Adequacy of the regulatory framework for internal audit

Legislation specifies the functional independence of IA

Review of the legislation and formal instructions governing for the IA function. Review of the code of ethics (or similar) guiding the behaviour of internal auditors. Legislation specifies the main operational requirements for the effective and efficient functioning of internal audit, in line with international standards: • Functional independence: independence is the freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner, • IA’s powers and duties, • Minimum organisational requirements and size of units.

Legislation specifies IA’s powers and duties

Review of the legislation and formal instructions governing for the IA function. Review of the code of ethics (or similar) guiding the behaviour of internal auditors. Legislation specifies the main operational requirements for the effective and efficient functioning of internal audit, in line with international standards: • Functional independence: independence is the freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner, • IA’s powers and duties, • Minimum organisational requirements and size of units.

Legislation specifies the minimum organisational requirements and size of units

Review of the legislation and formal instructions governing for the IA function. Review of the code of ethics (or similar) guiding the behaviour of internal auditors. Legislation specifies the main operational requirements for the effective and efficient functioning of internal audit, in line with international standards: • Functional independence: independence is the freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner, • IA’s powers and duties, • Minimum organisational requirements and size of units.

Legislation allows for IA requirements to differ depending on the type and size of the organisation

Review of the legislation and formal instructions governing the IA function, to verify that they allow flexibility in the arrangements for the IA function, to adapt its structure and organisation to the risks, type, size and complexity of the institution. These arrangements may include the possibility of centralised or de-centralised IA services, shared IA services (including sectoral approach, with IA in a ministry covering subordinated bodies), hybrid systems with centralisation of certain types of audits that require very specific expertise (such as IT audit, forensic, etc.), contracting out IA, etc.

Legislation stipulates IA standards applicable

Review of the legislation governing the IA function, to verify that it covers the basic requirements guiding the professional practice of internal audit in line with international standards: Legislation covers the IA standards applicable.

Legislation stipulates reporting arrangements for IA

Review of the legislation governing the IA function, to verify that it covers the basic requirements guiding the professional practice of internal audit in line with international standards: Legislation covers the reporting arrangements for IA.

Legislation stipulates a code of ethics for IA

Review of the legislation governing the IA function, to verify that it covers the basic requirements guiding the professional practice of internal audit in line with international standards: Legislation covers certification for internal auditors.

Legislation stipulates IA certification

Review of the legislation governing the IA function, to verify that it covers the basic requirements guiding the professional practice of internal audit in line with international standards: Legislation covers the code of ethics for internal auditors.

Legislation for IA applies to all central government bodies (%)

Review of the scope of IA in legislation and comparison with the number of central government bodies. SIGMA counts the number of central government bodies where legislation requires an IA function to be established, divides it by the total number of central government bodies, and expresses the result as a percentage. Points are allocated based on the percentage of central government bodies that have to establish IA according to legislation (x): • x < 65% = 0 points. • 65% ≤ x < 100% = linear function. • x = 100% = 1 point.

The code of ethics (or similar) for internal auditors covers the main aspects governing the internal auditors’ conduct

Review of the code of ethics established for the IA function. The code of ethics should cover at least the following areas: • Integrity • Objectivity • Confidentiality • Competency