Reviewing the governance framework for a bank in the British Virgin Islands about ten years ago, I noted that the most impressive governance review was done by the internal auditor.

It was concise, systematic, insightful and up-to-date with the latest and relevant national and international developments.

Working as a consultant to companies on strategy, compliance, audit, risk management and then with boards, I am often struck by the lack of realistic knowledge many boards have of what is going on in their organisations.

Internal audit can provide an even stronger position than an external consultant. Internal audit functions are instrumental in closing the gap between strategic planning and real-world application.

The core function of internal audit, according to the International Professional Practices Framework (IPPF), as promulgated by the Institute of Internal Auditors (IIA), is to enhance and protect organisational value by providing risk-based and objective assurance, advice and insight.

This mission statement encapsulates the essence of what internal audit aims to achieve within an organisation.

It highlights the dual role of internal audit in not only assessing and improving the effectiveness of risk management, governance and control processes but also in providing valuable insights and advice to further organisational objectives.

Therefore, whenever you have large disconnects between board, internal audit and executives, as unveiled by a recent IIA OnRisk study in 2022, this points towards unrealised potential (as well as risks to achieving even that which the organisation is already committed to).

More than that, it speaks to some fundamental approaches to management, governance and good delegation in general.

Any time someone or a body delegates to or enters into an agreement with another party for the performance of activities, generation of outputs and outcomes, the party that is delegating and accountable for the results should not only rely on the reports of those to whom it has delegated, but it needs to have a direct view of what is going on – it requires an audit function.

In larger organisations, this function is performed for the board by internal audit. This is a necessary aspect of effective governance.

So what does regional corporate governance guidance say about the role of and relationship with internal audit?

Integrated governance requires internal audit functions

Let us step aside for a moment to look at the IIA OnRisk 2022 report and ask ourselves what is essential to integrated governance.

Among the key insights in the report are:

– There are notable variations in key risk areas shown up among risk-management players.

For example, boards were significantly more likely to rate disruptive innovation as a highly relevant risk (77 per cent) than were senior executives (50 per cent).

­­ ­– Significant gaps existed between their assessment of the organisational capability to respond to risks that they consider highly relevant for their organisations.

Fo