Internal audit functions must report directly to the Audit committee or, where none exists, to the Board. They must have unrestricted access to all the appropriate records of the insurance licensee. They must have open and regular access to the Audit Committee, the Board, the Chief Executive, and the licensee's external auditors.