Tools & Techniques III:

Audit Manager

Unit 7: Quality Assurance &

Improvement Program
 Introduction
This unit covers the following topics:
• What is a QAIP?
• Applicable Standards
• The QAIP Framework
• Five characteristics of a successful QAIP
• Reporting the results of a QAIP
• Balanced scorecards

PG Page 111 Screen 2 of 14

 Siapakah yang mengaudit aktivitas audit internal di perusahaan
anda?
Self-assesment review?
Atau, ada pihak independent yang di sewa untuk mengevaluasi
kinerja aktivitas audit internal perusahaan anda?
Atau, malah aktivitas audit internal perusahaan anda ‘Tidak
tersentuh’, terhindar dari pertanyaan diatas?.

Dari beberapa pertanyaan diatas bahwa sesuai dengan IPPF terbaru yang berlaku efektif
per Januari 2017 bahwa sesuai dengan pasal 1300 tentang “ Persyaratan Program Asurans
dan Peningkatan Kualitas”, maka aktivitas audit internal harus menerapkan program
pemastian kualitas dan peningkatan (QIAP-Quality Assurance and Improvement Program).
Dalam Standar 1300 beserta interpretasinya, Kepala Eksekutif Audit (CAE) harus
menerapkan suatu program pemastian atau jaminan kualitas yang mencakup semua
aspek Aktivitas Audit Internal untuk memastikan kegiatan Aktivitas Audit Internal telah
sesuai dengan Definisi Audit Internal, Kode Etik, dan Standar, serta telah berjalan secara
efektif dan efisien. Lebih rinci IIA memberikan pedoman QAIP tersebut sebagai berikut:

1. Kepala Eksekutif Audit (CAE) bertanggung jawab untuk menjalankan Aktivitas Audit
Internal dengan lingkup tugas sesuai dengan Standar dan Definisi Audit Internal. Untuk
memastikan hal tersebut, Standard 1300 mensyaratkan CAE untuk mengembangkan dan
menjaga program pemastian/jaminan mutu dan perbaikan (Quality Assurance and
Improvement Program – QAIP).
2. CAE bertanggung jawab untuk menerapkan proses yang dirancang untuk memberikan
jaminan yang wajar kepada berbagai pihak pemangku kepentingan bahwa Aktivitas Audit Internal:
Berjalan sesuai dengan piagam audit internal, yang konsisten dengan Definisi Audit Internal, Kode
Etik, dan Standar. Beroperasi secara efektif dan efisien. Dipersepsi oleh para stakeholder sebagai
nilai tambah dan meningkatkan operasi organisasi. Proses ini meliputi pengawasan yang tepat,
penilaian internal secara periodik dan pemantauan jaminan kualitas secara berkelanjutan, serta
penilaian eksternal secara berkala.

3. Proses QAIP harus cukup komprehensif untuk mencakup semua aspek operasi dan pengelolaan
Aktivitas Audit Internal, sebagaimana digariskan dalam Definisi Internal Audit, Kode Etik, Standar,
dan juga dicontohkan oleh praktik-praktik terbaik profesi. Proses QAIP dilakukan oleh, atau dibawah
pengawasan langsung dari, CAE. Kecuali dalam suatu lingkungan Aktivitas Audit Internal yang kecil,
CAE biasanya akan mendelegasikan sebagian tanggung jawab QAIP kepada bawahannya.
Sementara itu pada organisasi dengan lingkungan yang besar atau kompleks (misalnya, memiliki
berbagai unit usaha dan/atau lokasi), CAE perlu menetapkan fungsi QAIP secara formal yang
dipimpin oleh seorang eksekutif audit internal dan independen dari kegiatan audit dan konsultasi
yang rutin dilakukan dalam audit internal. Eksekutif ini (beserta staf tertentu) mengelola dan
memantau aktivitas yang diperlukan agar QAIP dapat berjalan dengan sukses.
 What Is a QAIP?
Quality assurance occurs during all phases of the audit model.
A quality assurance and improvement program
(QAIP) is designed to evaluate the internal audit
function and its conformance with the Standards. It
is also an evaluation of whether internal auditors
apply the Code of Ethics to these activities. The
program assesses the efficiency and effectiveness of
the internal audit activity and identifies
opportunities for improvement.

PG Page 112–113 Screen 3 of 14

Internal audit teams need to provide the assurance that their internal audit activity and each member of their
staff conforms to all of the mandatory elements of the International Professional Practices Framework (IPPF).

The IPPF provides the requirements and characteristics of quality in internal audit activities. To recall, the four
elements of the IPPF:

 Core Principles
The Core Principles for the Professional Practice of Internal Auditing are the foundation for the IPPF and support
internal audit effectiveness.

 Definition of Internal Auditing

“Internal auditing is an independent, objective assurance and consulting activity designed to add value and
improve an organization’s operations. It helps an organization accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and
governance processes.”

 Code of Ethics
The Principles and the Rules of Conduct of the Code of Ethics define ethical behavior for a professional internal
auditor.

 Standards
The Standards are the central criteria that define the attributes and characteristics of performance for an
internal audit activity, including the requirements for a QAIP.
 Applicable Standards
• Standard 1300 – Quality Assurance and Improvement Program

• Standard 1310 – Requirements of the Quality Assurance and

Improvement Program

• Standard 1312 – External Assessments

• Standard 1320 – Reporting on the Quality Assurance and

Improvement Program

• Standard 1321 – Use of “Conforms with the International

Standards for the Professional Practice of Internal Auditing.”

• Standard 1322 – Disclosure of Nonconformance

PG Page 114–116 Screen 4 of 14

 Standard 1300 – Quality Assurance and Improvement Program
The chief audit executive must develop and maintain a quality assurance and improvement program
that covers all aspects of the internal audit activity.
Interpretation:
A quality assurance and improvement program is designed to enable an evaluation of the internal
audit activity’s conformance with the Standards and an evaluation of whether internal auditors apply
the Code of Ethics. The program also assesses the efficiency and effectiveness of the internal audit
activity and identifies opportunities for improvement. The chief audit executive should encourage
board oversight in the quality assurance and improvement program.

 Standard 1310 – Requirements of the Quality Assurance and Improvement Program

The quality assurance and improvement program must include both internal and external
assessments.
Secara Umum program tersebut dilakukan untuk memastikan beberapa hal pokok yaitu:

1. Kesesuaian aktivitas audit internal dengan kode etik, definisi dan standar audit
internal yang berlaku umum
2. Efisiensi dan efektivitas aktivitas audit internal
3. Mengidentifikasi peluang-peluang untuk perbaikan dan peningkatan
Di dalam standar QAIP tersebut juga diatur bagaimana dan siapa yang melakukan penilaian
terhadap aktivitas audit internal :

 Review Internal, dilakukan secara terus menerus sebagai bagian yang terintegrasi dengan proses
manajemen Aktivitas Audit Internal. Selain itu review internal juga dilakukan secara berkala, baik
oleh personil di dalam aktivitas audit internal sendiri atau personil lainnya di dalam organisasi
yang menguasai kerangka professional praktik audit internal (IPPF Standar Atribut No.1311)

 Review Ekstern, dilakukan sekurang-kurangnya sekali dalam lima tahun oleh penilai atau tim
penilai yang memiliki kualifikasi memadai & independent di luar organisasi dengan komptensi
dan prosedur yang diatur oleh kerangka professional praktik audit internal (IPPF Standar
Atribut No.1312)

 Melaporkan program penjaminan mutu atas hasil QAIP terhadapa aktivitas audit internal (IPPF
Standar Atribut No.1320)
 Menyatakan bahwa aktivitas audit internal telah sesuai dengan Standar Internasional Praktik
Profesional Audit Internal, dapat dilakukan hanya jika didukung dengan hasil program
asurans dan peningkatan kualitas (IPPF Standar Atribut No.1321 – Penggunaan Frasa
“Ketidaksesuaian dengan standar IPPF”)

 Apabila terdapat ketidaksesuaian terhadap Kode Etik dan Standaryang mempengaruhi ruang
lingkup operasi aktivitas audit internal secara umum, kepala audit internal harus
mengungkapkan ketidaksesuaian tersebut dan dampaknya, kepada manajemen senior dan
dewan (IPPF Standar Atribut No.1322 Pengungkapan Ketidaksesuaian)
 The QAIP Framework

The QAIP framework includes ongoing monitoring, periodic

self-assessment, and external assessment. The output of
these three activities includes findings, observations, and
recommendations.

The framework is intended as guidance only. Internal audit

functions may develop their own QAIP
structure; however, the common elements of all QAIPs are
that they:
• Cover all aspects of the internal audit activity.
• Enable an evaluation of conformance with the
Definition of Internal Auditing, the Code of Ethics,
• and the Standards.
• Assess the efficiency and effectiveness of the
internal audit activity.
• Identify opportunities for improvement.

PG Pages 117 Screen 5 of 14

 Five Characteristics of a Successful QAIP
There are five key characteristics that form the
foundation of an effective QAIP as required by the
Standards.
• Policy
• Methodology and process
• People
• Systems and information
• Communication and reporting

PG Page 118–119 Screen 6 of 14

Five Key Characteristics That Form The Foundation Of An Effective QAIP As Required By The Standards.

1. Policy
A policy that is used to enforce the necessity of the QAIP.
The internal audit charter establishes the requirement for the QAIP.
The internal audit policy and procedure manual requires the QAIP.
The CAE is responsible for establishing and maintaining a QAIP.
The CAE communicates the results of the QAIP to senior management and the board.

2. Methodology and process

An established methodology and documented process for the QAIP is essential.
The QAIP methodology is based on the Standards and related Implementation Guidance.
The QAIP requirements are documented in the internal audit policy and procedure manual.
3. People
The right people performing and conforming to the Standards.
• Internal audit staff are aware of their responsibilities related to the QAIP and have received
appropriate training.
• Personnel who are assigned responsibility for the implementation of the QAIP are independent
and objective.
• Periodic internal quality assessments are performed by internal audit staff with strong
experience in internal auditing and a deep understanding of the Standards.
• External assessments are conducted by qualified personnel who are independent from the
organization.
4. Systems and information
Automated audit systems and readily available metrics that are monitored.
• A standardized audit management system is used to document workpapers and can be heavily relied
upon during the quality assessment process.
• Relevant key performance indicators that are monitored and used during the internal quality assessment
process are supported by company systems.

5. Communicating and reporting

Results are reported and communicated to management and can facilitate improvement
opportunities.
• The results of periodic internal assessments are summarized and discussed with audit management and
action plans for improvements are developed and implemented.
• The results of periodic internal assessments are reported to and reviewed with senior management and
the audit committee.
• Client feedback is solicited from each client and documented within the workpapers to assist in
continuous improvement of the internal audit processes.
• External assessment providers deliver qualitative and quantitative benchmarks that are reported to both
management and the audit committee to facilitate continuous improvements.
 Small Group Activity: Characteristics of a Successful QAIP
• Work in groups of 3 to 5 to discuss the
five characteristics.
• Think of some examples from your
internal audit department that you
could potentially implement as part of a
QAIP for your department.
• Brainstorm among your group and
share ideas for each of the five
characteristics.

PG Page 120 Screen 7 of 14

 Characteristics of a Successful QAIP: Debrief
Discuss your results as a class.

PG Page 120 Screen 8 of 14

 Reporting the Results of Quality Assurance
The results of ongoing monitoring must be
communicated periodically to the board and/or the
audit committee, as well as to other appropriate
stakeholders. In addition, the results of any periodic
self-assessments or external assessments, and the level
of conformance with the Standards, must be reported
to the board and/or the audit committee after their
completion.

Some other key points to remember regarding

reporting on the QAIP are:
• Internal assessments
• External assessments
• Follow-up
PG Page 121–127 Screen 9 of 14
Some other key points to remember regarding reporting on the QAIP are:

 Internal assessments – Results of internal assessments should be reported to the audit

committee and to senior management, at least annually.

 External assessments – Results of external assessments should be provided to senior

management and the audit committee. The external assessment report should be accompanied
by a written action plan in response to significant comments and recommendations contained in
the report.

 Follow-up – The CAE will implement appropriate follow-up actions to ensure that
recommendations made in the report and action plans are implemented in a reasonable
timeframe.
Untuk menetapkan ukuran kinerja yang efektif, CAE harus terlebih dahulu mengidentifikasi
aspek-aspek dalam kinerja audit internal yang kritikal. Salah satu cara yang sering digunakan
di antaranya adalah kerangka yang di adaptasi dari pemikiran Kaplan dan Norton
yaitu Balance Scorecard:

1. Inovasi dan pembelajaran

Untuk menjawab pertanyaan apakah audit internal mampu berkelanjutan dan
menciptakan Value
Contoh : Pengalaman Staf Auditor, Jumlah jam training per auditor, hubungan pelaporan
fungsional CAE, Presentase staff yang bersertifikasi

2. Proses Audit Internal

Untuk menjawab pertanyaan pada bidang apa audit internal memiliki keahlian
Contoh : Pentingnya temuan audit, presentasi realisasi vs rencana, jumlah perbaikan proses,
jumlah temuan audit penting, jumlah penghematan, Teknik pemastian kualitas yang
dikembangkan, jumlah temuan berulang, jumlah hari dari fieldwork berakhir ke penerbitan
laporan
3. Manajemen/Auditee
Adaptasi perspektif pelanggan, yaitu untuk menjawab pertanyaan
agaimana Customer memandang audit internal

Contoh : Hasil Survey kepuasan auditee, presentase rekomendasi yang diterapkan, jumlah
permintaan manajemen, harapan manajemen terhadap Audit Internal, jumlah Komplain
terhadap Audit Internal

4. Board/Komite Audit
Adaptasi dari perspektif keuangan, untuk menjawab pertanyaan bagaimana audit internal
memandang stakeholders

Contoh : Hasil survey kepuasan Komite Audit, Peran audit internal di mata komite audit,
perhatian komite audit terhadap risiko
 Balanced Scorecards

A balanced scorecard is a tool

used by internal audit
departments to measure the
performance of
the function. When developed and
maintained properly, the scorecard
can become a valuable tool
to establish and validate the value
of the internal audit department
to the overall organization.

PG Pages 128 Screen 10 of 14

 Large Group Discussion: Balanced Scorecards
1. Does your internal audit department have a balanced scorecard (or other similar tool) to
measure the overall performance of the department?

2. Does your scorecard (or the like) have similar measurements as the one depicted in your
guide, or does it have measurements that are different?

PG Page 129 Screen 11 of 14

 Additional Resources for QAIP

PG Page 131 Screen 12 of 14

 Questions and Answers

PG Page 133 Screen 14 of 14