The independent auditor should acquire an understanding of the internal audit function
On this pageInternal Audit CharterTHE AMENDED INTERNAL AUDIT CHARTER WAS APPROVED BY THE AUDIT COMMITTEE ON 2022-03-30 Show
Internal Audit Charter Summary:
Purpose and MissionThe purpose of GitLab’s (“Company”) internal audit team (“IA Team”) is to provide independent, objective assurance and consulting services designed to add value and improve the Company’s operations. The internal audit department helps the Company accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, and control processes. Standards for the Professional Practice of Internal AuditingThe internal audit department will govern itself by adherence to the mandatory elements of The Institute of Internal Auditors' International Professional Practices Framework, including the Core Principles for the Professional Practice of Internal Auditing, the Company’s Code of Business Conduct & Ethics (the “Code of Ethics”), the Institute of Internal Auditors (IIA) Code of Ethics, the International Standards for the Professional Practice of Internal Auditing (the “Standards”), and the Definition of Internal Auditing. The Company’s Vice President, Internal Audit will report periodically to the Company’s E-Group and the Company’s Board of Directors’ Audit Committee (“Committee”) regarding the internal audit department’s conformance to the Code of Ethics and the Standards. AuthorityThe Company's Vice President, Internal Audit will report functionally to the Committee and administratively (i.e., day-to-day operations) to the Company’s Chief Financial Officer. To establish, maintain, and assure that the IA Team has sufficient authority to fulfill its duties, the Committee will:
The Company’s Vice President, Internal Audit will have unrestricted access to, and communicate and interact directly with, the Committee, as necessary, including in private meetings without Company management present. The Committee authorizes the IA Team to:
Independence and ObjectivityThe Vice President, Internal Audit will ensure that the IA Team remains free from all conditions that threaten the ability of internal auditors to carry out their responsibilities in an unbiased manner, including matters of audit selection, scope, procedures, frequency, timing, and report content. If the Company’s Vice President, Internal Audit determines that independence or objectivity may be impaired in fact or appearance, the details of impairment will be disclosed to the Committee. Members of the IA Team will maintain an unbiased attitude that allows them to perform engagements objectively and in such a manner that they have confidence in their work product, that no quality compromises are made, and that they do not subordinate their judgment on audit matters to others. Members of the IA Team will have no direct operational responsibility or authority over any of the activities audited. Accordingly, members of the IA Team will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair their judgment, including:
Where the Company’s Vice President, Internal Audit has or is expected to have roles and/or responsibilities that fall outside of internal auditing, safeguards will be established by the IA team and approved by the Committee to limit impairments to independence or objectivity. Members of the IA Team will:
The Company’s Vice President, Internal Audit will report and confirm to the Committee, at least annually, the organizational independence of the internal audit department. The Company’s Vice President, Internal Audit will disclose to the Committee any interference and related implications in determining the scope of internal auditing, performing work, and/or communicating results. Scope of Internal Audit ActivitiesThe scope of the IA Team’s activities encompasses, but is not limited to, objective examinations of evidence for providing independent assessments to the Committee, Company management, and outside parties on the adequacy and effectiveness of governance, risk management, and control processes for the Company. Internal audit assessments include evaluating whether:
The Company’s Vice President, Internal Audit will report periodically to E-group t and the Committee regarding:
The Company’s Vice President, Internal Audit also coordinates activities, where possible, and considers relying upon the work of other internal and external assurance and consulting service providers as needed. The IA Team may perform advisory and related management service activities, the nature and scope of which will be agreed with the management, provided the IA Team does not assume management responsibility. Opportunities for improving the efficiency of governance, risk management, and control processes may be identified during engagements. These opportunities will be communicated to the appropriate level of management. ResponsibilityThe Company’s Vice President, Internal Audit has the responsibility to:
Quality Assurance and ImprovementProgram The IA Team will maintain a quality assurance and improvement program that covers all aspects of the IA Team. The program will include an evaluation of the IA Team’s conformance with the Standards and an evaluation of whether internal auditors apply The IIA’s Code of Ethics. The program will also assess the efficiency and effectiveness of the IA Team and identify opportunities for improvement. The Company’s Vice President, Internal Audit will communicate to E-group and the Committee on the IA Team’s quality assurance and improvement program, including results of internal assessments (both ongoing and periodic) and external assessments conducted at least once every five years by a qualified, independent assessor or assessment team from outside the Company.
What is the definition of independence as it pertains to an internal audit function?Independence is the freedom from conditions that might threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner.
Why must the auditor obtain an understanding of internal control?The understanding of internal controls assists the auditor in assessing the risks of material misstatement, which in turn assists in designing and implementing audit responses that are tailored to a client's assessed risks. This is true regardless of the size of the entity.
Why is it important for the internal audit function to be independent from the functions that it audits?It provides independent assurance that an organization risk management, governance, and internal control process are operating effectively. Internal auditor looks discrepancies between operational process and the processes are designed to do.
When considering the objectivity of internal auditors an independent auditor should?When assessing internal auditors' objectivity, an independent auditor should: consider the policies that prohibit the internal auditors from auditing areas where they were recently assigned. Which of the following procedures would an auditor most likely include in the initial planning of a financial statement audit?
|