4

Device

Chapter2PPT4thedition.pptx

Home >Business & Finance homework help >Accounting homework help >4

Internal Auditing: Assurance & Advisory Services

4th edition

THE INTERNATIONAL PROFESSIONAL PRACTICES FRAMEWORK:

AUTHORITATIVE GUIDANCE FOR THE INTERNAL AUDIT PROFESSION

Chapter 2

Chapter 2: The International Professional Practices Framework

Learning objectives

Know the history behind the current professional guidance for the practice of internal auditing.

Describe the structure of the International Professional Practices Framework (IPPF) and the categories of authoritative guidance it provides.

Understand the relationship between the Mission of Internal Auditing and the elements of the IPPF.

Understand the mandatory IPPF.

Understand the recommended IPPF guidance

Describe how the IPPF is kept current.

Understand how the authoritative guidance promulgated by other professional organizations affects the practice of internal auditing.

Chapter 2: The International Professional Practices Framework

Where did it all start?

Size and complexity of organizations drove the development of standards

IIA in 1941 and first guidance in 1947 (Statement of Responsibilities of the Internal Auditor)

First financial and then operational

Common Body of Knowledge in 1972

First issuance of Standards in 1978

Definition and Professional Practice Framework 2000

2009 Standards become global

2017 Current IPPF

Chapter 2: The International Professional Practices Framework

Guidance for the profession

Why a Code of Ethics and Standards?

Chapter 2: The International Professional Practices Framework

IPPF Elements

Chapter 2: The International Professional Practices Framework

Mission of internal audit

To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.

Chapter 2: The International Professional Practices Framework

Core principles

Articulate the key elements that describe internal audit effectiveness and support the principles-based standards and code of ethics

Are fundamental truths or propositions that serve as the foundation for a system of belief or behavior or a chain of reasoning

Taken as a whole, articulate internal audit effectiveness

To be considered effective, all Principles should be present and operating effectively

How the internal audit function demonstrates achievement of the Principles may be quite different

Failure to achieve any of the Principles implies that an internal audit function was not as effective as it could be in achieving its mission

Add exhibit 1-1

Chapter 2: The International Professional Practices Framework

definition of internal auditing

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Chapter 2: The International Professional Practices Framework

Code of ethics

Four Principles

Integrity

Objectivity

Confidentiality

Competency

Rules of conduct set out the behavior norms that the internal auditor should follow to put the principles into practice.

Chapter 2: The International Professional Practices Framework

The international standards for the professional practice of internal auditing

Attribute Standards (characteristics necessary to provide effective internal audit services)

Performance Standards (description of internal audit services and expected quality)

Implementation Standards (more specific guidance relative to specific audit types)

Chapter 2: The International Professional Practices Framework

Purpose of standards

Set out basic principles

Provide a framework for performing and promoting internal audit

Establish a basis for evaluating internal audit performance

Foster and promote organizational processes and operations

Standards apply to assurance and consulting engagements

Chapter 2: The International Professional Practices Framework

Assurance and consulting

services

Chapter 2: The International Professional Practices Framework

The three pillars of effective

internal audit services

Chapter 2: The International Professional Practices Framework

Attribute standards

Attributes of organizations and individuals performing internal audit services

For assurance, consulting and other activities

Purpose, Authority, and Responsibility

Independence and Objectivity

Proficiency and Due Professional Care

Quality Assurance and Improvement Program

Chapter 2: The International Professional Practices Framework

Structure of standards

Standard

Interpretation

Implementation Standard

Glossary

Add exhibit 1-1

Chapter 2: The International Professional Practices Framework

Purpose, Authority, and Responsibility

(Standard 1000)

Applies to internal and external

Charter is key to understanding roles and responsibilities

Nature of assurance and consulting activities

How third party service contracts may be handled

Charter is reviewed (usually annually) by the Audit Committee of the Board of Directors

Chapter 2: The International Professional Practices Framework

Independence and objectivity

(Standard 1100)

Key area within the Attribute Standards

Organization independence and individual objectivity

Individual’s objectivity can be compromised by incentives, personal relationships and task-related threats

Organizationally the internal audit group must report relatively high within the organization to show and foster independence

Chapter 2: The International Professional Practices Framework

Proficiency and due professional care

(Standard 1200)

Poor knowledge and skills = bad audit

Internal audit skills and techniques

Written and oral skills

Knowledge of key risks and controls

Use of computer based tools (usually company specific)

Applies to audit department as well as the individual auditor

Chapter 2: The International Professional Practices Framework

Quality assurance and improvement program

(Standard 1300)

Constant, ongoing process

Considers whether internal audit carried out its responsibilities appropriately

CAE has responsibility

Standard 1310 requires two types of assessments

Internal reviews are typically through board review

External reviews must occur at least every five years

Chapter 2: The International Professional Practices Framework

Performance standards

Describe the nature of internal audit services and provide quality criteria against which the performance of these services can be measured

Managing the Internal Auditing Activity

Nature of Work

Engagement Planning

Performing the Engagement

Communicating Results

Monitoring Progress

Communicating the Acceptance of Risks

Chapter 2: The International Professional Practices Framework

Managing the internal audit activity

(Standard 2000)

The chief audit executive must effectively manage the internal audit activity to ensure it adds value to the organization.

Interpretation

The internal audit activity is effectively managed when:

It achieves the purpose and responsibility included in the internal audit charter.

It conforms with the Standards.

Its individual members conform with the Code of Ethics and the Standards.

It considers trends and emerging issues that could impact the organization.

Chapter 2: The International Professional Practices Framework

Managing the internal audit activity

Standard 2010 – Planning

The CAE must establish a risk-based plan to determine the priorities of the internal audit activity, consistent with the organization's goals.

2010.A1

Based on a risk assessment

Undertaken at least annually

Input of senior management and the board

2010.C1

Potential to improve management of risks, add value, and improve operations.

Engagements that have been accepted should be included in the plan

Chapter 2: The International Professional Practices Framework

Managing the internal audit activity

2020 – Communication and Approval

2030– Resource Management

2040 – Policies and Procedures

2050 – Coordination and Reliance

2060 – Reporting to the Board and Senior Management

2070 – External Service Provider and Organizational Responsibility for Internal Auditing

Chapter 2: The International Professional Practices Framework

The nature of internal auditing work

(Standard 2100)

The internal audit activity must evaluate and contribute to the improvement of governance, risk management, and control processes using a systematic, disciplined and risk-based approach.

Internal audit credibility and value are enhanced when auditors are proactive and their evaluations offer new insights and consider future impact.

Chapter 2: The International Professional Practices Framework

governance

(Standard 2110)

The internal audit activity must assess and make appropriate recommendations to improve the organization’s governance processes for:

Making strategic and operational decisions.

Overseeing risk management and control.

Promoting appropriate ethics and values within the organization.

Ensuring effective organizational performance management and accountability.

Communicating risk and control information to appropriate areas of the organization.

Coordinating the activities of, and communicating information among, the board, external and internal auditors, other assurance providers, and management.

Chapter 2: The International Professional Practices Framework

governance

2110.A1 – The internal audit activity must evaluate the design, implementation, and effectiveness of the organization’s ethics-related objectives, programs, and activities.

2110.A2 – The internal audit activity must assess whether the information technology governance of the organization supports the organization’s strategies and objectives.

Chapter 2: The International Professional Practices Framework

Risk management

(Standard 2120)

The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes.

Chapter 2: The International Professional Practices Framework

Control

(Standard 2130)

The internal audit activity must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement.

Chapter 2: The International Professional Practices Framework

Core competencies

Chapter 2: The International Professional Practices Framework

Quality assurance

Chapter 2: The International Professional Practices Framework

The engagement

Chapter 2: The International Professional Practices Framework

Implementation

guidance

Chapter 2: The International Professional Practices Framework

Implementation guide

example

Chapter 2: The International Professional Practices Framework

Implementation guide

Example (cont’d)

Chapter 2: The International Professional Practices Framework

Implementation guide

Example (cont’d)

Chapter 2: The International Professional Practices Framework

Implementation guide

Example (cont’d)

Chapter 2: The International Professional Practices Framework

supplemental guidance

Additional guidance for conducting internal audit activities.

Not expected to link directly to conformance with Standards as the Implementations Guide.

Chapter 2: The International Professional Practices Framework

IPPF Guidance

Development process