D.15 Reporting to the OAG Audit Committee

  1. The Chief Audit Executive reports functionally to the Audit Committee on a quarterly basis.

  2. The Chief Audit Executive (CAE) reports to the Audit Committee on Practice Review and Internal Audit’s (PRIA) purpose, authority, responsibility, and performance relative to its plan and on its conformance with the Code of Ethics and the Standards.

  3. In this capacity, the CAE will be responsible to:

    1. Communicate any updates of the PRIA Charter for Audit Committee recommended approval;

    2. Discuss PRIA’s implementation of the IIA’s Code of Ethics and Standards;

    3. Confirm, at least annually, the organizational independence of the internal audit activity;

    4. Disclose any interference and potential impacts on the internal audit activity ability to determine its scope of work, perform its engagements and communicate its results;

    5. Discuss the form and frequency of external assessments as well as the qualifications and independence of the external assessor or assessment team, including any potential conflict of interest;

    6. Communicate the results of the quality improvement program, including:

      1. The scope and frequency of both the internal and external assessments.
      2. The qualifications and independence of the assessor(s) or assessment team, including potential conflicts of interest.
      3. Conclusions of assessors.
      4. Corrective action plans.

  4. In the development of PRIA’s risk based multi-year plan, the CAE will consults with senior management and the Audit Committee in order to obtain an understanding of the Office’s strategies. The CAE will also communicate the PRIA’s plan and resource requirements, including significant interim changes, to senior management for information and comment and to the Audit Committee for review and recommended approval. The Chief Audit Executive will also communicate the impact of resource limitations (if any).

  5. PRIA reports significant audit findings to the Audit Committee and executive management. These reports summarize the key matters/findings developed during each quarter and indicate the corrective actions already implemented or management's plan for corrective action. In addition, the issues reported by the independent public accountants are included for follow-up. When the reported findings have not been corrected, they are reported until the issues are resolved. A listing of all audits completed during the quarter is also provided. The findings to be reported to the Audit Committee are selected by the CAE. This decision is based on Office risk management ratings, perceived risk, control, financial, or operating significance.

  6. The CAE will also report on significant risk exposures, including fraud risks, and control issues related to governance, management’s process of risk management and control, whenever this issues are significant to the Office.

  7. If the CAE determines that management has accepted a level of risk that may be unacceptable to the Office, a discussion with senior management will be held. If the CAE determines that the matter has not been resolved, the matter will be communicate to the Audit Committee.

  8. At Audit Committee meetings, the CAE presents various other information, including, but not limited to, the activity's financial budget, audit plans, strategic plan, annual objectives, and various status reports on actual audit days, activity staffing, quality assurance and improvement program, and adherence to the International Standards for the Professional Practice of Internal Auditing. The CAE will meet on a regular basis with the Audit Committee separately to discuss any matters that the committee or PRIA believes should be discussed privately.

Last modified:
2018-03-02