-
IPPF
International Professional Practices Framework
-
IPPF Guidance
Mandatory Guidance
Strongly Recommended
-
IPPF Guidance - MANDATORY
- Definition
- International Standards
- Code of Ethics
-
IPPF Guidance - STRONGLY RECOMMENDED
- Position Papers
- Practice Advisories
- Practice Guides
-
Mandatory Guidance - DEFINITION
VALUE PROPOSITION
Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objective by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes
-
Mandatory Guidance - CODE OF ETHICS
To promote an ethical culture
- Principles
- Rules of Conduct
-
Code of Ethics - PRINCIPLES
- Integrity
- Objectivity
- Confidentiality
- Competency
-
Code of Ethics - Principles - INTEGRITY
- Established trust and provides the basis for reliance on
- internal auditors’ judgment
“The integrity of internal auditors establishes trust and this provides the basis for reliance on their judgment.
Rules of Conduct associated with the integrity principle:
- 1.1 Shall perform
- their work with honesty, diligence and responsibility
1.2 Shall observe the law and make disclosures expected by the law and the profession
1.3 Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization
1.4 Shall respect and contribute to the legitimate and ethical objectives of the organization”
The “price of admission”
-
Code of Ethics - Principles - OBJECTIVITY
Internal auditors are not unduly influenced by their own interests or by others in forming judgments
“Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others forming judgment.
Rules of Conduct associated with the objectivity principle:
- 2.1 Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This
- participation includes those activities or relationships that may be in conflict with the interests of the organization
2.2 Shall not accept anything that may impair or be presumed to impair their professional judgment
- 2.3 Shall disclose all material facts known to them that, if not disclosed, may distort the
- reporting activities under review.”
-
Code of Ethics - Principles - CONFIDENTIALITY
- Internal auditors do not disclose information they receive without proper authority unless there is a legal or professional obligation to
- do so
- “Internal auditors respect the value and ownership of information they receive and do not disclose information without the
- appropriate authority unless there is a legal or professional obligation to do so.
Rules of Conduct associated with the confidentiality principle:
3.1 Shall be prudent in the use and protection of information acquired in the course of their duties.
- 3.2 Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate
- and ethical objectives of the organization.”
-
Code of Ethics - Principles - COMPETENCY
“Internal auditors apply the knowledge, skills and experience needed in the performance of internal audit services.”
- Rules of Conduct associated with the competency principle:
- [“Internal Auditors:]
4.1 Shall engage only in those services for which they have the necessary knowledge, skills and experience.
4.2 Shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing.
4.3 Shall continuously improve their proficiency and the effectiveness and quality of their services.”
-
Mandatory Guidance - INTERNATIONAL STANDARDS
Applies to internal auditors and activities
nDelineate basics principles that represent the practice of internal auditing
nProvide a framework for performing and promoting a broad range of value-added internal auditing
nEstablish the basis for evaluation of internal audit performance
- nFoster improved
- organizational processes and operations
-
Mandatory Guidance - INTERNATIONAL STANDARDS- CONSISTS OF
nStatements: of basic requirements for the practice and for evaluating the effectiveness of performance
nInterpretations: which clarify the terms or concepts within the Statements
-
Mandatory Guidance - INTERNATIONAL STANDARDS- TYPES
nAttribute – addresses the attributes of organizations and individuals performing internal audit
- nPerformance –
- describes the nature of internal auditing and provide quality criteria against which performance of these services can be measured
- nImplementation –
- expand upon the Attribute and Performance Standards by providing the requirements applicable to assurance or consulting activities
-
1000 - 2000
- 1000 = attribute standard
- 2000 = performance standard
- Implementation standard is directly under related att or perf standard
-
A - C
- A is assurance
- C is consulting
-
1220.A3
- 1 - Attribute
- 2 - Proficiency and Due Professional Care
- 20 - Due Professional Care
- A - Assurance Services
- 3 - 3rd Assurance Standard
-
Mandatory Guidance - INTERNATIONAL STANDARDS treat engagements as
- Assurance: objective examination for purpose of providing an independent assessment
- ex: financial, compliance, due dillegence
- Consulting: Advisory
- ex: counsel, advice, training
-
Mandatory Guidance - Attribute Standards
n1000 – Purpose, Authority and Responsibility
n1100 – Independence and Objectivity
n1200 – Proficiency and Due Professional Care
n1300 – Quality Assurance and Improvement Program
-
Mandatory Guidance - Attribute Standard -
1000 Purpose, Authority and Responsibility
Charter must:
n Clearly states the function’s purpose, authority and responsibility
nSpecifies the nature of the assurance and consulting service the function provides
nAcknowledge the IA function’s responsibility to adhere to the Definition, Code of Ethics and the Standards
- nCAE must periodically review the internal audit charter and present it to senior management and the
- board for approval
nFinal approval is the responsibility of the board
-
Mandatory Guidance - Attribute Standard -
1100 – Independence and Objectivity
nIndependence –
nAttribute of an internal audit function
- nFreedom from conditions that threaten the ability of the IA activity to carry out IA
- responsibilities in an unbiased manner
nObjectivity –
nAttribute of an internal auditor
- nAn unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they believe in their work product and that no quality compromises are
- made. Requires that internal auditors do
- not subordinate judgment on audit matters to others
nConflicts of interests – situations in which an internal auditor, who is in a position of trust, has a competing professional or personal interest
-
Mandatory Guidance - Attribute Standard -
1200 – Proficiency and Due Professional Care
nProficiency – knowledge, skills and other competencies needed to fulfill internal audit responsibilities (applies to a function as well as an individual)
nDue care – care and skill expected of a reasonably prudent and competent internal auditor
-
Mandatory Guidance - Attribute Standard -
1300 – Quality Assurance and Improvement Program
nConcept is similar to manufacturing, retail, etc.
nInstills confidence that the product/service possesses the essential features and characteristics intended
nStandard 1300 – CAE must develop and maintain a quality assurance and improvement program that covers all aspects of internal audit
nStandard 1310 – Program must include both internal and external assessments
nStandard 1312 – External assessment must be conducted at least once every five years by a qualified, independent assessor or assessment team from outside of the organization
nStandard 1320 – CAE must communicate results of quality assurance and improvement program to senior management and the board
-
Mandatory Guidance - Performance Standards
Continuous improvement is an ongoing effort to improve products, services or processes
x are all engagement
n2000 – Managing the Internal Audit Activity
n2100 – Nature of Work
x2200 – Engagement Planning
x2300 – Performing the Engagement
x2400 – Communicating Results
x2500 – Monitoring Progress
n2600 – Communicating the Acceptance of Risks
-
Mandatory Guidance - Performance Standards -
2000 – Managing the Internal Audit Activity
nCAE is responsible for managing the internal audit function and ensuring the function adds value to the organization
nInternal audit activity is effectively managed when:
nResults of internal audit activity’s work achieve purpose and responsibility included in the charter
nInternal audit activity conforms with the Definition and the Standards
nIndividuals who are part of internal audit activity demonstrate conformance with the Code of Ethics and the Standards
-
Mandatory Guidance - Performance Standards -
2100 – Nature of Work
nIA activity must evaluate and contribute to the improvement of governance, risk management, and control processes using a systematic and disciplined approach
- n2110 Governance
- n2120 Risk Management
- n2130 Control
-
Mandatory Guidance - Performance Standards -
2200 – Engagement Planning
- 2201: Planning Considerations
- 2210: Engagement Objectives
- 2220: Engagement Scope
- 2230: Engagement Resource Allocation
- 2240: Engagement Work Program
-
Mandatory Guidance - Performance Standards -
2300 – Performing the Engagement
- 2310: Indentifying Information
- 2320: Analysis and Evaluation
- 2330: Documenting Information
- 2340: Engagement Supervision
-
Mandatory Guidance - Performance Standards -
2400 – Communicating Results
nIA function may report that their engagements are conducted in conformance with the International Standards for the Professional Practice of Internal Auditing (if results of the quality assurance and improvement program support the statement)
- nWhen nonconformance with the Definition, Code of Ethics or Standards impacts a specific
- engagement, communication of the results must disclose:
nPrinciple or rule with which full conformance was not achieved
nReason
nImpact on the engagement and communicated results
nCAE is responsible for communicating internal audit engagement results to the appropriate party
-
Mandatory Guidance - Performance Standards -
2500 – Monitoring Progress
- nCAE has responsibility for establishing and maintaining a system to monitor the
- disposition of engagement results communicated
-
Mandatory Guidance - Performance Standards -
2600 – Communicating the Acceptance of Risk
- nAddresses the issue of accepting a level of residual risk that may be unacceptable to the
- organization
nResidual risk is the portion of inherent risk that remains after management executes its risk responses (net risk)
nIf a CAE determines management has accepted a level of risk that may be unacceptable to the organization, the CAE must discuss the matter with senior management
-
Strongly Recommended Guidance
-
Strongly Recommended Guidance -
Practice Advisories
nProvide concise and timely guidance as to how the Standards might be implemented
-
Strongly Recommended Guidance -
Position Papers
nProvide guidance on issues that extend beyond the specifics of how the CAE, internal audit function and individual internal auditors should conduct their work
nWritten for internal auditors and other interested parties outside of the profession
-
Strongly Recommended Guidance -
Practice Guides
nProvide detailed guidance on internal audit tools and techniques
|
|