Part two – internal audit and compliance: some thoughts for directors
In the second part of this series, Mark Stock now considers some questions that boards and audit committees might ask about their internal audit and compliance functions.
Yes. Just like any other business unit or function, and no matter how much activity it undertakes, the compliance function should be subject to internal audit. As noted in the first article, the maturity of each head office/oversight/policy-setting function is an important matter and I believe that this is something that internal audit should always have a view on, including the maturity of the compliance function.
The role of the internal auditor here will be to audit the positioning and performance of the compliance function. While the role of performing an effectiveness review of a head office/policy-setting function presents challenges for the capability and experience of many internal audit functions, its approach should focus on the principles of: