What is an Audit charter? An audit charter is the base of an audit because every auditor starts his audit with an audit charter. In simple words, an audit charter defines the responsibilities, authority and accountability of an auditor along with the scope of the audit. Normally, a charter also specify the management’s responsibility and their delegation of authority to the IS auditor or audit function to conduct the audit.
If the audit function is delegated to an external party, then an engagement letter is issued by the management to the auditor or the external party. In general, the basic difference between an audit charter and an engagement letter is that the latter one is prepared for a specific audit in an organization. On the other hand, an audit charter covers the overall audit scopes and objectives of an organization. So, an engagement letter is more specific than an audit charter and it must be issued before starting an audit or at least the senior management should send an email to the auditor stating the approval to start the audit work, which must address the independence of an auditor. An engagement letter should have the followings:
- It should include all the major parts of the audit charter
- Clearly state the responsibility or independence of the auditor.
- Evidence of the authorization to start the audit
- The audit completion date (accountability).
Who prepare the audit charter? Normally, an auditor can prepare the audit charter. But it always must be approved by the higher authority and agreed by the auditor.
Who authorized the audit charter? The top management or executes are responsible for approving the audit charter.
|Audit Charter||Engagement Letter|
|An overall document to establish audit function in an organization||Target for a specific audit|
|It needs regular review; at least annual review||Subject to be reviewed only during the period of the audit|
|For internal audit||Mostly for external audit|
What are the components of an audit charter?
Ideally, an audit charter should address only four aspects of the audit and those are:
In the purpose section of an audit charter, you need to mention about the main aim or goal, scope and objectives of the audit. It should give a broader outlook to the audit, not any detailed view. The responsibility section of the charter should clearly mention the independence of the auditor along with the risk assessments, critical success factor, auditee requirements and other performance measurement criteria. The authority section mentions the auditor’s right to access the information and his limitation to access some special areas or locations that is considered very sensitive by the auditee. In addition, it should specify to whom an auditor should send his audit report and discuss his findings. The accountability will include the assignment or the audit performance appraisal evaluation criteria, personal performance appraisal, assessment of compliance to the standards and benchmarking, quality review, budget spending analysis and compensation for the agreed actions, if there are any, such as when any of the parties( auditor and audited) fail to meet the agreement.
In addition, an audit charter should state that how an auditor will communicate with the auditees and it should also mention the way to implement the quality review process to assess and evaluate the quality part of the audit.