Internal audit charter

Purpose

The purpose of the Internal Audit (IA) function is to strengthen PIC’s ability to create, protect, and sustain value by providing PIC senior management, Board and Audit Committee with independent, risk-based, and objective assurance, advice, insight, and foresight.

The IA function enhances PIC’s:

• successful achievement of its objectives
• governance, risk management, and control processes
• decision-making and oversight
• reputation and credibility with its stakeholders
• ability to serve the public interest.

PIC’s IA function is most effective when:

• internal auditing is performed by competent professionals in conformance with The IIA’s Global Internal Audit Standards^TM, which are set in the public interest
• the IA function is independently positioned with direct accountability to the Board
• internal auditors are free from undue influence and committed to making objective assessments.

Commitment to adhering to the Global Internal Audit Standards

The PIC IA function will adhere to the mandatory elements of The Institute of Internal Auditors' International Professional Practices Framework, which are the Global Internal Audit Standards and Topical Requirements. The Chief Internal Audit Officer (CIAO) will report periodically to PIC senior management, Board and Audit Committee regarding the internal audit function’s conformance with the Standards, which will be assessed through a Quality Assurance and Improvement Program (QAIP).

Mandate

Authority

The PIC Board and Audit Committee grants the IA function the mandate to provide the Board, Audit Committee and Senior Management with objective assurance, advice, insight, and foresight.

The IA function’s authority is created by its direct reporting relationship to the PIC Board and Audit Committee. Such authority allows for unrestricted access to the Board.

The PIC Board and Audit Committee authorises the IA function to:

• have full and unrestricted access to all functions, data, records, information, physical property, and personnel pertinent to carrying out internal audit responsibilities. Internal auditors are accountable for confidentiality and safeguarding records and information
• allocate resources, set frequencies, select subjects, determine scopes of work, apply techniques, and issue communications to accomplish the function’s objectives
• obtain assistance from the necessary personnel of PIC and other specialized services from within or outside PIC to complete internal audit services.

Independence, organisational position, and reporting relationships

The CIAO will be positioned at a level in the organisation that enables internal audit services and responsibilities to be performed without interference from Management, thereby establishing the independence of the IA function. The CIAO will report functionally to the PIC Board and Audit Committee and administratively (for example, day-to-day operations) to the PIC Chief Executive Officer. This positioning provides the organisational authority and status to bring matters directly to PIC Senior Management and escalate matters to the PIC Board and Audit Committee, when necessary, without interference and supports the internal auditors’ ability to maintain objectivity.

The CIAO will confirm to the PIC Board and Audit Committee, at least annually, the organisational independence of the IA function.

The CIAO will disclose to the PIC Board and/or Audit Committee any interference internal auditors encounter related to the scope, performance, or communication of IA work and results. The disclosure will include communicating the implications of such interference on the IA function’s effectiveness and ability to fulfill its mandate.

Changes to the mandate and charter

Circumstances may justify a follow-up discussion between the CIAO, PIC Board and Audit Committee, and PIC Senior Management on the IA mandate or other aspects of the IA charter. Such circumstances may include but are not limited to:

• a significant change in the Global Internal Audit Standards 
• a significant acquisition or reorganisation within the organisation
• significant changes in the chief audit executive, board, and/or senior management
• significant changes to the organisation’s strategies, objectives, risk profile, or the environment in which the organisation operates
• new laws or regulations that may affect the nature and/or scope of internal audit services.

Chief Audit Executive roles and responsibilities 

Ethics and professionalism

The CIAO will ensure that internal auditors:

• conform with the Global Internal Audit Standards, including the principles of Ethics and Professionalism: integrity, objectivity, competency, due professional care, and confidentiality
• understand, respect, meet, and contribute to the legitimate and ethical expectations of the organisation and be able to recognize conduct that is contrary to those expectations
• encourage and promote an ethics-based culture in the organisation 
• report organisational behaviour that is inconsistent with the organisation’s ethical expectations, as described in applicable policies and procedures.

Objectivity

The CIAO will ensure that the IA function remains free from all conditions that threaten the ability of internal auditors to carry out their responsibilities in an unbiased manner, including matters of engagement selection, scope, procedures, frequency, timing, and communication. If the CIAO determines that objectivity may be impaired in fact or appearance, the details of the impairment will be disclosed to appropriate parties. 

Internal auditors will maintain an unbiased mental attitude that allows them to perform engagements objectively such that they believe in their work product, do not compromise quality, and do not subordinate their judgment on audit matters to others, either in fact or appearance.

Internal auditors will have no direct operational responsibility or authority over any of the activities they review. Accordingly, internal auditors will not implement internal controls, develop procedures, install systems, or engage in other activities that may impair their judgment, including:

• assessing specific operations for which they had responsibility within the previous year
• performing operational duties for PIC or its affiliates
• initiating or approving transactions external to the IA function
• directing the activities of any PIC employee that is not employed by the internal audit function, except to the extent that such employees have been appropriately assigned to internal audit teams or to assist internal auditors.

Internal auditors will:

• disclose impairments of independence or objectivity, in fact or appearance, to appropriate parties and at least annually, such as the CIAO, PIC Board and Audit Committee, management, or other
• exhibit professional objectivity in gathering, evaluating, and communicating information
• make balanced assessments of all available and relevant facts and circumstances
• take necessary precautions to avoid conflicts of interest, bias, and undue influence.

Managing the Internal Audit function

The CIAO has the responsibility to:

• at least annually, develop a risk-based internal audit plan that considers the input of the PIC Board and Audit Committee and senior management. Discuss the plan with the board and senior management and submit the plan to the PIC Board and Audit Committee for review and approval
• communicate the impact of resource limitations on the IA plan to the PIC Board and Audit Committee and senior management 
• review and adjust the IA plan, as necessary, in response to changes in PIC’s business, risks, operations, programs, systems, and controls
• communicate with the PIC Board and Audit Committee and senior management if there are significant interim changes to the IA plan
• ensure IA engagements are performed, documented, and communicated in accordance with the Global Internal Audit Standards
• follow up on engagement findings and confirm the implementation of recommendations or action plans and communicate the results of IA services to the PIC Board and Audit Committee and senior management periodically and for each engagement as appropriate
• ensure the IA function collectively possesses or obtains the knowledge, skills, and other competencies and qualifications needed to meet the requirements of the Global Internal Audit Standards and fulfill the IA mandate
• identify and consider trends and emerging issues that could impact PIC and communicate to the PIC Board and Audit Committee and senior management as appropriate
• consider emerging trends and successful practices in internal auditing
• establish and ensure adherence to methodologies designed to guide the IA function
• ensure adherence to PIC’s relevant policies and procedures unless such policies and procedures conflict with the IA charter or the Global Internal Audit Standards. Any such conflicts will be resolved or documented and communicated to the PIC Board and Audit Committee and senior management
• coordinate activities and consider relying upon the work of other internal and external providers of assurance and advisory services. If the CIAO cannot achieve an appropriate level of coordination, the issue must be communicated to senior management and if necessary escalated to the PIC Board and Audit Committee.

Communication with the PIC Board and Audit Committee and senior management

The CIAO will report periodically to the PIC Board and Audit Committee and senior management regarding:

• the IA function’s mandate
• the IA plan and performance relative to its plan
• IA budget
• significant revisions to the IA plan and budget 
• potential impairments to independence, including relevant disclosures as applicable 
• results from the Quality Assurance and Improvement Program (QAIP), which include the IA function’s conformance with The IIA’s Global Internal Audit Standards and action plans to address the IA function’s deficiencies and opportunities for improvement 
• significant risk exposures and control issues, including fraud risks, governance issues, and other areas of focus for the board 
• results of assurance and advisory services 
• resource requirements
• management’s responses to risk that the IA function determines may be unacceptable or acceptance of a risk that is beyond PIC’s risk appetite.

Quality Assurance and Improvement Program (QAIP)

The CIAO will develop, implement, and maintain a QAIP that covers all aspects of the IA function. The program will include external and internal assessments of the IA function’s conformance with the Global Internal Audit Standards, as well as performance measurement to assess the IA function’s progress toward the achievement of its objectives and promotion of continuous improvement. The program also will assess, if applicable, compliance with laws and/or regulations relevant to internal auditing. Also, if applicable, the assessment will include plans to address the IA function’s deficiencies and opportunities for improvement.

Annually, the CIAO will communicate with the PIC Board and Audit Committee and senior management about IA’s QAIP, including the results of internal assessments (ongoing monitoring and periodic self-assessments) and external assessments. External assessments will be conducted at least once every five years by a qualified, independent assessor or assessment team from outside PIC; qualifications must include at least one assessor holding an active Certified Internal Auditor® credential.

Scope and types of IA services

The scope of IA services covers the entire breadth of the organisation (audit universe), including all PIC’s activities, assets, and personnel. The scope of IA activities also encompasses but is not limited to objective examinations of evidence to provide independent assurance and advisory services to the PIC Board and Audit Committee and management on the adequacy and effectiveness of governance, risk management, and control processes for PIC.

The nature and scope of advisory services may be agreed with the party requesting the service, provided the IA function does not assume management responsibility. Opportunities for improving the efficiency of governance, risk management, and control processes may be identified during advisory engagements. These opportunities will be communicated to the appropriate level of management.

Internal audit engagements may include evaluating whether:

• risks relating to the achievement of PIC’s strategic objectives are appropriately identified and managed
• the actions of PIC’s officers, directors, management, employees, and contractors or other relevant parties comply with PIC’s policies, procedures, and applicable laws, regulations, and governance standards
• the results of operations and programs are consistent with established goals and objectives
• operations and programs are being carried out effectively and efficiently
• established processes and systems enable compliance with the policies, procedures, laws, and regulations that could significantly impact PIC
• the integrity of information and the means used to identify, measure, analyze, classify, and report such information is reliable
• resources and assets are acquired economically, used efficiently and sustainably, and protected adequately.

Approved by the board at its meeting on 13 November 2024

Signatures