Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

32 Activities of the internal audit func... > Management responsibilities - Pg. 350

350 Risk Assurance and Reporting If the control is not effective and efficient, it will need to be modified. This is an- other area where risk management and internal audit share expertise. Although these discussions on controls can be facilitated by risk management and internal audit, the ultimate decisions on the controls and their anticipated effectiveness have to be made by the members of line management who are responsible for the controls. Management responsibilities An alternative way of allocating the responsibilities set out in Figure 32.2 is that internal audit is responsible for the activities that are identified as core internal audit roles. Risk management should facilitate and support the activities in the centre of the fan identified as legitimate roles for internal audit (with safeguards), and line management at the appropriate level should have responsibility for the roles identi- fied as activities that internal audit should not undertake. This alternative means of allocating the responsibilities illustrated in Figure 32.2 is shown in Table 32.1. The working relationship between risk management and internal audit will vary between organizations. The roles and responsibilities that are defined will be a reflec- tion of the structure that seems most suitable for an organization. The allocation of roles and responsibilities should take account of the guidance produced by the Institute of Internal Auditors discussed above.