WHAT DOES A HEAD OF INTERNAL AUDIT DO?
Published: May 8, 2025 - The Head of Internal Audit oversees stakeholder communication, conflict resolution, and resource planning to ensure effective execution of audit activities aligned with organizational goals. This role develops and implements a flexible, risk-based annual audit plan while managing project scopes, timelines, and departmental performance. The head ensures audit quality, escalates critical issues, and presents comprehensive reports to executive and board-level committees.

A Review of Professional Skills and Functions for Head of Internal Audit
1. Head of Internal Audit Duties
- Vision Promotion: Drives/Promotes the vision of Group Internal Audit throughout close partnerships with management
- Audit Planning: Working with the senior executives to develop an annual risk-based, top-down and bottom-up audit plan for the Company
- Risk-Based Auditing: Plans, monitors and leads the internal and operational risk and regulatory, corporate governance and compliance and cyber and data security risk-based audits for the Group
- Control Assurance: Provides objective assurance and independent review on the adequacy and effectiveness of the Company’s risk management and internal control system to safeguard assets
- Governance Improvement: Improve corporate governance and guide best practices
- Committee Reporting: Prepares high-quality audit committee papers/reports for the Audit Committee meetings regularly
- Audit Execution: Complete the annual audit plan as agreed by the Audit Committee and any special reviews
- Risk Assessment: Conducts risk assessments and identifies controls in place to mitigate identified risks and opportunities for improvements
- Fraud Identification: Ensures common fraud/errors/irregular transactions, including ad hoc projects like whistleblowing investigations, are identified and investigated promptly as well as providing corrective action plans to mitigate exceptions
- Investigation Support: Provides fraud investigation support
- Team Development: Supervises a team of 2-3 Managers and provides training and coaching to them, develops a talent pool for the Group
- Independent Judgment: Works independently under general direction with extensive latitude for initiative and independent judgment
- Staff Supervision: Manages and supervises the audit staff (including external/internal guest auditors) in conducting meetings, reviewing documents and preparing working papers
- Budget Management: Budgets and monitors department budgets and spending
2. Head of Internal Audit Details
- Risk Culture Leadership: Provide leadership in developing the appropriate risk culture across the Primark business
- Risk Appetite Alignment: Support the Chief Risk Officer in obtaining a collective agreement on the appropriate risk appetite between the leadership teams in Primark and its parent, Associated British Foods (ABF)
- Audit Plan Delivery: Deliver a comprehensive risk-based audit plan that evaluates the effectiveness of controls in place
- Risk Management: Manage significant risk exposures, ensure the integrity and reliability of information and financial reporting, safeguard the company’s assets, and comply with laws and regulations
- Control Improvement: Provide value-add guidance to the business to address significant control gaps, improve key business processes and prioritise business efforts in line with the strategic goals of Primark
- Stakeholder Engagement: Build effective business relationships with senior business managers, within Primark and ABF, an essential input for executing work reliably and collaboratively and sharing best practice
- Integrated Assurance: Link with other key control functions to provide integrated assurance to Primark and ABF
- Global Audit Planning: Design and deliver an annual risk-based audit plan on a global level
- Operational Standards: Ensure the highest operational audit standards in place to deliver the ambition of a best-in-class audit function in Primark
- Audit Standard Design: Rescope and redesign operating standards within the team
- Team Building: Build a best-in-class team of highly skilled internal auditors by recruiting and developing team members to achieve the strategic ambitions of the Internal Audit function
- Team Leadership: Provide leadership and guidance to the audit team and support them in developing and achieving challenging and strategic career goals
3. Head of Internal Audit Responsibilities
- Team Leadership: Build and lead a team of Internal Auditors including hiring new team members, setting team and individual objectives, coaching team members, and delivering performance evaluations
- Audit Roadmap Planning: Engage with business leaders on business performance, strategic priorities, and operational matters to establish and prioritize the Internal Audit engagement roadmap
- Risk Identification: Partner with the enterprise risk management team and management to identify and assess current and emerging risks, themes, and trends globally
- Compliance Coordination: Maintain a strong relationship with the compliance and security teams to ensure effective and efficient coordination of each team’s activities
- Audit Project Planning: Maintain the rolling twelve-month Internal Audit project plan through direct input, insight, and perspective around the current business, industry, and regulatory risk factors
- SOX Oversight: Oversee management’s SOX testing activities
- Charter Management: Maintain and seek approval for the Internal Audit charter
- Audit Representation: Represent the Internal Audit function globally to company leadership, the Board of Directors, and regulatory stakeholders
- Budget Management: Establish and maintain the department budget and deliver on expectations and goals within budget while finding opportunities for efficiencies
- Project Delivery: Deliver project results according to the Internal Audit plan
- Global Initiatives: Participate in global initiatives with a focus on improving business outcomes, processes, and controls
- Advisory Services: Provide advisory services across the company to lead process improvement, discovery and solutioning initiatives across operational and financial functions
- Collaboration Building: Build and maintain collaborative relationships with all business teams
- Quality Program Development: Develop a quality control program to become compliant with The Institute of Internal Auditors’ International Professional Practices Framework (IPPF) in preparation for an independent Quality Assessment Review
- Executive Reporting: Prepare and present executive and board-level presentations quarterly
4. Head of Internal Audit Job Summary
- Audit Planning: Develop annually a risk-based internal audit plan to determine the priorities of the internal audit activity, consistent with Tele2’s objectives
- Plan Execution: Execution of the internal audit plan
- Risk Management Support: Support a systematic and disciplined enterprise risk management process on behalf of the Group Leadership Team to identify, assess and monitor risks
- Audit Reporting: Report progress and conclusions on internal audits and enterprise risk management activities
- Control Consultation: Consult on internal control questions and initiatives to strengthen the internal control, financial and process framework
- Assurance Collaboration: Collaborate with other assurance and compliance functions
- Compliance Assurance: Execute annual audit plans to provide assurance services to businesses in ensuring that policies and procedures are compliant
- Audit Quality: Drive and develop audit plans and programmes, work papers and reporting for the company and its subsidiaries to ensure the quality of the findings and the reports
- Control Assessment: Assess independently by confirming that adequate controls are established while evaluating the effectiveness and efficiency of risk management, control and governance processes
- Investigation Leadership: Lead ad hoc reviews and investigations as required by senior management or the audit committee
- Process Improvement: Lead continuous improvement initiatives within the internal audit division in support of the company's sustainable growth aspirations
- Team Development: Guiding and developing the competencies of the internal audit employees
5. Head of Internal Audit Accountabilities
- Strategy Development: Leads the development and implementation of strategic and operational objectives for Company-wide audit programmes by CNA’s agreed strategic plans
- Function Leadership: Heads the Internal Audit function and is responsible for directing work activities and managing the effective performance of professionals
- Audit Quality: Ensure high-quality, timely, risk-focused and efficient internal audit services through the execution of and reporting on audit assignments
- Output Supervision: Supervises the preparation and approval of audit outputs including work papers and audit reports for the Audit Committees
- Management Engagement: Actively drives output timeliness, quality and output discussions/presentation with senior management
- Operational Oversight: Oversees and will be satisfied that the Internal Audit function operates
- Process Improvement: Recommending effective, commercial and efficient improvements to key business operations across CNA Hardy including operational, finance/accounting activities, regulatory compliance, IT and business change and internal control
- Committee Reporting: Regularly reports to the Audit Committee, Executive Leadership team and senior management on the progress in achieving planned objectives
- Standards Compliance: Maintains a function that meets all relevant International Standards for the Professional Practice of Internal Auditing (Standards), best practices as promulgated by the Institute of Internal Auditors and applicable accounting standards
- QAIP Coordination: Annual QAIP results reported to the local audit committee and in coordination with the audit team for the CNAF Audit Committee (parent)
- Budget Management: Develop and maintain local budget and staff for the Audit Team (local level)
- Team Coordination: Maintain and coordinate with the Audit Team
6. Head of Internal Audit Functions
- Audit Planning: Plans and heads the execution of the annual audit plan for the SEA region, which includes regulatory, compliance, financial controls, IT and operational reviews/risk-based audits
- Control Assurance: Provides objective assurance and independent review on the adequacy and effectiveness of the Company's risk management and internal control system
- Vision Promotion: Drives/Promotes the vision of the Internal Audit throughout close partnerships with management
- Risk-Based Planning: Working with the senior executives to develop a risk-based audit plan for the Company
- Risk Assessment: Appropriate planning and risk assessments are conducted
- Control Identification: Identifies controls in place to mitigate identified risks and opportunities for improvements
- Audit Execution: Performs audit reviews to verify that controls are operating through testing and interviewing techniques and documents the results of audit reviews by Group Internal Audit standards
- Advisory Reviews: Leads advisory reviews and provides controls advice to management on new and/or modifications to standard operating procedures
- Fraud Investigation: Ensures common fraud/errors/irregular transactions are identified and investigated promptly as well as providing corrective action plans to mitigate exceptions
- Forensic Leadership: Leads thorough investigations on forensic audits and whistle-blowing cases
- Control Recommendations: Provides practical recommendations to management in enhancing the control environment and tightening the risk exposure within the Company
- Prevention Oversight: Heads the Prevention function in the same countries as mentioned above
7. Head of Internal Audit Job Description
- Audit Delivery: Manage and oversee the planning and delivery of internal audits, control assessments and risk projects in support of the Internal Audit plan, delivering these to a high standard by agreed working practices
- Team Development: Support the development of the Internal Audit team through feedback, coaching, and ongoing professional development
- Action Planning: Agree on action plans with management and support the reporting of the outcomes of audit reviews to management
- Status Reporting: Provide regular updates on the status of Internal Audit work to key stakeholders, together with the tracking of open audit actions
- Knowledge Sharing: Share knowledge and collaborate with business stakeholders to instill best practices and improve the control environment across the Group
- Risk Improvement: Contribute to the improvement of risk management practices, leveraging experiences from other businesses and proactively support the identification of emerging risks and promote strategies to improve existing mitigations
- Methodology Enhancement: Contribute to the development of the function by raising standards of best practice and by developing and implementing tools, methodologies and frameworks that are appropriate to the needs of the function and the business
- Annual Planning: Develop and implement the annual internal audit plan and the ad-hoc audit sessions as requested by the Members’ Council, the Control Board and the CEO
- Policy Submission: Establish, amend, supplement, and constantly update the method, policy, and procedure for internal audit to submit to the Control Board
- Audit Training: Ensure that internal auditors receive regular training, have adequate professional qualifications and skills to perform the internal audit task
- Issue Reporting: Report to the Control Board, the Members’ Council, and the CEO when finding out any weakness, shortcoming, lapse of the internal control system, and of the managers and staff of the company
- Recommendation Follow-Up: Follow up on the implementation of post-audit recommendations
- Regulatory Reporting: Make and submit reports as regulated by internal regulations
- Audit Deployment: Directly deploy audit jobs at the Internal Audit Department
- Task Assignment: Assign tasks to Internal Audit members to ensure effectiveness and completeness of the Audit Plan
- Control Consulting: Consult, participate in planning, and enhance the internal control system in case of ensuring that the independence of the internal audit is ensured
8. Head of Internal Audit Overview
- Audit Plan Management: Create, manage and deliver a risk-based annual Audit Plan, as approved by the Audit Committee
- Process Review: Undertake internal audit reviews based on the annual Audit Plan, reviewing business processes and recommending control improvements
- Audit Reporting: Provide management and the Audit Committee with written reports of the results and recommendations of each piece of work undertaken
- Recommendation Follow-Up: Follow up on management’s response to Internal Audit recommendations to determine if agreed-upon internal control improvements have been implemented
- Committee Presentation: Present findings and progress with the Audit Plan to the Audit Committee at least quarterly and provide an annual summary of the control environment to the Audit Committee
- Governance Support: Support good governance by undertaking ad hoc projects/investigations, including whistleblowing reports or suspected fraudulent activity
- Standards Maintenance: Maintain Internal Audit standards and procedures
- Risk Coordination: Coordinate the risk management process, ensuring the group risk register is updated regularly
- Risk Embedding: Ensure that the risk management process is embedded and continues to function on an ongoing basis
- Governance Liaison: Business point of contact for governance and control queries, including whistleblowing
- Risk Engagement: Conduct regular meetings (including site visits) with BU management / legal / Group business functions to understand the risk environment
9. Head of Internal Audit Details and Accountabilities
- Audit Leadership: Lead the completion of all phases (planning, execution, completion and reporting) of the audit process for multiple concurrent audits
- Output Compliance: Ensure timely, complete and accurate outputs that comply with the company's Group Internal Audit departmental standards
- Control Recommendations: Drafts audit issues and develops valid conclusions resulting in specific business process and internal control recommendations, while considering implementation requirements, cost and likely stakeholder responses
- Report Production: Produce high-quality internal audit reports, which have been fully reviewed before being presented to senior management
- Documentation Review: Performs and/or ensures that all relevant audit work papers and outputs are appropriately reviewed, approved and filed as part of completing the assignment
- Audit Communication: Effectively communicates with IA leadership on audit statuses, issues and reporting
- Thematic Auditing: Participates in Group Internal audits, thematic or otherwise, as directed by the Group Chief Internal Auditor
- Risk Assessment: Complete an annual risk assessment for assigned business units, ensuring the development of a risk-based audit plan
- Plan Execution: Actively participates in the development, execution and maintenance of a group-wide risk-based internal audit plan
- Stakeholder Engagement: Responsible for internal stakeholder engagement, including the development of working relationships with key stakeholders designed to enhance the effectiveness of the internal audit process
- Assurance Coordination: Work with other assurance providers including Risk Management and Compliance, to ensure organisational assurance activities are carried out in a focused, integrated, coordinated manner
- External Liaison: Liaise with external service providers and external auditors in the context of the execution of internal audit activities
10. Head of Internal Audit Tasks
- Audit Planning: Assist the Board of AMC and the Head of Internal Audit, Asia Pacific in determining the annual audit plans for the businesses, including Shanghai or any other branch offices
- Scope Development: Develop the definition and scope of audits
- Strategy Advisory: Serve as a senior departmental resource on issues of audit strategy
- Audit Execution: Execute planned audits, including preparation of audit scope memoranda and working papers, and manage the completion of the audit within the given timeframe
- Investigation Support: Conduct investigations, ad hoc assignments and regulatory audit activities
- Department Liaison: Liaise with other departments such as compliance, legal, to ensure smooth communication in terms of risk, control and governance
- Testing Documentation: Document audit testing using best practices and form conclusions based on the outcome of the testing
- Improvement Planning: Identify areas in need of improvement and assist in the development of an action plan
- Report Preparation: Prepare audit reports and conduct meetings to obtain management concurrence and responses
- Findings Follow-Up: Follow up on the auditing findings and track the progress and any action plans as measured against the related audit
- Audit Collaboration: Liaise with other Auditors where additional resources or expertise are required
- Resource Coordination: Work with employees and consultants assigned to specific audits
- Tool Familiarity: Maintain familiarity with evolving, state-of-the-art audit tools and techniques
- Professional Liaison: Act as liaison to professional societies and colleagues from different business functions
- Standards Development: Assist the Board of AMC and the Head of Internal Audit, Asia Pacific, in developing standards for the audit program, including performance, cost control and quality control
11. Head of Internal Audit Roles
- Function Design: Responsible for the design and implementation of an effective internal audit function at SVB
- Service Oversight: Oversight of co-source service providers, design and approval of the annual internal audit plan, and effective operation of the internal audit function
- Audit Reporting: Report to the Chair of the Audit Committee of SVB, with a dotted reporting line to SVBFG’s Chief Auditor
- Regulatory Performance: Performance of the SMF 5 Head of Internal Audit, subject to regulatory approval
- Plan Execution: Ensure that SVB successfully executes the planned Audits as set out in the Internal Audit plan (and agreed by the Board's Audit Committee)
- Strategy Implementation: Design and implement the strategy for Internal Audit at SVB to ensure that the function can keep pace with a rapidly growing and evolving business
- Customer Focus Challenge: Ensure the internal audit function and associated internal audit plan challenge the customer-facing areas of the bank in accurately identifying customer behaviour and needs
- Environmental Monitoring: Monitor the general market, economic and regulatory environment and how changes will impact internal audit activity and the broader strategy in the business
- Industry Trend Analysis: Track and analyse banking trends in internal audit techniques and standards, making recommendations to the audit committee
- Priority Implementation: Ensure implementation of the internal audit plan and associated priorities for the function
- Executive Reporting: Report to the Chair of the Audit Committee, Head of EMEA and SVB and SVBFG’s Chief Auditor regularly, and to the Audit Committee at each meeting, for the performance of the function
- Corporate Support: Use expertise to support corporate activities undertaken by the bank relating to acquisitions, financial investments, risk management, liquidity, strategic planning, balance sheet structure, new products, and profit projections
- Project Review: Review and challenge the planning process and delivery of major projects, operational changes or major capital expenditure for the function
12. Head of Internal Audit Additional Details
- Cost Analysis: Ensure that the internal audit function's viability and cost structure are regularly analysed
- Provider Monitoring: Take appropriate actions to monitor co-source providers in terms of any services provided
- Standards Compliance: Implement strong standards and practices for the internal audit function in complying with the PRA/FCA’s statements of principles and code of practice and the Chartered Institute of Internal Auditors (“IIA”)
- Risk Control Review: Review the management of and systems and controls about the bank’s risk appetite statements, lines of approval authority and responsibility for managing individual risk elements
- Data Quality Assessment: Review the data used by the bank to assess its and identify risks and consider whether it is fit for purpose in terms of quality, quantity and breadth
- Data Oversight: Provide oversight and validation of this data and its use in reporting the bank’s risks, both internally to board committees and externally
- Policy Review: Review the development, embedding and management of the bank’s policies and procedures and review to the extent these are translated into operating standards
- Framework Monitoring: Monitor the effectiveness of the 1st and 2nd line control frameworks, which are set up to implement and monitor the adherence to risk, governance and other associated bank policies
- Governance Reporting: Review and report to the audit committee on the broader operation of the governance framework including the robustness of regulatory reporting and the suite of regulatory documents
- Risk Monitoring: Ensure the principal risks of the bank are assessed and are then monitored, managed and controlled effectively and reported to the Audit Committee and SVBFG’s Chief Auditor using appropriate internal controls
- Team Leadership: Develop and lead an active, challenging and committed team for the Internal Audit function, managing its performance against its key deliverables, ensuring it has the appropriate knowledge and skills to operate effectively
13. Head of Internal Audit Essential Functions
- Audit Excellence: Maintain a best-in-class Internal Audit function that provides an efficient, effective and value-adding Internal Audit service to the company
- Process Efficiency: Utilise Lean practices and available technologies to ensure the Internal Audit processes are operating efficiently
- Risk-Based Planning: Develop the Internal Audit Plan to address key risk areas within the company
- Co-Source Coordination: Responsible for coordinating with co-sourced Internal Audit providers to ensure the timely implementation of this plan and regular monitoring through visual management techniques and management of the Internal Audit and co-sourced team
- Committee Reporting: Manage the Risk and Audit Committee reporting process
- Stakeholder Communication: Communicate with the Committee regularly
- Issue Escalation: Manage the issue tracking escalation process
- Attention Reporting: Prepare reporting for the Risk and Audit Committee regarding issues that require their attention
- Standards Compliance: Ensure all reporting to the Risk and Audit Committee is in line with the International Standards for the Professional Practice of Internal Auditing
- Risk Liaison: Liaise with the Senior Leadership Team, Management, Chief Risk Officer, co-sourced Internal Auditors, External Auditors and Consultants to ensure that the risks to the Business are effectively identified and managed
- Relationship Building: Build effective relationships with these key stakeholders
- Team Management: Lead and Performance Management of direct report(s)
- Objective Delivery: Participate in the Performance Management process to ensure delivery of their own and the wider team's objectives
14. Head of Internal Audit Role Purpose
- Audit Execution: Responsible for the planning and execution of internal audits over European locations
- Controls Testing: Lead the internal controls testing, walkthroughs and flowcharts to comply with company regulations
- Routine Testing: Make sure routine testing is performed across human resources, underwriting, claims, reinsurance, risk management, finance, Solvency II, governance, compliance, actuarial and IT
- Audit Documentation: Documenting and recording all internal audit and testing on the Internal audit software
- Policy Compliance: Comply with the company's Internal Audit Policies to the letter
- Workpaper Preparation: Make sure working papers that support the audit findings, the final internal audit report that is presented to the client
- Team Liaison: Liaise with the Head of International Internal Audit and the audit team
- Risk Analysis: Manage and execute audits, including identifying and analyzing risks
- Audit Planning: Plan and prioritize the audit work, conducting interviews, and observing operations
- Procedure Review: Document and analyze procedures and controls
- Testing Execution: Complete audit tests at times, preparing and reviewing appropriate work papers
- Issue Reporting: Develop audit recommendations, socializing identified issues with appropriate management, and preparing audit reports
- SOX Oversight: Responsible for ensuring the team completes the company’s SOX testing on behalf of management within deadlines, working closely with the Company's 3rd party SOX advisory firm
- Risk-Based Planning: Collaborate to develop and implement an audit plan that includes an assessment of all relevant risk factors
- Team Development: Recruit, screen, hire, develop, and mentor the audit team
- Knowledge Sharing: Share information among the Internal Audit group, transferring knowledge and providing instruction and guidance
15. Head of Internal Audit General Responsibilities
- Conflict Management: Manage conflicts with stakeholders in finalising the audit findings
- Resource Planning: Determine resources (including people and systems) to ensure business needs are met
- Team Support: Support teamwork by having a positive attitude
- Effective Communication: Communicate effectively with stakeholders, customers, IA management team and staff (regarding strategy, plan, focus areas, etc.)
- Audit Plan Development: Develop and implement a flexible risk-based annual audit plan aligned to the overall assurance framework
- Expectation Management: Manage stakeholder requirements and expectations about project scope and timelines
- Resource Allocation: Plans and allocates resources to meet departmental goals
- Project Approval: Approves planning memo for projects to commence (scope, objectives, budget and risks)
- Request Evaluation: Evaluates and recommends assigning ad-hoc audit requests for approval
- Issue Communication: Effectively communicates the audit issues and audit opinion
- Issue Escalation: Escalates significant audit issues and ensures the quality of audit projects
- Subcommittee Reporting: Compile quarterly reports to the Board sub-committees and present
- Executive Reporting: Compile a report and present to the Executive Risk Management Committee
Relevant Information