ABSTRACT
To develop an Internal Audit strategy that would add demonstrable value to the Board and the Executive, it was self-evident that the communication of internal audit assurance plans and results would need to be aligned with the company's Enterprise Risk Management (ERM) framework. The company had recently appointed a new Chief Financial Officer and a Director of Risk and Compliance and there had been significant investment in developing the Board Governance and ERM frameworks, which were built on a 'three lines of defence' model. The success of the implementation of an integrated assurance approach has been driven largely from the top at board level through the inspiration of the Chairman of the Audit Committee and experience of the Risk and Internal Audit directors. Core controls, to identify a comprehensive programme of control checks based on risk registers. Deeper dives, to provide where appropriate additional assurance on high risk areas and emerging risks.
