SlideShare a Scribd company logo

International Professional Practices Framework (IPPF)pdf

A
AavyaSidhu

International Professional Practices Framework

Business
1 of 47
Download to read offline
European Union Internal Audit Training of Trainers Co-funded by The International Professional Practices Framework Jean-Pierre Garitte, CIA, CCSA, CISA, CFE Vienna, 1 February 2018
The International Professional Practices Framework (IPPF)
This webinar refers entirely to the International Professional Practices Framework (IPPF) as promulgated by the global Institute of Internal Auditors (IIA). Future users of this webinar materials should always consult with the website of the IIA, as components of the IPPF are subject to periodical updates. IPPF is Copyright © by The Institute of Internal Auditors, Inc. All rights reserved Important notice
Overview of the IPPF
5 The International Professional Practices Framework
6 What remained unchanged?
7 Remember… • Authoritative professional guidance provided by the Institute of Internal Auditors (The IIA) • Part of the collective knowledge of the Internal Audit profession (CBOK) • Essential elements for the effective delivery of Internal Audit services What does the IPPF represent?
8 IPPF Oversight Council • International Federation of Accountants (IFAC) • National Association of Corporate Directors (NACD) • International Organization of Supreme Audit Institutions (INTOSAI) • Organization for Economic Co-operation and Development (OECD) • The Institute of Internal Auditors (IIA) • The World Bank Organizations represented in the Council:
9 What are the components of the IPPF? Mandatory Guidance • Mission • Core Principles • Definition • Code of Ethics • Standards Recommended Guidance • Implementation Guidance • Supplemental Guidance
10 Mission of Internal Audit The Mission of Internal Audit articulates what internal audit aspires to accomplish within an organization. Its place in the IPPF is deliberate, demonstrating how practitioners should leverage the entire framework to facilitate their ability to achieve the Mission. To enhance and protect organizational value by providing risk-based and objective assurance, advice and insight.
11 Core Principles for the Professional Practice of Internal Auditing (1) The Core Principles, taken as a whole, articulate internal audit effectiveness. For an internal audit function to be considered effective, all Principles should be present and operating effectively. How an internal auditor, as well as an internal audit activity, demonstrates achievement of the Core Principles may be quite different from organization to organization, but failure to achieve any of the Principles would imply that an internal audit activity was not as effective as it could be in achieving its internal audit’s mission.
12 Core Principles for the Professional Practice of Internal Auditing (2) 1. Demonstrates integrity. 2. Demonstrates competence and due professional care. 3. Is objective and free from undue influence (independent). 4. Aligns with the strategies, objectives, and risks of the organization. 5. Is appropriately positioned and adequately resourced.
13 Core Principles for the Professional Practice of Internal Auditing (3) 6. Demonstrates quality and continuous improvement. 7. Communicates effectively. 8. Provides risk-based assurance. 9. Is insightful, proactive, and future-focused. 10. Promotes organizational improvement.
14 Definition of Internal Auditing The Definition of Internal Auditing states the fundamental purpose, nature, and scope of internal auditing. Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
15 Code of Ethics (1) The purpose of The Institute's Code of Ethics is to promote an ethical culture in the profession of internal auditing. The Code of Ethics states the principles and expectations governing behavior of individuals and organizations in the conduct of internal auditing. It describes the minimum requirements for conduct, and behavioral expectations rather than specific activities.
16 Code of Ethics (2) The Institute's Code of Ethics extends beyond the Definition of Internal Auditing to include two essential components: 1. Principles that are relevant to the profession and practice of internal auditing. 2. Rules of Conduct that describe behavior norms expected of internal auditors. These rules are an aid to interpreting the Principles into practical applications and are intended to guide the ethical conduct of internal auditors. "Internal auditors" refers to Institute members, recipients of or candidates for IIA professional certifications, and those who perform internal audit services within the Definition of Internal Auditing.
17 Code of Ethics (3) 1. Integrity The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment. 2. Objectivity Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments Internal auditors are expected to apply and uphold the following principles: 3. Confidentiality Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so. 4. Competency Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services.
18 The Standards (1) Purpose of the Standards is to: 1. Guide adherence with the mandatory elements of the International Professional Practices Framework. 2. Provide a framework for performing and promoting a broad range of value-added internal auditing services. 3. Establish the basis for the evaluation of internal audit performance. 4. Foster improved organizational processes and operations.
19 The Standards (2) Components of the Standards: 1. Statements of basic requirements for the professional practice of internal auditing and for evaluating the effectiveness of performance, which are internationally applicable at organizational and individual levels 2. Interpretations (attached to specific standards) 3. Glossary
20 The Standards (3) The Standards comprise two main categories: 1. Attribute Standards address the attributes of organizations and individuals performing internal auditing. 2. Performance Standards describe the nature of internal auditing and provide quality criteria against which the performance of these services can be measured. Implementation Standards expand upon the Attribute and Performance Standards by providing the requirements applicable to assurance or consulting services.
21 The Attribute Standards 1000 – Purpose, Authority, and Responsibility 1100 – Independence and Objectivity 1200 – Proficiency and Due Professional Care 1300 – Quality Assurance and Improvement Program
22 The Performance Standards 2000 – Managing the Internal Audit Activity 2100 – Nature of Work 2200 – Engagement Planning 2300 – Performing the Engagement 2400 – Communicating Results 2500 – Monitoring Progress 2600 – Communicating the Acceptance of Risks
Changes to the Standards
24 Main Characteristics of Changes to the Standards 1. Addition of new standards 2. Major changes to existing standards 3. Other changes, including interpretation, to existing standards 4. Adherence to principles is emphasized (QAR) 5. Alignment of standards with core principles 6. Clearer wording
25 Addition of new Standards 1. Addition of New Standard 1112: Chief Audit Executive Roles Beyond Internal Auditing. 2. Addition of New Standard 1130.A3. Internal audit may provide assurance services where they had previously performed consulting services.
26 1112 – Chief Audit Executive Roles Beyond Internal Auditing Interpretation: The chief audit executive may be asked to take on additional roles and responsibilities outside of internal auditing, such as responsibility for compliance or risk management activities. These roles and responsibilities may impair, or appear to impair, the organizational independence of the internal audit activity or the individual objectivity of the internal auditor. Safeguards are those oversight activities, often undertaken by the board, to address these potential impairments, and may include such activities as periodically evaluating reporting lines and responsibilities and developing alternative processes to obtain assurance related to the areas of additional responsibility.
27 Three Lines of Defense Model (as conceived by the ECIIA & FERMA in Guidance on the 8th EU Company Law and endorsed in the so-named Position Paper issued by The IIA in Jan. 2013)
28 Balancing Internal Audit’s Roles
29 1130Impairment to Independence or Objectivity If independence or objectivity is impaired in fact or appearance, the details of the impairment must be disclosed to appropriate parties. The nature of the disclosure will depend upon the impairment. Interpretation: Impairment to organizational independence and individual objectivity may include, but is not limited to, personal conflict of interest, scope limitations, restrictions on access to records, personnel, and properties, and resource limitations, such as funding. The determination of appropriate parties to which the details of an impairment to independence or objectivity must be disclosed is dependent upon the expectations of the internal audit activity’s and the chief audit executive’s responsibilities to senior management and the board as described in the internal audit charter, as well as the nature of the impairment.
30 1130Impairment to Independence or Objectivity 1130.A1 Internal auditors must refrain from assessing specific operations for which they were previously responsible. Objectivity is presumed to be impaired if an internal auditor provides assurance services for an activity for which the internal auditor had responsibility within the previous year. 1130.A2 Assurance engagements for functions over which the chief audit executive has responsibility must be overseen by a party outside the internal audit activity. 1130.A3 The internal audit activity may provide assurance services where it had previously performed consulting services, provided the nature of the consulting did not impair objectivity and provided individual objectivity is managed when assigning resources to the engagement.
31 Major changes to existing Standards 1. Change to Standard 2050: Coordination and Reliance.
32 2050 Coordination and Reliance (1) The chief audit executive should share information, coordinate activities, and consider relying upon the work of other internal and external assurance and consulting service providers to ensure proper coverage and minimize duplication of efforts.
33 Three Lines of Defense Model (as conceived by the ECIIA & FERMA in Guidance on the 8th EU Company Law and endorsed in the so-named Position Paper issued by The IIA in Jan. 2013)
34 2050 Coordination and Reliance (2) Interpretation: In coordinating activities, the chief audit executive may rely on the work of other assurance and consulting service providers. A consistent process for the basis of reliance should be established, and the chief audit executive should consider the competency, objectivity, and due professional care of the assurance and consulting service providers. The chief audit executive should also have a clear understanding of the scope, objectives, and results of the work performed by other providers of assurance and consulting services. Where reliance is placed on the work of others, the chief audit executive is still accountable and responsible for ensuring adequate support for conclusions and opinions reached by the internal audit activity.
35 Other changes to existing Standards 1. Reference to mandatory guidance 2. Disclosure of interference 3. Conclusion, oversight and reporting with regard to external quality assessment 4. Managing internal audit with insight and content of reporting 5. Development of engagement objectives
36 1010 – Recognizing Mandatory Guidance in the Internal Audit Charter The mandatory nature of the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the Standards, and the Definition of Internal Auditing must be recognized in the internal audit charter. The chief audit executive should discuss the Mission of Internal Audit and the mandatory elements of the International Professional Practices Framework with senior management and the board.
37 1110 - Organizational Independence 1110.A1 The internal audit activity must be free from interference in determining the scope of internal auditing, performing work, and communicating results. The chief audit executive must disclose such interference to the board and discuss the implications.
38 1312 - External Assessments (1) External assessments must be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the organization. The chief audit executive must discuss with the board: •The form and frequency of external assessment. •The qualifications and independence of the external assessor or assessment team, including any potential conflict of interest.
39 1312 - External Assessments (2) Interpretation: External assessments may be accomplished through a full external assessment, or a self-assessment with independent external validation. The external assessor must conclude as to conformance with the Code of Ethics and the Standards; the external assessment may also include operational or strategic comments. A qualified assessor or assessment team demonstrates competence in two areas: the professional practice of internal auditing and the external assessment process. Competence can be demonstrated through a mixture of experience and theoretical learning. Experience gained in organizations of similar size, complexity, sector or industry, and technical issues is more valuable than less relevant experience. In the case of an assessment team, not all members of the team need to have all the competencies; it is the team as a whole that is qualified. The chief audit executive uses professional judgment when assessing whether an assessor or assessment team demonstrates sufficient competence to be qualified. An independent assessor or assessment team means not having either an actual or a perceived conflict of interest and not being a part of, or under the control of, the organization to which the internal audit activity belongs. The chief audit executive should encourage board oversight in the external assessment to reduce perceived or potential conflicts of interest.
40 1320 - Reporting on the Quality Assurance and Improvement Program The chief audit executive must communicate the results of the quality assurance and improvement program to senior management and the board. Disclosure should include: •The scope and frequency of both the internal and external assessments. •The qualifications and independence of the assessor(s) or assessment team, including potential conflicts of interest. •Conclusions of assessors. •Corrective action plans.
41 2000 - Managing the Internal Audit Activity The chief audit executive must effectively manage the internal audit activity to ensure it adds value to the organization. Interpretation: The internal audit activity is effectively managed when: • It achieves the purpose and responsibility included in the internal audit charter. • It conforms with the Standards. • Its individual members conform with the Code of Ethics and the Standards. • It considers trends and emerging issues that could impact the organization. The internal audit activity adds value to the organization and its stakeholders when it considers strategies, objectives, and risks; strives to offer ways to enhance governance, risk management, and control processes; and objectively provides relevant assurance.
42 2060 - Reporting to Senior Management and the Board (1) The chief audit executive must report periodically to senior management and the board on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan and on its conformance with the Code of Ethics and the Standards. Reporting must also include significant risk and control issues, including fraud risks, governance issues, and other matters that require the attention of senior management and/or the board. Interpretation: The frequency and content of reporting are determined collaboratively by the chief audit executive, senior management, and the board. The frequency and content of reporting depends on the importance of the information to be communicated and the urgency of the related actions to be taken by senior management and/or the board.
43 2060 - Reporting to Senior Management and the Board (2) Interpretation: (continued) The chief audit executive’s reporting and communication to senior management and the board must include information about: • The audit charter. • Independence of the internal audit activity. • The audit plan and progress against the plan. • Resource requirements. • Results of audit activities. • Conformance with the Code of Ethics and the Standards, and action plans to address any significant conformance issues. • Management’s response to risk that, in the chief audit executive’s judgment, may be unacceptable to the organization. These and other chief audit executive communication requirements are referenced throughout the Standards.
44 2210 - Engagement Objectives 2210.A3 – Adequate criteria are needed to evaluate governance, risk management, and controls. Internal auditors must ascertain the extent to which management and/or the board has established adequate criteria to determine whether objectives and goals have been accomplished. If adequate, internal auditors must use such criteria in their evaluation. If inadequate, internal auditors must identify appropriate evaluation criteria through discussion with management and/or the board. Interpretation: Types of criteria may include: • Internal (e.g., policies and procedures of the organization). • External (e.g., laws and regulations imposed by statutory bodies). • Leading practices (e.g., industry and professional guidance).
45 2230 - Engagement Resource Allocation Internal auditors must determine appropriate and sufficient resources to achieve engagement objectives based on an evaluation of the nature and complexity of each engagement, time constraints, and available resources. Interpretation: Appropriate refers to the mix of knowledge, skills, and other competencies needed to perform the engagement. Sufficient refers to the quantity of resources needed to accomplish the engagement with due professional care.
Questions and answers
European Union Internal Audit Training of Trainers Co-funded by The International Professional Practices Framework Jean-Pierre Garitte, CIA, CCSA, CISA, CFE Vienna, 1 February 2018

Recommended

International Professional Practices Framework Mandatory Guidance
International Professional Practices Framework Mandatory GuidanceInternational Professional Practices Framework Mandatory Guidance
International Professional Practices Framework Mandatory GuidanceAziz Fataliyev, Internal Audit Practitioner
 
Presentation on Internal Audit Standards
Presentation on Internal Audit StandardsPresentation on Internal Audit Standards
Presentation on Internal Audit StandardsNahidHasan617654
 
Unit 1
Unit 1Unit 1
Unit 1abedreziq
 
Internal Audit Project
Internal Audit ProjectInternal Audit Project
Internal Audit ProjectSoumeet Sarkar
 
Auditing Standard and Practice
Auditing Standard and Practice Auditing Standard and Practice
Auditing Standard and Practice Bikash Kumar
 
PART II INTERNAL AUDITING in local government.ppt
PART II INTERNAL AUDITING in local government.pptPART II INTERNAL AUDITING in local government.ppt
PART II INTERNAL AUDITING in local government.pptCamellaCandon
 
Internal Audit
Internal AuditInternal Audit
Internal AuditAhmad Tariq Bhatti
 
vdocuments.mx_cia-part-1-slides.ppt
vdocuments.mx_cia-part-1-slides.pptvdocuments.mx_cia-part-1-slides.ppt
vdocuments.mx_cia-part-1-slides.pptFraterne1
 

Recommended

International Professional Practices Framework Mandatory Guidance
International Professional Practices Framework Mandatory GuidanceInternational Professional Practices Framework Mandatory Guidance
International Professional Practices Framework Mandatory GuidanceAziz Fataliyev, Internal Audit Practitioner
 
Presentation on Internal Audit Standards
Presentation on Internal Audit StandardsPresentation on Internal Audit Standards
Presentation on Internal Audit StandardsNahidHasan617654
 
Unit 1
Unit 1Unit 1
Unit 1abedreziq
 
Internal Audit Project
Internal Audit ProjectInternal Audit Project
Internal Audit ProjectSoumeet Sarkar
 
Auditing Standard and Practice
Auditing Standard and Practice Auditing Standard and Practice
Auditing Standard and Practice Bikash Kumar
 
PART II INTERNAL AUDITING in local government.ppt
PART II INTERNAL AUDITING in local government.pptPART II INTERNAL AUDITING in local government.ppt
PART II INTERNAL AUDITING in local government.pptCamellaCandon
 
Internal Audit
Internal AuditInternal Audit
Internal AuditAhmad Tariq Bhatti
 
vdocuments.mx_cia-part-1-slides.ppt
vdocuments.mx_cia-part-1-slides.pptvdocuments.mx_cia-part-1-slides.ppt
vdocuments.mx_cia-part-1-slides.pptFraterne1
 
Internal audit
Internal auditInternal audit
Internal auditiPleaders - Re-engineering Legal education, New Delhi
 
Frequently asked questions on auditing in dubai
Frequently asked questions on auditing in dubaiFrequently asked questions on auditing in dubai
Frequently asked questions on auditing in dubaiManeesha35
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit FrameworkAhmad Tariq Bhatti
 
Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
CIA part 1 essentials of internal auditing
CIA part 1 essentials of internal auditingCIA part 1 essentials of internal auditing
CIA part 1 essentials of internal auditingariundalai1
 
Tyco Internal Audit Case Study
Tyco Internal Audit Case StudyTyco Internal Audit Case Study
Tyco Internal Audit Case StudyJessica Myers
 
The iia s 2017 international professional practices framework
The iia s 2017 international professional practices frameworkThe iia s 2017 international professional practices framework
The iia s 2017 international professional practices frameworkDr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP
 
Topic 4 internal control system (ics)
Topic 4 internal control system (ics)Topic 4 internal control system (ics)
Topic 4 internal control system (ics)sakura rena
 
Auditing Basics
Auditing BasicsAuditing Basics
Auditing BasicsMaan M
 
Internal audit manual template
Internal audit manual templateInternal audit manual template
Internal audit manual templateCenapSerdarolu
 
Improving effectiveness of internal auditing
Improving effectiveness of internal auditingImproving effectiveness of internal auditing
Improving effectiveness of internal auditingPECB
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated frameworkIrfan Ahmed - ACA, CICA
 
Auditing And Assurance Services 4th Edition Louwers Solutions Manual
Auditing And Assurance Services 4th Edition Louwers Solutions ManualAuditing And Assurance Services 4th Edition Louwers Solutions Manual
Auditing And Assurance Services 4th Edition Louwers Solutions ManualAguirreMe
 
Internal control and internal audit presentation for bank
Internal control and internal audit presentation for bankInternal control and internal audit presentation for bank
Internal control and internal audit presentation for bankMohammad Halim Stanikzai
 
LTE_IIA Prof Stds 2009
LTE_IIA Prof Stds 2009LTE_IIA Prof Stds 2009
LTE_IIA Prof Stds 2009Lee T. Emmenderfer, Jr., MBA, CPA
 
Generally Accepted Auditing Standards and types of Audit reports ch3.pptx
Generally Accepted Auditing Standards and types of Audit reports ch3.pptxGenerally Accepted Auditing Standards and types of Audit reports ch3.pptx
Generally Accepted Auditing Standards and types of Audit reports ch3.pptxseidIbrahim2
 
The Objectives Of Internal Audit
The Objectives Of Internal AuditThe Objectives Of Internal Audit
The Objectives Of Internal AuditSonia Sanchez
 
Audit prsentation
Audit prsentationAudit prsentation
Audit prsentationlogyonetimi
 
24201843 studdy-note-8
24201843 studdy-note-824201843 studdy-note-8
24201843 studdy-note-8Akash Saxena
 
Pemeriksaan Menejemen.pptx
Pemeriksaan Menejemen.pptxPemeriksaan Menejemen.pptx
Pemeriksaan Menejemen.pptxJeslynFelice1
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 DelhiCall Girls in Delhi
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 

More Related Content

Similar to International Professional Practices Framework (IPPF)pdf

Frequently asked questions on auditing in dubai
Frequently asked questions on auditing in dubaiFrequently asked questions on auditing in dubai
Frequently asked questions on auditing in dubaiManeesha35
 
CIA part 1 essentials of internal auditing
CIA part 1 essentials of internal auditingCIA part 1 essentials of internal auditing
CIA part 1 essentials of internal auditingariundalai1
 
Tyco Internal Audit Case Study
Tyco Internal Audit Case StudyTyco Internal Audit Case Study
Tyco Internal Audit Case StudyJessica Myers
 
Topic 4 internal control system (ics)
Topic 4 internal control system (ics)Topic 4 internal control system (ics)
Topic 4 internal control system (ics)sakura rena
 
Auditing Basics
Auditing BasicsAuditing Basics
Auditing BasicsMaan M
 
Internal audit manual template
Internal audit manual templateInternal audit manual template
Internal audit manual templateCenapSerdarolu
 
Improving effectiveness of internal auditing
Improving effectiveness of internal auditingImproving effectiveness of internal auditing
Improving effectiveness of internal auditingPECB
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated frameworkIrfan Ahmed - ACA, CICA
 
Auditing And Assurance Services 4th Edition Louwers Solutions Manual
Auditing And Assurance Services 4th Edition Louwers Solutions ManualAuditing And Assurance Services 4th Edition Louwers Solutions Manual
Auditing And Assurance Services 4th Edition Louwers Solutions ManualAguirreMe
 
Internal control and internal audit presentation for bank
Internal control and internal audit presentation for bankInternal control and internal audit presentation for bank
Internal control and internal audit presentation for bankMohammad Halim Stanikzai
 
Generally Accepted Auditing Standards and types of Audit reports ch3.pptx
Generally Accepted Auditing Standards and types of Audit reports ch3.pptxGenerally Accepted Auditing Standards and types of Audit reports ch3.pptx
Generally Accepted Auditing Standards and types of Audit reports ch3.pptxseidIbrahim2
 
The Objectives Of Internal Audit
The Objectives Of Internal AuditThe Objectives Of Internal Audit
The Objectives Of Internal AuditSonia Sanchez
 
Audit prsentation
Audit prsentationAudit prsentation
Audit prsentationlogyonetimi
 
24201843 studdy-note-8
24201843 studdy-note-824201843 studdy-note-8
24201843 studdy-note-8Akash Saxena
 
Pemeriksaan Menejemen.pptx
Pemeriksaan Menejemen.pptxPemeriksaan Menejemen.pptx
Pemeriksaan Menejemen.pptxJeslynFelice1
 

Similar to International Professional Practices Framework (IPPF)pdf (20)

Internal audit
Internal auditInternal audit
Internal audit
 
Frequently asked questions on auditing in dubai
Frequently asked questions on auditing in dubaiFrequently asked questions on auditing in dubai
Frequently asked questions on auditing in dubai
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
 
Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021
 
CIA part 1 essentials of internal auditing
CIA part 1 essentials of internal auditingCIA part 1 essentials of internal auditing
CIA part 1 essentials of internal auditing
 
Tyco Internal Audit Case Study
Tyco Internal Audit Case StudyTyco Internal Audit Case Study
Tyco Internal Audit Case Study
 
The iia s 2017 international professional practices framework
The iia s 2017 international professional practices frameworkThe iia s 2017 international professional practices framework
The iia s 2017 international professional practices framework
 
Topic 4 internal control system (ics)
Topic 4 internal control system (ics)Topic 4 internal control system (ics)
Topic 4 internal control system (ics)
 
Auditing Basics
Auditing BasicsAuditing Basics
Auditing Basics
 
Internal audit manual template
Internal audit manual templateInternal audit manual template
Internal audit manual template
 
Improving effectiveness of internal auditing
Improving effectiveness of internal auditingImproving effectiveness of internal auditing
Improving effectiveness of internal auditing
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated framework
 
Auditing And Assurance Services 4th Edition Louwers Solutions Manual
Auditing And Assurance Services 4th Edition Louwers Solutions ManualAuditing And Assurance Services 4th Edition Louwers Solutions Manual
Auditing And Assurance Services 4th Edition Louwers Solutions Manual
 
Internal control and internal audit presentation for bank
Internal control and internal audit presentation for bankInternal control and internal audit presentation for bank
Internal control and internal audit presentation for bank
 
LTE_IIA Prof Stds 2009
LTE_IIA Prof Stds 2009LTE_IIA Prof Stds 2009
LTE_IIA Prof Stds 2009
 
Generally Accepted Auditing Standards and types of Audit reports ch3.pptx
Generally Accepted Auditing Standards and types of Audit reports ch3.pptxGenerally Accepted Auditing Standards and types of Audit reports ch3.pptx
Generally Accepted Auditing Standards and types of Audit reports ch3.pptx
 
The Objectives Of Internal Audit
The Objectives Of Internal AuditThe Objectives Of Internal Audit
The Objectives Of Internal Audit
 
Audit prsentation
Audit prsentationAudit prsentation
Audit prsentation
 
24201843 studdy-note-8
24201843 studdy-note-824201843 studdy-note-8
24201843 studdy-note-8
 
Pemeriksaan Menejemen.pptx
Pemeriksaan Menejemen.pptxPemeriksaan Menejemen.pptx
Pemeriksaan Menejemen.pptx
 

Recently uploaded

9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 DelhiCall Girls in Delhi
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...Suhani Kapoor
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insightsseri bangash
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 

Recently uploaded (20)

9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insights
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 

International Professional Practices Framework (IPPF)pdf

  • 1. European Union Internal Audit Training of Trainers Co-funded by The International Professional Practices Framework Jean-Pierre Garitte, CIA, CCSA, CISA, CFE Vienna, 1 February 2018
  • 3. This webinar refers entirely to the International Professional Practices Framework (IPPF) as promulgated by the global Institute of Internal Auditors (IIA). Future users of this webinar materials should always consult with the website of the IIA, as components of the IPPF are subject to periodical updates. IPPF is Copyright © by The Institute of Internal Auditors, Inc. All rights reserved Important notice
  • 5. 5 The International Professional Practices Framework
  • 7. 7 Remember… • Authoritative professional guidance provided by the Institute of Internal Auditors (The IIA) • Part of the collective knowledge of the Internal Audit profession (CBOK) • Essential elements for the effective delivery of Internal Audit services What does the IPPF represent?
  • 8. 8 IPPF Oversight Council • International Federation of Accountants (IFAC) • National Association of Corporate Directors (NACD) • International Organization of Supreme Audit Institutions (INTOSAI) • Organization for Economic Co-operation and Development (OECD) • The Institute of Internal Auditors (IIA) • The World Bank Organizations represented in the Council:
  • 9. 9 What are the components of the IPPF? Mandatory Guidance • Mission • Core Principles • Definition • Code of Ethics • Standards Recommended Guidance • Implementation Guidance • Supplemental Guidance
  • 10. 10 Mission of Internal Audit The Mission of Internal Audit articulates what internal audit aspires to accomplish within an organization. Its place in the IPPF is deliberate, demonstrating how practitioners should leverage the entire framework to facilitate their ability to achieve the Mission. To enhance and protect organizational value by providing risk-based and objective assurance, advice and insight.
  • 11. 11 Core Principles for the Professional Practice of Internal Auditing (1) The Core Principles, taken as a whole, articulate internal audit effectiveness. For an internal audit function to be considered effective, all Principles should be present and operating effectively. How an internal auditor, as well as an internal audit activity, demonstrates achievement of the Core Principles may be quite different from organization to organization, but failure to achieve any of the Principles would imply that an internal audit activity was not as effective as it could be in achieving its internal audit’s mission.
  • 12. 12 Core Principles for the Professional Practice of Internal Auditing (2) 1. Demonstrates integrity. 2. Demonstrates competence and due professional care. 3. Is objective and free from undue influence (independent). 4. Aligns with the strategies, objectives, and risks of the organization. 5. Is appropriately positioned and adequately resourced.
  • 13. 13 Core Principles for the Professional Practice of Internal Auditing (3) 6. Demonstrates quality and continuous improvement. 7. Communicates effectively. 8. Provides risk-based assurance. 9. Is insightful, proactive, and future-focused. 10. Promotes organizational improvement.
  • 14. 14 Definition of Internal Auditing The Definition of Internal Auditing states the fundamental purpose, nature, and scope of internal auditing. Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
  • 15. 15 Code of Ethics (1) The purpose of The Institute's Code of Ethics is to promote an ethical culture in the profession of internal auditing. The Code of Ethics states the principles and expectations governing behavior of individuals and organizations in the conduct of internal auditing. It describes the minimum requirements for conduct, and behavioral expectations rather than specific activities.
  • 16. 16 Code of Ethics (2) The Institute's Code of Ethics extends beyond the Definition of Internal Auditing to include two essential components: 1. Principles that are relevant to the profession and practice of internal auditing. 2. Rules of Conduct that describe behavior norms expected of internal auditors. These rules are an aid to interpreting the Principles into practical applications and are intended to guide the ethical conduct of internal auditors. "Internal auditors" refers to Institute members, recipients of or candidates for IIA professional certifications, and those who perform internal audit services within the Definition of Internal Auditing.
  • 17. 17 Code of Ethics (3) 1. Integrity The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment. 2. Objectivity Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments Internal auditors are expected to apply and uphold the following principles: 3. Confidentiality Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so. 4. Competency Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services.
  • 18. 18 The Standards (1) Purpose of the Standards is to: 1. Guide adherence with the mandatory elements of the International Professional Practices Framework. 2. Provide a framework for performing and promoting a broad range of value-added internal auditing services. 3. Establish the basis for the evaluation of internal audit performance. 4. Foster improved organizational processes and operations.
  • 19. 19 The Standards (2) Components of the Standards: 1. Statements of basic requirements for the professional practice of internal auditing and for evaluating the effectiveness of performance, which are internationally applicable at organizational and individual levels 2. Interpretations (attached to specific standards) 3. Glossary
  • 20. 20 The Standards (3) The Standards comprise two main categories: 1. Attribute Standards address the attributes of organizations and individuals performing internal auditing. 2. Performance Standards describe the nature of internal auditing and provide quality criteria against which the performance of these services can be measured. Implementation Standards expand upon the Attribute and Performance Standards by providing the requirements applicable to assurance or consulting services.
  • 21. 21 The Attribute Standards 1000 – Purpose, Authority, and Responsibility 1100 – Independence and Objectivity 1200 – Proficiency and Due Professional Care 1300 – Quality Assurance and Improvement Program
  • 22. 22 The Performance Standards 2000 – Managing the Internal Audit Activity 2100 – Nature of Work 2200 – Engagement Planning 2300 – Performing the Engagement 2400 – Communicating Results 2500 – Monitoring Progress 2600 – Communicating the Acceptance of Risks
  • 24. 24 Main Characteristics of Changes to the Standards 1. Addition of new standards 2. Major changes to existing standards 3. Other changes, including interpretation, to existing standards 4. Adherence to principles is emphasized (QAR) 5. Alignment of standards with core principles 6. Clearer wording
  • 25. 25 Addition of new Standards 1. Addition of New Standard 1112: Chief Audit Executive Roles Beyond Internal Auditing. 2. Addition of New Standard 1130.A3. Internal audit may provide assurance services where they had previously performed consulting services.
  • 26. 26 1112 – Chief Audit Executive Roles Beyond Internal Auditing Interpretation: The chief audit executive may be asked to take on additional roles and responsibilities outside of internal auditing, such as responsibility for compliance or risk management activities. These roles and responsibilities may impair, or appear to impair, the organizational independence of the internal audit activity or the individual objectivity of the internal auditor. Safeguards are those oversight activities, often undertaken by the board, to address these potential impairments, and may include such activities as periodically evaluating reporting lines and responsibilities and developing alternative processes to obtain assurance related to the areas of additional responsibility.
  • 27. 27 Three Lines of Defense Model (as conceived by the ECIIA & FERMA in Guidance on the 8th EU Company Law and endorsed in the so-named Position Paper issued by The IIA in Jan. 2013)
  • 29. 29 1130Impairment to Independence or Objectivity If independence or objectivity is impaired in fact or appearance, the details of the impairment must be disclosed to appropriate parties. The nature of the disclosure will depend upon the impairment. Interpretation: Impairment to organizational independence and individual objectivity may include, but is not limited to, personal conflict of interest, scope limitations, restrictions on access to records, personnel, and properties, and resource limitations, such as funding. The determination of appropriate parties to which the details of an impairment to independence or objectivity must be disclosed is dependent upon the expectations of the internal audit activity’s and the chief audit executive’s responsibilities to senior management and the board as described in the internal audit charter, as well as the nature of the impairment.
  • 30. 30 1130Impairment to Independence or Objectivity 1130.A1 Internal auditors must refrain from assessing specific operations for which they were previously responsible. Objectivity is presumed to be impaired if an internal auditor provides assurance services for an activity for which the internal auditor had responsibility within the previous year. 1130.A2 Assurance engagements for functions over which the chief audit executive has responsibility must be overseen by a party outside the internal audit activity. 1130.A3 The internal audit activity may provide assurance services where it had previously performed consulting services, provided the nature of the consulting did not impair objectivity and provided individual objectivity is managed when assigning resources to the engagement.
  • 31. 31 Major changes to existing Standards 1. Change to Standard 2050: Coordination and Reliance.
  • 32. 32 2050 Coordination and Reliance (1) The chief audit executive should share information, coordinate activities, and consider relying upon the work of other internal and external assurance and consulting service providers to ensure proper coverage and minimize duplication of efforts.
  • 33. 33 Three Lines of Defense Model (as conceived by the ECIIA & FERMA in Guidance on the 8th EU Company Law and endorsed in the so-named Position Paper issued by The IIA in Jan. 2013)
  • 34. 34 2050 Coordination and Reliance (2) Interpretation: In coordinating activities, the chief audit executive may rely on the work of other assurance and consulting service providers. A consistent process for the basis of reliance should be established, and the chief audit executive should consider the competency, objectivity, and due professional care of the assurance and consulting service providers. The chief audit executive should also have a clear understanding of the scope, objectives, and results of the work performed by other providers of assurance and consulting services. Where reliance is placed on the work of others, the chief audit executive is still accountable and responsible for ensuring adequate support for conclusions and opinions reached by the internal audit activity.
  • 35. 35 Other changes to existing Standards 1. Reference to mandatory guidance 2. Disclosure of interference 3. Conclusion, oversight and reporting with regard to external quality assessment 4. Managing internal audit with insight and content of reporting 5. Development of engagement objectives
  • 36. 36 1010 – Recognizing Mandatory Guidance in the Internal Audit Charter The mandatory nature of the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the Standards, and the Definition of Internal Auditing must be recognized in the internal audit charter. The chief audit executive should discuss the Mission of Internal Audit and the mandatory elements of the International Professional Practices Framework with senior management and the board.
  • 37. 37 1110 - Organizational Independence 1110.A1 The internal audit activity must be free from interference in determining the scope of internal auditing, performing work, and communicating results. The chief audit executive must disclose such interference to the board and discuss the implications.
  • 38. 38 1312 - External Assessments (1) External assessments must be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the organization. The chief audit executive must discuss with the board: •The form and frequency of external assessment. •The qualifications and independence of the external assessor or assessment team, including any potential conflict of interest.
  • 39. 39 1312 - External Assessments (2) Interpretation: External assessments may be accomplished through a full external assessment, or a self-assessment with independent external validation. The external assessor must conclude as to conformance with the Code of Ethics and the Standards; the external assessment may also include operational or strategic comments. A qualified assessor or assessment team demonstrates competence in two areas: the professional practice of internal auditing and the external assessment process. Competence can be demonstrated through a mixture of experience and theoretical learning. Experience gained in organizations of similar size, complexity, sector or industry, and technical issues is more valuable than less relevant experience. In the case of an assessment team, not all members of the team need to have all the competencies; it is the team as a whole that is qualified. The chief audit executive uses professional judgment when assessing whether an assessor or assessment team demonstrates sufficient competence to be qualified. An independent assessor or assessment team means not having either an actual or a perceived conflict of interest and not being a part of, or under the control of, the organization to which the internal audit activity belongs. The chief audit executive should encourage board oversight in the external assessment to reduce perceived or potential conflicts of interest.
  • 40. 40 1320 - Reporting on the Quality Assurance and Improvement Program The chief audit executive must communicate the results of the quality assurance and improvement program to senior management and the board. Disclosure should include: •The scope and frequency of both the internal and external assessments. •The qualifications and independence of the assessor(s) or assessment team, including potential conflicts of interest. •Conclusions of assessors. •Corrective action plans.
  • 41. 41 2000 - Managing the Internal Audit Activity The chief audit executive must effectively manage the internal audit activity to ensure it adds value to the organization. Interpretation: The internal audit activity is effectively managed when: • It achieves the purpose and responsibility included in the internal audit charter. • It conforms with the Standards. • Its individual members conform with the Code of Ethics and the Standards. • It considers trends and emerging issues that could impact the organization. The internal audit activity adds value to the organization and its stakeholders when it considers strategies, objectives, and risks; strives to offer ways to enhance governance, risk management, and control processes; and objectively provides relevant assurance.
  • 42. 42 2060 - Reporting to Senior Management and the Board (1) The chief audit executive must report periodically to senior management and the board on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan and on its conformance with the Code of Ethics and the Standards. Reporting must also include significant risk and control issues, including fraud risks, governance issues, and other matters that require the attention of senior management and/or the board. Interpretation: The frequency and content of reporting are determined collaboratively by the chief audit executive, senior management, and the board. The frequency and content of reporting depends on the importance of the information to be communicated and the urgency of the related actions to be taken by senior management and/or the board.
  • 43. 43 2060 - Reporting to Senior Management and the Board (2) Interpretation: (continued) The chief audit executive’s reporting and communication to senior management and the board must include information about: • The audit charter. • Independence of the internal audit activity. • The audit plan and progress against the plan. • Resource requirements. • Results of audit activities. • Conformance with the Code of Ethics and the Standards, and action plans to address any significant conformance issues. • Management’s response to risk that, in the chief audit executive’s judgment, may be unacceptable to the organization. These and other chief audit executive communication requirements are referenced throughout the Standards.
  • 44. 44 2210 - Engagement Objectives 2210.A3 – Adequate criteria are needed to evaluate governance, risk management, and controls. Internal auditors must ascertain the extent to which management and/or the board has established adequate criteria to determine whether objectives and goals have been accomplished. If adequate, internal auditors must use such criteria in their evaluation. If inadequate, internal auditors must identify appropriate evaluation criteria through discussion with management and/or the board. Interpretation: Types of criteria may include: • Internal (e.g., policies and procedures of the organization). • External (e.g., laws and regulations imposed by statutory bodies). • Leading practices (e.g., industry and professional guidance).
  • 45. 45 2230 - Engagement Resource Allocation Internal auditors must determine appropriate and sufficient resources to achieve engagement objectives based on an evaluation of the nature and complexity of each engagement, time constraints, and available resources. Interpretation: Appropriate refers to the mix of knowledge, skills, and other competencies needed to perform the engagement. Sufficient refers to the quantity of resources needed to accomplish the engagement with due professional care.
  • 47. European Union Internal Audit Training of Trainers Co-funded by The International Professional Practices Framework Jean-Pierre Garitte, CIA, CCSA, CISA, CFE Vienna, 1 February 2018