MANAGING

THE INTERNAL
AUDIT
ACTIVITY

CHAPT ER III
THE INTERNAL AUDIT
ACTIVITY IS
E F F E C T I V E LY
MANAGED WHEN:

G A LV E Z , A N G E L A
FMA42FB1
• The results of the internal audit activity’s work achieve the
purpose and responsibility
• The internal audit activity conforms with the definition of
Internal Auditing and the Standards
• The individuals who are part of the internal audit activity
demonstrate conformance with the Code of Ethics and the
Standards.
To effectively manage the internal audit activity, the
CAE should have a comprehensive knowledge and
understanding about the internal audit charter,
Internal Audit Committee’s roles and
responsibilities, IIA’s Professional Practices
Framework and Code of Ethics.
THE CAE IS RESPONSIBLE FOR PROPERLY
MANAGING THE INTERNAL AUDIT
ACTIVITY SO THAT:
✓Engagement work fulfills the general purpose
and responsibilities approved by the senior
management and accepted by the board
✓Resources of the internal audit activity are
efficiently and effectively employed
✓Engagement work conforms to the Standards
for the Professional Practice of Internal
Auditing
SPECIFIC RESPONSIBILITIES OF
THE CHIEF AUDIT EXECUTIVE IN
MANAGING THE INTERNAL AUDIT
ACTIVITY
1. PLANNING

Planning process involves establishing:

• Goals
• Engagement work schedules
• Staffing plans and financial budgets
• Activity Reports
The Chief Audit Executive should :

1. Establish risk-based plans

2. Communicate plans and resource needs to senior
management and board
3. Develop policies and procedures
4. Report periodically to senior management and Board
5. Develop quality assurance and improvement program
MATTERS TO BE CONSIDERED IN
ESTABLISHING ENGAGEMENT
WORK SCHEDULE:
• The dates and results of the last engagement
• Updated assessments of risks and effectiveness of risk management and
control
• Requests by the senior management up to the governing body
• Issues related to organizational governance
• Changes in enterprise operations
• Opportunities to achieve benefits
• Changes and capabilities of the audit staff
2. COMMUNICATION AND APPROVAL
• The Chief Audit Executive should submit
annually to senior management for approval
and to the Board for its information.

• The approved planning processes (Engagement

work schedule, staffing plan and financial
budget) must contain sufficient information.
3. RESOURCE MANAGEMENT

RESOURCE MANAGEMENT addresses the

management of human resources of the internal
audit activity.

The CAE should ensure that internal audit

resources are appropriate, sufficient and
effectively deployed.
THE CAE SHOULD ESTABLISH A
PROGRAM FOR SELECTING AND
DEVELOPING HR OF IAA.
This program should provide for:
1. Developing job descriptions for each level of audit staff.
2. Selecting qualified and competent individuals.
3. Providing educational opportunities for each IA.
4. Appraising each internal auditor’s performance.
5. Providing counsel to internal auditors.
SKILLS REQUIRED OF INTERNAL
AUDITORS

“Internal Auditors should possess knowledge,

skills and other competencies needed to
perform their individual responsibilities.”
- IIA Standards 1210
TABLE 3-1 Internal Audit Activity
SKILLS Should collectively possess
REQUIRED knowledge, skills and other
competencies needed to
perform the functions of
internal audit group.
Internal Auditor
Should possess knowledge,
skills and other competencies
needed to perform their
assigned responsibilities.

TABLE 3-2
COGNITIVE
SKILLS

Technical Skills Following routines with mastery

Analytic Skills Problem identification or task definition and structuring of

prototype performances or solutions

Appreciative Skills Making complex and creative judgments, often in situations of

ambiguity
BEHAVIORAL
SKILLS

Personal Skills Handling oneself well in situations of challenges

Interpersonal Securing outcomes through interpersonal

Skills interactions

Organizational Securing outcomes through the use of

Skills organizational networks
VIERNES, GIRLIE
FMA42FB1
 .

Should share information and

coordinate activities with other
internal and external providers of
relevant assurance and consulting
services to ensure proper
coverage and minimize duplication
of effort
CHIEF AUDIT EXECUTIVE
Require the support of the
board to achieve effective
coordination

Should make regular evaluations

of the coordination between
internal and external auditors
 The scope of • Encompasses a systematic, disciplined approach
to evaluate and improve the effectiveness of risk
internal auditing management, control and governance processes.
work

The scope of • Determined by their professional standards, and

they are responsible for judging the adequacy of
external procedures performed and evidence obtained
auditing work for purposes of expressing their opinion on the
annual financial statements.
OUTSOURCING THE INTERNAL AUDIT ACTIVITY
OR USE OF EXTERNAL SERVICE PROVIDERS

External service providers

• is a person or firm, independent of the
organization, who has special knowledge, skill
and experience in particular discipline.

• May be engaged by the board, senior

management, or the chief audit executive
audit.
External service providers may be used by the internal audit
activity in connection with, among other things:
❑ Achievement of the objectives in the engagement work schedule.
❑ Audit activities where a specialized skill and knowledge are needed
such as information technology, statistics, taxes, or language
translations.
❑ Valuations of assets such as land and buildings, works of art,
precious gems, investments, and complex financial instruments.
❑ Determination of quantities or physical condition of certain assets
such as mineral and petroleum reserves.
❑ Measuring the work completed and to be completed on contracts
in progress.
❑Fraud and security investigations.
❑Determination of amounts, by using specialized methods such
as actuarial determinations of employee benefit obligations.
❑Interpretation of legal, technical, and regulatory requirements.
❑Evaluation of the internal audit activity’s quality assurance and
improvement program in conformance with the Standards.
❑Mergers and acquisitions.
❑Consulting on risk management and other matter
COMPETENCY, INDEPENDENCE, AND OBJECTIVITY OF
AN EXTERNAL SERVICE PROVIDER
The CAE determines that the external service provider possess the necessary
knowledge, skills, and other competencies to perform engagement by considering:

▪ Professional certification, license, or other recognition of the external service provider’s

competence in the relevant discipline.
▪ Membership of the external service provider in an appropriate professional organization and
adherence to that organization’s code of ethics.
▪ The reputation of the external service provider. This may include contacting others familiar
with the external service provider’s work.
▪ The external service provider’s experience in the type of work being considered.
▪ The extent of education and training received by the external service provider in disciplines
that pertain to the particular engagement.
▪ The external service provider’s knowledge and experience in the industry in which the
organization operates
COMPETENCY, INDEPENDENCE, AND OBJECTIVITY OF
AN EXTERNAL SERVICE PROVIDER
The CAE assesses the independence and objectivity of the external
service provider by considering:
▪ The financial interest the external service provider may have in the organization.
▪ The personal or professional affiliation the external service provider may have to
the board, senior management, or others within the organization.
▪ The relationship the external service provider may have had with the organization
or the activities being reviewed.
▪ The extent of other ongoing services the external service provider may be
performing for the organization.
▪ Compensation or other incentives that the external service provider may have.
SCOPE OF THE EXTERNAL SERVICE PROVIDER’S WORK
To accomplish this, the CAE reviews the following with the external service
provider:

❑Objectives and scope of work including deliverables and time frames.

❑Specific matters expected to be covered in the engagement
communications.
❑Access to relevant records, personnel, and physical properties.
❑Information regarding assumptions and procedures to be employed.
❑Ownership and custody of engagement working papers, if applicable.
❑Confidentiality and restrictions on information obtained during the
engagement.
❑Where applicable, conformance with the Standards and the internal
audit activity’s standards for working practices.
QUALITY ASSURANCE AND IMPROVEMENT
PROGRAM

QAIP provides the reasonable assurance that

internal auditing work is performed in accordance
with the charter.

A quality assurance and improvement program is

designed to enable an evaluation of the internal audit
activity’s conformance with the Definition of Internal
Auditing and the Standards and an evaluation of whether
internal auditors apply the Code of Ethics.

The program also assesses the efficiency and

effectiveness of the internal audit activity and identifies
opportunities for improvement and must include both
internal and external assessments.
• INTERNAL ASSESSMENTS

a) Ongoing monitoring of the performance of the internal

audit activity
b) Periodic reviews performed through self-assessment or
by other persons within the organization with sufficient
knowledge of internal audit practices.

• EXTERNAL ASSESSMENTS
a) The need for more frequent external assessments
b) The qualification and independence of the external
reviewer or review team, including any potential conflict
of interest.
REPORTING THE QAIP AND DISCLOSURE OF
NONCONFORMANCE
REPORTING WITH THE SENIOR MANAGEMENT AND
THE BOARD

CHIEF AUDIT EXECUTIVE

THE INTERNAL
AUDIT CHARTER
P R A D O , E L LY Z A
FMA42FB1
THE INTERNAL AUDIT CHARTER

Standard 1000- Purpose, Authority and

Responsibility
The purpose, authority and responsibility of the
internal audit activity must be formally defined in an
internal audit charter, consistent with the Definition of
Internal Auditing, the Code of Ethics, and the Standards.
The internal audit charter should define the following items:

1. The scope of the services and worked performed

2. The objectives of the internal audit activity
3. The authority that the internal audit activity has to access records,
personnel and physical properties in the organization
4. The accountability of the internal audit activity
5. The responsibility of the internal audit activity
THE INTERNAL AUDIT COMMITTEE (IAC)

“Audit Committee” refers to the governance body that

is charged with oversight of the organization’s audit
and control function.
FUNCTIONS OF THE AUDIT COMMITTEE
a. Assist the board in the performance of its oversight
responsibility for the financial reporting process,
system of internal control, audit process, and
monitoring of compliance with applicable laws,
rules and regulation.
b. Provide oversight over Management’s activities in
managing credit, market, liquidity, operational,
legal and other risks of the corporation.
c. Performs oversight functions over the corporation’s
internal and external auditors.
d. Review the annual internal audit plan to ensure its
conformity with the objectives of the corporation.
e. Discuss with the external auditor the nature, scope, and
expenses of the audit
f. Organize an internal audit department, and consider
the appointment of an independent internal auditor and
the terms and conditions of its engagement and
removal
g. Monitor and evaluate the adequacy and effectiveness
of the corporation’s internal control system, including
financial reporting control and information technology
security
h. Review the reports submitted by the internal and
external auditors.
THE INSTITUTE OF INTERNAL AUDITOR
(IIA)

The IIA is the internal audit profession’s global voice,

recognized authority, acknowledged leader, chief
advocate, and principal educator.
The IIA’s specific objectives are as follows:
1. To cultivate, promote, and disseminate knowledge
and information concerning internal auditing and
subjects related thereto.
2. To establish and maintain high standards of integrity,
honor, and character among internal auditors.
3. To furnish information regarding internal auditing
and the practice and methods thereof to its
members, and of other person interested therein,
and to the general public.
4. To cause the publication of articles relating to
internal auditing and practices and methods thereof.
5. To establish and maintain a library of reading rooms,
meeting rooms, and social rooms for the use of its
members.
6. To promote social intercourse among its members.
7. To do any and all things which shall be lawful and
appropriate in furtherance of any of the purpose
herein before expressed.
Certified Internal Auditor (CIA)

is the only globally accepted certification for internal

auditors and remains the standard by which
individuals demonstrate their competency and
professionalism in the auditing field.
The IIA has promoted the professionalization of internal auditing primarily
through
• Adopting a common body of knowledge listing the disciplines related to
internal auditing and the competencies that internal auditors must develop
within each discipline.
• Establishing a certification program, including an examination that is
prerequisite to receipt of the Certified Internal Auditor designation.
• Administering a continuing professional education (CPE) program
• Publishing a technical journal, the Internal Auditor
• Establishing a Professional Practices Framework that includes the definition
of internal auditing, the IIA Code of Ethics, the Standards, Practice
Advisories, and Development and Practice Aids.
Institute of Internal Auditors- Philippines (IIA-P)
- Is the primary association of internal auditors in the
Philippines,

IIA-P is committed to:

• Serve its members in fulfilling their professional responsibilities
by being the principal educator of internal auditors, and by
maintaining a professional organization.
• Serve the profession of internal auditing by being the
recognized authority in internal auditing, and the acknowledge
leader of the profession.