Overview of Internal Auditing: by Group 1
Overview of Internal Auditing: by Group 1
Overview of Internal Auditing: by Group 1
IA
INTERNAL AUDITING
INTERNAL AUDITING
BY G R O U P 1
INTERNATIONAL
IA
INTERNAL AUDITING
PROFESSIONAL
PRACTICE FRAMEWORK
INTERNATIONAL
IA
INTERNAL AUDITING
PROFESSIONAL
PRACTICE FRAMEWORK
- A conceptual framework
that organizes authoritative
IA
INTERNAL AUDITING
guidance promulgated by
the Institute of Internal
Auditors
IA
INTERNAL AUDITING
Institute of Internal
Auditors
- trustworthy, global &
guidance-setting body that
IA
INTERNAL AUDITING
provides internal audit
professionals worldwide
with authoritative guidance
organized in the IPPF
International
Professional
Practice
Framework
Add a footer 7
FR
Authoritative Guidance
Add a footer 8
FR
Mandatory Guidance
ELEMENTS
Add a footer 9
FR
Recommended Guidance
ELEMENTS
• Implementation Guidance
• Supplemental Guidance
Add a footer 10
FR
Implementation Guidance
DEFINITION
Add a footer 11
FR
Supplemental Guidance
DEFINITION
Add a footer 12
WHAT IS INTERNAL AUDITING?
INTERNAL AUDITING
• Internal Audit (IA) is an independent, objective
assurance and consulting activity designed to add
value and improve an organization’s operations.
• IA is responsible to assess the effectiveness of risk
management, control and governance processes and
to provide insight and recommendations that can
enhance these processes, particularly relating to:
• Effectiveness of operations;
• Reliability of financial management and
reporting; and
• Compliance with laws and regulations.
Add a footer 13
FR
INTERNAL VS. EXTERNAL AUDITORS
Add a footer 14
FR
SIMILARITIES BETWEEN INTERNAL
AND EXTERNAL AUDITORS
Add a footer 15
The mission of Internal Audit?
• To enhance and protect organizational value by providing risk-
based and objective assurance, advice and insight, whilst
consistently building trust and strengthening the relationship
with our clients, through the delivery of high quality and
distinctive internal audit services.
Add a footer 16
FR
Professional Standards for Internal
Auditors
• According to the IIA Code of Ethics, IAs are expected to uphold the
following principles:
Add a footer 17
FR
The importance of having an Audit
Committee (AC)
The primary purpose of an AC is to provide oversight of the financial
reporting process, the audit process, the system of internal controls
and compliance with laws and regulations.
Add a footer 18
FR
Add a footer 19
FR
TOP LEVEL
Overall objective is to prepare and issue reliable financial information
21
FR
Other Controls
Other Controls
Complementary Function together to achieve same control
objective
Redundant Addresses the same control objective
Compensating Control Reduces the risk that a potential control
weakness will result to a misstatement
22
FR
The International Standards for the
Professional Practice of Internal Auditing
The purpose of the Standards is to: The Standards are a set of principles-based,
• 1. Guide adherence with the mandatory mandatory requirements consisting of:
elements of the International Professional • Statements of core requirements for the
Practices Framework. professional practice of internal auditing
• 2. Provide a framework for performing and and for evaluating the effectiveness of
promoting a broad range of value-added performance that are internationally
internal auditing services.
applicable at organizational and
• 3. Establish the basis for the evaluation of individual levels.
internal audit performance.
• 4. Foster improved organizational processes
and operations.
23
FR
Attribute Standards(S-1000)
Address the characteristics that the internal audit function
and individual internal auditors must possess to perform
effective assurance and consulting services
1200
Proficiency and Due Professional Care
1300
Quality Assurance and Improvement Program
Add a footer 24
FR
1000 Purpose, Authority, and Responsibility
The purpose, authority, and responsibility of the internal audit activity must be
formally defined in an internal audit charter, consistent with the Definition of Internal
Auditing, the Code of Ethics, and the Standards. The chief audit executive must
periodically review the internal audit charter and present it to senior management
and the board for approval.
• 1000.A1 – The nature of assurance services provided to the organization must be defined in the
internal audit charter. If assurances are to be provided to parties outside the organization, the
nature of these assurances must also be defined in the internal audit charter.
• 1000.C1 – The nature of consulting services must be defined in the internal audit charter.
1010
Recognition of the Definition of Internal Auditing, the Code
of Ethics, and the Standards in the Internal Audit Charter
FR
1100 Independence and Objectivity
The internal audit activity must be independent, and internal auditors must be
objective in performing their work.
1110
Organizational Independence
The chief audit executive must report to a level within the organization that allows the
internal audit activity to fulfill its responsibilities. The chief audit executive must confirm
to the board, atleast annually, the organizational independence of the internal audit
activity.
1110.A1 – The internal audit activity must be free from interference in determining
the scope of internal auditing, performing work, and communicating results.
1111 Direct Interaction with the Board
1120
Individual Objectivity
FR
1130 Impairment to Independence or Objectivity
If independence or objectivity is impaired in fact or appearance, the details of the
impairment must be disclosed to appropriate parties. The nature of the disclosure will
depend upon the impairment.
• 1130.A1 – Internal auditors must refrain from assessing specific operations for which they were
previously responsible. Objectivity is presumed to be impaired if an internal auditor provides
assurance services for an activity for which the internal auditor had responsibility within the
previous year.
• 1130.A2 – Assurance engagements for functions over which the chief audit executive has
responsibility must be overseen by a party outside the internal audit activity.
• 1130.C1 – Internal auditors may provide consulting services relating to operations for which they
had previous responsibilities.
• 1130.C2 – If internal auditors have potential impairments to independence or objectivity relating
to proposed consulting services, disclosure must be made to the engagement client prior to
accepting the engagement.
FR
1200 Proficiency and Due Professional Care
• Engagements must be performed with proficiency and due professional care.
1210 Proficiency
Internal auditors must possess the knowledge, skills, and other competencies needed to
perform their individual responsibilities. The internal audit activity collectively must possess
or obtain the knowledge, skills, and other competencies needed to perform its
responsibilities.
1210.A1 – The chief audit executive must obtain competent advice and assistance if the internal auditors
lack the knowledge, skills, or other competencies needed to perform all or part of the engagement.
1210.A2 – Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner
in which it is managed by the organization, but are not expected to have the expertise of a person whose
primary responsibility is detecting and investigating fraud.
1210.A3 – Internal auditors must have sufficient knowledge of key information technology risks and
controls and available technology-based audit techniques to perform their assigned work. However, not
all internal auditors are expected to have the expertise of an internal auditor whose primary
responsibility is information technology auditing.
1210.C1 – The chief audit executive must decline the consulting engagement or obtain competent advice
and assistance if the internal auditors lack the knowledge, skills, or other competencies needed to
Due Professional Care
1220
Internal auditors must apply the care and skill expected of a reasonably prudent and FR
competent internal auditor. Due professional care does not imply infallibility.
1220.A1 – Internal auditors must exercise due professional care by considering the:
Extent of work needed to achieve the engagement’s objectives;
Relative complexity, materiality, or significance of matters to which assurance procedures
are applied;
Adequacy and effectiveness of governance, risk management, and control processes;
Probability of significant errors, fraud, or noncompliance; and
Cost of assurance in relation to potential benefits.
1220.A2 – In exercising due professional care internal auditors must consider the use of
technology-based audit and other data analysis techniques.
1220.A3 – Internal auditors must be alert to the significant risks that might affect objectives,
operations, or resources. However, assurance procedures alone, even when performed with
due professional care, do not guarantee that all significant risks will be identified.
1220.C1 – Internal auditors must exercise due professional care during a consulting
engagement by considering the:
Needs and expectations of clients, including the nature, timing, and communication of
engagement results;
Relative complexity and extent of work needed to achieve the engagement’s objectives; and
Cost of the consulting engagement in relation to potential benefits.
FR
1320
Reporting on the Quality Assurance and Improvement Program
The chief audit executive must communicate the results of the quality assurance and
improvement program to senior management and the board.
1321
Use of “Conforms with the International Standards for the
Professional Practice of Internal Auditing”
The chief audit executive may state that the internal audit activity conforms with the
International Standards for the Professional Practice of Internal Auditing only if the results of
the quality assurance and improvement program support this statement.
1322 Disclosure of Nonconformance
When nonconformance with the Definition of Internal Auditing, the Code of Ethics, or the
Standards impacts the overall scope or operation of the internal audit activity, the chief audit
executive must disclose the nonconformance and the impact to senior management and the
board.
FR
Performance Standards (S-2000)
Describe the nature of internal audit services and the criteria
against which the performance of these services can be
assessed
Managing the Internal Audit Activity
2000
37
FR
IMPLEMENTATION STANDARDS
The Implementation Standards expand upon Attribute and
Performance Standards and provide separate mandatory
instructions for implementing the Attribute Standards and
Performance Standards depending on whether the engagement
is to be for assurance (A) or consulting (C)
Add a footer 38
FR
PRACTICE ADVISORIES
Practice Advisories to help Internal Auditors put the
m a n d a t o r y S t a n d a r d s i n t o p r a c t i c e . PA a r e I I A - e n d o r s e d a n d
provide concise and timely guidance to assist internal
auditors in interpreting and applying the Code of Ethics and
Standards and promoting best practices.
PA ’s a r e i n t e n d e d f o r t h e u s e o f I I A m e m b e r s a n d a r e
therefore password protected on the IIAs website
Add a footer 39
FR
PRACTICE GUIDES
Practice Guides provide detailed guidance for
conducting internal audit activities and include a
detailed processes and procedures such as tools and
techniques, programs, step -by-step approaches
including examples of deliverables.
FR
POSITION PAPERS
P O S I T I O N PA P E R S a r e I I A s t a t e m e n t s t o a s s i s t a w i d e r a n g e o f
interested parties, including those not in the practice in the
internal audit profession in understanding significant
governance , risk or control issues and delineating the related
roles and responsibilities of the internal audit profession.
IA
INTERNAL AUDITING
Thank You.