• First Reference
  • About us
  • Contact us
  • Blog Signup 📨

First Reference Talks

Discussions on Human Resources, Employment Law, Payroll and Internal Controls

  • Home
  • About
  • Archives
  • Resources
  • Buy Policies
You are here: Home / Business / Internal audit is your third line of defense

By Apolone Gentles, JD, CPA,CGA, FCCA, Bsc (Hons) | 2 Minutes Read January 9, 2019

Internal audit is your third line of defense

Internal Audit

In a perfect world, internal controls would be 100% effective once implemented. In reality, organizations needs multiple lines of defense or barriers to guard against the risk that they will not achieve their objectives. The internal audit function is the last of three lines of defense recommended by the Institute of Internal Auditors (IIA) in its Three Lines of Defense Model.  

As a precursor to the three lines of defense, boards govern and determine strategy. Senior management operationalizes the strategy and selects, develops and evaluates internal controls, with board oversight.

Against this backdrop, operational management is the first line of defense. It supervises and manages operations to ensure compliance with risk and internal control systems. Risk and compliance functions are the second line of defense, monitoring the adequacy and effectiveness of internal controls, reporting, compliance, and remediation of deficiencies. Both lines are accountable to senior management.

The third and last line of defense is internal audit. It does not own, create, or manage risks and it does not design or implement controls. It is unique because its role is to provide objective and independent assessments to the board, as to whether the other two lines of defense are operating effectively.

The IIA says all three lines of defense are necessary regardless of an organization’s size.  

Meeting your duty of care

Improve your internal audit function by ensuring that it:

  • Preserves its independence by reporting directly to the board or like body;
  • Is professional and uses internationally recognized standards; and
  • Has the required budget and access to resources.

For organizations without an internal audit function, remember, there are several options for accessing this service, ranging from the traditional in-house model to a fully outsourced team, and various options in between.

Read more about strategies to help you implement an effective internal audit function, or improve the one you have, in Finance and Accounting PolicyPro (GV 1.08 – Relationship with Internal Auditors).

Policies and procedures are essential to managing cut-off and other internal controls, but the work required to create and maintain them can seem daunting. Finance and Accounting PolicyPro, co-published by First Reference and Chartered Professional Accountants Canada (CPA Canada) contain sample policies, procedures and other documents, plus authoritative commentary in the areas of finance and accounting and not-for-profit management, to save you time and effort in establishing and updating your internal controls and policies. Not a subscriber? Request a free 30-day trial of Finance and Accounting PolicyPro here.

  • About
  • Latest Posts
Apolone Gentles, JD, CPA,CGA, FCCA, Bsc (Hons)
Apolone Gentles is a CPA, CGA and Ontario lawyer and editor with over 20 years of business experience. Apolone is leveraging 20 years of business and accounting experience to build a commercial litigation practice with an emphasis on construction law. She has held senior leadership roles in non-profit organizations, leading finance, human resources, information technology and facilities teams. She has also held senior roles in audit and assurance services at a “Big Four” audit firm. Apolone has also lectured in Auditing, Economics and Business at post-secondary schools.
Latest posts by Apolone Gentles, JD, CPA,CGA, FCCA, Bsc (Hons) (see all)
  • Employee’s time theft revealed by electronic monitoring - February 2, 2023
  • Petty cash controls - January 4, 2023
  • Implement effective backup procedures - December 7, 2022

Article by Apolone Gentles, JD, CPA,CGA, FCCA, Bsc (Hons) / Business, Finance and Accounting / Apolone Gentles, compliance, control, governance, risk, The IIA, The Institute of Internal Auditors, The Three Lines of Defense Model

Share with a friend or colleague

Get the Latest Posts in your Inbox for Free!

Electronic monitoring

About Apolone Gentles, JD, CPA,CGA, FCCA, Bsc (Hons)

Apolone Gentles is a CPA, CGA and Ontario lawyer and editor with over 20 years of business experience. Apolone is leveraging 20 years of business and accounting experience to build a commercial litigation practice with an emphasis on construction law. She has held senior leadership roles in non-profit organizations, leading finance, human resources, information technology and facilities teams. She has also held senior roles in audit and assurance services at a “Big Four” audit firm. Apolone has also lectured in Auditing, Economics and Business at post-secondary schools.

Footer

About us

Established in 1995, First Reference is the leading publisher of up to date, practical and authoritative HR compliance and policy databases that are essential to ensure organizations meet their due diligence and duty of care requirements.

First Reference Talks

  • Home
  • About
  • Archives
  • Resources
  • Buy Policies

Main Menu

  • About First Reference
  • Resources
  • Contact us
  • 1 800 750 8175

Stay Connected

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

We welcome your comments on our blog articles. However, we do not respond to specific legal questions in this space.
We do not provide any form of legal advice or legal opinion. Please consult a lawyer in your jurisdiction or try one of our products.


Copyright © 2009 - 2023 · First Reference Inc. · All Rights Reserved
Legal and Copyright Notices · Publisher's Disclaimer · Privacy Policy · Accessibility Policy