Tallahassee Chapter of the Institute of Internal Auditors · PDF fileTallahassee Chapter of...
Transcript of Tallahassee Chapter of the Institute of Internal Auditors · PDF fileTallahassee Chapter of...
9/28/2016
1
TALLAHASSEE CHAPTER
Tallahassee Chapter of the Institute of Internal Auditors
Standards for the Professional Practice
of Internal Auditing
for AIC, Manager, and Director
Sam McCall, PhD, CPA, CGMA, CGFM, CIA, CGAP, CIG
Chief Audit Officer
Florida State University
TALLAHASSEE CHAPTER
What We Will Cover Today
IIA Organization and Purpose
IPPF - International Professional Practice Framework
Mandatory Guidance
Core Principles
Code of Ethics
The Definition of Internal Auditing
The Standards
Recommended Guidance (not Standards)
2
TALLAHASSEE CHAPTER 3
The IIA Organization
The Institute of Internal Auditors is an international
organization
Standards are global
IIA membership includes the public, private, and
nonprofit sector
9/28/2016
2
TALLAHASSEE CHAPTER 4
IIA Milestones 1941 - 1974
1941 - IIA is
established in NY
1947 - The
Statement of
Responsibilities is
issued
1968 - The Code
of Ethics is
approved
1972 - The IIA
moves to Florida
Altamonte Springs
1973 - 8000 CIAs
are grand-fathered
1974 - The first
CIA Exam
TALLAHASSEE CHAPTER 5
IIA Milestones 1978 - 2012
1978 - The Standards are
approved
1982 - California becomes the
first state government to adopt
the IIA Standards.
1986 State of Florida passes
the Chief Internal Audit Act
1992 - COSO defines internal
control
1998 - 63,000 members, and
the Guidance Task Force
appointed
1999 New definition
of internal auditing and
a new Framework for
the Professional
Practice of Internal
Auditing
2016 - More than
185,000 members
worldwide. Over 160
chapters with 70,000
members in North
America
TALLAHASSEE CHAPTER
Why Standards
are Important
Broad perspective on what youre supposed to
be doing
Help audit to be viewed as
adding value
They lay the ground work, but are not the
ultimate goal
Help improve the dialogue about the profession
They are the bar that
every auditor should
comply with
Peace of mind for stakeholders and confidence
in a quality product
9/28/2016
3
TALLAHASSEE CHAPTER
TALLAHASSEE CHAPTER
AICPA - AU-C Section 610 - Using
the Work of Internal Auditors
Factors to consider:
The level of competency of the internal auditors
Whether the organizational status and relevant
polices adequately support the objectivity of the
internal auditors
Whether the function applies a systematic and
disciplined approach, including quality control
TALLAHASSEE CHAPTER
The IPPF & the professional
practice of internal auditing
The International Professional Practices Framework 2013 IPPF
The Red Book
9/28/2016
4
TALLAHASSEE CHAPTER
TALLAHASSEE CHAPTER
Mission of Internal Audit The Mission of Internal Audit articulates what internal audit aspires to accomplish within an organization. Its place in the New IPPF is deliberate, demonstrating how practitioners should leverage the entire framework to facilitate their ability to achieve the Mission.
To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.
TALLAHASSEE CHAPTER
Core Principles for the Professional Practice of Internal Auditing
Demonstrates integrity. Demonstrates competence and due professional care. Is objective and free from undue influence -
independent. Aligns with the strategies, objectives, and risks of the
organization. Is appropriately positioned and adequately resourced. Demonstrates quality and continuous improvement. Communicates effectively. Provides risk-based assurance services. Is insightful, proactive, and future-focused. Promotes organizational improvement.
9/28/2016
5
TALLAHASSEE CHAPTER 13
IIA Code of Ethics
Integrity - establishes trust and thus provides the basis
for reliance on the auditors judgment.
Objectivity - a balanced assessment of all the relevant
circumstances and are not unduly influenced by their
own interests or by others in forming judgments.
Confidentiality - do not disclose information without
appropriate authority unless there is a legal or
professional obligation to do so.
Competency - apply the knowledge, skills, and
experience needed in the performance of internal
auditing services
TALLAHASSEE CHAPTER 14
IIA Definition of Internal Auditing
Internal Auditing is an independent,
objective assurance and consulting activity
designed to add value and improve an
organizations operations. It helps an
organization accomplish its objectives by
bringing a systematic, disciplined approach
to evaluate and improve the effectiveness
of risk management, control, and
governance processes.
TALLAHASSEE CHAPTER 15
Definition of Assurance Services
Assurance services involve the internal auditors
objective assessment of evidence for the
purpose of providing an independent
assessment on governance, risk management,
and control processes for the organization.
Examples may include financial, performance,
compliance, system security, and due diligence
engagements.
9/28/2016
6
TALLAHASSEE CHAPTER 16
Assurance Services A 3-Party Arrangement
TALLAHASSEE CHAPTER 17
IIA - Definition of Consulting
Advisory and related client service
activities, the nature and scope of
which are agreed with the client, are
intended to add value and improve an
organizations governance, risk
management, and control processes
without the internal auditor
assuming management
responsibility. Examples include
counsel, advice, facilitation and
training.
TALLAHASSEE CHAPTER 18
Consulting Services A 2-Party Arrangement
9/28/2016
7
TALLAHASSEE CHAPTER
Overview of the IIA Standards
Attribute Standards:
Purpose, Authority and Responsibility..(1000)
Independence and Objectivity(1100)
Proficiency and Due Professional Care(1200)
Quality Assurance and Improvement Program ..(1300)
Performance Standards:
Managing the Internal Auditing Activity...(2000)
Nature of Work....(2100)
Engagement Planning....(2200)
Performing the Engagement.(2300)
Communicating Results.....(2400)
Monitoring Progress...(2500)
Communicating the Acceptance of Risks...(2600)
Source: IIA Website PowerPoint
19
19
TALLAHASSEE CHAPTER
1100 Independence and
Objectivity The internal audit activity must
be independent, and internal
auditors must be objective in
performing their work.
20
TALLAHASSEE CHAPTER 21
Interpretation of 1110 - Organizational
Independence
Interpretation: Organizational independence is effectively achieved
when the chief audit executive reports functionally to the board.
Examples of functional reporting to the board involve the board:
Approving the internal audit charter;
Approving the risk based internal audit plan;
Approving the internal audit budget and resource plan
Receiving communications from the chief audit executive on the internal audit activitys performance relative to its plan and other matters;
Approving decisions regarding the appointment and removal of the chief audit executive; and
Approving remuneration of the chief audit executive
Making appropriate inquiries of management and the chief audit executive to determine whether there are inappropriate scope or resource
limitations.
9/28/2016
8
TALLAHASSEE CHAPTER
1120 Individual Objectivity
Internal auditors must have
an impartial, unbiased
attitude and avoid conflicts of
interest.
TALLAHASSEE CHAPTER
Proficiency and Due Care -
1200
1230 - Continuing Professional Development
Internal Auditors must enhance their skills,
knowledge, and competence through CPE
Hours are not stated in the Standards Practice Advisory 1230-1 states IAs should obtain CPE to satisfy requirements for certifications held.
CIAs are required to obtain 80 hours every two years and to self-report.
23
TALLAHASSEE CHAPTER
Quality Assurance Systems - 1300
Red Book requires the CAE to develop and maintain a
quality assurance and improvement program that covers
all aspects of the internal audit activity,
Both internal and external assessments
Ongoing monitoring of the performance of the internal audit activity
and periodic assessments performed through self-assessment or
by other persons within the organization
The results of external and periodic internal assessments are
communicated upon completion of such assessments and the results
of ongoing monitoring are communicated at