Guidance on internal audit's interface with regulators

Abstract

Purpose – The purpose of this paper is to identify and interpret expectations of regulators about the interface between regulators and internal audit. Design/methodology/approach – Contemporary pronouncements are subjected to a content analysis about the relationship demands that regulators place upon internal audit. Comparison is made with internal auditing standards. The paper identifies the significant challenges and considers the future. Findings – Regulators are increasingly prescriptive about what they expect from internal audit. The scope of internal audit work must cover all matters of interest to the regulator. Internal audit is now regarded as part of the supervisory process. Unlike financial reporting and external auditing, there is no attempt to regulate the setting of internal audit standards, but regulators themselves are enunciating internal audit requirements that go beyond the standards. Research limitations/implications – The paper draws mainly upon developments in the financial sector, which is leading the way in prescribing the interface between regulator and internal audit. Practical implications – The enhanced requirements of regulators impact upon internal audit's other relationships on the internal audit universe and scope, and on staffing internal audit. Originality/value – This is the first attempt to synthesise what regulators currently require from their relationship with internal audit, which needs to be reflected in internal audit charters and in future releases of global internal auditing standards.