ABSTRACT
The Institute of Internal Auditors (IIA), the global professional association for the practice of internal auditing, defines the internal audit function (IAF) as an assurance and consulting activity implemented to evaluate and improve the effectiveness of the governance, risk management, and control (GRC) processes within the organization. In particular, the IAF’s role is to provide objective assurance and insight regarding GRC processes to two different groups: (1) those charged with organizational governance (e.g., executive management and the board); and (2) those managing the organizational operations (e.g., operational managers, and staff functions). The IAF provides value to each of these groups differently, with the former group primarily seeking assurance, and the latter group looking for insight and recommendations. In this chapter, we examine the IAF’s relationship to each group as a framework for our discussion of how these relationships have evolved over time, what researchers have learned regarding internal auditing, and what questions remain unanswered.
