Foundations of internal auditing Flashcards
The IPPF contains both mandatory and recommended guidance. What is included in the mandatory guidance?
Mandatory guidance consists of:
- The mission of internal audit
- The core principles for the profressional practice of internal auditing
- The definition of internal auditing
- The code of ethics
- The standards (international standards for the professional practice of internal auditing)
What is the mission of internal audit?
The mission of internal audit is to:
“enhance and protect organisational value by providing risk based and objective assurance, advice and insight.”
What are three general types of risk-based and objective activities through which internal audit increases and protects organisational value?
- Assurance
- Advice
- Insight
The purpose of Assurance work includes confirming that…
- Management has deployed appropriate activities to achieve its objectives.
- Is managing the risks to those objectives.
- and implements required additional risk mitigation and improvement measures.
What are the 10 Core Principles for the Professional Practice of Internal Auditing?
- Demonstrates integrity.
- Demonstrates competence and due professional care.
- Is objective and independent.
- Aligns with the strategies, objectives, and risks of the organisation.
- Is appropriately positioned and adequately resourced.
- Demonstrates quality and continuous improvement.
- Communicates effectively.
- Provides risk-based assurance.
- Is insightful, proactive, and future-focused.
- Promotes organisational improvement.
Failure to achieve any one of the 10 Core Principles suggests what?
That the internal audit activity is not as effective as it could be.
What is the definition of internal auditing
“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
What is the definition of independence
“The freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner.”
The freedom from conditions that threaten my ability to do my job in an unbiased way.
What is the definition of objectivity
What is the definition of objectivity
“An unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they believe in their work product and that no significant quality compromises are made.
It requires that internal auditors do not subordinate their judgement on audit matters to others.”
What are the two main categories of standards?
- Attribute standards
- Performance standards
What is the internal audit charter?
“The internal audit charter is a formal document that defines the internal audit activity’s purpose, authority, and responsibility. The internal audit charter establishes the internal audit activity’s position within the organization; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities.”
What is the Chief Audit Executive?
“the top position in an organisation responsible for internal audit activities”
What is the Board?
“the highest level governing body responsible for directing and overseeing the organisation’s activities and hold senior management accountable.”
Parties involved in assurance services
The client
The internal auditor
The user or stakeholder
What is the purpose of the Standards
- Guide adherence with the mandatory elements of the IPPF
- Provide a framework for performing services
- A basis for evaluating internal audit performance
- Foster improved organisational processes and operations.
What are the Standards
The Standards are a set of principles-based, mandatory requirements consisting of:
- statements of core requirements for the professional practice of internal auditing
- interpretations clarifying terms or concepts within the Standards
What are Attribute Standards
Attribute Standards address the attributes of organisations and individuals performing internal auditing
What are the Performance Standards
Performance Standards describe the nature of internal auditing and provide quality criteria against which the performance of these services can be measured
What are Implementation Standards
Implementation Standards expand upon the Attribute and Performance Standards by providing the requirements applicable to assurance and/or consulting services
Who do the Standards apply to
The Standards apply to all internal auditors including:
- IIA Members
- The internal audit activity
What is the purpose of the Code of Ethics
The purpose of the Code of Ethics is to promote an ethical culture in the profession of internal auditing
What is the Code of Ethics integrity principle
The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment.
- Integrity - rules of conduct
- 1 Shall perform their work with honesty, diligence, and responsibility
- 2 Shall observe the law and make disclosures expected by the law and the profession
- 3 Shall not knowingly be party to any illegal activity or engage in acts that are discreditable to the profession
- 4 Shall respect and contribute to the legitimate and ethical objectives of the organisation
How can a CAE cultivate integrity within the internal audit activity
- Require internal auditors to agree to follow the Code of Ethics
- Providing training that demonstrates integrity
- CAE setting the tone and acting with integrity
- Create an environment where internal auditors feel supported when expressing observations and opinions
Code of Ethics - Objectivity
Internal auditors are objective when gathering, evaluating, and communicating information about the activity or process being examined.
Internal auditors should make a balanced assessment and not be influenced by their own interests or by others in forming judgments.
What are the rules of conduct for the Objectivity code of ethics principle
- 1 Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment
- 2 Shall not accept anything that may impair or be presumed to impair their professional judgment
- 3 Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review
Code of Ethics - Confidentiality
“Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.”
- Confidentiality - rules of conduct
Internal auditors:
- Shall be prudent in the use and protection of information acquired in the course of their duties.
- Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organisation.
Code of Ethics - Competency
“Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services.”
What are the rules of conduct for the competency principle?
Internal Auditors:
- Shall engage only in those services for which they have the necessary knowledge, skills, and experience.
- Shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing.
- Shall continually improve their proficiency and the effectiveness and quality of their services.
Consulting services are expected to what?
They are intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility