Skip to Content

Statements of Position by The IIA

Statements of Position are official pronouncements issued by The IIA's Global Board of Directors to communicate The IIA's views on issues of significance to organizations and the internal audit profession. Topics include governance, organization structure, enterprise risk management, assurance, and key organizational roles and responsibilities.

Statements of Position by The IIA

Internal audit resources for boards, committees, and executives

The statements help boards, audit committees, executives, and other organizational leaders make informed decisions on issues that affect accountability, oversight, and organizational performance.

This page serves as the central repository for accessing current Statements of Position as they are published and updated.

Download the Latest Statements of Position

Three Lines Model

Three Lines Model

The refreshed Three Lines Model targets the board as the primary audience and emphasizes accountability and the unique contribution and value of each organizational role to strong governance and risk management. The model provides a modernized governance framework that is adaptable enough to be used in organizations characterized by different structures, risk environments, and maturity levels.

Collaboration, coordination, and reliance among the three lines and the integration of assurance and advisory activities improve risk coverage and the reliability of information communicated to the board and senior management.

The statement reaffirms that when the chief audit executive assumes second-line responsibilities, the appropriate safeguards must be in place to protect the internal audit function’s independence and support internal auditors’ objectivity.

Download Statement of Position on the Three Lines Model
Role of the Internal Audit Function in Enterprise Risk Management

Role of the Internal Audit Function in Enterprise Risk Management

This statement defines enterprise risk management as a coordinated set of activities, rather than a single function, and identifies five categories of ERM activities: identify, assess, manage, monitor, and report.

The internal audit function contributes to these activities by providing objective assurance and advice, while other functions and roles also support the organization’s assurance and advisory efforts. Through coordination, collaboration, and appropriate reliance, these functions can improve the alignment, consistency, and quality of information provided to the board and senior management.

The chief audit executive and the internal audit function are uniquely positioned to help integrate organization wide assurance and advice. With appropriate safeguards, the CAE may supervise other functions and roles that also provide assurance services.

Download Statement of Position on the Role of the Internal Audit Function in Enterprise Risk Management

Understanding key internal audit topics:

The IIA’s Statements of Position address key topics shaping the internal audit profession. The sections below provide additional context on common areas covered in these statements.

What is the objective of internal auditing?

The objective of internal auditing is to provide independent, objective assurance, and advisory services that help organizations improve operations, manage risk, and strengthen governance. Statements of Position reinforce the importance of internal audit in supporting boards and executive leadership through effective oversight and informed decision-making.

Is internal auditing mandatory?

Internal audit is not required for all organizations, but it is widely recognized as a leading practice for strong governance and risk management. Statements of Position highlight the value of internal auditing in enhancing accountability, transparency, and organizational performance, even where it is not mandated by regulation.

The Three Lines Model and internal auditing

The Three Lines Model provides a framework for effective governance by defining roles and responsibilities across the organization. The internal audit function serves as the independent third line, offering objective assurance on governance, risk management, and internal controls, as reinforced in The IIA’s Statements of Position.

Learn more about the Three Lines Model