Evaluation of the

internal audit function

This assessment process focuses on your personal perception of the internal audit
function as a whole – it does not seek to evaluate individuals and their personalities

The questionnaire takes about 10 minutes to complete and should be completed in the
following manner:

 Using a scale of 1 (low) to 5 (high), complete each question by placing your score in the
two boxes beside the question. ‘Actual’ is your view of the current position of the
internal audit function on that issue.
 There is a space for comments beside each question. You are not obliged to make
comments; however, comments do improve the quality of the review and therefore are to
be encouraged.
 ‘N/A’ can be used where you don’t have a view on the matter in question.
 All responses will be treated as anonymous unless the individual completing the
questionnaire wishes otherwise.
A. Positioning
Actual Ideal N/A Comments
Mandate and strategy

1. Internal audit has a

comprehensive strategic plan?

2. Internal audit is recognized as

a function providing quality
challenge (for example by
telling them things they did
not already know, identifying
root causes of control
breakdowns and opportunities
for improving control design,
and trends in risks and
controls)?

3. Internal audit has a sound

understanding of business
strategy and the associated
risks.

4. Internal audit has an integral

role in the governance
structure (as the ‘third line of
defense’) which is clearly
aligned with its stakeholders,
clearly articulated in its
mandate and widely
understood throughout the
organization?
 Actual Ideal N/A Comments

Organization and structure

5. Internal audit is independent

and has clear and unfettered
reporting?

6. Internal audit is structured so

as to enable both
the maintenance of
independence and objectivity
on the one hand, and
proximity to the office?

7. Internal audit consults and

collaborates with risk
control functions to ensure
an appropriate allocation of
responsibility within the
organization?

8. Internal audit has a presence

in major governance and
control forums throughout
the organization?

Stakeholders

9. Internal audit is characterized

by strong relationships at the
highest levels (for example,
does the head of internal audit
and senior colleagues
have direct and strong
relationships with board
members, business heads and
senior management)?
 Actual Ideal N/A Comments

Stakeholders

10.Internal audit regularly attends

executive meetings to present
audit findings, trends and
current views (of the control
environment)?

11. Internal audit regularly attends

audit committee meetings to
present audit findings, trends
and current views (of the
control environment)?

12.Through its activities,

internal audit is able to
articulate to senior
management the risks of
their actions in a
structured and balanced
manner, and provide
credible
recommendations to
mitigate the risks?
13.Internal audit has strong
relationships with key
external stakeholders (in
particular, external
auditors and any relevant
regulators)?

14. Internal audit proactively

manages relationships with
its key stakeholder
population?

Funding

15.Internal audit has no

unreasonable budgetary
constraints which limit its
ability to deliver on its
mandate?

16. Internal audit manages its

resources effectively to
maximize the value of its
service to the business?
B. People

Actual Ideal N/A Comments

Leadership

1. Internal audit has the

standing, credibility and
impact to present its views in
audit (and risk) committees,
and influence the
organization?

2. Internal audit includes

sufficient individuals who are
senior and experienced
enough, with sufficient
understanding, to apply
judgement and challenge the
business on a broad array of
topics?

Competencies

3. Internal audit comprises a

diverse talent pool with a
broad mix of skills and
experience gainen?

4. Internal audit includes

individuals recognized as
experts in governance,
control and risk mitigation?

5. There is an appropriate
mechanism for identifying the
skills and competencies
required to deliver its annual
plan, identifying and relieving
gaps and being responsive to
the changing risk profile of the
organization?
Staffing strategy

6. Internal audit is forward

thinking in its medium to
longer term staffing
strategy (for example, by
taking into account growth
areas, new and emerging
risk areas, and both
internal and external
factors affecting the
function’s ability to attract
talent)?

7. Internal audit is able to

attract the ‘right’ people by
providing a value adding
career development
opportunity to the
organization’s top talent?

8. Internal audit is able to develop

its personnel through
comprehensive training and
development?

9. Does the internal audit function

have a process in place to
ensure that internally
recruited auditors are
precluded from carrying out
audit activities of functions
they previously performed
during the time frame covered
by the audits?

Culture

10. Internal audit is

characterized by a culture of
challenge, probing, and
continuous improvement?

11. Internal audit is characterized

by a culture of continuous
improvement in the internal
audit process?

12. Internal audit acts as a role

model and adheres to high
ethical standards and values?
 Actual Ideal N/A Comments
Reward and appraisal

13. Internal audit has competitive

remuneration polices based on
the achievement of defined
performance metrics (for
example, based on quality of
work and impact upon the
business, and not simply
delivery against plan and
business performance).

C. Processes
Actual Ideal N/A Comments

Risk assessment and planning

1. Internal audit has a risk based

audit plan based on a risk
assessment accepted and
approved by the local chief
executive?
2. Internal audit is forward
looking when determining the
audit plan and is nimble
enough to adapt its planned
activities, sometimes rapidly, in
the case of new and emerging
risks?

3. Internal audit submits its plan

to the local chief executive for
approval on a timely basis (at
least annually) and as
appropriate when updates are
required?

4. Is risk culture of the

organization considered
within the internal audit
plan?
Execution

5. Internal audit reflects on and

adapts its methodology to
ensure that it remains fresh and
relevant, through integrated
(not post hoc) quality assurance
and learning programs?

Actual Ideal N/A Comments

6. Internal audit conducts end- to-
end/corporate wide audit
activities which enable it to
obtain a holistic view (for
example, within and across
operational units, functions,
processes, and jurisdictions) as
to whether the primary risks
facing the organization are
appropriately mitigated?

7. Internal audit harnesses

technology throughout its
audit and administrative
processes to maximize
efficiencies and improve
audit effectiveness?

8. Internal audit maintains and

promotes comprehensive
knowledge management
systems, widely used by its
staff?
Reporting

8. Internal audit produces reports

for individual audits with a
clear rating scale which
identify both root causes and
consequences of issues and
which are delivered on a
timely basis with clarity and
impact, and include credible
recommendations to
management?

9. Internal audit produce

reports for the local chief
executive which present
information in a clear,
concise and impactful
manner, including the
identification of themes and
trends, and their
consequences for the
organization as a whole?

10. Internal audit has rapid and

effective mechanisms in place
for the escalation of issues
requiring senior management
attention?

Actual Ideal N/A Comments

Overall

11. Internal audit has added value to

the organization? How?
D. Comparison of XYZ’s internal audit function with other
internal audit functions you may have experience of:

Risk Comments