Speaking to the Australian Institute of Internal Auditors, APRA Chair John Laker observed the changing role of internal auditors and noted that audit activity now includes the provision of opinions on the efficacy of enterprise-wide corporate governance and risk management frameworks.
After noting international regulatory developments he discussed internal audit in the context of Australia’s prudential framework:
APRA has just released new and harmonised prudential standards on governance for ADIs, and for general and life insurance companies. Within these standards, the current patchwork of requirements for internal audit is replaced by a set of requirements that are identical across APRA-regulated industries. The requirements are that:
• a regulated institution must have an independent and adequately resourced internal audit function, unless it has agreed alternative arrangements with APRA;
• the objectives of the internal audit function must include evaluation of the adequacy and effectiveness of the financial and risk management framework of the institution;
• to fulfil its functions, the internal auditor must, at all times, have unfettered access to all the institution’s business lines and support functions; and
• the internal auditor must have a reporting line and unfettered access to the board audit committee.
He said internal auditors needed 4 C’s: comprehensiveness, competence, clout…and courage.