Traditionally, the internal audit function was limited to -is the freedom from conditions that threaten the

ten the ability of

the internal audit activity to carry out internal audit
 Financial audit and responsibilities in an unbiased manner.
 Audit of internal controls with a heavy emphasis on
fraud.  To achieve the degree of independence necessary to
effectively carry out the responsibilities of the Internal
It is said that Internal auditors are the eyes and ears of Audit Activity, the Chief Audit Executive (CAE) has
management. direct and unrestricted access to Senior Management
and the Board.
Nowadays, internal auditing covers a wide range of  This can be achieved through a dual reporting
services to the organization relationship wherein the Internal Audit reports both to
the
Ranging from: o 1) Board (reportorial function) and the
o 2) CEO (administrative function)
 Assurance services- conducting various audits like
 The degree of independence to effectively carry out
o Financial the responsibilities of the IA is achieved in 2 ways:
o Performance or operations o Objectivity
o Compliance
 is an unbiased mental attitude that allows
o Special
internal auditors to perform engagements in
o Due diligent
such a manner that they believe in their work
product and that no quality compromises are
 Consulting services -such as made.
o selecting new accounting software o Organizational independence
o designing an organization’s control systems  is achieved when the chief audit executive
o designing the code of conduct reports functionality to the board by having
direct and indirect access both to senior
During earlier periods, internal audit is voluntary. But management and the board (dual relationship)
due to changing times, internal audit is used to effectively
control all aspects of operations, including public policy Dual Reporting – Internal Audit reports both to the Board
considerations and external pressure. Thus, internal audit and the CEO.
has become essential for organizations, and the conduct of
which has become mandatory.  Internal audit group reports directly (reportorial
function) to the organization's Board of Directors
It has gained such importance that gov’t regulators through the Internal Audit Committee (IAC)
around the world such as the SEC have required listed  Coordinates (administrative function) with the CEO.
companies in the Philippines to comply with  The BOD is the superior of the IAC. This is to avoid
SEC's Corporate Code of Good Governance undue influence by the CEO(Management) on the
result of the audit.
 The Board of Directors shall constitute the proper
committees to assist in good corporate governance
specifically the Audit Committee which shall consist of Scope limitation (Practice Advisory 1130-1) is a
at least 3 directors preferably with accounting and restriction placed upon the Internal Audit Activity (IAA) that
finance backgrounds wherein one is an independent precludes the audit activity from accomplishing its
director (chair) another with audit experience. objectives and plans.

 Any reporting relationship that impedes independence

Definition of Internal Auditing (IPPF) and effective operations of internal auditing should be
viewed as a serious scope limitation and should be
 Internal auditing is an independent, objective,
brought to the attention of the Board, the Audit
assurance, and consulting activity
Committee, or its equivalent.
 designed to add value and improve an organization’s
 The CAE is required to confirm to the Board at least
operations.
annually, the organizational independence of the IAA
 It helps an organization accomplish its objectives
 Among other things, a scope limitation may restrict
 by bringing a systematic, disciplined approach
the:
 to evaluate and improve the effectiveness of risk o Scope defined in the internal audit charter.
management, control, and governance processes o Internal audit activity’s access to records,
personnel, and physical properties relevant to the
Key Terms And Concept In The Definition Of Internal performance of engagements.
Auditing: o Approved engagement work schedule.
o Performance of necessary engagement
Independent procedures.
INDEPENDENCE o Approved staffing plan and financial budget.
 A scope limitation, along with its potential effect, needs To the remedy the concern on conflict of interest:
to be communicated, preferably in writing, to the Board.
The CAE needs to consider whether it is appropriate to General Approaches :
inform the board regarding scope limitations that were
previously communicated to and accepted by the  Avoidance
board. This may be necessary particularly when there  Disclosure to the stakeholders relying upon the
have been organization, board, senior management, or decision
other changes.  Management of the conflict of interest
 Internal auditors are not to accept fees, gifts, or
entertainment from an employee, client, customer, Individual Objectivity (Practice Advisory 1120-1)
supplier, or business associate that may create the
appearance that the auditor’s objectivity has been  Individual objectivity means the internal auditors
impaired. perform engagements in such a manner that they have
an honest belief in their work product and that no
significant quality compromises are made
Reporting line (functional reporting) for the Internal
 Internal auditors are not to be placed in situations that
Audit Activity (IAA)
could impair their ability to make objective professional
 Ultimate source of its independence and authority judgments.
 Best practice recommends that the Chief Audit  Individual objectivity involves the Chief Audit Executive
Executive (CAE) directly report to the Audit Committee, (CAE) organizing staff assignments that prevent
Board of Directors (BOD), or other appropriate potential and actual conflict of interest and bias,
governing authority. periodically obtaining information from the internal
audit staff concerning a potential conflict of interest and
bias, and, when practicable, rotating internal audit staff
Administrative line
assignments periodically.
 Relationship w/in the organization's management  Review of internal audit work results before the related
structure that facilitates day to day operations of the engagement communications are released assists in
IAA and providing reasonable assurance that the work was
performed objectively.
o Provides appropriate interface and support for
effectiveness (coordination).  Example:
o Administrative reporting typically includes: o The internal auditor’s objectivity is not adversely
o Budgeting and management accounting affected when the auditor recommends standards
o Human resources administration of control for systems or reviews
o Internal communications and information flows procedures before they are implemented.
 Administration of the organization's internal o The auditor’s objectivity is considered to be
policies and procedures (expense approvals, leave impaired if the auditor designs, installs, drafts
approvals) procedures for, or operates such systems.

Objective Occasional performance of non-audit work by the

internal auditor,
OBJECTIVITY  with full disclosure in the reporting process, would not
necessarily impair objectivity.
 Is a mental attitude w/c internal auditors should
 However, it would require careful consideration by
maintain while performing an audit is achieved by an
management and the internal auditor to avoid
appropriate mindset.
adversely affecting the internal auditor’s
 Internal auditors must have an impartial, unbiased
objectivity.
attitude and avoid any conflict of interest.
Impairment to independence or objectivity
Conflict of Interest
 If independence or objectivity is impaired in fact or
 a situation in which an internal auditor, who is in a
appearance, the details of the impairment must be
position of trust, has a competing professional or
disclosed to appropriate parties.
personal interest. Such competing interests can make
 The nature of the disclosure will depend upon the
it difficult to fulfill his or her duties impartially.
impairment.
 exists even if no unethical or improper act results.
 can create an appearance of impropriety that can
undermine confidence in the internal auditor, the Assurance
internal audit activity, and the profession.
 could impair an individual's ability to perform his or her  Assurance Engagement
duties and responsibilities objectively.
 o Is an objective examination of the evidence for the Scope limitation
purpose of providing an independent assessment
on risk management control or governance  the internal auditor should maintain objectivity and not
processes for the organization assume management responsibility.
o Nature and scope are determined by the internal
auditor. 4 Categories of Consulting Engagements:
 Assurance Services
o Is one involving the internal auditor's objective  Formal consulting engagements
assessment of evidence to provide an independent o planned and subject to a written agreement such
opinion or conclusion regarding an entity, as assessment of controls in a system.
operation, function, process system, or other
subject matter?  Informal consulting engagements
o routine activities to analyze operations and make
Key Assurance Activities: recommendations.

 Financial audit other than the traditional financial audit  Special consulting engagements
performed by external auditors  Emergency consulting engagements
 The performance or operational activities
 Providing assurance on the design and effectiveness
of risk management purposes
 Providing assurance that risk are correctly evaluated Effect of consulting services to auditors objectivity
 Evaluating risk management processes
 Evaluating the reporting on the status of key risk and  It may actually enhance the auditor's understanding of
controls clients' business processes or issues related to an
 Reviewing the management of key risks, including the assurance engagement and do not necessarily impair
effectiveness of the controls and other responses to the auditor's objectivity.
them.
Add Value
3 Parties in Assurance Engagement
The internal audit activity adds value to the organization
 Process owner (and its stakeholders) when
o person or group directly involved with the entity,
operation, function, process, system, or other  it provides an objective and relevant assurance and
subject matter. Also known as the responsible contributes to the effectiveness and efficiency of
party or “Auditee” governance, risk management, and control processes
 Internal auditor -the person or group making the by serving as an in-house consultant on many areas of
assessment or audit. interest.
 User – the person or group using the assessment or
audit. Internal Audit Customers Value ( by Scope of work)

Consulting 1. Audit Committee /Board

 Safeguarding assets
 Refer to advisory and related client service activities,  Compliance with laws and regulations
the nature and scope of which are agreed with the
 Reliability of data
client, are intended to add value and improve an
organization's governance, risk management, and
control processes without the internal auditor assuming Value: improve the quality of information
management responsibility.
2. Operating Management
 Examples include counsel, advice, facilitation, and
training.  Effectiveness and efficiency of operations
 Generally performed at the specific request of
engagement clients with the power to perform Value: agent of change
additional services not specifically mentioned in the
charter. SYSTEMATIC AND DISCIPLINED APPROACH
 Empowerment is also reflected in the charter.
 Performed in internal assurance and consulting
2 Parties in Consulting Services engagements to add value and improve operations

 Internal auditor- person or group offering the advice  Systematic processes avoid random actions resulting
 Engagement client -person or group seeking the in ineffective and inefficient audits is avoided.
advice
 The pre-requisite to a systematic approach involves a o Understandable and measurable- represents
plan of activities to achieve the audit objectives. achievable targets
o From the point of view of the internal
Elements of the systematic and disciplined approach auditor, business objectives provide a
framework of what the auditor wants to achieve.
 Defined audit objectives
 Risk analysis Categories of business objectives (by COSO)
 Audit work plan
 Defined audit procedures 
 Use of technology o Strategic objectives
 Independent review of audit work  value creation choices management makes on
 Review of conclusions with management behalf of the stakeholders.
 what and how management plans to achieve
the organization's objectives.
Enterprise Risk Management o Operations objectives
 pertain to the effectiveness and efficiency of
 A process to identify, assess, manage, and control
the organization's operations including
potential events or situations to provide reasonable
performance and profitability goals and
assurance regarding the achievement of the
safeguarding resources against losses.
organization's objective.
o Reporting objectives
o Processes should be designed for the nature of the
 pertain to the reliability of internal and
organization's activities
external reporting of financial and non-
o It may be formal or informal; quantitative or
financial control.
subjective
o Compliance objectives
 pertain to adherence to applicable laws and
Control regulations.
Governance
2. Evaluate and improve the effectiveness of risk,
 The combination of processes and structures management, control and governance processes
implemented by the board to inform, direct, manage
and monitor the activities of the organization toward the  a variety of procedures is used to test the design
achievement of its objectives. adequacy of the operating effectiveness of the
 Focus area of internal auditing as it relates to corporate organization's risk management, control, and
governance governance processes
 Helping the audit committee of the BOD perform its
responsibilities effectively. 3. Assurance and Consulting Activity designated to
add value and improve operations
PURPOSE OF INTERNAL AUDIT
 IA helps to identify problems, make recommendations
 To function as a service unit to assist all levels of
and helps facilitate resolution
management in the effective discharge of their
responsibilities.
 The concept is also known as “adding value to an Types of Audit
organization”
1. Financial audit
 Through assurance and consulting services, it seeks to 2. Compliance audit
provide reasonable assurance to management that 3. Performance Audit
effective stewardship is maintained over the company’s 4. Management audit
resources 5. Environmental audit
 The comprehensive scope of work of internal auditing 6. System-based
provides reasonable assurance that management has: audit
o An effective risk management system 7. Risk-based audit
o An effective and efficient system of internal control
o An effective governance process
Internal Audit Responsibility for Other Non-Audit
Function
MAIN OBJECTIVES OF INTERNAL AUDIT
 Internal auditors are not to accept responsibility for
1. Help the organization achieve its business goals or non-audit functions or duties that are subject to periodic
objective. Internal Audit Assessments.
 If they have this responsibility, then they are not
 Clearly defined functioning as internal auditors.
 When the Internal Audit Activity accepts operational The updated Framework was introduced in July 2015
responsibilities and that operation is part of the internal
audit plan, the CAE needs to:
o Minimize the impairment to objectivity by using a
IPPF Oversight Council
contracted, third-party entity or external auditors to
complete audits of those areas reporting to the  The IPPF Oversight Council is designed to evaluate
CAE and advise on the rigor of The IIA's Standards and
o The CAE should confirm that individuals with Guidance-setting process, which will increase the
operational responsibility for those areas do not confidence of internal audit stakeholders around the
participate in internal audits of the operation world.

Institute of Internal Auditors (IIA) MANDATORY GUIDANCE

 A professional association of more than 150,000  is required and essential for the professional practice
members based in Florida, USA. of internal auditing.
 Recognized as the leader of the internal audit in  is developed following an established due diligence
certification, education, research, and technological process , which includes a period of public exposure for
guidance. stakeholder input.
 Mission: internal audit aspires to enhance, protect
organizational value by providing a risk-based and
The Mandatory Elements of the IPPF are:
objective assurance, advice, and insight.
 Promoted the professionalization of internal auditing.
 Institute of Internal Auditors, Phils (IIA-P) - Core Principles for the Professional Practice of Internal
Philippine counterpart
Auditing
Certified Internal Auditor (CIA)
The Core Principles, taken as a whole, articulate internal
 The official designation of qualified internal audit audit effectiveness. For an internal audit function to be
professionals.
considered effective, all Principles should be present and
 the only globally accepted certification for internal
auditors and remains the standard by which individuals operating effectively. How an internal auditor, as well as an
demonstrate their competency and professionalism in internal audit activity, demonstrates achievement of the
the internal auditing field. Core Principles may be quite different from organization to
organization, but failure to achieve any of the Principles
Committee of Sponsoring Organizations of the
Treadway Commission(COSO) would imply that an internal audit activity was not as
effective as it could be in achieving internal audit’s mission
(1985) founder James Treadway Jr.
(see Mission of Internal Audit).
 National Commission on Fraudulent Reporting
o American Accounting Association (AAA) Demonstrates integrity.
o American Institute Of Certified Public Accountants
(AICPA) Demonstrates competence and due professional care.
o Financial Executives International (FEI) Is objective and free from undue influence
o Institute Of Internal Auditors (IIA) (independent).
o Association Of Accountants (NAC) now, Institute
Aligns with the strategies, objectives, and risks of the
Of Management Accountants
organization.
Mission : Is appropriately positioned and adequately resourced.
Demonstrates quality and continuous improvement.
Enhance and protect organizational value by providing risk-
based and objective assurance advice and insight. Communicates effectively.
Provides risk-based assurance.
The Revised International Professional Practices
Framework (IPPF) Is insightful, proactive, and future-focused.
Promotes organizational improvement.
 is the conceptual framework that organizes
authoritative guidance promulgated by The IIA.
 The IIA provides internal audit professionals worldwide Definition of Internal Auditing
with authoritative guidance organized in the IPPF as
o Mandatory Guidance and The Definition of Internal Auditing states the fundamental
o Recommended Guidance.
purpose, nature, and scope of internal auditing.
 Internal auditing is an independent, objective assurance Applicability and Enforcement of the Code of Ethics
and consulting activity designed to add value and improve
an organization's operations. It helps an organization This Code of Ethics applies to both entities and individuals
accomplish its objectives by bringing a systematic, that perform internal audit services.
disciplined approach to evaluate and improve the
effectiveness of risk management, control, and governance For IIA members and recipients of or candidates for IIA
processes. professional certifications, breaches of the Code of Ethics
will be evaluated and administered according to The IIA’s
Code of Ethics Bylaws, the Process for Disposition of Code of Ethics
Violation, and the Process for Disposition of Certification
The Code of Ethics states the principles and expectations Violation. The fact that a particular conduct is not
governing the behavior of individuals and organizations in mentioned in the Rules of Conduct does not prevent it from
the conduct of internal auditing. It describes the minimum being unacceptable or discreditable, and therefore, the
requirements for conduct, and behavioral expectations member, certification holder, or candidate can be liable for
rather than specific activities. disciplinary action.

NEW! Find Implementation Guidance for the Code of

Introduction to the Code of Ethics Ethics.

The purpose of The Institute's Code of Ethics is to promote

an ethical culture in the profession of internal auditing. Code of Ethics — Principles

Internal auditing is an independent, objective assurance Internal auditors are expected to apply and uphold the
and consulting activity designed to add value and improve following principles:
an organization's operations. It helps an organization
1. Integrity
accomplish its objectives by bringing a systematic, The integrity of internal auditors establishes trust and thus
disciplined approach to evaluate and improve the provides the basis for reliance on their judgment.
effectiveness of risk management, control, and governance 2. Objectivity
Internal auditors exhibit the highest level of professional
processes. objectivity in gathering, evaluating, and communicating
information about the activity or process being examined.
A code of ethics is necessary and appropriate for the Internal auditors make a balanced assessment of all the
relevant circumstances and are not unduly influenced by
profession of internal auditing, founded as it is on the trust
their own interests or by others in forming judgments.
placed in its objective assurance about governance, risk 3. Confidentiality
management, and control. Internal auditors respect the value and ownership of
information they receive and do not disclose information
without appropriate authority unless there is a legal or
The Institute's Code of Ethics extends beyond professional obligation to do so.
the Definition of Internal Auditing to include two essential 4. Competency
components: Internal auditors apply the knowledge, skills, and
experience needed in the performance of internal audit
1. Principles that are relevant to the profession and practice services.
of internal auditing.
2. Rules of Conduct that describe behavior norms expected
of internal auditors. These rules are an aid to interpreting Rules of Conduct
the Principles into practical applications and are intended
to guide the ethical conduct of internal auditors. 1. Integrity

"Internal auditors" refers to Institute members, recipients of Internal auditors:

or candidates for IIA professional certifications, and those
who perform internal audit services within the Definition of 1.1. Shall perform their work with honesty, diligence, and
Internal Auditing. responsibility.
1.2. Shall observe the law and make disclosures expected 4.3. Shall continually improve their proficiency and the
by the law and the profession. effectiveness and quality of their services.

1.3. Shall not knowingly be a party to any illegal activity, or

engage in acts that are discreditable to the profession of
internal auditing or to the organization.

International Standards for the Professional Practice of

1.4. Shall respect and contribute to the legitimate and Internal Auditing (Standards)
ethical objectives of the organization.
Standards are principle-focused and provide a framework
2. Objectivity
for performing and promoting internal auditing.
The Standards are mandatory requirements consisting of:
Internal auditors:

 Statements of basic requirements for the professional

2.1. Shall not participate in any activity or relationship that
practice of internal auditing and for evaluating the
may impair or be presumed to impair their unbiased
effectiveness of its performance. The requirements are
assessment. This participation includes those activities or
internationally applicable at organizational and individual
relationships that may be in conflict with the interests of the
levels.
organization.
 Interpretations, which clarify terms or concepts within the
statements.
2.2. Shall not accept anything that may impair or be
 Glossary terms.
presumed to impair their professional judgment.

It is necessary to consider both the statements and their

2.3. Shall disclose all material facts known to them that, if
interpretations to understand and apply
not disclosed, may distort the reporting of activities under
the Standards correctly. The Standards employ terms that
review.
have been given specific meanings as noted in the
Glossary, which is also part of the Standards.
3. Confidentiality
RECOMMENDED GUIDANCE
Internal auditors:
 It describes practices for effective implementation of
3.1. Shall be prudent in the use and protection of The IIA's mandatory elements.
 Recommended guidance is endorsed by The IIA
information acquired in the course of their duties.
through a formal approval process.

3.2. Shall not use information for any personal gain or in The Recommended Elements of the IPPF are:
any manner that would be contrary to the law or detrimental
to the legitimate and ethical objectives of the organization. Implementation Guidance
Recommended Guidance
4. Competency
 Implementation Guides assist internal auditors in
Internal auditors: applying the Standards and Code of Ethics. They
collectively address internal auditing's approach,
methodologies, and consideration, but do not detail
4.1. Shall engage only in those services for which they have processes or procedures.
the necessary knowledge, skills, and experience.

4.2. Shall perform internal audit services in accordance with

the International Standards for the Professional Practice of
Internal Auditing.
 Supplemental Guidance (Practice Guides) —
provide detailed processes and procedures for internal
audit practitioners which include the tools and Profession
techniques, programs, and step-by-step approaches
including examples of deliverables.  is a calling requiring a:
o Specialized knowledge, skills, and methods
Core Principles for the Professional Practice of maintained by organizations requiring high
Internal Auditing standards of achievement and
o conduct committing its members to continuous
study to a kind of work whose main purpose is
 articulate internal audit effectiveness.
public service
 For an internal audit function to be considered
effective, all Principles should be present and
operating effectively:
Components of the Code of Ethics:
 Demonstrates integrity
o maintaining high standards of achievement and
 Principles that are relevant to the profession and
conduct.
practice of internal auditing.
 Demonstrates competence and due professional
 Rules of Conduct that describe behavior norms
care.
expected of internal auditors. These rules are an aid to
o competence is having the intelligence, education
interpreting the Principles into practical applications
and training
and are intended to guide the ethical conduct of
o due care means services offered are appropriate
internal auditors.
to the task and the services are carried out in
accordance with the professional standards.
 Is objective and free from undue influence
(independent). "Internal Auditors"
o ensures unabiased assessments,judgements and
decisions will be made.
 Aligns with the strategies, objectives, and risks of the  refers to Institute members, recipients of or candidates
organization. for IIA professional certifications, and those who
perform internal audit services within the Definition of
 Is appropriately positioned and adequately resourced.
Internal Auditing.
 Demonstrates quality and continuous improvement.
 Communicates effectively.
 Provides risk-based assurance.
 Is insightful, proactive, and future-focused. Applicability and Enforcement of the Code of Ethics
 Promotes organizational improvement.
 apply to both entities and individuals that perform
CODE OF ETHICS internal audit services.
 For IIA members and recipients of or candidates for IIA
 states the principles and expectations governing the professional certifications, breaches of the Code of
behavior of individuals and organizations in the Ethics will be evaluated and administered according to
conduct of internal auditing. The Institute's Bylaws and Administrative Directives.
 It describes the minimum requirements for conduct,  The fact that particular conduct is not mentioned in the
and behavioral expectations rather than specific Rules of Conduct does not prevent it from being
activities. unacceptable or discreditable, and therefore, the
member, certification holder, or candidate can be liable
for disciplinary action

The purpose of The Institute's Code of Ethics STANDARDS

 is to promote an ethical culture in the profession of  criteria by which the operations of an internal audit
internal auditing. department are evaluated and measured.
 They should represent the practice of internal auditing.
 address the attributes of organizations and individuals
performing internal auditing.
 Contents of the Standard:
The Purpose of the Standards is to: o Purpose, authority, and responsibility
o Independence and objectivity
1. Guide adherence with the mandatory elements of the o Impairment to independence or objectivity
International Professional Practices Framework. o Proficiency and due professional care
2. Provide a framework for performing and promoting a o Quality Assurance and Improvement Program
broad range of value-added internal auditing services.
3. Establish the basis for the evaluation of internal audit
performance.
4. Foster improved organizational processes and Performance Standards (Links to an external site.)
operations.
 describe the nature of internal auditing and provide
quality criteria against which the performance of these
services can be measured.
COMPONENTS OF THE STANDARDS  Contents of the Standard:
The Standards are a set of principles-based, mandatory o Practices Framework
requirements consisting of: o Managing the internal audit activity
o Nature of work
o Engagement planning
 Statements of basic requirements for the o Performing the engagement
professional practice of internal auditing and for o Communicating the results
evaluating the effectiveness of performance that are o Monitoring Progress
internationally applicable at organizational and o Communicating the acceptance of risk.
individual levels.
 Interpretations clarifying terms or concepts within
Attribute and Performance Standards apply to all internal
the Standards.
audit services.
 Glossary terms (Links to an external site.).

The Standards, together with the Code of Ethics

Implementation Standards
 encompass all mandatory elements of the International
Professional Practices Framework; therefore,  expand upon the Attribute and Performance Standards
conformance with the Code of Ethics and the by providing the requirements applicable to Assurance
Standards demonstrates conformance with all or Consulting services.
mandatory elements of the International Professional
Practices Framework.
 employ terms as defined specifically in the Glossary.
 To understand and apply the Standards correctly, it is The Standards apply to
necessary to consider the specific meanings from the
Glossary.  individual internal auditors and the internal audit
 Furthermore, the Standards use the activity.
word “must” to specify an unconditional  All internal auditors are accountable for conforming
requirement, and the word “should” where with the standards related to:
conformance is expected unless, when applying o individual objectivity,
professional judgment, circumstances justify deviation. o proficiency, and
o due professional care and the standards
MAIN CATEGORIES OF STANDARDS relevant to the performance of their job
responsibilities.
Attribute Standards (Links to an external site.)  Chief audit executives are additionally accountable for
the internal audit activity’s overall conformance with
the Standards.
 If internal auditors or the internal audit activity is  It conforms with the Definition of Internal Auditing and
prohibited by law or regulation from conformance with the Standards.
certain parts of the Standards, conformance with all  Its individual members (Internal Auditors) conform with
other parts of the Standards and appropriate the Code of Ethics and the Standards.
disclosures are needed.  It considers trends and emerging issues that could
 If the Standards are used in conjunction with impact the organization.
requirements issued by other authoritative bodies,
internal audit communications may also cite the use of
other requirements, as appropriate.
 In such a case, if the internal audit activity indicates The internal audit activity adds value to the organization
conformance with the Standards and inconsistencies and its stakeholders when
exist between the Standards and other requirements,
internal auditors and the internal audit activity must  it considers strategies, objectives, and risks;
conform with the Standards and may conform with the  strives to offer ways to enhance governance, risk
other requirements if such requirements are more management, and control processes;
restrictive.  and objectively provides relevant assurance.

Internal Auditing Standards Board The Chief Audit Executive should possess comprehensive
knowledge and understanding about the:
 The official body charged by the IIA with developing
professional standards for internal auditing.  Internal Audit Charter
 primay responsibility is to provide guidance for  Internal Audit Committees roles and responsibilities in
practitioners. the Revised Corporate Code of Good Governance
 IIA's Professional Practices Framework, and
2.1 The Chief Audit Executive  The Code of Ethics for Internal Auditors
Performance Standards 2000 – Managing the Internal
Audit Activity
The Chief Audit Executive is responsible for properly
 The Chief Audit Executive (CAE) must effectively managing the IAA so that:
manage the internal audit activity to ensure it adds
value to the organization.  engagement work fulfills the general purposes and
responsibilities described in the charter, approved by
Senior Management, and accepted by the Board.
 resources of the Internal Audit Activity are efficiently
The Chief Audit Executive and effectively employed.
 engagement work conforms to the Standards for the
 a person in a senior position responsible for effectively Professional Practice of Internal Auditing
managing the Internal Audit Activity in accordance
with:

1. The seven (7) specific responsibilities of the CAE

1. The Internal Audit Charter (RCRPCRR)
2. The Definition of Internal Auditing
3. The Code of Ethics  Risk-based planning
4. The Standards  Communication and Approval
 Resource Management
The Internal Audit Activity is effectively managed when it:  Policies and Procedures
 Coordination
 achieves the purpose and responsibility included in the  Reporting to the Board and Senior Management
internal audit charter.o  Relationship with the Audit Committee
PA 2010 Risk Based Planning  The chief audit executive must also communicate the
impact of resource limitations placed on the scope.
PA 2010 – Planning  the approved document mentioned above should
contain sufficient information to enable the BOD to
The Chief Audit Executive ascertain whether the IAA objectives and plans
support those of the organization and the Board.
 must establish a risk-based plan to determine the
priorities of the internal audit activity, consistent with PA 2030 – Resource Management
the organization's goals.
 must also develop a quality assurance and
 The chief audit executive must ensure that internal
improvement program for the IAA.
audit resources are appropriate, sufficient,
 consults with senior management and seeks the
and effectively deployed to achieve the approved
approval of the Board (in developing the risk-based
plan.
plan)
o Appropriate- the mix of knowledge, skills, and
 The Chief Audit Executive must review and adjust the other competencies needed to perform the plan.
plan, as necessary, in response to changes in the o Sufficient- enough quantity of resources needed
organization’s business, risks, operations, programs, to accomplish the plan.
systems, and controls.
 resource requirements refer to:
o staffing plans and financial budgets
The Planning Process involves establishing the: o the number of auditors
o knowledge and skills and other competencies
required to perform the work
 Goals
o capable of being accomplished within the
specified operating plans and budgets, and should  The CAE should establish a program for selecting
be measurable. and developing the human resources of the IAA. The
o Accompanied by measurement criteria and program should provide for:
targeted date of accomplishment. o developing written job descriptions for each level
 Engagement Work Schedules include: of the audit staff
o what activities to be performed o selecting qualified and competent individuals
o when they will be performed o training and providing continuing education
o estimated time required considering the scope of opportunities for each internal auditor.
the engagement work and the nature and extent of o appraising each internal auditors performance at
related work performed by others. least annually,
o work schedules should be sufficiently flexible to o providing counsel to internal auditors on their
cover unanticipated demands in the internal audit performance and professional development.
activity.  Resources are effectively deployed when they are
 Staffing plans and financial Budgets used in a way that optimizes the achievement of the
approved plan.
 Activity reports
 Skills required of Internal Auditors
o
PA 2020 Communication and Approval  Cognitive skills - technical,
analytical, appreciative skills
PA 2020 – Communication and Approval
 Behavioral skills - personal, interpersonal,
organizational skills
 The chief audit executive must communicate the
internal audit activity's plans and PA 2040 Policies and Procedures
resource requirements, including significant interim
changes, to the Senior Management and the Board PA 2040 – Policies and Procedures
for review and approval annually which includes:
o summary of work schedule,
o staffing plan, and  The chief audit executive must establish policies and
o financial budget procedures to guide the internal audit activity.
 should also submit all significant interim changes for
approval and information.
 The form and content of policies and procedures are professional care of the assurance and consulting
dependent upon the size and structure of the internal service providers.
audit activity and the complexity of its work.  The CAE should also have a clear understanding of
 Types of Manuals the scope, objectives, and results of the work
o Personnel Manuals- describes the overall performed by other providers of assurance and
organization and its relationship to employees consulting services.
o Audit Manuals (Technical)-provide guidance on  Where reliance is placed on the work of others, the
completing specific engagements in compliance CAE is still accountable and responsible for ensuring
with technical standards and policies of the IAA. adequate support for conclusions and opinions
o Administrative Policy and Procedure reached by the internal audit activity.
Manuals -provide guidelines and standards for
the operation of the IAA.

PA 2050 Coordination PA 2060 Reporting to the Board and Senior Management

PA 2050 – Coordination and Reliance PA 2060 – Reporting to Senior Management and the
Board
 The Chief Audit Executive (CAE) should share
information, coordinate activities, and consider relying  The chief audit executive must report periodically to
upon the work of other internal sources and external senior management and the board on the internal
assurance and consulting service providers to audit activity’s purpose, authority, responsibility, and
ensure proper coverage and minimize duplication of performance relative to its plan and on its
efforts. conformance with the Code of Ethics and
 Coordinating activities- the CAE may rely on the the Standards.
work of other assurance and consulting service  Reporting must also include significant risk and
providers (external service providers). They may be control issues, including fraud risks, governance
engaged by the CAE, Senior Management, or the issues, and other matters that require the attention of
Board. senior management and/or the board..
 The frequency and content of reporting are
determined collaboratively by the chief audit
executive, senior management, and the board.
 External Service Providers (ESPs)- person or firm,  The frequency and content of reporting depend on
independent of the organization, who has special the importance of the information to be
knowledge, skill, and experience in a particular communicated and the urgency of the related actions
discipline (accountants, engineers, lawyers, to be taken by senior management and/or the board.
statisticians, etc.)  The chief audit executive’s reporting and
 Competency of the ESPs should be determined by communication to senior management and the
considering the following: board must include information about:
o Professional Certification, license, or other o The Internal Audit Charter.
recognition of the ESPs competence in the o Independence of the internal audit activity.
relevant discipline. o The audit plan and progress against the plan.
o Membership of the ESP in an appropriate o Resource requirements.
professional organization and adherence to the o Results of audit activities.
organization's code of ethics. o Conformance with the Code of Ethics and the
o The reputation of the ESP. Standards and action plans to address
o The ESPs experience in the type of work being any significant conformance issues
performed. o Management’s response to the risk that, in the
chief audit executive’s judgment, may
be unacceptable to the organization.

 A consistent process for the basis of reliance should

be established, and the chief audit executive should PAS 2060-2 Relationship with the Audit Committe
consider the competency, objectivity, and due
PAS 2060-2 The Internal Audit Committee (IAC)  The Memo Circular (MC) apply to registered
corporations and to branches or subsidiaries of
 refers to the governance body that is charged with the foreign corporations operating in the Philippines that:
oversight of the organization's audit and control o sell shares of stocks or bonds to the public
functions. registered with the Commission
 may also apply to other oversight groups with o have assets in excess of Fifty (50) Million Pesos
equivalent responsibilities such as trustees, and at least two(200) stockholders who own at
legislative bodies, owners, internal control least one hundred (100) shares
committees, or full BOD. o shares are listed on a stock exchange or
 sub-committee of the BOD whose members should grantees of secondary licenses from the
be independent Non-Executive Directors (NEDs) commission.
o NEDs- Board members who do not have roles in
the day-to-day running of the company and do The Institute of Internal Auditors (IIA)
not have any financial interest or other
relationship.  established in 1941, headquarters in Altamonte
Springs Florida, USA
 with 150,00 members
 recognized as the leader in certification, education,
Functions of the Audit Committee research, and technological guidance.
 Mission- to provide dynamic leadership for the global
 powers, duties, and responsibilities in the Audit profession of Internal Auditing.
Charter which includes:  has promoted professionalization of internal auditing
o assist the BOD in the performance of its oversight through:
responsibilities o adopting a common body of knowledge listing
o provide oversight over management activities the disciplines and competencies required for
o perform oversight functions over corporations internal auditors
internal and external auditors o establishing a certification program, including an
o review the annual internal audit plan examination that is pre-requisite to the receipt of
o discuss with the external auditor nature, scope CIA designation
and expense of the audit (prior to the o administering a continuing professional education
commencement of the audit) (CPE) program
o organize an internal audit department, consider o publishing a technical journal, the Internal Auditor
the appointment of an independent internal o establishing a professional Practices Framework
auditor that includes
o monitor and evaluate adequacy and effectiveness  the definition of Internal Auditing
of the internal control  the IIA Code of Ethics
o review the reports submitted by internal and  The Standards
external auditors.  The Practice Advisories and
 Development and Practice Aids
 Philippine counterpart is the Institute of Internal
Auditors-Philippines (IIA-P)
Corporate Governance

 the framework of rules, systems, and processes in

the corporation that governs the performance by the Certified Internal Auditors
BOD and Management of their respective duties and
responsibilities to the shareholders.  The official designation of qualified internal audit
 In the Philippines, the independence of the IAC is professionals
supported by the SEC, requiring certain entities to  the standard by which individuals demonstrate their
form Audit Committee consisting of : competency and professionalism in the internal
o at least 3 directors, preferably with auditing field.
accounting and finance backgrounds
o one shall be an independent director
o one with audit experience
o the chair should be an independent director.
The Certified Internal Auditor Program

 was established to assist in achieving the goals and

objectives of the IIA.
 the BOD will develop, approve, and modify as
necessary, such policies and procedures to stimulate
and encourage the program.

Quality Assurance and Improvement Program (QAIP)

 provides reasonable assurance that internal auditing

work is performed in accordance with its Charter.
 The CAE must develop and maintain a QAIP that
covers all aspects of the IAA. (Standard 1300)
 designed to enable evaluation of the IAA
conformance with the Definition of Internal Auditing
and the Standards and whether Internal Auditors
apply the Code of Ethics.
 assesses the effectiveness of the IAA and identifies
opportunities for improvement.
 needs to be sufficiently comprehensive to include all
aspects of operation and management of the IAA.
 QAIP function- headed by an Internal Audit Executive
and limited staff (independent of the audit and
consulting segments of the IAA)
 includes both internal and external assessments
o Internal Assessments include
 Ongoing monitoring of the performance of
the IAA
 periodic reviews performed through self-
assessments or by other persons within the
organization
o External assessments must include:
 conducted at least every five (5) years by a
qualified, independent reviewer or review
team from other organizations.
 Reporting on the QAIP
o The CAE must communicate the results of the
QAIP to Senior Management and the Board.
o The CAE may state that the IAA conforms with
the "International Standards for the Practice of
Internal Auditing" only if the results of the QAIP
supports the statement.
o If the result of the QAIP is non-conformance, the
CAE must disclose the non-conformance and the
impact on the overall scope or operation of the
IAA to the Senior Management and the Board.