For an internal audit function to be effective, its efforts must be risk-based and must meet the organization’s long-term assurance requirements. Members of the board, the audit committee and executive management look to internal audit to cover the entire spectrum of risks and issues facing the organization; that is, they expect internal audit to assess the significant risks to the organization and provide timely assurance that adequate controls are operating effectively to mitigate those risks.
