The role of internal auditing within organisations is to assess and determine the extent to which the design of governance, risk management and internal controls structures and processes is logical, efficient and cost-effective (i.e. whether GRC structures and processes are adequate), and whether the GRC structures and processes assessed as adequate are utilised effectively by the organisation to:
- Formulate and achieve sound strategic objectives;
- Generate, process and report reliable and credible financial and operational information;
- Effectively, efficiently and economically achieve performance targets for operations and programmes;
- Safeguard organisational assets; and
- Comply with laws, regulations, policies, procedures, and contracts.
According to the Institute of Internal Auditors (IIA), an internal audit function can only achieve the
above if it carries out its work in conformance with the International Professional Practices Framework (IPPF). Achievement of all the mandatory components of the IPPF will enable an internal audit function to realise the Mission of Internal Audit – which is to enhance and protect organisational value by providing risk-based and objective assurance, advice, and insight.