Internal auditors should strongly consider a risk‑based approach to audits of governance.
Should internal audit departments audit governance processes? Can they assess board operations effectively? Isn’t that the responsibility of the board itself, generally through a governance committee? Are auditors sufficiently independent, since they report to the audit committee, and do they have the necessary skills?
These are questions I often hear when the profession’s thought leaders suggest
we need to include audits of governance processes in the audit plan. Nonetheless,
professional guidance and research indicate that this will be a priority for internal
auditors in the coming years. In The IIA’s latest Common Body of Knowledge
(CBOK) report, for example…