management: independent nomination and revocation; independent resources and budget; independent definition of the work plan. Although CAEs are part of company management and paid by the company, the primary customer of internal audit activity is the entity charged with oversight of management's activities. This is typically the Audit Committee, a sub-committee of the Board of Directors. To provide independence, most Chief Audit Executives report to the Chairperson of the Audit Committee and can only be replaced with the concurrence of that individual.

CAEs are not responsible for the execution of company activities; they advise management and the Board of Directors (or similar oversight body) regarding how to better execute their responsibilities.

Typical duties of the CAE

Status, Strategy and Organisation of the Internal Audit Department

• ensure that the status (e.g. stipulated in an audit charter), strategy, resources of the internal audit department are aligned and are consistent with the organization's objectives and governance policy.
• Establish appropriate policies and procedures to guide the internal audit function, and ensure the quality of the assurance services delivered.

Management/Supervision of the Internal Audit Activity

• Obtain (or manage the production of) a risk analysis; Ensure that the risk assessment is done at least annually;
• establish risk-based audit plans to set out the priorities of the internal audit function, consistent with the organizational objectives.

- Considers the input of senior management, senior departmental management, of the audit committee; - the internal audit plan usually address financial reporting and other fundamental controls, to be coordinated with the audit plan of the statutory auditor

• Coordinate internal auditing activities and plans with other internal and external providers of assurance and consulting activities to ensure proper coverage and minimize duplication of effort.
• Communicate plan of engagements and resource requirements for the internal audit function, including significant interim changes to the audit committee. This communication shall include the impact of resource limitations.
• Ensure that internal audit resources are appropriate, sufficient and effectively deployed to achieve the internal qudit plan approved by the Audit Committee or the Board.

Ensure that internal auditors have appropriate professional qualifications and skills, and opportunities for sufficient training and development to maintain and develop their internal auditing competence and to obtain Certified Internal Auditor certification.

• Ensure the timely completion of internal auditing engagements.
• Ensure that reports on internal auditing engagements are provided to the audit committee with a minimum of delay.
• Provide an annual holistic opinion on the effectiveness and adequacy of risk management, control, and governance processes.

Quality management

The CAE is responsible for assuring that appropriate engagement supervision is provided. Supervision is a process begins with planning and continues throughout the examination, evaluation, communication, and follow-up phases of the engagement.

• Develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit function, and continuously monitor its effectiveness.
• In collaboration with the audit committee, ensure that a practice inspection or other external review of the internal audit function is conducted at least every 3 years, by a qualified, independent external review team, and that the results of this external assessment are communicated to the audit committee.
• Ensure that professional internal auditing standards are followed (e.g. IIA standards or local standards).

NB: Generally accepted auditing standards and International Standards on Auditing are external audit standards.

• Report at least annually to the audit committee on the internal audit function's conformance with professional internal auditing standards.

Reporting of critical findings

Inform the Audit Committee without delay of any issue of risk, control or management practice that may be of significance. The Chief Audit Executive (CAE) reports the most critical issues to the Audit Committee quarterly, along with management's progress towards resolving them. Critical issues typically have a reasonable likelihood of causing substantial financial or reputational damage to the company. For particularly complex issues, the responsible manager may participate in the discussion. Such reporting is critical to ensure the function is respected, that the proper "tone at the top" exists in the organization, and to expedite resolution of such issues. It is a matter of considerable judgment to select appropriate issues for the Audit Committee's attention and to describe them in the proper context.

Survey results

Various consulting and public accounting firms perform research on audit committees, to provide benchmarking data.^{[3] [4]} Some results are identified below:

• 54% of committee members surveyed felt the audit committee was "very effective," while 38% indicated "somewhat effective."
• Risk management, internal control, and accounting estimates and judgments were the top priority areas for 2007.
• 41% were "very satisfied" with the internal audit function, while 52% were "somewhat satisfied."
• Two-thirds felt the Chief Internal Audit position was for a professional internal auditor, rather than as a "stepping stone" to other roles.

References

1. [1]
2. IIA Website
3. WWW.KPMG.COM KPMG AC Survey 2007
4. KPMG AC Study 2008

Internal links

• Comptroller, Lead Auditor
• Control
• COSO framework, Audit risk
• Financial audit
• Green Globe
• Information technology audit

INTERNAL AUDIT:

• Internal audit, Institute of Internal Auditors
• Corporate titles, Director of Audit

EXTERNAL AUDIT:

• Certified Public Accountant (CPA), External auditor, and Statutory auditor
• Comptroller General of the United States, Comptroller General, Auditor General
• Government audit, INTOSAI

External links

• the Institute of Internal Auditors

See also

• Corporate governance
• ISA 310 Knowledge of the Business