Assurance Independent & objective assurance &

and Advice advice to promote continuous

CHAPTER 1: improvements
IA IN THE ORGANIZATION Achieved through fully resources
a. The Big Picture View: Three Lines Model independent internal audit function that
operates in accordance with international
b. Governance, Risk Management, Internal Control
standards.
c. Ensuring Internal Audit Value to the Organization
Principle 2: GOVERNING BODY RULES
THREE MODEL LINES
 Ensures appropriate structures & processes are in
place for effective governance
 Ensures objectives & activities are aligned
 delegates responsibility & provides resources to
management to achieve the objectives while ensuring
legal, regulatory, & ethical expectations are met
 Establishes & oversees an independent, objective,
and competent internal audit function to provide
clarity & confidence

Principle 3: MANAGEMENT AND FIRST- AND

SECOND-LINE ROLES

Management’s responsibility comprises both first- and

second-line roles
- Help organizations understand and organize the various First Line Roles
activities and responsibilities that make up governance, - Directly aligned with the delivery of products or
risk management and control services to clients
- Responsibility shared across different functions, it is - Includes the roles of support functions
important to have a clear picture to avoid confusion, - Managing risk
overlap, and gaps Second Line Roles
- Provide assistance with managing risk, assigned
to specialists
- Focus on specific objectives of risk management
- A broader responsibility for risk management

Principle 4: THIRD LINE ROLES

- IA (& EA may consider) provides independent and

objective assurance and advice through competent
application of systematic and discipline processes to
promote & facilitate continuous improvement.

PRINCIPLE 5: THIRD LINE INDEPENDENCE

- IA’s independence is critical to its objectivity,

Principle 1: BASIC ELEMENTS OF GOVERNANCE
Accountabilit Achieved through transparent oversight,
y integrity
Governing bodies must ensure
disclosures are accurate, timely, reliable,
comprehensive, and in compliance with
legislative & regulatory requirements, &
ethical norms
Action Reliable & well-informed action
Critical to achieving the objectives
Management must provide direction and
ensure analysis, planning, monitoring,
risk oversight, & reporting back to the
G.B.
authority, and credibility by establishing accountability
to the G.B.; unfettered access to people resources, &
data needed to complete its work; freedom from bias or
interference in audit services.
PRINCIPLE 6: CREATING AND PROTECTING VALUE
 Alignment of activities is achieved through
communication, cooperation, and collaboration.
 Ensures the reliability, coherence, and transparency
needed for risk-based decision making.
FOUR OVERLAPPING & COMPLEMENTARY ROLES
1. LEADERSHIP & OVERSIGHT Governing Bodies
 2. STRATEGY EXECUTION Management First External - Satisfy legislative to protect the
Lines Assurance interest of stakeholders
3. SUPPORT, GUIDANCE, & CONTROL Provides - Satisfy request by management
Management Second Lines and G.B. to complement internal
4. OBJECTIVES ASSURANCE & ADVICE sources of assurance
Independent IA
GOVERNANCE, RISK MANAGEMENT, CONTROLS
Leadership & Must have measures to ensure that G.B.
Oversight directs:
- In accordance with Stakeholders’  Governance the combination of processes &
interests/needs structures implemented by the board to inform,
- Within requirements of direct, manage and monitor toward the
law/regulations achievement of its objectives.
Governing THE KEY ROLES IN THE THREE  Risk management is a process to identify, assess,
Bodies LINE MODELS manage, and control potential events to provide
- Oversights the organization reasonable assurance.
- Monitor stakeholder’s interest  Internal Control any action to manage risk and
- Promotes ethical behavior
increase likelihood that established objectives &
- Establishes structures & processes
goals.
for governance
- Delegates responsibility and
provides resources GRC: Drivers of Organizational Sustainability
- Determines risks & exercises
oversight of risk management Governance
Strategy - Responsible of executing strategy
Execution - Includes support functions, even  Surround all activities
those outsourced  Vision, Mission Values
Management - Leads & directs action (including  Ensure needs of key stakeholders are met
First Lines managing risk) & application of
resources Risk Management
- Maintain a continuous reports with
 Identify & manage risks (what could go wrong)
the G.B.
- Establishes and maintains  Exploit opportunities that enables success (what
structures for operations & risks should go right)
- Ensures compliance  Operates within direction of governance structure
Support, - Develop, monitor, & continuously
Guidance, improve policies Control
Control - Supporting management policies,  Subset & integral part of broader RM activities
setting goals for implementation
 Risk response to execute RM strategies
Management - Provides complementary expertise,
Second Lines support, monitoring and challenge  Geared to achievement
to risks
- Provides analysis & reports on the
adequacy & effectiveness of risk
management & internal control
Objectives - Enhance and protect organizational
Assurance & value
Advice: - Does not replace the
INTERNAL management’s obligation to
AUDIT monitor performance & report
to the G.B.
Internal Audit - Maintains primarily accountability
& independence
- Communicates independent
assurance and advice to the
management and the G.B. on the
effectiveness of governance and
risk management
- Reports impairment to the G.B.
and implements safeguards as
required