This document provides a board level overview of internal audit and internal controls. It states that the internal audit department is responsible for: conducting an annual risk assessment; developing an annual internal audit plan; executing operational, compliance and IT audit projects; assisting with corporate governance initiatives; and communicating audit results to senior management and the audit committee.

This report also breaks down the elements of the internal control framework, including: mitigating controls, pervasive/preventative controls, entity-level controls, process-level controls, general IT controls and application controls.