Internal Audit Charter, Audit Processes, and Audit Methodology:
Internal audit charter is a document presenting the following contents:
- Objectives, authorities, functions, responsibilities, scopes of operation of internal audit activities, audit methodology.
- Authorities, functions, and responsibilities of the Chief Audit Executive and auditors.
- Responsibilities of related departments.
- Independence, objectivity, codes of ethic, performance of internal audit.
Internal audit charter must be approved by the highest level governing body (for listed enterprises, it is the “Supervisory Board” or the “Board of Directors, including independent members and non-operating members” to guarantee the organizational independence and objectiveness of the Internal Audit Department.
The internal audit charter of an enterprise must comply with the related provisions of the Decree No. 05/2019 / ND-CP, however, it can be supplemented and modified to meet the specific characteristics and requirements of the enterprise.
Currently, when preparing the Internal Audit Charter, enterprises can refer to the Circular 66/2020/TT-BTC dated 10 July 2020 for the template of internal audit charter. Download the template here
Besides, enterprises can seek for advice and review from audit firms to ensure that it is well prepared right from the beginning.
Internal audit processes: are processes providing specific guidance on the annual internal audit plan, engagement plans, engagement implementation, reporting, post-audit monitoring of correction responses, audit filing and documents related to internal audits.
This type of document also need to be approved by the same governing body who approves the internal audit charter.
This document is a handbook for all members of the internal audit team to use and comply with to ensure the consistent and satisfactory audit quality.
Internal audit methodology: is the risk-based auditing methodology (According to Decree No. 05/2019/ND-CP and international practices) as follow:
- The annual internal audit plan must be based on risk assessment results in order to ensure that the plan will prioritize the allocation of resources for high-risk areas and will be timely adjusted in accordance with changes in business and associated risks.
- For specific engagements, the inspection extents are also based on risk assessment, therefore the assurance opinions are of reasonable level, rather than the absolute level.