Is The Freedom From Conditions That Threaten The Ability of
Is The Freedom From Conditions That Threaten The Ability of
Is The Freedom From Conditions That Threaten The Ability of
Financial audit other than the traditional financial audit Special consulting engagements
performed by external auditors Emergency consulting engagements
The performance or operational activities
Providing assurance on the design and effectiveness
of risk management purposes
Providing assurance that risk are correctly evaluated Effect of consulting services to auditors objectivity
Evaluating risk management processes
Evaluating the reporting on the status of key risk and It may actually enhance the auditor's understanding of
controls clients' business processes or issues related to an
Reviewing the management of key risks, including the assurance engagement and do not necessarily impair
effectiveness of the controls and other responses to the auditor's objectivity.
them.
Add Value
3 Parties in Assurance Engagement
The internal audit activity adds value to the organization
Process owner (and its stakeholders) when
o person or group directly involved with the entity,
operation, function, process, system, or other it provides an objective and relevant assurance and
subject matter. Also known as the responsible contributes to the effectiveness and efficiency of
party or “Auditee” governance, risk management, and control processes
Internal auditor -the person or group making the by serving as an in-house consultant on many areas of
assessment or audit. interest.
User – the person or group using the assessment or
audit. Internal Audit Customers Value ( by Scope of work)
Safeguarding assets
Refer to advisory and related client service activities, Compliance with laws and regulations
the nature and scope of which are agreed with the
Reliability of data
client, are intended to add value and improve an
organization's governance, risk management, and
control processes without the internal auditor assuming Value: improve the quality of information
management responsibility.
2. Operating Management
Examples include counsel, advice, facilitation, and
training. Effectiveness and efficiency of operations
Generally performed at the specific request of
engagement clients with the power to perform Value: agent of change
additional services not specifically mentioned in the
charter. SYSTEMATIC AND DISCIPLINED APPROACH
Empowerment is also reflected in the charter.
Performed in internal assurance and consulting
2 Parties in Consulting Services engagements to add value and improve operations
Internal auditor- person or group offering the advice Systematic processes avoid random actions resulting
Engagement client -person or group seeking the in ineffective and inefficient audits is avoided.
advice
The pre-requisite to a systematic approach involves a o Understandable and measurable- represents
plan of activities to achieve the audit objectives. achievable targets
o From the point of view of the internal
Elements of the systematic and disciplined approach auditor, business objectives provide a
framework of what the auditor wants to achieve.
Defined audit objectives
Risk analysis Categories of business objectives (by COSO)
Audit work plan
Defined audit procedures
Use of technology o Strategic objectives
Independent review of audit work value creation choices management makes on
Review of conclusions with management behalf of the stakeholders.
what and how management plans to achieve
the organization's objectives.
Enterprise Risk Management o Operations objectives
pertain to the effectiveness and efficiency of
A process to identify, assess, manage, and control
the organization's operations including
potential events or situations to provide reasonable
performance and profitability goals and
assurance regarding the achievement of the
safeguarding resources against losses.
organization's objective.
o Reporting objectives
o Processes should be designed for the nature of the
pertain to the reliability of internal and
organization's activities
external reporting of financial and non-
o It may be formal or informal; quantitative or
financial control.
subjective
o Compliance objectives
pertain to adherence to applicable laws and
Control regulations.
Governance
2. Evaluate and improve the effectiveness of risk,
The combination of processes and structures management, control and governance processes
implemented by the board to inform, direct, manage
and monitor the activities of the organization toward the a variety of procedures is used to test the design
achievement of its objectives. adequacy of the operating effectiveness of the
Focus area of internal auditing as it relates to corporate organization's risk management, control, and
governance governance processes
Helping the audit committee of the BOD perform its
responsibilities effectively. 3. Assurance and Consulting Activity designated to
add value and improve operations
PURPOSE OF INTERNAL AUDIT
IA helps to identify problems, make recommendations
To function as a service unit to assist all levels of
and helps facilitate resolution
management in the effective discharge of their
responsibilities.
The concept is also known as “adding value to an Types of Audit
organization”
1. Financial audit
Through assurance and consulting services, it seeks to 2. Compliance audit
provide reasonable assurance to management that 3. Performance Audit
effective stewardship is maintained over the company’s 4. Management audit
resources 5. Environmental audit
The comprehensive scope of work of internal auditing 6. System-based
provides reasonable assurance that management has: audit
o An effective risk management system 7. Risk-based audit
o An effective and efficient system of internal control
o An effective governance process
Internal Audit Responsibility for Other Non-Audit
Function
MAIN OBJECTIVES OF INTERNAL AUDIT
Internal auditors are not to accept responsibility for
1. Help the organization achieve its business goals or non-audit functions or duties that are subject to periodic
objective. Internal Audit Assessments.
If they have this responsibility, then they are not
Clearly defined functioning as internal auditors.
When the Internal Audit Activity accepts operational The updated Framework was introduced in July 2015
responsibilities and that operation is part of the internal
audit plan, the CAE needs to:
o Minimize the impairment to objectivity by using a
IPPF Oversight Council
contracted, third-party entity or external auditors to
complete audits of those areas reporting to the The IPPF Oversight Council is designed to evaluate
CAE and advise on the rigor of The IIA's Standards and
o The CAE should confirm that individuals with Guidance-setting process, which will increase the
operational responsibility for those areas do not confidence of internal audit stakeholders around the
participate in internal audits of the operation world.
Internal auditing is an independent, objective assurance Internal auditors are expected to apply and uphold the
and consulting activity designed to add value and improve following principles:
an organization's operations. It helps an organization
1. Integrity
accomplish its objectives by bringing a systematic, The integrity of internal auditors establishes trust and thus
disciplined approach to evaluate and improve the provides the basis for reliance on their judgment.
effectiveness of risk management, control, and governance 2. Objectivity
Internal auditors exhibit the highest level of professional
processes. objectivity in gathering, evaluating, and communicating
information about the activity or process being examined.
A code of ethics is necessary and appropriate for the Internal auditors make a balanced assessment of all the
relevant circumstances and are not unduly influenced by
profession of internal auditing, founded as it is on the trust
their own interests or by others in forming judgments.
placed in its objective assurance about governance, risk 3. Confidentiality
management, and control. Internal auditors respect the value and ownership of
information they receive and do not disclose information
without appropriate authority unless there is a legal or
The Institute's Code of Ethics extends beyond professional obligation to do so.
the Definition of Internal Auditing to include two essential 4. Competency
components: Internal auditors apply the knowledge, skills, and
experience needed in the performance of internal audit
1. Principles that are relevant to the profession and practice services.
of internal auditing.
2. Rules of Conduct that describe behavior norms expected
of internal auditors. These rules are an aid to interpreting Rules of Conduct
the Principles into practical applications and are intended
to guide the ethical conduct of internal auditors. 1. Integrity
3.2. Shall not use information for any personal gain or in The Recommended Elements of the IPPF are:
any manner that would be contrary to the law or detrimental
to the legitimate and ethical objectives of the organization. Implementation Guidance
Recommended Guidance
4. Competency
Implementation Guides assist internal auditors in
Internal auditors: applying the Standards and Code of Ethics. They
collectively address internal auditing's approach,
methodologies, and consideration, but do not detail
4.1. Shall engage only in those services for which they have processes or procedures.
the necessary knowledge, skills, and experience.
is to promote an ethical culture in the profession of criteria by which the operations of an internal audit
internal auditing. department are evaluated and measured.
They should represent the practice of internal auditing.
address the attributes of organizations and individuals
performing internal auditing.
Contents of the Standard:
The Purpose of the Standards is to: o Purpose, authority, and responsibility
o Independence and objectivity
1. Guide adherence with the mandatory elements of the o Impairment to independence or objectivity
International Professional Practices Framework. o Proficiency and due professional care
2. Provide a framework for performing and promoting a o Quality Assurance and Improvement Program
broad range of value-added internal auditing services.
3. Establish the basis for the evaluation of internal audit
performance.
4. Foster improved organizational processes and Performance Standards (Links to an external site.)
operations.
describe the nature of internal auditing and provide
quality criteria against which the performance of these
services can be measured.
COMPONENTS OF THE STANDARDS Contents of the Standard:
The Standards are a set of principles-based, mandatory o Practices Framework
requirements consisting of: o Managing the internal audit activity
o Nature of work
o Engagement planning
Statements of basic requirements for the o Performing the engagement
professional practice of internal auditing and for o Communicating the results
evaluating the effectiveness of performance that are o Monitoring Progress
internationally applicable at organizational and o Communicating the acceptance of risk.
individual levels.
Interpretations clarifying terms or concepts within
Attribute and Performance Standards apply to all internal
the Standards.
audit services.
Glossary terms (Links to an external site.).
Internal Auditing Standards Board The Chief Audit Executive should possess comprehensive
knowledge and understanding about the:
The official body charged by the IIA with developing
professional standards for internal auditing. Internal Audit Charter
primay responsibility is to provide guidance for Internal Audit Committees roles and responsibilities in
practitioners. the Revised Corporate Code of Good Governance
IIA's Professional Practices Framework, and
2.1 The Chief Audit Executive The Code of Ethics for Internal Auditors
Performance Standards 2000 – Managing the Internal
Audit Activity
The Chief Audit Executive is responsible for properly
The Chief Audit Executive (CAE) must effectively managing the IAA so that:
manage the internal audit activity to ensure it adds
value to the organization. engagement work fulfills the general purposes and
responsibilities described in the charter, approved by
Senior Management, and accepted by the Board.
resources of the Internal Audit Activity are efficiently
The Chief Audit Executive and effectively employed.
engagement work conforms to the Standards for the
a person in a senior position responsible for effectively Professional Practice of Internal Auditing
managing the Internal Audit Activity in accordance
with:
PA 2050 – Coordination and Reliance PA 2060 – Reporting to Senior Management and the
Board
The Chief Audit Executive (CAE) should share
information, coordinate activities, and consider relying The chief audit executive must report periodically to
upon the work of other internal sources and external senior management and the board on the internal
assurance and consulting service providers to audit activity’s purpose, authority, responsibility, and
ensure proper coverage and minimize duplication of performance relative to its plan and on its
efforts. conformance with the Code of Ethics and
Coordinating activities- the CAE may rely on the the Standards.
work of other assurance and consulting service Reporting must also include significant risk and
providers (external service providers). They may be control issues, including fraud risks, governance
engaged by the CAE, Senior Management, or the issues, and other matters that require the attention of
Board. senior management and/or the board..
The frequency and content of reporting are
determined collaboratively by the chief audit
executive, senior management, and the board.
External Service Providers (ESPs)- person or firm, The frequency and content of reporting depend on
independent of the organization, who has special the importance of the information to be
knowledge, skill, and experience in a particular communicated and the urgency of the related actions
discipline (accountants, engineers, lawyers, to be taken by senior management and/or the board.
statisticians, etc.) The chief audit executive’s reporting and
Competency of the ESPs should be determined by communication to senior management and the
considering the following: board must include information about:
o Professional Certification, license, or other o The Internal Audit Charter.
recognition of the ESPs competence in the o Independence of the internal audit activity.
relevant discipline. o The audit plan and progress against the plan.
o Membership of the ESP in an appropriate o Resource requirements.
professional organization and adherence to the o Results of audit activities.
organization's code of ethics. o Conformance with the Code of Ethics and the
o The reputation of the ESP. Standards and action plans to address
o The ESPs experience in the type of work being any significant conformance issues
performed. o Management’s response to the risk that, in the
chief audit executive’s judgment, may
be unacceptable to the organization.