Our global internal audit function consists of the group internal audit team, led by the Chief Internal Auditor, plus regional and country audit functions that operate in each of the group’s principal areas of business. The regional and country functions are centrally directed by the group internal audit team. The country internal audit functions are jointly accountable to local senior finance management and regional heads of internal audit. They also have direct access and accountability to local audit committees and the Chief Internal Auditor.
Internal audit reviews, all of which are risk-based and include provision of assurance over financial, operational, IT and transformation programme activities, are performed by teams of appropriately qualified and experienced employees. Third parties may be engaged to support audit work as appropriate. The Chief Internal Auditor, who reports jointly to the audit committee and the Chief Financial Officer, has direct right of access to, and regular meetings with, the audit committee chairman and prepares formal reports for each audit committee meeting on the consolidated activities and key findings of the global internal audit function. The audit committee also has unrestricted access to all internal audit reports, should it wish to review them.
Our global internal audit function uses a standardised group-wide internal audit methodology which is in compliance with the International Standards for the Professional Practice of Internal Auditing of the Institute of Internal Auditors. The function operates a formal global quality assurance and effectiveness programme.
An annual process gathers feedback against specific performance criteria from a broad range of executive management at the group, regional and country levels and from certain board members. This process, supplemented by results from the function’s own quality assurance reviews, provides a basis for the annual review of the effectiveness of the global internal audit function (coordinated by the Group Company Secretary) and results in a report to the audit committee to support the committee’s formal annual assessment of the effectiveness of internal audit. In addition, a periodic review of internal audit is undertaken, most recently in 2014, by an independent external consultant in accordance with the guidelines of the Institute of Internal Auditors. The audit committee has satisfied itself that adequate, objective internal audit assurance standards and procedures exist within the group. The internal audit function is responsible for facilitating the risk management and reporting processes across the group. It also provides assurance on the effectiveness of the process to excom, the audit committee and the board.