PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER

PROFESSIONAL PRACTICES FRAMEWORK PPF

PPF INCLUDES  DEFINITION OF INTERNAL AUDITING  CODE OF ETHICS  STANDARDS  GUIDANCE  PRACTICE ADVISORIES

DEFINITION OF INTERNAL AUDITING

Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

DEFINITION OF INTERNAL AUDITING Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

INTERNAL AUDITOR  Independent  Objective  Consulting  Add Value  Improve  Systematic  Disciplined  Evaluate  Effective

CODE OF ETHICS

Broadly covers :  Applicability & enforcement  Principles  Rules of conduct  Integrity  Objectivity  Confidentiality  Competency

CODE OF ETHICS APPLICABILITY & ENFORCEMENT  Applies to individuals & entities providing Internal Audit services  IIA members & CIA’s will be evaluated as per the rules of the Institute.

CODE OF ETHICS INTEGRITY Internal Auditors shall perform their work with  Honesty  Diligence  Responsibility  Observe Laws of the land  Respect and contribute for legitimate & ethical objectives of the organisation.

CODE OF ETHICS OBJECTIVITY  Be unbiased  Will not participate in any activity which can effect objectivity  Will not develop any relationship which can effect objectivity  Will not accept gifts that can impair professional judgement  Present all material facts

CODE OF ETHICS CONFIDENTIALITY  Protect information  Be prudent in use of information  Shall not use information for personal gain  Shall not use information that shall be detrimental to the legitimate & ethical objectives of the organization.

CODE OF ETHICS COMPETENCY  Will ensure necessary knowledge  Will ensure necessary skills  Must have adequate experience  Continually improve their proficiency and effectiveness  Shall perform in accordance with International Standards for Professional Practice of Internal Auditors.

STANDARDS

STANDARDS FOR INTERNAL AUDIT 1.Differences in environment 2.Compliance with standards is essential to meet responsibility. 3.Prohibition by local laws on any standard should be disclosed.

STANDARDS FOR ASSURANCE 1.The process owner 2.The internal auditor 3.The user

STANDARDS FOR CONSULTING SERVICES 1.The internal auditor 2.Engagement client The internal auditor should maintain objectivity and not assume management responsibility.

PURPOSE OF STANDARDS 1.Define basic principles 2.Framework for performance 3.Basis for evaluation of internal auditor 4.Foster improved processes and operations.

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING  ATTRIBUTE STANDARDS  PERFORMANCE STANDARDS  IMPLEMENTATION STANDARDS Practice advisories

ATTRIBUTES STANDARDS Purpose authority & responsibility. Charter

ATTRIBUTES STANDARDS Independence & Objectivity Organizational independence Free from interference Individual objectivity Disclosure of impairments

ATTRIBUTES STANDARDS Proficiency & due professional care Knowledge, skills and competencies Should obtain advice and assistance Knowledge of key IT risks and controls Use of computer assisted audit tools Use of data analysis techniques

ATTRIBUTES STANDARDS Continuing professional development By enhancing knowledge, skills and competencies

ATTRIBUTES STANDARDS Quality assurance and improvement program Periodic internal and external quality assessments. Ongoing reviews External assessments every five years by a qualified independent reviewer / review team. Reporting Use of “conducted in accordance with the International standards for the professional practice of Internal Auditing. Disclosure of non-compliance

PERFORMANCE STANDARDS

2000. Managing the Internal Audit activity  Planning  Communication & Approval  Resource Management  Policies & Procedures  Co-ordination  Reporting

PERFORMANCE STANDARDS Nature of work  Risk management - significant exposures - Effectiveness & efficiency operations - Safeguarding - Compliance with laws - Regulations & controls

PERFORMANCE STANDARDS Nature of work  Controls - Maintaining effective controls - Evaluate adequacy & effectiveness of controls - Reliability & integrity of financial and operational information - Effectiveness and efficiency of operations - Safeguarding of assets - Compliance with laws, regulations and contracts

PERFORMANCE STANDARDS Nature of work  Governance -Recommendations for improving governance process to accomplish following objectives -Promoting ethics and values ensuring effective performance and accountability -Communicating risk and control information -Co-ordinating board, external and internal auditors and management

PERFORMANCE STANDARDS Engagement planning  Develop and record a plan for each engagement  Planning considerations - Objectives - Risks - Adequacy and effectiveness of controls  Establish a written understanding of objectives  Scope – sufficient to satisfy objectives  Resource allocation  Work program

PERFORMANCE STANDARDS Performing the engagement  Identifying information  Analysis and evaluation  Recording information  Engagement supervision

PERFORMANCE STANDARDS Communicating results  Criteria - Define objectives, scope, conclusions and recommendations. - Acknowledge satisfactory performances - Define limitations on distribution and use of results.  Quality  Disclosure of non-compliance with standards  Disseminating results  Monitoring progress  Resolution of management’s acceptance of risks

IMPLEMENTATION STANDARDS Practice advisories

IMPLEMENTATION STANDARDS Have been established for (A)Assurance activities (C)Consulting activities

IMPLEMENTATION STANDARDS  Apply to specific types of engagements.  Multiple sets of implementation standards  One set for each major type of internal audit activity

IMPLEMENTATION STANDARDS  Implementation standards, guidance and practice advisories are issued by the Professional Issues Committee.  Its an ongoing process with extensive consultations and discussions world wide by exposure draft process.  Exposure drafts are available at the Institute website at  The committee welcomes comments and suggestions at

Thank You