Internal Audit (IA) Responsibilities

• Significant risks are appropriately identified, assessed and managed.
• Financial and operational information are accurate, reliable and timely.
• Policies & Procedures are complied with.
• Applicable legislations / regulations are complied with.
• Resources are economically acquired, efficiently and effectively used and adequately protected.
• Quality and continuous improvements are fostered in the University’s control process.

Layered Assurance

The "Three Lines of Defense" model is a framework developed by the Institute of Internal Auditors (IIA) for effective risk management and control. OIA functions as the third line of defense by providing independent and objective assurance on the effectiveness of governance, risk management, and control processes within NUS.

• 1st line: Management (process owners) has the primary responsibility to own and manage risks associated with day-to-day operational activities.
• 2nd line: Management (functions) that oversee risks.
• 3rd line: Internal Audit function that provides independent assurance.
• 4th line: External regulators, regulatory bodies.