Rodriguez, Zyra Denelle M.

A-331 AAPRINCIPLES

THE INTERNATIONAL PROFESSIONAL PRACTICES FRAMEWORK AND

MANAGING THE INTERNAL AUDIT ACTIVITY

1. What is the International Professional Practices Framework? What is its

primary purpose and to whom is it intended for?

According to the Institute of Internal Auditors’ International Standards for

the Professional Practice of Internal Auditing (2016), the International

Professional Practice Framework or the IPPF is a conceptual framework that

categorizes and organizes the authoritative guidance of IIA, authoritative

guidance pertains to those mandatorily required and not mandatorily required or

those that are recommended. The primary purpose of the IIA standards of

internal auditing is to provide authoritative guidance whether mandatory or

recommended, to all internal auditors in the world.

The mandatory guidance was developed after the establishment of the

due diligence process, this process includes a period of public exposure for the

input of the stakeholders. The mandatory guidance include the core principles for

professional practice of internal auditing, the definition of internal auditing, the

code of ethics, and the international standards for the professional practice of

internal auditing. The recommended guidance, on the other hand, describe the

practices in order to implement the mandatory guidance effectively. It was

endorsed through a formal approval process and its elements include

implementation guidance and supplemental guidance.

Rodriguez, Zyra Denelle M. A-331 AAPRINCIPLES

2. What is Professional Proficiency? How can an internal auditor obtain

such?

Professional Proficiency is defined in the IIA standards as core attributes

that an internal auditor is expected to possess. The standards require that the

internal auditors must possess knowledge, skills, and other competencies in

order for them to perform their professional responsibilities properly. Proficiency

pertains to the internal auditor’s ability to apply technical knowledge without any

assistance, ability to understand the accounting principles, ability to recognize

instances of possible fraud, knowledge to technology cased audit techniques,

familiarity with management policies, satisfactory relationship with coworkers and

clients, and oral and written communication skills.

The internal auditor can obtain such core attributes by obtaining

professional certifications and qualifications such as the Certified Internal Auditor

or Certification in Risk Management Assurance, through education and

experiences, or through other opportunities that will improve auditor’s proficiency.

Aside from these, the internal auditor must not forget other activities for the

continuing professional development (The Institute of Internal Auditors, 2009).

3. What is Due Professional Care? Why is it needed in the conduct of internal

audit activities?
Rodriguez, Zyra Denelle M. A-331 AAPRINCIPLES

Due professional care is defined as auditor’s application of care and skill

that is expected of a prudent or cautious and competent internal auditor. It is

applied by the internal auditor depending on the complexity of the engagements

being performed. When the auditor exercises due professional care, they are

alert and cautious in every step of the engagement for the possible occurrence of

fraud or error, ineffectiveness and inefficiencies, and other conditions and

activities where possible irregularities may occur, including controls and

practices.

Due professional care is important in the conduct of internal audit activities

since although the internal auditor cannot give absolute assurance that there are

no irregularities or noncompliance, there are still possibilities of these

irregularities that the internal auditor must consider. Due professional care

enables the internal auditor to be alert and on guard at all times to avoid all the

irregularities and noncompliance (The Institute of Internal Auditors, 2009).

4. Why is it necessary to participate in continuing professional development

for internal auditors?

Continuing professional development is important for all internal auditors

as it enhances their knowledge, skills, and other competencies. All internal

auditors must participate on continuing professional development activities such

as membership, participation, and volunteer works on organizations, attendance

Rodriguez, Zyra Denelle M. A-331 AAPRINCIPLES

on seminars and trainings, additional self-study courses, and research projects in

order to enhance their proficiency (The Institute of Internal Auditors, 2009).

CPD keeps the internal auditors updated with the current changes in

practices and in the trend, enables them to maintain and enhance their

knowledge and skills for better performance of services, makes them more

effective and efficient in accomplishing their responsibilities, improve

professionalism, and increase in confidence of the internal auditor (Kloosterman,

2012).

5. What are the items we check to determine when an internal audit activity is

managed effectively?

The effective management of internal audit activity adds to the betterment

of the company thus there are certain indicators that show if it is managed

properly. If the internal audit activity is able to achieve its purpose or the

objectives that are mentioned in the internal audit charter, if all activities are done

in accordance to the Standards, if all individual members followed the Standards

and the Code of Ethics, which has five fundamental principles namely: Integrity,

Objectivity, Professional Competence and Due Care, Confidentiality, and

Professional Behavior (Cabrera, M & Cabrera, G., 2020), and if the internal audit

activity is done with consideration to the trends or issues that may affect the
Rodriguez, Zyra Denelle M. A-331 AAPRINCIPLES

company or the organization then it can be said that there is effective

management.

The internal audit activity, if managed properly, adds value not only to the

organization but also to the stakeholders. Effective management is also when it

considers all the more effective strategies to help enhance good governance and

risks management for the more efficient control. The Chief Audit Executive is the

responsible person in the management of the internal audit activity in which their

responsibility includes reviewing the purpose and the responsibilities in the

internal audit activity, studying the organizational plans, consider all trends and

possible issues, and communicate need for additional planning to the board (The

Institute of Internal Auditors, 2016).

6. What are the responsibilities of the Chief Audit Executive (CAE) in

managing the internal audit activities? Identify and explain the role of the

CAE in each.

According to the Institute of Internal Auditors’ International Standards for

the Professional Practice of Internal Auditing (2016), there are six responsibilities

that are needed to be fulfilled by the Chief Audit Executive when managing

internal audit activities that can be found from standard 2010-2060.

6.1 Planning – involves establishing a plan that determines the priorities

and goals of the internal audit activity. This plan must be risk-based
Rodriguez, Zyra Denelle M. A-331 AAPRINCIPLES

and is consistent with the goals of the company or organization. The

CAE must communicate with the senior management and the board in

order to have an understanding regarding the strategies, objectives,

possible risks and ways to handle such risk in the internal audit activity.

Aside from communication, the CAE must review, adjust and improve

the risk-based plan in accordance to changes in the operations.

6.2 Communication and Approval – involves the responsibility of CAE

to communicate all the plans and resource requirements of the internal

audit activity that are subject to the review and approval of the senior

management and the board. Aside from that, the CAE must also

communicate the impacts of the limitations of resources. In here,

communication begins after a thorough planning on the strategies,

risks, limitations, and resource requirements of the internal audit

activity and approval happens when the risk-based plan is approved by

the senior management and the board.

6.3 Resource Management – refers to the responsibility of the CAE to

ensure that all the resource that will be used are appropriate, sufficient,

and used in an effective manner in accordance to the plan. The CAE

must consider all the necessary factors such as the number of staffs

and the budget in order to manage the resources effectively. The CAE

must also be able to see if there is a need for additional resources or if

there is enough funds for the efficient and effective achievement of the

goals and plans.

Rodriguez, Zyra Denelle M. A-331 AAPRINCIPLES

6.4 Policies and Procedures – involves establishing policies and

procedures that will act as guide in the conduct of the internal audit

activity. These policies and procedures must depend on the internal

audit activity’s size, structure, and complexity and they must be aligned

with the required standards, internal audit charter, and organizational

goals.

6.5 Coordination – is the responsibility of the CAE to share all the

information to the staffs and coordinate all the activities done. The CAE

must identify the roles of all the existing staffs by understanding and

reviewing the organizational chart, understanding the scope,

objectives, and work performance of the assurance and service

providers, and review all agendas and minutes of the meetings to

understand and know what type of information and how much

information can be properly shared by the CAE. Reliance is also

important to minimize the duplication of work but the CAE is still

responsible in ensuring the adequate support that is needed for the

internal audit activity.

6.6 Reporting to the Board and Senior Management – it is the

responsibility of the CAE to periodically report all the activities done

from the purpose, authority, responsibility up to the performance if

everything is done in accordance to the plans, the Code of Ethics, and

the Standards. The CAE must also report all the risks and issues that

will require the attention of the board and the senior management. The
Rodriguez, Zyra Denelle M. A-331 AAPRINCIPLES

frequency of reporting will depend on the importance of the

information, urgency or need for related actions to be taken, and CAE,

the board, and the senior management.

7. What are the skills required of an internal auditor? Explain why these are

needed.

According to Birkett et.al (1999) as cited by Prawitt (2003), the attributes

of the internal auditor needed in order to perform task efficiently can be

separated into two: cognitive skills and behavioral skills. Cognitive Skills include:

 Technical Skills – which pertains to ability to follow as defined

routine with mastery like using information technology such as audit

software.

 Analytic/Design Skills – pertains to the ability to identify problems

that may arise and to come up with solutions to solve the

challenges and problems. The use of logical reasoning, evidences,

and analyzations to come up with appropriate solutions.

 Appreciative Skills – is defined as the ability to make appropriate

and creative judgment in situations of uncertainty, recognize

importance in data, having critical thinking, sensing the significant

issues and conflict, and etc.

Behavioral Skills, on the other hand, include:

Rodriguez, Zyra Denelle M. A-331 AAPRINCIPLES

 Personal Skills – which is the ability to handle challenge, stress,

conflict, time pressure, and changes. It also involves honesty,

integrity, adaptiveness, leadership, ability to handle adverse

situations, and etc.

 Interpersonal Skills – involves securing outcomes due to the

ability to interact with others, communication and understanding

audiences, learning from others, having empathy and diplomacy,

and etc.

 Organizational Skills - involves securing outcomes due to the use

of the organization networks and duties, understanding strategies,

adding value, finding ways around the organizations, and etc.

8. On what circumstances does a CAE engage an external service provider?

What does the CAE need to watch out for when engaging such?

There is a need for the CAE to hire an external service provider when the

internal audit activity cannot be performed due to inability to perform the activity

with the necessary knowledge, skills, and competencies. The external service

provider is someone who is independent upon the organization or company, has

the necessary knowledge and skills to perform the activity, and is engaged upon

by the board, the senior management, or the CAE.

When hiring, the organization, must ensure that the internal audit activity

is performed efficiently and effectively with conformance to the Standards and

Rodriguez, Zyra Denelle M. A-331 AAPRINCIPLES

the Code of Ethics. The CAE must also assess certain factors for the internal

service provider such as:

 the educational level and knowledge

 competencies and skills

 professional experiences of the auditor and staff

 professional certifications

 continuing professional education

 policies and procedures relating to the performance of audit

 supervision and review of the staff activities

 quantity of sufficient information

 quality of the documentation, evidences, reports, and

recommendations being made, and the evaluation of all staff

performance

 existing relationship between the internal service provider and the

organization or any relationship that may impair independence

It is also important to understand the scope of the services to be made by

the internal assurance provider and the services fit to the objectives of the audit

plans of the company or organization. The external auditor, on the other hand,

must ensure that the organization is still the responsible entity for maintaining

effective internal audit activity (The Institute of Internal Auditors, 2011).

Rodriguez, Zyra Denelle M. A-331 AAPRINCIPLES

References

Cabrera, M.E.B. & Cabrera, G.A.B. (2020). Principles of Auditing and Assurance

Services (2020-2021 ed.). GIC Enterprise & Co., Inc.

Kloosterman, V. (2012). The importance of continuing professional development.

https://continuingprofessionaldevelopment.org/why-is-cpd-important/

Prawitt, D. (2003). Chapter 6 Managing the Internal Audit Function.

https://na.theiia.org/iiarf/Public%20Documents/Chapter%206%20Managing

%20the%20Internal%20Audit%20Function.pdf

The Institute of Internal Auditors (2016). International Standards for the Professional

Practice of Internal Auditing. https://na.theiia.org/standards-guidance/Public

%20Documents/IPPF-Standards-2017.pdf

The Institute of Internal Auditors (2009). International Standards for the Professional

Practice of Internal Auditing 1210-Proficiency.

https://www.interniaudit.cz/download/ippf/Practice_Advisory/PA%201210-1-

AJ.pdf

The Institute of Internal Auditors (2009). International Standards for the Professional

Practice of Internal Auditing 1220-Due Professional Care.

https://www.interniaudit.cz/download/ippf/Practice_Advisory/PA%201220-1-

AJ.pdf
Rodriguez, Zyra Denelle M. A-331 AAPRINCIPLES

The Institute of Internal Auditors (2009). International Standards for the Professional

Practice of Internal Auditing 1230-Continuing Professional Development.

https://www.interniaudit.cz/download/ippf/Practice_Advisory/PA%201230-1-

AJ.pdf

The Institute of Internal Auditors (2011). Reliance by Internal Audit on Other Assurance

Providers.

https://www.iia.nl/SiteFiles/IIA_leden/Praktijkgidsen/Final_OAP_Practice_Guide_

Dec_2011[1].pdf