Section 3: Establish a Risk-based Plan to Determine the Priorities of the Internal Audit Activity

The internal audit activity assists both management and the oversight body in risk management by:

• Helping management to understand internal controls and risk management processes.
• Developing and implementing a framework for assessing risk
• Bringing a systematic, disciplined auditing approach to assessing the effectiveness of internal controls and risk management processes. 
• Providing objective and independent assurance that the organization's risks have been appropriately mitigated
• Making recommendations for improvement, as warranted.