1

Internal Auditing &

International Standards for
the Professional Practice of
Internal Auditing
2
Internal auditing

Types of Audit:
Operational auditing
Financial reporting
auditing
Compliance auditing

Differences to external
auditing:
Targets the main elements
in the internal control
system
Not obligatory
Internal audiotors principal
(mandator): top
management
Reports to the organization
(not to the general
meeting/wide public)
Wider functions - not
focused on financial
auditing
More skills needed !

3
The official definition
(IIA)
Internal auditing is
an independent, objective
assurance and consulting
activity designed to add
value and improve an
organization's operations.
It helps an organization
accomplish its objectives
by bringing a systematic,
disciplined approach to
evaluate and improve the
effectiveness of risk
management, control, and
governance processes.

The important elements in
the definition:
independent and
objective
assurance and consulting
activity
designed to add value
and improve an
organization's operations
a systematic, disciplined
approach
to evaluate and improve
the effectiveness of
risk management,
control,
and governance
processes.

4
What are they doing in
practice ?
Evaluating whether policies and procedures are being
followed.
Educating management and the board on critical issues.
Monitoring compliance with laws and regulations.
Assessing operations and making best-practice
recommendations.
Providing counsel for improving controls, processes and
procedures, performance, and risk management.
Suggesting ways to reduce costs, enhance revenues,
and improve profits.
Delivering in-house consulting, assurance, and
facilitation services.

5
Assurance and consulting
Performed by professionals with an in-depth
understanding of the business culture,
systems, and processes, the internal audit
activity provides assurance that internal
controls in place are adequate to mitigate the
risks, and organizational goals and objectives
are met.
When there is room for improvement,
internal auditors make recommendations for
enhancing processes, policies, and
procedures.


6
WHY SHOULD AN ORGANIZATION
HAVE INTERNAL AUDITING?

A cornerstone of strong governance, internal
auditing bridges the gap between
management and the board,
assesses the ethical climate and the
effectiveness and efficiency of operations, and
serves as an organizations
safety net for compliance with rules,
regulations, and overall best business
practices. (IIA www.theiia.org)

7
IA Standards and
Guidance
Code of Ethics - 1968
Standards - first issued 1978
Professional Practices Framework
- 2000
International Professional Practices
Framework January 2009
8
.

The IPPF or International Professional Practices
Framework has been developed to organise guidance for
professional internal auditing in a manner that is readily
accessible on a timely basis while strengthening the
position of The IIA as the standard setting body for the
internal audit profession globally.
The IPPF
9
.

The IPPF includes only authoritative guidance developed by IIA
international technical committees following appropriate due process.
It consists of two categories:
Mandatory.
Compliance is required and the guidance is developed following the
appropriate due process, which includes public exposure. Compliance
with the principles set forth in mandatory guidance is essential for the
professional practice of internal auditing.
Strongly Recommended.
Compliance is strongly recommended and the guidance is endorsed by
The IIA. It describes practices for the effective implementation of The
IIAs Code of Ethics and the International Standards for the Professional
Practice of Internal Auditing (Standards).
10
International Professional
Practices Framework (IPPF)
11
12
13
Internal Audit Definition
Internal auditing is an independent,
objective assurance and consulting
activity designed to add value and
improve an organizations operations.
It helps an organization accomplish its
objectives by bringing a systematic,
disciplined approach to evaluate and
improve the effectiveness of risk
management, control, and governance
processes.
14
Code of Ethics
4 Principles
Integrity
Objectivity
Confidentiality
Competency
12 Rules


The purpose of The Institutes Code of Ethics is to promote
an ethical culture in the profession of internal auditing. A
code of ethics is necessary and appropriate for the
profession of internal auditing, founded as it is on the trust
placed in its objective assurance about risk management,
control and governance.
The Institutes Code of Ethics extends beyond the definition
of internal auditing to include two essential components:
15
Code of Ethics
16
17
18
19
The International Standards
Mandatory requirements consisting of:
Statements of basic requirements for
professional practice of internal
auditing
Interpretations which clarify terms or
concepts within the Statements.
Glossary
20
The International Standards
21
Attribute Standards
1000 Purpose, Authority, and Responsibility
1010 Recognition of the Definition of Internal Auditing, the Code of
Ethics, and the Standards in the Internal Audit Charter
1100 Independence and Objectivity
1110 Organizational Independence
1111 Direct Interaction with the Board
1120 Individual Objectivity
1130 Impairment to Independence or Objectivity
1200 Proficiency and Due Professional Care
1210 Proficiency
1220 Due Professional Care
1230 Continuing Professional Development
1300 Quality Assurance and Improvement Program
1310 Requirements of the Quality Assurance and Improvement Program
1311 Internal Assessments
1312 - External Assessments
1320 Reporting on the Quality Assurance and Improvement Program
1321 Use of Conforms with the International Standards for the
Professional Practice of Internal Auditing
1322 Disclosure of Nonconformance
22
Performance Standards
2000 Managing the Internal Audit Activity
2010 Planning
2020 Communication and Approval
2030 Resource Management
2040 Policies and Procedures
2050 Coordination
2060 Reporting to Senior Management and the Board
2070 External Service Provider and Organizational Responsibility for
Internal Auditing
2100 Nature of Work
2110 Governance
2120 Risk Management
2130 Control
2200 Engagement Planning
2201 Planning Considerations
2210 Engagement Objectives
2220 Engagement Scope
2230 Engagement Resource Allocation
2240 Engagement Work Program
23
2300 Performing the Engagement
2310 Identifying Information
2320 Analysis and Evaluation
2330 Documenting Information
2340 Engagement Supervision
2400 Communicating Results
2410 Criteria for Communicating
2420 Quality of Communications
2421 Errors and Omissions
2430 Use of Conducted in Conformance with the International
Standards for the Professional Practice of Internal Auditing
2431 Engagement Disclosure of Nonconformance
2440 Disseminating Results
2450 Overall Opinions
2500 Monitoring Progress
2600 Communicating the Acceptance of Risks
24
Non-mandatory Guidance
Practice
Advisories

Practice Guides

Position Papers
25
Thank You