Internal Auditing - IPPF

  1. IPPF
    International Professional Practices Framework
  2. IPPF Guidance
    Mandatory Guidance

    Strongly Recommended
  3. IPPF Guidance - MANDATORY
    • Definition
    • International Standards
    • Code of Ethics
    • Position Papers
    • Practice Advisories
    • Practice Guides
  5. Mandatory Guidance - DEFINITION

    Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations.  It helps an organization accomplish its objective by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes
  6. Mandatory Guidance - CODE OF ETHICS
    To promote an ethical culture

    • Principles
    • Rules of Conduct
  7. Code of Ethics - PRINCIPLES
    • Integrity
    • Objectivity
    • Confidentiality
    • Competency
  8. Code of Ethics - Principles - INTEGRITY
    • Established trust and provides the basis for reliance on
    • internal auditors’ judgment

    “The integrity of internal auditors establishes trust and this provides the basis for reliance on their judgment.

    Rules of Conduct associated with the integrity principle:

    • 1.1 Shall perform
    • their work with honesty, diligence and responsibility

    1.2 Shall observe the law and make disclosures expected by the law and the profession

    1.3 Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization

    1.4 Shall respect and contribute to the legitimate and ethical objectives of the organization”

    The “price of admission”
  9. Code of Ethics - Principles - OBJECTIVITY
    Internal auditors are not unduly influenced by their own interests or by others in forming judgments

    “Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined.  Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others forming judgment.

    Rules of Conduct associated with the objectivity principle:

    • 2.1 Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment.  This
    • participation includes those activities or relationships that may be in conflict with the interests of the organization

    2.2 Shall not accept anything that may impair or be presumed to impair their professional judgment

    • 2.3 Shall disclose all material facts known to them that, if not disclosed, may distort the
    • reporting activities under review.”
  10. Code of Ethics - Principles - CONFIDENTIALITY
    • Internal auditors do not disclose information they receive without proper authority unless there is a legal or professional obligation to
    • do so

    • “Internal auditors respect the value and ownership of information they receive and do not disclose information without the
    • appropriate authority unless there is a legal or professional obligation to do so.

    Rules of Conduct associated with the confidentiality principle:

    3.1 Shall be prudent in the use and protection of information acquired in the course of their duties.

    • 3.2 Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate
    • and ethical objectives of the organization.”
  11. Code of Ethics - Principles - COMPETENCY
    “Internal auditors apply the knowledge, skills and experience needed in the performance of internal audit services.”

    • Rules of Conduct associated with the competency principle:
    • [“Internal Auditors:]

    4.1 Shall engage only in those services for which they have the necessary knowledge, skills and experience.

    4.2 Shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing.

    4.3 Shall continuously improve their proficiency and the effectiveness and quality of their services.”
  12. Mandatory Guidance - INTERNATIONAL STANDARDS
    Applies to internal auditors and activities

    nDelineate basics principles that represent the practice of internal auditing

    nProvide a framework for performing and promoting a broad range of value-added internal auditing

    nEstablish the basis for evaluation of internal audit performance

    • nFoster improved
    • organizational processes and operations
    nStatements: of basic requirements for the practice and for evaluating the effectiveness of performance

    nInterpretations: which clarify the terms or concepts within the Statements
    nAttribute – addresses the attributes of organizations and individuals performing internal audit

    • nPerformance –
    • describes the nature of internal auditing and provide quality criteria against which performance of these services can be measured

    • nImplementation –
    • expand upon the Attribute and Performance Standards by providing the requirements applicable to assurance or consulting activities
  15. 1000 - 2000
    • 1000 = attribute standard
    • 2000 = performance standard
    • Implementation standard is directly under related att or perf standard
  16. A - C
    • A is assurance
    • C is consulting
  17. 1220.A3
    • 1 - Attribute 
    • 2 - Proficiency and Due Professional Care
    • 20 - Due Professional Care
    • A - Assurance Services
    • 3 - 3rd Assurance Standard
  18. Mandatory Guidance - INTERNATIONAL STANDARDS treat engagements as
    • Assurance: objective examination for purpose of providing an independent assessment
    • ex: financial, compliance, due dillegence

    • Consulting: Advisory
    • ex: counsel, advice, training
  19. Mandatory Guidance - Attribute Standards
    n1000 – Purpose, Authority and Responsibility

    n1100 – Independence and Objectivity

    n1200 – Proficiency and Due Professional Care

    n1300 – Quality Assurance and Improvement Program
  20. Mandatory Guidance - Attribute Standard - 
    1000 Purpose, Authority and Responsibility
    Charter must:

    n Clearly states the function’s purpose, authority and responsibility

    nSpecifies the nature of the assurance and consulting service the function provides

    nAcknowledge the IA function’s responsibility to adhere to the Definition, Code of Ethics and the Standards

    • nCAE must periodically review the internal audit charter and present it to senior management and the
    • board for approval

    nFinal approval is the responsibility of the board
  21. Mandatory Guidance - Attribute Standard -
    1100 – Independence and Objectivity
    nIndependence –

    nAttribute of an internal audit function

    • nFreedom from conditions that threaten the ability of the IA activity to carry out IA
    • responsibilities in an unbiased manner

    nObjectivity –

    nAttribute of an internal auditor

    • nAn unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they believe in their work product and that no quality compromises are
    • made.  Requires that internal auditors do
    • not subordinate judgment on audit matters to others

    nConflicts of interests – situations in which an internal auditor, who is in a position of trust, has a competing professional or personal interest
  22. Mandatory Guidance - Attribute Standard -
    1200 – Proficiency and Due Professional Care
    nProficiency – knowledge, skills and other competencies needed to fulfill internal audit responsibilities (applies to a function as well as an individual)

    nDue care – care and skill expected of a reasonably prudent and competent internal auditor
  23. Mandatory Guidance - Attribute Standard -
    1300 – Quality Assurance and Improvement Program
    nConcept is similar to manufacturing, retail, etc.

    nInstills confidence that the product/service possesses the essential features and characteristics intended

    nStandard 1300 – CAE must develop and maintain a quality assurance and  improvement program that covers all aspects of internal audit

    nStandard 1310 – Program must include both internal and external assessments

    nStandard 1312 – External assessment must be conducted at least once every five years by a qualified, independent assessor  or assessment team from outside of the organization

    nStandard 1320 – CAE must communicate results of quality assurance and improvement program to senior management and the board
  24. Mandatory Guidance - Performance Standards
    Continuous improvement is an ongoing effort to improve products, services or processes

    x are all engagement

    n2000 – Managing the Internal Audit Activity

    n2100 – Nature of Work

    x2200 – Engagement Planning

    x2300 – Performing the Engagement

    x2400 – Communicating Results

    x2500 – Monitoring Progress

    n2600 – Communicating the Acceptance of Risks
  25. Mandatory Guidance - Performance Standards - 
    2000 – Managing the Internal Audit Activity
    nCAE is responsible for managing the internal audit function and ensuring the function adds value to the organization

    nInternal audit activity is effectively managed when:

    nResults of internal audit activity’s work achieve purpose and responsibility included in the charter

    nInternal audit activity conforms with the Definition and the Standards

    nIndividuals who are part of internal audit activity demonstrate conformance with the Code of Ethics and the Standards
  26. Mandatory Guidance - Performance Standards - 
    2100 – Nature of Work
    nIA activity must evaluate and contribute to the improvement of governance, risk management, and control processes using a systematic and disciplined approach

    • n2110 Governance
    • n2120 Risk Management
    • n2130 Control
  27. Mandatory Guidance - Performance Standards -
    2200 – Engagement Planning
    • 2201: Planning Considerations
    • 2210: Engagement Objectives
    • 2220: Engagement Scope
    • 2230: Engagement Resource Allocation
    • 2240: Engagement Work Program
  28. Mandatory Guidance - Performance Standards -
    2300 – Performing the Engagement
    • 2310: Indentifying Information
    • 2320: Analysis and Evaluation
    • 2330: Documenting Information
    • 2340: Engagement Supervision
  29. Mandatory Guidance - Performance Standards -
    2400 – Communicating Results
    nIA function may report that their engagements are conducted in conformance with the International Standards for the Professional Practice of Internal Auditing (if results of the quality assurance and improvement program support the statement)

    • nWhen nonconformance with the Definition, Code of Ethics or Standards impacts a specific
    • engagement, communication of the results must disclose:

    nPrinciple or rule with which full conformance was not achieved


    nImpact on the engagement and communicated results

    nCAE is responsible for communicating internal audit engagement results to the appropriate party
  30. Mandatory Guidance - Performance Standards -
    2500 – Monitoring Progress
    • nCAE has responsibility for establishing and maintaining a system to monitor the
    • disposition of engagement results communicated
  31. Mandatory Guidance - Performance Standards -
    2600 – Communicating the Acceptance of Risk
    • nAddresses the issue of accepting a level of residual risk that may be unacceptable to the
    • organization

    nResidual risk is the portion of inherent risk that remains after management executes its risk responses (net risk)

    nIf a CAE determines management has accepted a level of risk that may be unacceptable to the organization, the CAE must discuss the matter with senior management
  32. Strongly Recommended Guidance
  33. Strongly Recommended Guidance -
    Practice Advisories
    nProvide concise and timely guidance as to how the Standards might be implemented
  34. Strongly Recommended Guidance -
    Position Papers
    nProvide guidance on issues that extend beyond the specifics of how the CAE, internal audit function and individual internal auditors should conduct their work

    nWritten for internal auditors and other interested parties outside of the profession
  35. Strongly Recommended Guidance -
    Practice Guides
    nProvide detailed guidance on internal audit tools and techniques
Card Set
Internal Auditing - IPPF
Internal Auditing - IPPF