Practice guide: second line of defense

Internal Audit and the Second Line of Defense

As governance and monitoring functions collaborate more closely to avoid duplication of effort, internal audit may be asked to take on responsibilities for risk management, compliance,regulatory oversight, and other governance activities.

The chief audit executive (CAE) plays a critical role in navigating between internal audit’traditional role and assuming responsibilities for risk management, compliance, and other governance functions. The CAE should be held accountable for preserving independence and objectivity, communicating with management and the board, and confirming management’ acceptance of risk to internal audit’s independence and/or auditor objectivity. To navigate through these competing challenges, internal auditors can look to The IIA’s guidance on effective risk management and control, and promulgated standards related to independence and objectivity.

Download the Practice guide: Internal Audit and the Second Line of Defense