Internal Auditing Standards Flashcards
These are fundamental principles and procedures that make
internal auditing a unique, disciplined and systematic activity
Internal Auditing Standards
conducted in diverse legal and cultural environment; within organizations that vary in purpose, size, complexity, and structure; and by persons within or outside the organization.
Internal auditing
The purpose of the Standards is to:
: Delineate basic principles that represent the practice of internal auditing.
: Provide a framework for performing and promoting a broad range of value-added internal auditing.
: Establish the basis for the evaluation of internal audit performance.
: Foster improved organizational processes and operations.
The Standards are principles-focused, mandatory requirements consisting of:
: Statements of basic requirements for the professional practice of internal auditing and for evaluating the effectiveness or performance that are internationally applicable at organizational and individual levels.
: Interpretations that clarify terms or concepts within the Standards
to specify an unconditional requirement
“Must”
where conformance is expected unless, when applying professional judgment, circumstance justify deviation.
“Should”
address the attributes of organizations and individuals performing internal auditing
Attribute standards
address the characteristics of organizations and parties performing internal audit activities
Attribute standards
describe the nature of internal auditing and provide quality criteria against which the performance of these services can be measured
Performance Standards
1000
Purpose, Authority, and Responsibility
Purpose, Authority, and Responsibility
1000
The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter, consistent with the definition of internal auditing, the Code of Ethics, and the Standards.
1000: Purpose, Authority, and Responsibility
a formal document that defines the internal audit activity’s purpose, authority, and responsibility.
internal audit charter
The nature of assurance services provided to the organization must be defined in the internal audit charter. If assurance are to be provided to parties outside the organization, the nature of these assurance must also be defined in the internal audit charter.
1000.A1
The nature of consulting services must be defined in the internal audit charter.
1000.C1
1010
Recognition of the Definition of Internal Auditing, the Code of Ethics, and the Standards in the Internal Audit Charter
Recognition of the Definition of Internal Auditing, the Code of Ethics, and the Standards in the Internal Audit Charter
1010
The mandatory nature of the Definition of Internal Auditing, the Code of Ethics, and the Standards must be recognized in the internal audit charter. The CAE should discuss the definition of internal auditing, the Code of Ethics, and the Standards with senior management and the board.
1010 – Recognition of the Definition of Internal Auditing, the Code of Ethics, and the Standards in the Internal Audit Charter
1100
Independence and Objectivity
Independence and Objectivity
1100
The internal audit activity must be independent, and internal auditors must be objective in performing their work
1100 – Independence and Objectivity
the freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner.
Independence
To achieve the degree of independence necessary to effectively carry out the responsibilities of the internal audit activity, the CAE has direct and unrestricted access to senior management and the board. This ca be achieved through
a dual-reporting relationship.
Threats to independence must be managed at the
individual auditor, engagement, functional, and organizational levels.
an unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they believe in their work product and that no quality compromises are made.
Objectivity
1110
Organizational Independence
Organizational Independence
1110
The CAE must report to a level within the organization that allows the internal audit activity to fulfill its responsibilities. The CAE must confirm to the board, at least annually, the organizational independence of the internal audit activity.
1110 – Organizational Independence
Examples of functional reporting to the board involve the board:
:Approving the internal audit charter.
:Approving the risk based internal audit plan.
:Receiving communications from the CAE on the interna audit activity’s performance relative to its plan and other matters.
:Approving decisions regarding the appointment and removal of the CAE.
:Making appropriate inquiries of management and the CAE to determine whether there are inappropriate scope or resource limitations.
1111
Direct Interaction with the Board
Direct Interaction with the Board
1111
The CAE communicate and interact directly with the board.
1111 – Direct Interaction with the Board
1120
Individual Objectivity
Individual Objectivity
1120
a situation in which an internal auditor who is in a position of trust has a competing professional or personal interest.
Conflict of Interest
1130
Impairment to Independence or Objectivity
Impairment to Independence or Objectivity
1130
If independence or objectivity is impaired in fact or appearance, the details of the impairment must be disclosed to appropriate parties. The nature of the disclosure will depend on the impairment.
1130 – Impairment to Independence or Objectivity
impairment to organizational independence and individual objectivity may include, but is not limited to
personal conflict of interest, scope limitations, restrictions on access to records, personnel, and properties, and resource limitations, such as funding.
1200
Proficiency and Due Professional Care
Proficiency and Due Professional Care
1200
Engagement must be performed with proficiency and due professional care
1200 – Proficiency and Due Professional Care
The Code of Ethics extends beyond the definition of internal auditing to include two essential components:
Principles and Rules of Conduct
are relevant to the profession and practice of internal auditing: integrity, objectivity, confidentiality, and competency.
Principles
describe behavioral norms expected of internal auditors. These rules are an aid to interpreting the principles into practical applications and are intended to guide the ethical conduct of internal auditors.
Rules of conduct
Proficiency
1210
1210
Proficiency
Internal auditors must possess the knowledge, skills, and other competencies needed to perform their individual responsibilities. The internal audit activity collectively must possess or obtain the knowledge, skills, and other competencies needed to performed its responsibilities.
1210 - Proficiency
a collective term that refers to the professional proficiency required of internal auditors to effectively carry out their professional responsibilities.
Knowledge, skills, and other competencies
Due Professional
1220
1220
Due Professional
Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor. Due professional care does not imply infallibility.
1220 – Due Professional
. Exercising due professional care involves internal auditors being alert to the
to the possibility of fraud, intentional wrongdoing, errors and omissions, inefficiency, waste, ineffectiveness, and conflicts of interest
This also involves internal auditors identifying inadequate controls and recommending improvements to promote conformance with acceptable procedures and practices.
Practice Advisory 1220-1: Due Professional Care
1230
Continuing Professional Development
Continuing Professional Development
1230
Internal auditors must enhance their knowledge, skills, and other competencies through continuing professional development.
1230 – Continuing Professional Development
Quality Assurance and Improvement Standard
1300
1300
Quality Assurance and Improvement Standard
The CAE must develop and maintain a quality assurance and improvement program (QAIP) that covers all aspects of the internal audit activity.
1300 – Quality Assurance and Improvement Standard
designed to enable an evaluation of the internal audit activity’s conformance with the definition of internal auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics
the program also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement.
QAIP
1310
Requirements of the Quality Assurance and Improvement Program
Requirements of the Quality Assurance and Improvement Program
1310
The CAE must develop and maintain a quality assurance and improvement program (QAIP) that covers all aspects of the internal audit activity.
1310 – Requirements of the Quality Assurance and Improvement Program
an ongoing and periodic assessment of the entire spectrum of audit and consulting work performed by the internal audit activity. These ongoing and periodic assessments are composed of rigorous, comprehensive processes, continuous supervision and testing of internal audit and consulting work; the periodic validation of conformance with the definition of internal auditing, the Code of Ethics, and the Standards. This also includes ongoing measurement and analyses of performance metrics (e.g., internal audit plan accomplishment, cycle time, recommendations accepted, and customer satisfaction).
QAIP
QAIPs include an evaluation of
- Conformance with the definition of internal auditing, the Code of Ethics, and the Standards, including timely corrective actions to remedy any significant instances of nonconformance.
- Adequacy of the internal audit activity’s charter, goals, objectives, policies, and procedures.
- Contribution to the organization’s governance, risk management, and control processes.
- Compliance with applicable laws, regulations, and government or industry standards.
- Effectiveness of continuous improvement activities and adoption of best practices.
- The extend to which the internal audit activity adds value and improve the organizations.
Internal auditors must have an impartial, unbiased attitude and avoid any conflict of interest.
1120 – Individual Objectivity