Training Aim
To present a brief introduction to internal auditing that will
give you an initial understanding of:
1.The
2.A
3.The
YOUR CHOICE
Internal auditors primary role is to review:
1.
2.
3.
2.
3.
Auditing
An examination of an organizations activities to
determine if the organization is doing what it says it is
doing.
Auditing
External auditing
Internal auditing
IIA DEFINITION
A short Task
Internal Auditing
Value is provided by providing opportunities to achieve organizational objectives,
identifying operational improvement, and/or reducing risk exposure through
assurance and consulting services.
audit stamp
The Evolution of
the Audit Function
Professionalism
An Exercise
Expectations of internal
auditing
Expectation gap
Management
1)Check
Expectation gap
It is important not to sacrifice assurance
work by diverting audit resources to
carrying out pure consulting services.
IIA STANDARDS
Attribute Standards: outline what a good
internal audit set-up
should look like.
Performance standards: set a benchmark for
the audit task
Implementation standards: provide guidance
to attribute or
performance
standards
IIA STANDARDS
Attribute Standards:
1000 Purpose, Authority, and
Responsibility
1100 Independence and Objectivity
1200 Proficiency and Due Professional
Care
1300 Quality Assurance and
IIA Standards
(1) Attribute standards
1000 Purpose, Authority, and Responsibility
The purpose, authority, and responsibility of the internal audit
activity must be formally defined in an internal audit chapter,
consistent with the Definition of Internal Auditing, the Code
of Ethics and the Standards. The CAE must periodically
review the internal audit chapter and present it to senior
management and the board for approval.
IIA Standards
(1)Attribute standards
1100 Independence and Objectivity
The internal audit activity must be independent, and
internal auditors must be objective in performing
their work.
IIA Standards
(1)Attribute standards
1200 Proficiency and Due Professional Care
Engagements must be performed with proficiency and
due professional care.
IIA Standards
(1)Attribute standards
1300 Quality Assurance and Improvement Program
The CAE must develop and maintain a quality
assurance and improvement program that covers all
aspects of the internal audit activity.
IIA STANDARDS
Performance Standards: set a benchmark
for the audit task
2000 Managing the Internal Audit Activity
2100 Nature of Work
2200 Engagement Planning
2300 Performing the Engagement
2400 Communicating Results
2500 Monitoring Progress
2600 Resolution of Senior Managements
Acceptance of Risks
IIA Standards
(2) Performance standards
2000 Managing the Internal Audit Activity
The CAE must effectively manage the internal audit
activity to ensure it adds value to the organization.
IIA Standards
(2) Performance standards
2100 Nature of Work
The internal audit activity must evaluate and
contribute to the improvement of governance, risk
management and control processes using a systematic
and disciplined approach.
IIA Standards
(2) Performance standards
2200 Engagement Planning
Internal auditors must develop and document a plan
for each engagement, including the engagements
objectives, scope and resource allocations.
IIA Standards
(2) Performance standards
2300 Performing the Engagement
Internal auditors must identify, analyze, evaluate and
document sufficient information to achieve the
engagements objectives.
IIA Standards
(2) Performance standards
2400 Communicating Results
Internal auditors must communicate the engagement
results.
IIA Standards
(2) Performance standards
2500 Monitoring Progress
The CAE must establish and maintain a system to
monitor the disposition of the results communicated to
managers.
IIA Standards
(2) Performance standards
2600 Resolution of Senior Managements Acceptance
of Risks
The CAE believes that senior management has accepted
a level of residual risk that may be unaccepted to the
organization, the CAE must discuss the matter with
senior management. If the decision regarding residual
risk is not resolved, the CAE must report the matter to
the board for resolution.
IIA Standards
(3) Practice Guides
GTAG 1: Information Technology Controls
GTAG 2: Change and Patch Management Controls: Critical for Organizational
Success
GTAG 3: Continuous Auditing: Implications for Assurance, Monitoring, and Risk
Assessment
GTAG 4: Management of IT Auditing
GTAG 5: Managing and Auditing Privacy Risks
GTAG 6: Managing and Auditing IT Vulnerabilities
GTAG 7: Information Technology Outsourcing
GTAG 8: Auditing Application Controls
IIA Standards
(3) Practice Guides
GTAG 9: Identity and Access Management
GTAG 10: Business Continuity Management (BCM)
GTAG-11: Developing the IT Audit Plan
GTAG-12: Auditing IT Projects (Mar. 2009)
GTAG-13: Fraud Prevention and Detection in an Automated World
(December 2009)
GTAG-14: Auditing User-developed Applications (June 2010)
GTAG-15: Information Security Governance (June 2010)
GTAG-16: Data Analysis Technology (August 2011)
Is IA Necessary?
The threat of competition and the changing environment mean that the incentive for
review and change is great.
No matter how good a service looks, it can be improved.