Practice Guide: Auditing Executive Compensation and Benefits

This Practice Guide is provided as a service to members of The IIA.

IIA members: Please LOGIN to download a FREE copy (PDF). 

Non-members: Add this item to your shopping cart to purchase a copy for download. Please allow 48-72 hours after placing the order to receive an email containing the link and access code to download your purchased product.

Learn more about the value of an IIA Membership.

Practice Guides provide detailed guidance for conducting internal audit activities. They include detailed processes and procedures, such as tools and techniques, programs, and step-by-step approaches, as well as examples of deliverables. Practice Guides are part of The IIA's International Professional Practices Framework. As part of the Strongly Recommended category of guidance, compliance is not mandatory, but it is strongly recommended and the guidance is endorsed by The IIA through formal review and approval process.

Executive compensation and benefits (ECB) programs have risks that require effective board governance and management processes. Internal auditors have an important role in providing assurance that appropriate and effective controls are in place around ECB programs. Auditing the structure and operation of ECB programs is a legitimate and appropriate role for internal auditing. If a risk assessment indicates a review is warranted, the chief audit executive (CAE) should add ECB to the audit plan, which the board will review and approve. Internal auditing will choose the audit approach and design risk-based audit procedures. This practice guide provides discussions relating to such an audit and includes several considerations that may be relevant to an organization's business activities or risk profile. Strong governance systems are needed for ECB programs, as management often is in the position of both designing and recommending its own compensation. There are several specific risks internal auditors should consider, including employment market, compliance, financial reporting, reputation, operating, and external business relationship risks. ECB programs also are subject to fraud risk. Due to the sensitive nature of this area, internal auditing must have an appropriate audit approach and access to the necessary information. While there can be obstacles to obtaining this information, internal audit needs to proceed in accordance with its charter. The audit scope could include a focus on the board, management, and extended business relationships. There are a number of unique aspects in audits of each of these areas of focus which should be considered before performing audit work. This guide will assist internal auditors with an explanation of the audit approach, audit considerations such as access to information and privileged communications, as well as the skills and knowledge necessary to serve on the audit team. A section on audit program development includes various concepts, potential tests, and questions to help auditors create an audit program. The appendix provides definitions relative to various types of compensation and benefits.

Item Number: 10.1177