Академический Документы
Профессиональный Документы
Культура Документы
The Definition of Internal Auditing The IIA Code of Ethics The International Standards for the Professional Practice of Internal Auditing
delineate basic principles that represent the practice of internal auditing as it should be;
delineate basic principles that represent the practice of internal auditing as it should be; provide a framework for performing and promoting a broad range of value-added internal auditing;
delineate basic principles that represent the practice of internal auditing as it should be; provide a framework for performing and promoting a broad range of value-added internal auditing; establish the basis for the evaluation of internal audit performance;
delineate basic principles that represent the practice of internal auditing as it should be; provide a framework for performing and promoting a broad range of value-added internal auditing; establish the basis for the evaluation of internal audit performance; and foster improved organizational processes and operations.
10
Attribute standards
There are four attribute standards:
1. The purpose, authority and responsibility of the internal audit activity must be formally defined in a charter, consistent with the Definition of Internal Auditing, the Code of Ethics and the Standards. The chief audit executive must periodically review the internal audit charter and present it to senior management and the board for approval.
11
12
13
14
Performance standards
There are seven performance standards:
1. The chief audit executive must effectively manage the internal audit activity to ensure that it adds value to the organization.
15
2.
16
2.
3.
17
must
communicate
the
results
of
19
The chief audit executive must establish and maintain a system to monitor the disposition of results communicated to management.
20
must
communicate
the
results
of
6.
The chief audit executive must establish and maintain a system to monitor the disposition of results communicated to management. When the chief audit executive concludes that senior management has accepted a level of residual risk that may be unacceptable to the organization, the chief audit executive must discuss the matter with senior management and, if necessary, the board.
21
7.
Periodic statutory financial reports (of companies whose securities are traded in the United States) must include certifications that:
the signing officers have reviewed the report; the report does not contain any untrue statements, material omissions and is not misleading; the financial statements and related information fairly present the financial position and results in all material respects;
22
Periodic statutory financial reports (of companies whose securities are traded in the United States) must include certifications that:
the signing officers are responsible for internal controls and have evaluated the controls within the last ninety days; a list of all control deficiencies and information on any fraud by employees involved in control activities; any significant changes in controls that could have a negative impact on the internal controls.
23
Management must perform a formal assessment of its controls over financial reporting. Management must include in its annual report an assessment of its controls over financial reporting. The external auditor must provide an opinion on the effectiveness of the system of internal control over financial reporting.
24
a statement of managements responsibility for establishing and maintaining adequate internal control over financial reporting; a statement identifying the control framework used by management in its evaluation; managements assessment of the effectiveness of the internal controls over financial reporting; and a statement that the auditors have issued an attest report on the controls over financial reporting.
25
Organizations must have a formal audit charter to define and communicate the purpose, authority and responsibility of the internal audit department. The charter must be consistent with the definition of internal auditing, the IIA Code of Ethics and the Standards. The charter must be approved by senior management and the board. The charter should establish the position of the internal audit activity within the organization, set out the scope of its activities and guarantee access to personnel and records.
26
audit
Mission and scope of work Accountability Independence Responsibility Authority Standards of audit practice
27
28
29
30
10
the organizational status of the internal audit department the authority and responsibility given to internal auditors
31
the organizational status of the internal audit department the authority and responsibility given to internal auditors the degree of objectivity maintained by internal auditors.
32
Organizational independence
Practice Advisory 1110-1 recommends that:
The chief audit executive should be responsible to an individual in the organization with sufficient authority to promote independence and to ensure broad audit coverage, adequate consideration of engagement communications, and appropriate action on engagement recommendations. Ideally, the chief audit executive should report functionally to the board and administratively to the chief executive officer of the organization. The chief audit executive must have direct communication and interaction with the board of directors.
33
11
Functional reporting
Functional reporting is the reporting line which is responsible for the following activities:
approving the overall charter of the internal audit function; approving the long-term and annual risk-based audit plans; receiving communications from the chief audit executive on the internal audit activitys performance relative to its plan and other matters; approving all decisions regarding the appointment or removal of the chief audit executive; making appropriate inquiries of management and the chief audit executive to determine whether there are scope or budgetary restrictions that impede the ability of the internal audit function to carry out its responsibilities.
34
Administrative reporting
Administrative reporting is the reporting relationship within the management structure that facilitates the day-to-day operations of the internal audit function and includes budgeting and management accounting, human resource administration, internal communications and information flows, and administration of the organizations internal policies and procedures.
35
social pressure; economic interest; personal relationships; familiarity; cultural, racial and gender biases; cognitive biases; self-review; intimidation threat; advocacy threat.
36
12
incentives (rewards, discipline); use of engagement teams; rotation and/or reassignment; training; supervision/review; quality assessments; hiring practices; outsourcing.
37
Impairments to objectivity
If independence or objectivity is impaired, in fact or appearance, the details of the impairment should be disclosed to appropriate parties. A scope limitation is a restriction placed upon the internal audit activity that precludes the audit activity from accomplishing its objectives and plans. Among other things, a scope limitation may restrict audit scope, access to records and personnel, the engagement work schedule, and/or the performance of necessary procedures. A scope limitation, along with its potential effect, should be communicated, preferably in writing, to the board.
38
8.
Identify threat. Assess significance of threat. Identify mitigating factors. Assess residual threat. Proactively manage residual threat. Assess presence of unresolved threats. Determine reporting and disclosure implications. Review and monitoring.
39
13
40
Consulting activities
Consulting activities should be empowered through the Internal Audit Charter and organizations must have ground rules for the performance of consulting services that are understood by all members of the organization. Consulting activities are generally characterized by a principal responsibility to report to the management of the operating unit, in contrast to assurance engagements where the principal responsibility is to senior management and the board of directors.
41
Internal auditors and internal audit departments must possess the knowledge, skills and competencies needed to perform their responsibilities.
42
14
auditors and internal audit departments must possess the knowledge, skills and competencies needed to perform their responsibilities.
2. Internal auditors must apply the care and skills expected of a reasonably prudent and competent internal auditor.
43
auditors and internal audit departments must possess the knowledge, skills and competencies needed to perform their responsibilities.
2. Internal auditors must apply the care and skills expected of a reasonably prudent and competent internal auditor. 3. Internal auditors must enhance their knowledge, skills, and competencies through continuing professional development.
44
45
15
comply with the Code of Ethics of the IIA. have the knowledge and skills to perform internal audits in an efficient and effective manner, including sufficient oral and written communication skills.
46
comply with the Code of Ethics of the IIA. have the knowledge and skills to perform internal audits in an efficient and effective manner, including sufficient oral and written communication skills. understand human relations and maintain satisfactory relationships with auditees.
47
comply with the Code of Ethics of the IIA. have the knowledge and skills to perform internal audits in an efficient and effective manner, including sufficient oral and written communication skills. understand human relations and maintain satisfactory relationships with auditees. maintain their technical competence through continuing education.
48
16
comply with the Code of Ethics of the IIA. have the knowledge and skills to perform internal audits in an efficient and effective manner, including sufficient oral and written communication skills. understand human relations and maintain satisfactory relationships with auditees. maintain their technical competence through continuing education. exercise due professional care in performing their audits.
49
50
to provide services to remote locations; to provide subject matter expertise for specific engagements; to replace the existing internal audit function or provide a part-time internal audit resource for organizations which cannot justify a full-time internal audit department.
51
17
52
53
obtaining expertise not available in-house access to leading edge practices increased coverage subject matter and geographical
54
18
obtaining expertise not available in-house access to leading edge practices increased coverage subject matter and geographical
55
obtaining expertise not available in-house access to leading edge practices increased coverage subject matter and geographical
lack of familiarity with the industry, the company and its culture
57
19
lack of familiarity with the industry, the company and its culture costs may be greater (if used for relatively routine work)
58
lack of familiarity with the industry, the company and its culture costs may be greater (if used for relatively routine work) may require increased supervision
59
lack of familiarity with the industry, the company and its culture costs may be greater (if used for relatively routine work) may require increased supervision resources may not always be available when required
60
20
lack of familiarity with the industry, the company and its culture costs may be greater (if used for relatively routine work) may require increased supervision resources may not always be available when required loss of potential training ground for future managers
61
lack of familiarity with the industry, the company and its culture costs may be greater (if used for relatively routine work) may require increased supervision resources may not always be available when required loss of potential training ground for future managers potential loss of a source of information if provider is also external auditor (no longer permitted for public companies)
62
When outside service providers are used, the chief audit executive should assess their competency, independence and objectivity in relationship to the specific engagement to be performed. The chief audit executive should agree on the scope of work with the outside service provider before work commences. The chief audit executive should ensure that the work done by the outside service provider complies with the appropriate professional standards.
63
21
A well-defined role in the organization Formal performance evaluations Effective communications An integrated risk analysis approach A flexible audit plan with an ability to react when immediate demands arise Experienced personnel A willingness to bring in outside assistance when necessary
64
65
establish risk-based plans to determine priorities for the internal audit activity that are consistent with the organizations goals.
66
22
establish risk-based plans to determine priorities for the internal audit activity that are consistent with the organizations goals. communicate the departments plans and resource requirements to senior management and the board for review and approval.
67
establish risk-based plans to determine priorities for the internal audit activity that are consistent with the organizations goals. communicate the departments plans and resource requirements to senior management and the board for review and approval. ensure that the resources are appropriate, sufficient and effectively deployed to achieve the approved plan.
68
establish risk-based plans to determine priorities for the internal audit activity that are consistent with the organizations goals. communicate the departments plans and resource requirements to senior management and the board for review and approval. ensure that the resources are appropriate, sufficient and effectively deployed to achieve the approved plan. establish policies and procedures to guide the internal audit activity.
69
23
share information and co-ordinate activities with other providers of assurance and consulting activities to avoid duplication.
70
share information and co-ordinate activities with other providers of assurance and consulting activities to avoid duplication.
71
share information and co-ordinate activities with other providers of assurance and consulting activities to avoid duplication.
report periodically to the board relative to the approved plan. establish a quality assurance and improvement program including both internal and external assessments.
72
24
share information and co-ordinate activities with other providers of assurance and consulting activities to avoid duplication.
report periodically to the board relative to the approved plan. establish a quality assurance and improvement program including both internal and external assessments.
communicate the results of external assessments to the board.
73
adopt a process to monitor and assess the overall effectiveness of its quality programs provide for internal assessments performed both by members of the department and by others in the organization arrange for external quality assurance reviews to be conducted at least once every five years report the result of the external assessment to the board
If (and only if) the external assessment concludes that the activities are in full compliance with the Standards, this may be indicated in the reports issued by the department.
74
75
25
Describe the attribute standards and the performance standards governing internal auditing and the key provisions of the Sarbanes-Oxley Act. (Level 1)
76
2.
77
3.
Explain the importance of independence and objectivity in internal auditing and how they are achieved. (Level 1)
78
26
79
Outline the main requirements of using outsourced or co-sourced resources in internal auditing. (Level 2)
80
State the standards for the proper management of the internal audit department, including quality assurance. (Level 1)
81
27
82
28