Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
DEFINITION OF INTERNAL AUDITING Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
CODE OF ETHICS APPLICABILITY & ENFORCEMENT Applies to individuals & entities providing Internal Audit services IIA members & CIA’s will be evaluated as per the rules of the Institute.
CODE OF ETHICS INTEGRITY Internal Auditors shall perform their work with Honesty Diligence Responsibility Observe Laws of the land Respect and contribute for legitimate & ethical objectives of the organisation.
CODE OF ETHICS OBJECTIVITY Be unbiased Will not participate in any activity which can effect objectivity Will not develop any relationship which can effect objectivity Will not accept gifts that can impair professional judgement Present all material facts
CODE OF ETHICS CONFIDENTIALITY Protect information Be prudent in use of information Shall not use information for personal gain Shall not use information that shall be detrimental to the legitimate & ethical objectives of the organization.
CODE OF ETHICS COMPETENCY Will ensure necessary knowledge Will ensure necessary skills Must have adequate experience Continually improve their proficiency and effectiveness Shall perform in accordance with International Standards for Professional Practice of Internal Auditors.
STANDARDS FOR INTERNAL AUDIT 1.Differences in environment 2.Compliance with standards is essential to meet responsibility. 3.Prohibition by local laws on any standard should be disclosed.
STANDARDS FOR ASSURANCE 1.The process owner 2.The internal auditor 3.The user
STANDARDS FOR CONSULTING SERVICES 1.The internal auditor 2.Engagement client The internal auditor should maintain objectivity and not assume management responsibility.
PURPOSE OF STANDARDS 1.Define basic principles 2.Framework for performance 3.Basis for evaluation of internal auditor 4.Foster improved processes and operations.
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING ATTRIBUTE STANDARDS PERFORMANCE STANDARDS IMPLEMENTATION STANDARDS Practice advisories
ATTRIBUTES STANDARDS 1000. Purpose authority & responsibility. Charter
ATTRIBUTES STANDARDS 1100. Independence & Objectivity Organizational independence Free from interference Individual objectivity Disclosure of impairments
ATTRIBUTES STANDARDS 1200. Proficiency & due professional care Knowledge, skills and competencies Should obtain advice and assistance Knowledge of key IT risks and controls Use of computer assisted audit tools Use of data analysis techniques
ATTRIBUTES STANDARDS 1230. Continuing professional development By enhancing knowledge, skills and competencies
ATTRIBUTES STANDARDS Quality assurance and improvement program Periodic internal and external quality assessments. Ongoing reviews External assessments every five years by a qualified independent reviewer / review team. Reporting Use of “conducted in accordance with the International standards for the professional practice of Internal Auditing. Disclosure of non-compliance
PERFORMANCE STANDARDS 2100. Nature of work Risk management - significant exposures - Effectiveness & efficiency operations - Safeguarding - Compliance with laws - Regulations & controls
PERFORMANCE STANDARDS 2100. Nature of work Controls - Maintaining effective controls - Evaluate adequacy & effectiveness of controls - Reliability & integrity of financial and operational information - Effectiveness and efficiency of operations - Safeguarding of assets - Compliance with laws, regulations and contracts
PERFORMANCE STANDARDS 2100. Nature of work Governance -Recommendations for improving governance process to accomplish following objectives -Promoting ethics and values ensuring effective performance and accountability -Communicating risk and control information -Co-ordinating board, external and internal auditors and management
PERFORMANCE STANDARDS 2200. Engagement planning Develop and record a plan for each engagement Planning considerations - Objectives - Risks - Adequacy and effectiveness of controls Establish a written understanding of objectives Scope – sufficient to satisfy objectives Resource allocation Work program
PERFORMANCE STANDARDS 2300. Performing the engagement Identifying information Analysis and evaluation Recording information Engagement supervision
PERFORMANCE STANDARDS 2400. Communicating results Criteria - Define objectives, scope, conclusions and recommendations. - Acknowledge satisfactory performances - Define limitations on distribution and use of results. Quality Disclosure of non-compliance with standards Disseminating results Monitoring progress Resolution of management’s acceptance of risks
IMPLEMENTATION STANDARDS Have been established for (A)Assurance activities (C)Consulting activities
IMPLEMENTATION STANDARDS Apply to specific types of engagements. Multiple sets of implementation standards One set for each major type of internal audit activity
IMPLEMENTATION STANDARDS Implementation standards, guidance and practice advisories are issued by the Professional Issues Committee. Its an ongoing process with extensive consultations and discussions world wide by exposure draft process. Exposure drafts are available at the Institute website at www.theiia.org The committee welcomes comments and suggestions at firstname.lastname@example.org