THE AMENDED INTERNAL AUDIT CHARTER WAS APPROVED BY THE AUDIT COMMITTEE ON 2023-03-29
The purpose of GitLab’s (“Company”) internal audit team (“IA Team”) is to provide independent, objective assurance and consulting services designed to add value and improve the Company’s operations. The IA Team helps the Company accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, and control processes.
The IA Team will govern itself by adherence to the mandatory elements of The Institute of Internal Auditors' International Professional Practices Framework, including the Core Principles for the Professional Practice of Internal Auditing, the Company’s Code of Business Conduct & Ethics (the “Code of Ethics”), the Institute of Internal Auditors (IIA) Code of Ethics, the International Standards for the Professional Practice of Internal Auditing (the “Standards”), and the Definition of Internal Auditing. The Company’s Vice President, Internal Audit will report periodically to the Company’s E-Group and the Company’s Board of Directors’ Audit Committee (“Committee”) regarding the IA Team’s conformance to the Code of Ethics and the Standards.
The Company's Vice President, Internal Audit will report functionally to the Committee and administratively (i.e., day-to-day operations) to the Company’s Chief Financial Officer. To establish, maintain, and assure that the IA Team has sufficient authority to fulfill its duties, the Committee will:
The Company’s Vice President, Internal Audit will have unrestricted access to, and communicate and interact directly with, the Committee, as necessary, including in private meetings without Company management present.
The Committee authorizes the IA Team to:
The Vice President, Internal Audit will ensure that the IA Team remains free from all conditions that threaten the ability of internal auditors to carry out their responsibilities in an unbiased manner, including matters of audit selection, scope, procedures, frequency, timing, and report content. If the Company’s Vice President, Internal Audit determines that independence or objectivity may be impaired in fact or appearance, the details of impairment will be disclosed to the Committee.
Members of the IA Team will maintain an unbiased attitude that allows them to perform engagements objectively and in such a manner that they have confidence in their work product, that no quality compromises are made, and that they do not subordinate their judgment on audit matters to others.
Members of the IA Team will have no direct operational responsibility or authority over any of the activities audited. Accordingly, members of the IA Team will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair their judgment, including:
Where the Company’s Vice President, Internal Audit has or is expected to have roles and/or responsibilities that fall outside of internal auditing, safeguards will be established by the IA Team and approved by the Committee to limit impairments to independence or objectivity.
Members of the IA Team will:
The Company’s Vice President, Internal Audit will report and confirm to the Committee, at least annually, the organizational independence of the IA Team.
The Company’s Vice President, Internal Audit will disclose to the Committee any interference and related implications in determining the scope of internal auditing, performing work, and/or communicating results.
The scope of the IA Team’s activities encompasses, but is not limited to, objective examinations of evidence for providing independent assessments to the Committee, Company management, and outside parties on the adequacy and effectiveness of governance, risk management, and control processes for the Company. Internal audit assessments include evaluating whether:
The Company’s Vice President, Internal Audit will report periodically to E-group and the Committee regarding:
The Company’s Vice President, Internal Audit also coordinates activities, where possible, and considers relying upon the work of other internal and external assurance and consulting service providers as needed. The IA Team may perform advisory and related management service activities, the nature and scope of which will be agreed with the management, provided the IA Team does not assume management responsibility.
Opportunities for improving the efficiency of governance, risk management, and control processes may be identified during engagements. These opportunities will be communicated to the appropriate level of management.
The Company’s Vice President, Internal Audit has the responsibility to:
The IA Team will maintain a quality assurance and improvement program that covers all aspects of the IA Team. The program will include an evaluation of the IA Team’s conformance with the Standards and an evaluation of whether internal auditors apply The IIA’s Code of Ethics. The program will also assess the efficiency and effectiveness of the IA Team and identify opportunities for improvement.
The Company’s Vice President, Internal Audit will communicate to E-group and the Committee on the IA Team’s quality assurance and improvement program, including results of internal assessments (both ongoing and periodic) and external assessments conducted at least once every five years by a qualified, independent assessor or assessment team from outside the Company.
internal-audit@gitlab.com
@gitlab-com/internal-audit
@int-audit
#internal_audit
slack channel is the best place for questions relating to our team (please add the above tag)Interested in joining our team? Check out more here