International Standards for the Professional Practice of Internal Auditing 2 Internal auditing
Types of Audit: Operational auditing Financial reporting auditing Compliance auditing
Differences to external auditing: Targets the main elements in the internal control system Not obligatory Internal audiotors principal (mandator): top management Reports to the organization (not to the general meeting/wide public) Wider functions - not focused on financial auditing More skills needed !
3 The official definition (IIA) Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
The important elements in the definition: independent and objective assurance and consulting activity designed to add value and improve an organization's operations a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
4 What are they doing in practice ? Evaluating whether policies and procedures are being followed. Educating management and the board on critical issues. Monitoring compliance with laws and regulations. Assessing operations and making best-practice recommendations. Providing counsel for improving controls, processes and procedures, performance, and risk management. Suggesting ways to reduce costs, enhance revenues, and improve profits. Delivering in-house consulting, assurance, and facilitation services.
5 Assurance and consulting Performed by professionals with an in-depth understanding of the business culture, systems, and processes, the internal audit activity provides assurance that internal controls in place are adequate to mitigate the risks, and organizational goals and objectives are met. When there is room for improvement, internal auditors make recommendations for enhancing processes, policies, and procedures.
6 WHY SHOULD AN ORGANIZATION HAVE INTERNAL AUDITING?
A cornerstone of strong governance, internal auditing bridges the gap between management and the board, assesses the ethical climate and the effectiveness and efficiency of operations, and serves as an organizations safety net for compliance with rules, regulations, and overall best business practices. (IIA www.theiia.org)
7 IA Standards and Guidance Code of Ethics - 1968 Standards - first issued 1978 Professional Practices Framework - 2000 International Professional Practices Framework January 2009 8 .
The IPPF or International Professional Practices Framework has been developed to organise guidance for professional internal auditing in a manner that is readily accessible on a timely basis while strengthening the position of The IIA as the standard setting body for the internal audit profession globally. The IPPF 9 .
The IPPF includes only authoritative guidance developed by IIA international technical committees following appropriate due process. It consists of two categories: Mandatory. Compliance is required and the guidance is developed following the appropriate due process, which includes public exposure. Compliance with the principles set forth in mandatory guidance is essential for the professional practice of internal auditing. Strongly Recommended. Compliance is strongly recommended and the guidance is endorsed by The IIA. It describes practices for the effective implementation of The IIAs Code of Ethics and the International Standards for the Professional Practice of Internal Auditing (Standards). 10 International Professional Practices Framework (IPPF) 11 12 13 Internal Audit Definition Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organizations operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. 14 Code of Ethics 4 Principles Integrity Objectivity Confidentiality Competency 12 Rules
The purpose of The Institutes Code of Ethics is to promote an ethical culture in the profession of internal auditing. A code of ethics is necessary and appropriate for the profession of internal auditing, founded as it is on the trust placed in its objective assurance about risk management, control and governance. The Institutes Code of Ethics extends beyond the definition of internal auditing to include two essential components: 15 Code of Ethics 16 17 18 19 The International Standards Mandatory requirements consisting of: Statements of basic requirements for professional practice of internal auditing Interpretations which clarify terms or concepts within the Statements. Glossary 20 The International Standards 21 Attribute Standards 1000 Purpose, Authority, and Responsibility 1010 Recognition of the Definition of Internal Auditing, the Code of Ethics, and the Standards in the Internal Audit Charter 1100 Independence and Objectivity 1110 Organizational Independence 1111 Direct Interaction with the Board 1120 Individual Objectivity 1130 Impairment to Independence or Objectivity 1200 Proficiency and Due Professional Care 1210 Proficiency 1220 Due Professional Care 1230 Continuing Professional Development 1300 Quality Assurance and Improvement Program 1310 Requirements of the Quality Assurance and Improvement Program 1311 Internal Assessments 1312 - External Assessments 1320 Reporting on the Quality Assurance and Improvement Program 1321 Use of Conforms with the International Standards for the Professional Practice of Internal Auditing 1322 Disclosure of Nonconformance 22 Performance Standards 2000 Managing the Internal Audit Activity 2010 Planning 2020 Communication and Approval 2030 Resource Management 2040 Policies and Procedures 2050 Coordination 2060 Reporting to Senior Management and the Board 2070 External Service Provider and Organizational Responsibility for Internal Auditing 2100 Nature of Work 2110 Governance 2120 Risk Management 2130 Control 2200 Engagement Planning 2201 Planning Considerations 2210 Engagement Objectives 2220 Engagement Scope 2230 Engagement Resource Allocation 2240 Engagement Work Program 23 2300 Performing the Engagement 2310 Identifying Information 2320 Analysis and Evaluation 2330 Documenting Information 2340 Engagement Supervision 2400 Communicating Results 2410 Criteria for Communicating 2420 Quality of Communications 2421 Errors and Omissions 2430 Use of Conducted in Conformance with the International Standards for the Professional Practice of Internal Auditing 2431 Engagement Disclosure of Nonconformance 2440 Disseminating Results 2450 Overall Opinions 2500 Monitoring Progress 2600 Communicating the Acceptance of Risks 24 Non-mandatory Guidance Practice Advisories