Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization

Size: px
Start display at page:

Download "Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization"

Transcription

1 Internal Audit Quality Assessment Presented To: World Intellectual Property Organization April 2014

2 Table of Contents List of Acronyms 3 Page Executive Summary Opinion as to Conformance to the Standards, the Code of Ethics, and the Definition of Internal Auditing Objectives / Scope / Methodology Observations Specific to the Internal Audit Section of the Internal Audit and Oversight Division IIA Standards Conformance Summary 4 Successful Internal Audit Practices Noted 9 Opportunities for Improvement Noted 11 Attachment A Conformance Rating Criteria Attachment B Required Communications with the Internal Advisory Oversight Committee Checklist Example of Documentation

3 List of Acronyms Director, IAOD EQA ERM IAOC IAOD IIA Internal Audit QAIP Standards WIPO Director, Internal Audit and Oversight Division External Quality Assessment Enterprise Risk Management Internal Advisory Oversight Committee Internal Audit and Oversight Division The Institute of Internal Auditors The Internal Audit Section of the Internal Audit and Oversight Division Quality Assurance and Improvement Program International Standards for the Professional Practice of Internal Auditing The World Intellectual Property Organization 3

4 Executive Summary Under the International Standards for the Professional Practice of Internal Auditing ( Standards ), an external quality assessment ( EQA ) of an internal audit activity must be conducted at least once every five years by a qualified assessor or assessment team from outside the organization. The qualified assessor or assessment team must demonstrate competence in both the professional practice of internal auditing and the EQA process. The World Intellectual Property Organization ( WIPO ) Internal Audit and Oversight Division ( IAOD ) selected the Institute of Internal Auditors ( IIA ) Quality Services to lead the review. The IAOD is comprised of three sections; the Internal Audit section, the Evaluation section, and the Investigations section. This EQA was conducted specific to the Internal Audit section of the IAOD ( Internal Audit ). The EQA was concluded on April 17, 2014 and provides management with information about Internal Audit as of that date. Future changes in environmental factors and actions by personnel, including actions taken to address recommendations, may have an impact upon the operation of Internal Audit in a manner that this report did not and cannot anticipate. Considerable professional judgment is involved in evaluating the findings and developing recommendations. Accordingly, it should be recognized that others could evaluate the results differently, and draw different conclusions. Opinion as to Conformance to the Standards, the Code of Ethics, and the Definition of Internal Auditing It is our overall opinion that Internal Audit generally conforms to the Standards, the Code of Ethics, and the Definition of Internal Auditing. A detailed list of conformance to individual Standards is shown on page 6 of this report. The IIA s Quality Assessment Manual suggests a scale of three ratings, generally conforms, partially conforms, and does not conform. Generally Conforms is the top rating and means the assessor has concluded that the relevant structures, policies, and procedures of the activity, as well as the processes by which they are applied, comply with the requirements of the Standards, the Code of Ethics, or the Definition of Internal Auditing in all material respects. Detailed definitions for rating criteria associated with Generally Conforms, Partially Conforms, and Does Not Conform are described in Attachment A on page 17 of this report and are consistent with the guidance provided by the IIA in their Quality Assessment Manual. Objectives / Scope / Methodology The principal objectives of the EQA were to (1) assess Internal Audit conformance to the Standards, the Code of Ethics, and the Definition of Internal Auditing; (2) assess the effectiveness of Internal Audit in providing assurance and advisory services to the Internal Advisory Oversight Committee ( IAOC ), senior executives, and other interested parties; and (3) identify opportunities, offer recommendations for improvement, and provide counsel to the Director, IAOD and staff for improving their performance and services and promoting the image and credibility of Internal Audit. The scope of the assessment included Internal Audit, as set forth in the WIPO Internal Oversight Charter. The WIPO Internal Oversight Charter, approved by the General Assembly, defines the authority, responsibility, and accountability of the activity. Internal Audit provided the assessment team with a Fox News article dated April 4, 2014 that alleged improprieties by the Director General at WIPO. The article was considered by the assessment team during the EQA process and had no bearing upon the final determination of Internal Audit s conformance with the Standards. To accomplish the objectives, the EQA team reviewed information prepared by Internal Audit at the EQA team s request, conducted interviews with selected key stakeholders to Internal Audit, reviewed a sample of audit projects and associated work papers and reports, reviewed benchmark and survey data, and prepared diagnostic tools consistent with the methodology established for an EQA in the IIA Quality Assessment Manual. 4

5 Executive Summary Observations Specific to the Internal Audit Section of the Internal Audit and Oversight Division Internal Audit is generally in conformance with the Standards, the IIA Code of Ethics, and the Definition of Internal Auditing. They demonstrate a strong commitment to exceeding the basic requirements of the Standards and are focused on enhancing quality through continuous improvement. The functional and administrative reporting relationships are appropriate and support organizational independence and objectivity. Their annual risk assessment process focuses activities in areas of highest risk and impact consistent with the strategy and objectives of WIPO. Internal Audit has qualified staff that performs their work in a competent and high quality manner and infrastructure supports consistent performance of Internal Audit activities. They are an integral part of the governance process for WIPO and are valued by their stakeholders including the IAOC. They operate in a very dynamic environment and their ability to adapt and be responsive to change, combined with their ability to leverage insight on risks impacting the organization into focused audit plans, will continue to be critical to their success and value to the organization. Attribute Standards Internal Audit generally has the infrastructure in place to support sustainability of internal audit processes in a quality and consistent manner. Their charter is comprehensive and is foundational to all their activities, but should be modified for several technical requirements of the Standards. The functional and administrative reporting relationships are appropriate and support organizational independence and objectivity. Functional reporting is supported by direct and open access between the Director, IAOD and the chairs of the General Assembly, the Coordination Committee, the Program and Budget Committee, and the IAOC. The structure of IAOD presents an impairment in the ability of Internal Audit to independently evaluate the activities of the Evaluation and Investigation sections of IAOD. This impairment has been appropriately disclosed and is being managed effectively by the Director, IAOD. Internal Audit management and staff are qualified with appropriate credentials and experience; and work is performed with due professional care that includes an appropriate level of supervisory review and approval. Training and professional development processes are appropriate to support proficiency of Internal Audit management and staff. While the CAE has established a Quality Assurance and Improvement Program ( QAIP ) that promotes quality and continuous improvement, this program should be more formalized to enhance sustainability and consistency in execution. Performance Standards Internal Audit is managed appropriately and the annual audit plan is supported by a risk assessment process that incorporates input from Internal Audit stakeholders including the Director General, the IAOC, and the various member states when developing the audit universe, conducting risk assessment, and preparing the annual audit plan. The annual audit plan is reviewed by the IAOC, but should be formally approved by them as well. Results of the annual audit plan are communicated periodically to the IAOC and on an annual basis to the General Assembly. Internal Audit manages resources effectively and uses third party resources for specific subject matter expertise on an as needed basis. Internal Audit should continue to refine its role in Enterprise Risk Management ( ERM ) within WIPO as those processes mature to ensure that Internal Audit plans are linked to the entity-wide view of risk. Policies and procedures supporting Internal Audit infrastructure and key processes should be updated to align with current practices and the use of the electronic work paper software tool. This supports sustainability and consistency of these processes and promotes quality. Engagement level planning is supported by an engagement level risk assessment that appropriately considers fraud risk as a component. Objectives evaluate technology, operational, financial, and compliance components as appropriate for individual engagements. Individual audits are of a consistent high quality and work papers fully support reported findings. Audit reports are consistent with the underlying work product and there is a follow-up process in place that tracks audit issues through to resolution. 5

6 Executive Summary IIA Standards Conformance Summary OVERALL ATTRIBUTE STANDARDS 1000 Purpose, Authority, and Responsibility 1010 Recognition of the Definition of Internal Auditing, the Code of Ethics and the Standards in the Internal Audit Charter 1100 Independence and Objectivity 1110 Organizational Independence 1111 Direct Interaction with the Board 1120 Individual Objectivity 1130 Impairments to Independence or Objectivity 1200 Proficiency and Due Professional Care 1210 Proficiency 1220 Due Professional Care 1230 Continuing Professional Development 1300 Quality Assurance and Improvement Program 1310 Requirements of the Quality Assurance and Improvement Program 1311 Internal Assessments 1312 External Assessments 1320 Reporting on the Quality Assurance and Improvement Program 1321 Use of Conforms with the International Standards for the Professional Practice of Internal Auditing 1322 Disclosure of Nonconformance PERFORMANCE STANDARDS 2000 Managing the Internal Audit Activity 2010 Planning 2020 Communication and Approval 2030 Resource Management 2040 Policies and Procedures 2050 Coordination GC PC DNC NA 2060 Reporting to Senior Management and the Board 2070 External Service Provider and Organizational Responsibility for Internal Auditing 2100 Nature of Work 2110 Governance 2120 Risk Management 2130 Control 2200 Engagement Planning 2201 Planning Considerations 2210 Engagement Objectives 2220 Engagement Scope 2230 Engagement Resource Allocation 2240 Engagement Work Programs 2300 Performing the Engagement 2310 Identifying Information 2320 Analysis and Evaluation 2330 Documenting Information 2340 Engagement Supervision 2400 Communicating Results 2410 Criteria for Communicating 2420 Quality of Communications 2421 Errors and Omissions 2430 Use of Conducted in Conformance with the International Standards for the Professional Practice of Internal Auditing 2431 Engagement Disclosure of Nonconformance 2440 Disseminating Results GC PC DNC NA 2450 Overall Opinions 2500 Monitoring Progress 2600 Communicating the Acceptance of Risks IIA CODE OF ETHICS DEFINITION OF INTERNAL AUDITING 6

7 Executive Summary During the EQA, several areas were noted where Internal Audit is operating in a successful internal audit practice manner. In addition, some areas were noted where there are opportunities for improvement that will strengthen conformance to the Standards or will enhance efficiency and effectiveness of Internal Audit processes. Detailed observations, recommendations, and Internal Audit responses to these opportunities for improvement are included in the following section of this report. Successful Internal Audit Practices Noted Standard 1220 Standard 2010 Standard 2030 Standard 2300 The Internal Audit methodology requires the extensive use of checklists and templates embedded within their electronic work paper tool to ensure Internal Audit projects are planned and executed consistent with the defined methodology and that all required elements are considered. Internal Audit has a robust annual risk assessment process that incorporates input from stakeholders throughout the organization, including the Director General, the IAOC, and the various member states when developing the audit universe, conducting risk assessment, and preparing the annual audit plan. Internal Audit effectively uses third party resources to supplement audit staff and to provide subject matter expertise. Work papers supporting individual audit engagements are of a consistent high quality and generally exceed conformance with Standards requirements. Opportunities for Improvement Noted Standard 1000 Standard 1220 Standard 1300 Standard 1311 Standard 2000 Standard 2020 Standard 2040 Update the WIPO Internal Oversight Charter for several technical adjustments to align with the IIA Model Internal Audit Activity Charter (May 2013) which incorporates newly required elements of the Standards. Continue the IAOD strategy to enhance the use of data analytics in support of Internal Audit risk assessment, planning, and engagement execution. Document the QAIP in the Internal Audit Manual to fully describe all required elements such as objectives, scope, internal and external assessment components, and communication of results. Consider enhancing the periodic internal assessment process by using a combination of vertical and horizontal reviews of completed projects to support evaluation of conformance with the Standards and the Internal Audit methodology as well as efficiency and effectiveness of the underlying processes. Consider updating the Strategic Plan for IAOD that supports the dynamic nature of WIPO and that guides activities of Internal Audit in a proactive, thoughtful, systematic, and practical manner. Communicate the risk-based audit plan to the IAOC for both review and approval. Consider updating the Internal Audit Manual to align with the current Internal Audit methodology that incorporates the effective use of an electronic work paper software tool. 7

8 Executive Summary Opportunities for Improvement Noted (Continued) Standard 2060 Standard 2110 Standard 2120 Standard 2410 Consider adopting a Required Communications with the IAOC Checklist to ensure that all requirements are met and documented in the appropriate time frames. Consider incorporating an evaluation of the effectiveness of the organization s ethics-related objectives, programs, and activities as well as information technology governance in support of the organization s strategies and objectives into the annual audit planning process. Consider expanding the role of Internal Audit in support of the maturing and evolving ERM process within WIPO. Consider enhancing the audit reporting process by providing more clarity with regards to the relative significance of observations reported. Thank you for the opportunity to be of service to Internal Audit. We will be pleased to respond to further questions concerning this report and furnish any desired information. Basil Woller, CIA, CRMA Team Leader Team Member: Robert Riegel, CIA, CRMA, CISA, CRISC, CFSA, CFE Gina Eubanks, CIA, CRMA, CCSA, CISA Vice President Professional Services The Institute of Internal Auditors 8

9 Successful Internal Audit Practices Noted Successful Internal Audit Practice Standard 1220 The Internal Audit methodology requires the extensive use of checklists and templates embedded within their electronic work paper tool to ensure Internal Audit projects are planned and executed consistent with the defined methodology and that all required elements are considered. Standard 2010 Internal Audit has a robust annual risk assessment process that incorporates input from stakeholders throughout the organization, including the Director General, the IAOC, and the various member states when developing the audit universe, conducting risk assessment, and preparing the annual audit plan. Standard 2030 Internal Audit effectively uses third party resources to supplement audit staff and to provide subject matter expertise. Description The checklists and templates used by Internal Audit are comprehensive and updated to address specific requirements for the area under review. The use of checklists and templates to plan, execute, and administer Internal Audit projects together with required supervisory review and approval ensures (1) consistent application of the Internal Audit methodology, (2) contributes to a high level of quality within Internal Audit projects, (3) provides a mechanism to document appropriate supervisory review and approval for critical elements within the work papers, and (4) demonstrates due professional care in conducting internal audits. Internal Audit generally, and the Director, IAOD specifically, have a seat at the table within the organization to appropriately capture information related to emerging and/or changing risk profiles while maintaining their independence and objectivity. This seat at the table is primarily ensured by formal interaction with the senior leadership team and open and direct access to senior stakeholders throughout the organization. The audit plan is the result of a risk assessment process that uses defined risk factors and rating criteria that in combination derive residual levels of risk for prioritization of areas for review. The plan is consistent with the entity-wide view of risk, and audits are focused to evaluate specific objectives related to mitigation of risk. There is an appropriate balance between financial reporting, compliance, and operational risk objectives in the annual audit plan. Internal Audit uses third party resources primarily for technical skills associated with IT audit requirements. This is especially appropriate given the rapidly changing technical requirements needed to effectively audit technology risk. One of the challenges for a smaller internal audit activity is ensuring that the appropriate skill sets are in place to perform audit from a proficiency perspective. This effective and necessary use of third party resources is a successful internal audit practice for a smaller internal audit activity. 9

10 Successful Internal Audit Practices Noted Successful Internal Audit Practice Standard 2300 Work papers supporting individual audit engagements are of a consistent high quality and generally exceed conformance with Standards requirements. Description This is especially noteworthy given the relative small size of Internal Audit. Observations communicated to senior management, the IAOC, and the external auditor were fully supported and linked to the underlying work papers. Documentation of information within the work papers including planning, work programs, use of checklists, and supervisory review and approval was maintained consistently across the projects reviewed and in strict conformance with the defined methodology. Opening and closing meeting materials were thorough and included the scope and results of engagements. Significant client communications were routinely included and there was appropriate evidence for supervisory review and approval of all work performed. The electronic work paper software tool was used in a very effective manner to integrate annual risk assessment with engagement level audit processes and tracking of results. 1 0

11 Opportunities for Improvement Noted Opportunity for Improvement Standard 1000 Update the WIPO Internal Oversight Charter for several technical adjustments to align with the IIA Model Internal Audit Activity Charter (May 2013) which incorporates newly required elements of the Standards. Include language in Section E: Duties and Modalities of Work, Paragraph 14 that describes the nature of consulting services provided by IAOD. Consider language such as Perform consulting and advisory services related to governance, risk management, and controls as appropriate for the organization. Describing the nature of consulting services in the WIPO Internal Oversight Charter is a requirement of Standard 1000 C1. Include language in the WIPO Internal Audit Oversight Charter that recognizes the mandatory nature of the Definition of Internal Auditing, the IIA Code of Ethics, and the Standards. The WIPO Internal Oversight Charter is generally consistent with the Definition of Internal Auditing, the IIA Code of Ethics, and the Standards, but does not include specific language that recognizes their mandatory nature as required by Standard Standard 1220 Continue the IAOD strategy to enhance the use of data analytics in support of Internal Audit risk assessment, planning, and engagement execution. For individual engagements, data analytics can effectively identify observations and support rootcause analysis for those observations reported to management. Expanding data analytics capability is consistent with successful internal audit practice and provides the opportunity to (1) enhance the audit process so it is faster and more efficient and effective, (2) shorten the audit cycle time to provide more timely risk and control assurance, (3) achieve greater audit coverage without the need to expand Internal Audit resource requirements, (4) be able to conduct selected audits on a periodic basis, (5) audit 100% of data populations rather than a sample, (6) improve the quality of assurance through the use of data and transactional analysis, and (7) enhance the value to audit clients and the organization as a whole. The use of data analytics is a successful internal audit practice that is becoming more commonplace as technology and data analytics become more embedded within the skill sets of internal auditors. Internal Audit Response Comment and Action Plan: IAOD agrees with the recommendation and will make the necessary proposals to the Independent Advisory Oversight Committee (IAOC) for amendments to be considered to the Internal Oversight Charter. Responsible staff: T. Rajaobelina with the IAOC Deadline: WIPO General Assembly 2015 Comment and Action Plan: IAOD agrees with the recommendation. IAOD already uses data analytics in all audits, to the extent possible. IAOD has already acquired ACL licenses and went through training on ACL as well as PeopleSoft. IAOD will further develop its use of data analytics to effectively implement its continuous auditing approach. The objective will be for IAOD not only to systematically use data analytics in each engagement but also to develop IAOD reports on exceptions, anomalies, patterns and trends that will be produced based on analysis of information within WIPO systems. Responsible staff: Tuncay Efendioglu - Sashidhar Boriah Deadline: December 31,

12 Opportunities for Improvement Noted Opportunity for Improvement Standard 1300 Document the QAIP in the Internal Audit Manual to fully describe all required elements such as objectives, scope, internal and external assessment components, and communication of results. While required elements of the QAIP are in place and functioning, documentation does not currently support their sustainability and consistent execution. The IIA Practice Guide Quality Assurance and Improvement Program (March 2012) provides strongly recommended guidance on the topic of a QAIP. The scope of the QAIP should be the operation of Internal Audit as described in the WIPO Internal Oversight Charter. Objectives for the QAIP should be consistent with those described in Practice Advisory and include: (1) conformance with the Definition of Internal Auditing, the Standards, and the IIA Code of Ethics; (2) adequacy of the WIPO Internal Oversight Charter, goals, objectives, policies, and procedures; (3) contribution to the organization s governance, risk management, and control processes; (4) compliance with applicable laws, regulations, and government or industry standards; (5) effectiveness of continuous improvement activities and adoption of best practices; and (6) the extent to which Internal Audit adds value and improves the organization s operations. The processes used to support on-going monitoring of Internal Audit performance, internal periodic assessment, external assessment, and communication of internal and external assessment results should be documented in sufficient detail to consistently guide their execution. Internal Audit Response Comment and action plan: IAOD agrees with the recommendation. As recognized in the EQA, required elements of the Quality Assurance and Improvement Program (QAIP) are in place and functioning and what needs to be done is to formalize it. IAOD will prepare a formal QAIP document to gather all the necessary elements to ensure sustainability and consistency Responsible staff: Tuncay Efendioglu Deadline: July 15,

13 Opportunities for Improvement Noted Opportunity for Improvement Standard 1311 Consider enhancing the periodic internal assessment process by using a combination of vertical and horizontal reviews of completed projects to support evaluation of conformance with the Standards and the Internal Audit methodology as well as efficiency and effectiveness of the underlying processes. Vertical and horizontal reviews are the two generally accepted methods to perform quality reviews of completed audit projects. A vertical review provides an evaluation of conformance with the Standards and examines a specific project from a top-down approach (e.g., an assessment of individual audit steps performed for a specific project work plan, e.g., planning steps, fieldwork steps and reporting steps). A horizontal review allows for an evaluation across all project engagements (e.g., use of the risk assessment matrix, supervisory review and approval process, or consistency in applying report ratings) from an efficiency and effectiveness perspective. A combination of these two methods is consistent with successful internal audit practice and contributes to continuous improvement of internal audit processes. Standard 2000 Consider updating the Strategic Plan for IAOD that supports the dynamic nature of WIPO and that guides activities of Internal Audit in a proactive, thoughtful, systematic, and practical manner. Ensure strategies in the multi-year plan support (1) the robust risk assessment and annual planning process to focus on emerging high risk areas to WIPO including coverage of technology, strategic, and business risks; (2) alignment and coordination between Internal Audit as a third line of defense and other assurance activities associated with the second line of defense including ERM, (3) alignment of Internal Audit resources with the annual plan requirements from an organizational, staffing and on-boarding, and professional development perspective; and (4) the deployment of technology within Internal Audit to support the expanded use of data analytics for engagement planning and execution, and the implementation of continuous auditing protocols. Strategy statements should be supported by specific actions to execute the defined strategy. The IIA Practice Guide Developing the Internal Audit Strategic Plan (July 2012) might be considered as a resource when developing this plan. Internal Audit Response Comment and action plan: IAOD agrees with the recommendation. IAOD will prepare annual reports on the outcome of vertical and horizontal assessments. Responsible staff: Tuncay Efendioglu Deadline: August 31, 2014 Comment and action plan: IAOD agrees with the recommendation. IAOD will prepare a revised Internal Audit Strategy/Policy in accordance with its Internal Oversight Charter (paragraph 13). Responsible staff: Thierry Rajaobelina in coordination with Member States and the IAOC. Deadline: June 30,

14 Opportunities for Improvement Noted Opportunity for Improvement Standard 2020 Communicate the risk-based audit plan to the IAOC for both review and approval. While the risk-based audit plan and associated resource requirements including significant interim changes is communicated to the IAOC for review, the risk-based audit plan is not formally approved as required by Standard 2020 Communication and Approval. Formal approval of the risk-based plan and the associated resource plan is a successful internal audit practice that demonstrates independent functional reporting and supports organizational independence and objectivity of Internal Audit. Standard 2040 Consider updating the Internal Audit Manual to align with the current Internal Audit methodology that incorporates the effective use of an electronic work paper software tool. The manual was last updated in 2011 and does not currently include procedures that document the Internal Audit methodology in place and operating through the electronic work paper software tool. Procedures should be updated for (1) the annual risk assessment and planning process, (2) the engagement planning process, including work program development, (3) the engagement fieldwork process, (4) the engagement reporting process, and (5) the monitoring of reported observations process. In addition, as described in Standard 1300 Quality Assurance and Improvement Program, the QAIP should be more fully documented to include objectives, scope, and procedures to implement internal and external assessment requirements and communication of results. Reviewing and updating the manual as a component of the periodic internal assessment process is a means to ensure the manual is current with professional guidance. Internal Audit Response Comment and action plan: IAOD takes note of the recommendation. The issue was discussed with the IAOC at its March 2014 session and it was decided that the IAOC would review the draft of the plan before its issuance. This new practice will begin at the end of To have the IAOC approve the plan will need a revision of the Internal Oversight Charter, on which IAOD can work with the IAOC. Responsible staff: T. Rajaobelina with the IAOC. Deadline: WIPO General Assembly 2015 Comment and action plan: IAOD agrees with the recommendation. IAOD will prepare a revision of its audit manual and will submit it to the IAOC for its review in accordance with paragraph 13 of the Internal Oversight Charter. Responsible staff: Tuncay Efendioglu and Alain Garba Deadline: December 31,

15 Opportunities for Improvement Noted Opportunity for Improvement Standard 2060 Consider adopting a Required Communications with the IAOC Checklist to ensure that all requirements are met and documented in the appropriate time frames. This checklist should be integrated into the IAOC agenda as appropriate and should be updated as changes to Standards become effective. This checklist, when combined with IAOC minutes, provides documentation that all required communications are considered and take place in the appropriate time frames. An example of this checklist in included as Attachment B to this report. Standard 2110 Consider incorporating an evaluation of the effectiveness of the organization s ethics-related objectives, programs, and activities as well as information technology governance in support of the organization s strategies and objectives into the annual audit planning process. Implementation Standards 2110.A1 and 2110.A2 adopted in 2009 require that the ethics and compliance program and information technology governance be evaluated as part of the evaluation of governance activities required by the nature of work Standards. Each of these items should be included in the audit universe, evaluated as part of the annual risk assessment, and incorporated into the annual audit plan as appropriate. Internal Audit Response Comment and action plan: IAOD agrees with the recommendation. IAOD will discuss the checklist with the IAOC and prepare any required list for the IAOC s consideration. Responsible staff: Thierry Rajaobelina Deadline: December 31, 2014 Comment and action plan: IAOD agrees with the recommendation. IAOD notes that audits of the organizations ethics-related objectives and of information technology governance were done in recent years (2010 in one case and from 2011 to 2013 for the second). In addition as regards ethics, IAOD also notes that the organization s framework is continuously reviewed through investigations conducted by IAOD. IAOD will nevertheless specifically incorporate the ethics and compliance program and information technology governance in its oversight universe, risk assessment and annual plan as appropriate. Responsible staff: Tuncay Efendioglu - Sashidhar Boriah Deadline: 2015 annual plan exercise 15

16 Opportunities for Improvement Noted Opportunity for Improvement Standard 2120 Consider expanding the role of Internal Audit in support of the maturing and evolving ERM process within WIPO. Consider the IIA Position Paper The Role of Internal Auditing in Enterprise-Wide Risk Assessment as guidance for the ongoing role. As the ERM process within WIPO continues to evolve, Internal Audit can provide assurance into how the organization identifies risks, assigns ownership of those risks, documents risk mitigation strategies and results, and monitors the residual levels of risk. Internal Audit should appropriately link the entity-level view of risk into their annual risk assessment process consistent with Standards requirements. Standard 2410 Consider enhancing the audit reporting process by providing more clarity with regards to the relative significance of observations reported. The current process describes the impact of observations but does not necessarily provide input into significance of the issue. Several key stakeholders suggested this would help them focus on those areas most critical to their operation while still being kept informed of other important issues. Categorizing exceptions using pre-defined criteria can provide a consistent view of significance across the organization and can provide insight into prioritization for management response and action. Rating criteria should be developed in consultation with key stakeholders consistent with the requirement of Standard 2410 A1. Internal Audit Response Comment and action plan: IAOD takes note of the recommendation. IAOD will continue advising the organization on the implementation of its ERM process. IAOD will also continue taking into account the entitylevel view of risk when conducting its annual riskassessment process. Responsible staff: Thierry Rajaobelina Deadline: on-going Comment and action plan: IAOD agrees with the recommendation. IAOD will continue working on the clarity of its audit reports. IAOD will continue to prioritize its observations and recommendations. Efforts will be put in enhancing the process. Auditors have already been registered on report writing courses and collectively IAOD will organize a follow-up training in January 2015 on report writing. Responsible staff: Tuncay Efendioglu - Alain Garba - Sashidhar Boriah Deadline: next audit report 16

17 Attachment A Conformance Rating Criteria GC Generally Conforms means the assessor has concluded the following: For individual standards, that the internal audit activity conforms to the requirements of the standard (e.g., 1000, 1010, 2000, 2010, etc.) or elements of the Code of Ethics (both Principles and Rules of Conduct) in all material respects. For the sections (Attribute and Performance) and major categories (e.g., 1000, 1100, 2000, 2100, etc.), the internal audit activity achieves general conformity to a majority of the individual standards and/or elements of the Code of Ethics, and at least partial conformity to others, within the section/category. For the internal audit activity overall, there may be opportunities for improvement, but these should not represent situations where the internal audit activity has not implemented the Standards or the Code of Ethics, has not applied them effectively, or has not achieved their stated objectives. PC Partially Conforms means the assessor has concluded the following: For individual standards, the internal audit activity is making good faith efforts to conform to the requirements of the standard (e.g., 1000, 1010, 2000, 2010, etc.) or element of the Code of Ethics (both Principles and Rules of Conduct) but falls short of achieving some major objectives. For the sections (Attribute and Performance) and major categories (e.g., 1000, 1100, 2000, 2100, etc.), the internal audit activity partially achieves conformance with a majority of the individual standards within the section/category and/or elements of the Code of Ethics For the internal audit activity overall, there will be significant opportunities for improvement in effectively applying the Standards or Code of Ethics and/or achieving their objectives. Some deficiencies may be beyond the control of the internal audit activity and may result in recommendations to senior management or the board of the organization. DNC Does Not Conform means the assessor has concluded the following: For individual standards, the internal audit activity is not aware of, is not making good faith efforts to conform to, or is failing to achieve many/all of the objectives of the standard (e.g., 1000, 1010, 2000, 2010, etc.) and/or elements of the Code of Ethics (both Principles and Rules of Conduct) For the sections (Attribute and Performance) and major categories (e.g., 1000, 1100, 2000, 2100, etc.), the internal audit activity does not achieve conformance with a majority of the individual standards within the section/category and/or elements of the Code of Ethics For the internal audit activity overall, there will be deficiencies that will usually have a significant negative impact on the internal audit activity s effectiveness and its potential to add value to the organization. These may also represent significant opportunities for improvement, including actions by senior management or the board. 17

18 Attachment B Required Communications with the Internal Advisory Oversight Committee Checklist Example of Documentation Standard Communication Requirement Annual Communication Documentation 1000 The CAE must periodically review the Internal Audit Department Charter and present it to Senior Management and the Audit Committee for review and Audit Committee approval The CAE should discuss the Definition of Internal Auditing, the Code of Ethics, and the IIA Standards with Senior Management and the Audit Committee The CAE must confirm to the Audit Committee, at least annually, the organizational independence of the internal auditing activity. The Internal Audit charter was amended and presented to senior management and the Audit Committee for review and approval at the January, 20, Audit Committee Meeting. The Definition of Internal Auditing, the Code of Ethics, and the Standards were discussed with senior management and the Audit Committee in conjunction with the Internal Audit charter review at the January, 20, Audit Committee meeting. As the CAE, I hereby confirm the organizational independence of the internal audit activity as of May, The CAE must communicate and interact directly with the Audit Committee. As the CAE, I confirm that an appropriate level of communication and interaction has taken place between me and the Audit Committee The chief audit executive must discuss with the Audit Committee the form and frequency of external assessment as well as the qualifications and independence of the external assessor or assessment team, including any potential conflicts of interest The CAE must communicate the results of the quality assurance and improvement program to senior management and the Audit Committee. The results of external and periodic internal assessments are communicated upon completion of such assessments and the results of ongoing monitoring are communicated at least annually. The results include the reviewer s or review team s assessment with respect to the degree of conformance The CAE must communicate the internal audit activity s plans and resource requirements, including significant interim changes, to senior management and the Audit Committee for review and approval. The CAE must also communicate the impact of resource limitations The CAE must report periodically to senior management and the Audit Committee on the internal audit activity s purpose, authority, responsibility, and performance relative to its plan. Reporting must also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the Audit Committee. Discussions were held at the November, 20, Audit Committee Meeting related to the need for and the frequency of the periodic external assessments, the form of the external assessment, and the qualification and independence of the external assessor. Results of the Continuous Monitoring and Annual Internal Quality Assessment Review of Internal Audit was communicated to Executive Management on January, 20, and to the Audit Committee on January, 20. The results of the external quality assessment performed by was communicated to Executive Management and the Audit Committee on February, 20. Communication of status of internal audit plans and resource requirements was reported on at least a quarterly basis to the Audit Committee. At the November, 20, Audit Committee Meeting, Internal Audit reported that there were no audits below the resource cut line on the Proposed 20 Audit Plan that Internal Audit believed were necessary to be performed in 20. Accordingly, there were no material impacts associated with resource limitations. Communication of Internal Audit s purpose, authority, and responsibility was reported to the Audit Committee on January, 20. On a periodic basis, the CAE also reports significant risk exposures and control issues, including fraud risks, governance issues, and other matters at the request of the Audit Committee. 18

Internal Audit Quality Assessment. Presented To: Houston Independent School District

Internal Audit Quality Assessment. Presented To: Houston Independent School District Internal Audit Quality Assessment Presented To: Houston Independent School District October 2015 Table of Contents List of Acronyms 3 Page Executive Summary Opinion as to Conformance to the Standards,

More information

Internal Audit Quality Assessment. Presented To: Houston Independent School District

Internal Audit Quality Assessment. Presented To: Houston Independent School District Internal Audit Quality Assessment Presented To: Houston Independent School District July 2013 Table of Contents Executive Summary Opinion as to Conformance to the Standards Objectives / Scope / Methodology

More information

Internal Oversight Division. Internal Audit Strategy 2015-2017

Internal Oversight Division. Internal Audit Strategy 2015-2017 Internal Oversight Division Internal Audit Strategy 2015-2017 Date: June 4, 2015 page 2 TABLE OF CONTENTS LIST OF ACRONYMS 3 1. BACKGROUND 4 2. PURPOSE 4 3. VISION STATEMENT 5 4. MISSION STATEMENT 5 5.

More information

PREVIOUS BOARD ACTION/ACTIVITY: The Finance Audit and Power Committee (FAP) receive regular reports on Internal Audit activities.

PREVIOUS BOARD ACTION/ACTIVITY: The Finance Audit and Power Committee (FAP) receive regular reports on Internal Audit activities. FAP Agenda Number 6. CONTACT: Mark Filippone 623-869-2123 mfilippone@cap-az.com MEETING DATE: May 19, 2016 AGENDA ITEM: Results of Internal Audit Quality Assessment RELEVANT POLICY, STATUTE OR GUIDING

More information

Internal Audit Quality Guide

Internal Audit Quality Guide Internal Audit Quality Guide Prepared by the Institute of Internal Auditors Australia 2015 The Institute of Internal Auditors Australia Introduction - 2 - This Guide Explains what Internal Audit should

More information

Markup Version Proposed Changes to the Standards

Markup Version Proposed Changes to the Standards The is releasing the exposure draft with proposed changes to the International Standards for the Professional Practice of Internal Auditing (Standards). The exposure period is from February 1 to April

More information

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Introduction to the Standards Internal auditing is conducted in diverse legal and cultural environments; for organizations

More information

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Introduction to the International Standards Internal auditing is conducted in diverse legal and cultural environments;

More information

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Revised: October 2012 i Table of contents Attribute Standards... 3 1000 Purpose, Authority, and Responsibility...

More information

Department of Audit and Compliance. Quality Self-Assessment

Department of Audit and Compliance. Quality Self-Assessment Department of Audit and Compliance Quality Self-Assessment November 2014 CONTENTS EXECUTIVE SUMMARY... 2 PURPOSE OF SELF-ASSESSMENT... 4 SELF-ASSESSMENT SCOPE OF WORK... 4 RESULTS OF SELF-ASSESSMENT WORK...

More information

The Framework for Quality Assurance

The Framework for Quality Assurance Chapter 1 The Framework for Quality Assurance O v e rv i e w One of internal audit s major assets is its credibility with stakeholders. To provide credible assistance and constructive challenge to management,

More information

Effective Internal Audit in the Financial Services Sector

Effective Internal Audit in the Financial Services Sector Effective Internal Audit in the Financial Services Sector Recommendations from the Committee on Internal Audit Guidance for Financial Services: How They Relate to the Global Institute of Internal Auditors

More information

PUBLIC INTERNAL AUDIT STANDARDS

PUBLIC INTERNAL AUDIT STANDARDS PUBLIC INTERNAL AUDIT STANDARDS Public internal audit standards have been determined by the Internal Audit Coordination Board (the Board) as per line (a) of the first paragraph of Article 67 of Law No.

More information

Checklist for assessing conformance with the Public Sector Internal Audit Standards and the local government application note

Checklist for assessing conformance with the Public Sector Internal Audit Standards and the local government application note APPENDI A Checklist for assessing conformance with the Public Sector Internal Audit Standards and the local government application note Assessment completed by John Bailey, Head of Internal Audit, Nottinghamshire

More information

Establishing a Quality Assurance and Improvement Program

Establishing a Quality Assurance and Improvement Program Chapter 2 Establishing a Quality Assurance and Improvement Program O v e rv i e w IIA Practice Guide, Quality Assurance and Improvement Program, states that Quality should be built in to, and not on to,

More information

International Standards for the Professional Practice of Internal Auditing INTRODUCTION ATTRIBUTE STANDARDS

International Standards for the Professional Practice of Internal Auditing INTRODUCTION ATTRIBUTE STANDARDS INTRODUCTION Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation's operations. It helps an organisation accomplish its objectives

More information

BOARD OF EDUCATION OF BALTIMORE COUNTY OFFICE OF INTERNAL AUDIT - OPERATIONS MANUAL INTERNAL AUDIT OPERATIONS MANUAL

BOARD OF EDUCATION OF BALTIMORE COUNTY OFFICE OF INTERNAL AUDIT - OPERATIONS MANUAL INTERNAL AUDIT OPERATIONS MANUAL BOARD OF EDUCATION OF BALTIMORE COUNTY INTERNAL AUDIT OPERATIONS MANUAL BACKGROUND The Office of Internal Audit Operations Manual was developed to be used as a guide and resource for the Office of Internal

More information

3/14/2013 FIJI INSTITUTE OF INTERNAL AUDITORS SEMINAR IPPF ALIGNED 13 TH MARCH 2013

3/14/2013 FIJI INSTITUTE OF INTERNAL AUDITORS SEMINAR IPPF ALIGNED 13 TH MARCH 2013 FIJI INSTITUTE OF INTERNAL AUDITORS SEMINAR IPPF ALIGNED TH MARCH 0 THE IPPF The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance

More information

Public Sector Internal Audit Standards (PSIAS) Checklist

Public Sector Internal Audit Standards (PSIAS) Checklist TEIGNBRIDGE DISTRICT COUNCIL INTERNAL AUDIT APPENDIX A Public Sector Internal Audit Standards (PSIAS) Checklist Based on the requirements of the CIPFA 'Local Government Application Note for the United

More information

International Standards for the Professional Practice of Internal Auditing

International Standards for the Professional Practice of Internal Auditing International Standards for the Professional Practice of Internal Auditing Introduction Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve

More information

Authorized by: K. Ann Mead, Senior Vice President for Finance and Administration Issued by: Office of Internal Audit

Authorized by: K. Ann Mead, Senior Vice President for Finance and Administration Issued by: Office of Internal Audit POLICY & PROCEDURE DOCUMENT NUMBER: 3.9011 DIVISION: Finance and Administration TITLE: Office of Internal Audit Policy and Procedures DATE: May 27, 2014 Authorized by: K. Ann Mead, Senior Vice President

More information

Internal Oversight Division Internal Audit Manual

Internal Oversight Division Internal Audit Manual Internal Oversight Division Internal Audit Manual Updated Version November 2014 March 2015 1 1. PURPOSE... 2 2. INTERNAL AUDIT FUNCTION... 3 3. ORGANIZATIONAL STRUCTURE AND RESPONSIBILITIES... 4 3.1 THE

More information

Practice guide. quality assurance and IMProVeMeNt PrograM

Practice guide. quality assurance and IMProVeMeNt PrograM Practice guide quality assurance and IMProVeMeNt PrograM MarCh 2012 Table of Contents Executive Summary... 1 Introduction... 2 What is Quality?... 2 Quality in Internal Audit... 2 Conformance or Compliance?...

More information

International Professional Practices F. Framework. Daniela Danescu CIA, CGAP member of The IIA Public Sector Committee Yerevan, October 21, 2009

International Professional Practices F. Framework. Daniela Danescu CIA, CGAP member of The IIA Public Sector Committee Yerevan, October 21, 2009 International Professional Practices F Framework Daniela Danescu CIA, CGAP member of The IIA Public Sector Committee Yerevan, October 21, 2009 Agenda Mandatory Guidance Strongly Recommended Guidance Differences

More information

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT Through CGIAR Financial Guideline No 3 Auditing Guidelines Manual the CGIAR has adopted the IIA Definition of internal auditing

More information

Standards for the Professional Practice of Internal Auditing

Standards for the Professional Practice of Internal Auditing Standards for the Professional Practice of Internal Auditing THE INSTITUTE OF INTERNAL AUDITORS 247 Maitland Avenue Altamonte Springs, Florida 32701-4201 Copyright c 2001 by The Institute of Internal Auditors,

More information

INTERNAL AUDIT CHARTER

INTERNAL AUDIT CHARTER INTERNAL AUDIT CHARTER Table of Contents Section 1 Introduction Section 2 Role Section 3 Professionalism Section 4 Authority Section 5 Organization Section 6 - Independence and Objectivity Section 7 Responsibility

More information

INTERNAL AUDIT CHARTER

INTERNAL AUDIT CHARTER APPENDIX A INTERNAL AUDIT CHARTER Version Control Version No Author Date 1.2 Anna Wright September 2014 Shared Service Senior Auditor 1.3 Lisa Cotton August 2015 Shared Service Senior Auditor 1.4 Lisa

More information

Practice Guide. Developing the Internal Audit Strategic Plan

Practice Guide. Developing the Internal Audit Strategic Plan Practice Guide Developing the Internal Audit Strategic Plan JUly 2012 Table of Contents Executive Summary... 1 Introduction... 2 Strategic Plan Definition and Development... 2 Review of Strategic Plan...

More information

2. Differences between the CIPFA Code of Practice and the Standards

2. Differences between the CIPFA Code of Practice and the Standards The Highland Council Audit and Scrutiny Committee 19 th June 2014 Compliance with the Public Sector Internal Audit Standards Report by Head of Internal Audit & Risk Management Summary Agenda Item Report

More information

Internal Audit Standards

Internal Audit Standards Internal Audit Standards Department of Public Expenditure & Reform November 2012 Copyright in material supplied by third parties remains with the authors. This includes: - the Definition of Internal Auditing

More information

Quality Assurance Review (QAR) Services for Internal Audit Departments

Quality Assurance Review (QAR) Services for Internal Audit Departments These services include a full external QAR, or an Independent Validation of a Self-Assessment (SAIV) performed by the internal audit department. The objective of a QAR is to determine whether an internal

More information

Standards. For the Professional Internal Auditor Organization Date

Standards. For the Professional Internal Auditor Organization Date Standards For the Professional Internal Auditor Organization Date Discussion Areas IIA Professional Practices The International Professional Practices Framework (IPPF) The role of The IIA s International

More information

RULEBOOK ON THE MANNER OF PERFORMING INTERNAL AUDIT OPERATIONS 3

RULEBOOK ON THE MANNER OF PERFORMING INTERNAL AUDIT OPERATIONS 3 Official Gazette of Republic of Macedonia, no. 72/03. RULEBOOK ON THE MANNER OF PERFORMING INTERNAL AUDIT OPERATIONS 3 Article 1 This Rulebook shall regulate the manner of performing internal audit operations

More information

Internal Audit Quality Assessment Framework

Internal Audit Quality Assessment Framework Internal Audit Quality Assessment Framework May 2013 Internal Audit Quality Assessment Framework May 2013 Crown copyright 2013 You may re-use this information (excluding logos) free of charge in any format

More information

Internal Auditing Guidelines

Internal Auditing Guidelines Internal Auditing Guidelines Recommendations on Internal Auditing for Lottery Operators Issued by the WLA Security and Risk Management Committee V1.0, March 2007 The WLA Internal Auditing Guidelines may

More information

Audit Committee 24 June 2013

Audit Committee 24 June 2013 Agenda Item No Audit Committee 24 June 2013 Public Sector Internal Audit Standards Summary of report: To update members on the new Public Sector Internal Audit Standards (PSIAS), that came into effect

More information

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE March 2012 Table of Contents Executive Summary... 1 Introduction... 1 Risk Management and Assurance (Assurance Services)... 1 Assurance Framework...

More information

Quality Assurance Checklist

Quality Assurance Checklist Internal Audit Foundations Standards 1000, 1010, 1100, 1110, 1111, 1120, 1130, 1300, 1310, 1320, 1321, 1322, 2000, 2040 There is an Internal Audit Charter in place Internal Audit Charter is in place The

More information

Internal Audit Charter. Version 1 (7 November 2013)

Internal Audit Charter. Version 1 (7 November 2013) Version 1 (7 November 2013) CONTENTS Details Page EXECUTIVE SUMMARY... 2 1. BACKGROUND... 3 10. PSIAS REQUIREMENTS... 3 12. DEFINITION OF THE CHIEF AUDIT EXECUTIVE (CAE)... 4 14. DEFINITION OF THE BOARD...

More information

Audit of the Test of Design of Entity-Level Controls

Audit of the Test of Design of Entity-Level Controls Audit of the Test of Design of Entity-Level Controls Canadian Grain Commission Audit & Evaluation Services Final Report March 2012 Canadian Grain Commission 0 Entity Level Controls 2011 Table of Contents

More information

Appendix 1. Internal Audit Charter

Appendix 1. Internal Audit Charter Appendix 1 Internal Audit Charter Subject to annual review by Head of Internal Audit Reported to Corporate Management Team and Audit Committee: February / March 2015 Introduction Appendix 1: Internal Audit

More information

Internal Audit Manual

Internal Audit Manual Internal Audit Manual Version 1.0 AUDIT AND EVALUATION SECTOR AUDIT AND ASSURANCE SERVICES BRANCH INDIAN AND NORTHERN AFFAIRS CANADA April 25, 2008 #933907 Acknowledgements The Institute of Internal Auditors

More information

INTERNAL QUALITY ASSESSMENT

INTERNAL QUALITY ASSESSMENT Chapter 4 INTERNAL QUALITY ASSESSMENT Overview Internal QAs are a critical element in the overall quality assurance and improvement program of an IA activity. The development and implementation of effective

More information

Internal Audit & the Audit Committee

Internal Audit & the Audit Committee HCCA Audit & Compliance Committee Conference October 2007 Internal Audit & the Audit Committee Glen C. Mueller, CPA, CIA, CISA, CISM Scripps Health, San Diego, CA VP-Chief Audit & Compliance Executive

More information

The Institute of Internal Auditors:

The Institute of Internal Auditors: The Government Accountability Office: Government Audit Standards The Institute of Internal Auditors: International Professional Practices Framework A COMPARISON A Acknowledgments Cecil Bragg, CGAP, CPA

More information

AUDIT COMMITTEE CHARTER

AUDIT COMMITTEE CHARTER AUDIT COMMITTEE CHARTER Purpose The Audit Committee ( Committee ) shall assist the Board of Directors (the Board ) in the oversight of (1) the integrity of the financial statements of the Company, (2)

More information

INTERNAL AUDIT CHARTER

INTERNAL AUDIT CHARTER INTERNAL AUDIT CHARTER Version Control Version No Author Date 1.1 Anna Wright Shared Services Senior Auditor September 2013 Contents 1 Introduction 1 2 Definitions 1 3 Purpose of Internal Audit 1 4 Scope

More information

INTERNAL AUDIT MANUAL

INTERNAL AUDIT MANUAL དང ལ ར ས ལ ན ཁག Internal Audit Manual INTERNAL AUDIT MANUAL Royal Government of Bhutan 2014 i i ii ii Internal Audit Manual དང ལ ར ས ལ ན ཁག ROYAL GOVERNMNET OF BHUTAN MINISTRY OF FINANCE TASHICHHO DZONG

More information

INTERNAL AUDIT DEPARTMENT POLICY MANUAL

INTERNAL AUDIT DEPARTMENT POLICY MANUAL Policy Manual Page 1 INTERNAL AUDIT DEPARTMENT POLICY MANUAL Revised: Page 1 Policy Manual Page 2 Table of Contents Page # Internal Audit Charter (Purpose, Authority, and Responsibility).. 3 University

More information

QA Work Paper Analysis

QA Work Paper Analysis QA Work Paper Analysis Part 1 Summary Audit No. 1 Audit No. 2 Audit No. 3 Audit No. 4 Audit No. 5

More information

Texas Windstorm Insurance Association & Texas FAIR Plan Association

Texas Windstorm Insurance Association & Texas FAIR Plan Association Texas Windstorm Insurance Association & Texas FAIR Plan Association Document Type: Charter Subject: Internal Audit Version 1.0 Approval Authority: TWIA Board of Directors and TFPA Governing Committee Responsible

More information

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT

More information

EXTERNAL QUALITY ASSESSMENT: A BUSINESS-FOCUSED QUALITY ASSESSMENT

EXTERNAL QUALITY ASSESSMENT: A BUSINESS-FOCUSED QUALITY ASSESSMENT Chapter 2 EXTERNAL QUALITY ASSESSMENT: A BUSINESS-FOCUSED QUALITY ASSESSMENT Overview of the External Quality Assessment Process Chapter 1 of this Quality Assessment Manual discusses the concepts of the

More information

SRI LANKA AUDITING STANDARD 220 QUALITY CONTROL FOR AUDIT WORK CONTENTS

SRI LANKA AUDITING STANDARD 220 QUALITY CONTROL FOR AUDIT WORK CONTENTS SRI LANKA AUDITING STANDARD 220 QUALITY CONTROL FOR AUDIT WORK (Effective for all the audits carried out on or after..) CONTENTS Paragraph Introduction 1-3 Audit Firm 4-7 Individual Audits 8-17 Compliance

More information

THE IIA S GLOBAL INTERNAL AUDIT COMPETENCY FRAMEWORK Career Map Alignment

THE IIA S GLOBAL INTERNAL AUDIT COMPETENCY FRAMEWORK Career Map Alignment THE IIA S GLOBAL INTERNAL AUDIT COMPETENCY FRAMEWORK Career Map Alignment Copyright 2014 by The Institute of Internal Auditors, Inc., ( The IIA ) strictly reserved. Any reproduction of The IIA name or

More information

CORPORATE GOVERNANCE GUIDELINES. (Adopted as of June 2, 2014)

CORPORATE GOVERNANCE GUIDELINES. (Adopted as of June 2, 2014) CORPORATE GOVERNANCE GUIDELINES (Adopted as of June 2, 2014) The following corporate governance guidelines have been approved and adopted by the Board of Directors (the Board ) of Arista Networks, Inc.

More information

Internal Audit Process Maturity.

Internal Audit Process Maturity. 19 Quality Assurance and Improvement Program Key Characteristics Chief Audit Executive establish and maintain a Quality Assurance and Improvement Program. The methodology upon which the Quality Assurance

More information

PRACTICE ADVISORIES FOR INTERNAL AUDIT

PRACTICE ADVISORIES FOR INTERNAL AUDIT Société Française de Réalisation, d'etudes et de Conseil Economics and Public Management Department PRACTICE ADVISORIES FOR INTERNAL AUDIT Tehnical Assistance to the Ministry of Finance for Development

More information

How quality assurance reviews can strengthen the strategic value of internal auditing*

How quality assurance reviews can strengthen the strategic value of internal auditing* How quality assurance reviews can strengthen the strategic value of internal auditing* PwC Advisory Internal Audit Table of Contents Situation Pg. 02 In response to an increased focus on effective governance,

More information

IMMUNOGEN, INC. CORPORATE GOVERNANCE GUIDELINES OF THE BOARD OF DIRECTORS

IMMUNOGEN, INC. CORPORATE GOVERNANCE GUIDELINES OF THE BOARD OF DIRECTORS IMMUNOGEN, INC. CORPORATE GOVERNANCE GUIDELINES OF THE BOARD OF DIRECTORS Introduction As part of the corporate governance policies, processes and procedures of ImmunoGen, Inc. ( ImmunoGen or the Company

More information

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français. Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance

More information

Annual Report on Internal Audit Activities. Finance & Audit Committee Meeting

Annual Report on Internal Audit Activities. Finance & Audit Committee Meeting Annual Report on Internal Audit Activities Finance & Audit Committee Meeting 2009 Annual Report TABLE OF CONTENTS Introduction... 3 Audit Program Analysis... 3 Effort Allocation... 3 Coverage... 3 People,

More information

IFAD Policy on Enterprise Risk Management

IFAD Policy on Enterprise Risk Management Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008

More information

Larry Laine, Deputy Land Commissioner and Chief Clerk. Annual Report on the Internal Audit Quality Assurance and Improvement Program

Larry Laine, Deputy Land Commissioner and Chief Clerk. Annual Report on the Internal Audit Quality Assurance and Improvement Program DATE: TO: FROM: SUBJECT: Larry Laine, Deputy Land Commissioner and Chief Clerk Tracey Hall, Deputy Commissioner of Internal Audit Annual Report on the Internal Audit The following report is presented in

More information

Internal Audit Charter. June 2016

Internal Audit Charter. June 2016 Internal Audit Charter June 2016 1 Introduction 1.1 The Internal Audit Charter is a formal document that defines Internal Audit s purpose, authority and responsibility. The charter establishes Internal

More information

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE Committee of Sponsoring Organizations of the Treadway Commission Governance and Internal Control LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE By The Institute of Internal Auditors Douglas J. Anderson

More information

THE OFFICE OF THE INTERNAL AUDITOR STATUS UPDATE MARCH 11, 2014

THE OFFICE OF THE INTERNAL AUDITOR STATUS UPDATE MARCH 11, 2014 THE OFFICE OF THE INTERNAL AUDITOR STATUS UPDATE MARCH 11, 2014 Since the last Audit Committee meeting, the OIA has focused on finalizing the execution of the 2013 Audit Plan and the development of the

More information

Public Sector Internal Audit Standards

Public Sector Internal Audit Standards Public Sector Internal Audit Standards Appendix 3 Report Type: Scorecard Report Report Author: Generated on: 28 May 2014 Public Sector Internal Audit Standards Definition of Internal Auditing and Code

More information

INTEGRATED SILICON SOLUTION, INC. CORPORATE GOVERNANCE PRINCIPLES. Effective January 9, 2015

INTEGRATED SILICON SOLUTION, INC. CORPORATE GOVERNANCE PRINCIPLES. Effective January 9, 2015 INTEGRATED SILICON SOLUTION, INC. CORPORATE GOVERNANCE PRINCIPLES Effective January 9, 2015 These principles have been adopted by the Board of Directors (the "Board") of Integrated Silicon Solution, Inc.

More information

J u n e 2 0 1 0. N a t i o n a l R e s e a r c h C o u n c i l C a n a d a. I n t e r n a l A u d i t, N R C. Audit of Risk Management.

J u n e 2 0 1 0. N a t i o n a l R e s e a r c h C o u n c i l C a n a d a. I n t e r n a l A u d i t, N R C. Audit of Risk Management. N a t i o n a l R e s e a r c h C o u n c i l C a n a d a Audit of Risk Management I n t e r n a l A u d i t, N R C J u n e 2 0 1 0 June 2010 i 1.0 Executive Summary and Conclusion Background This audit

More information

INTERNAL AUDIT CHARTER

INTERNAL AUDIT CHARTER INTERNAL AUDIT CHARTER 1000.00 Mission 1000.01 The mission of the Office of Internal Audit is to be an integral part of the governance of the University by providing independent, objective assurance that

More information

Public Sector Internal Audit Standards

Public Sector Internal Audit Standards Public Sector Internal Audit Standards Table of Contents Section 1 Introduction 3 Section 2 Applicability 6 Section 3 Definition of Internal Auditing 8 Section 4 Code of Ethics 9 Section 5 Standards 12

More information

The Institute of Internal Auditors 247 Maitland Avenue Altamonte Springs, FL 32701-4201 USA

The Institute of Internal Auditors 247 Maitland Avenue Altamonte Springs, FL 32701-4201 USA INTERNATIONAL Professional Practices Framework (IPPF) Disclosure Copyright 2009 by The Institute of Internal Auditors Research Foundation (IIARF), 247 Maitland Avenue, Altamonte Springs, Florida 32701-4201.

More information

1.1 Terms of Reference Y P N Comments/Areas for Improvement

1.1 Terms of Reference Y P N Comments/Areas for Improvement 1 Scope of Internal Audit 1.1 Terms of Reference Y P N Comments/Areas for Improvement 1.1.1 Do Terms of Reference: a) Establish the responsibilities and objectives of IA? b) Establish the organisational

More information

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation

More information

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing B o a r d of Governors of the Federal Reserve System Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing January 23, 2013 P U R P O S E This policy statement is being issued

More information

National Assembly for Wales Internal Audit Charter

National Assembly for Wales Internal Audit Charter National Assembly for Wales Internal Audit Charter Purpose 1.1 This charter is a high level statement of how internal audit will be delivered and developed and formally defines the purpose, authority and

More information

Audit of the Policy on Internal Control Implementation

Audit of the Policy on Internal Control Implementation Audit of the Policy on Internal Control Implementation Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada February 18, 2013 1 TABLE OF

More information

The IIA Standards: The IPPF Framework

The IIA Standards: The IPPF Framework The IIA Standards: The IPPF Framework S P E A K E R : D O T T. R O B E R TO R O S ATO C O U R S E O F B U S I N E S S A U D I T I N G U N I V E R S I T Y O F R O M E T O R V E R G A T A D E C E M B E R

More information

Public Sector Internal Audit Standards. Applying the IIA International Standards to the UK Public Sector

Public Sector Internal Audit Standards. Applying the IIA International Standards to the UK Public Sector Public Sector Internal Audit Standards Applying the IIA International Standards to the UK Public Sector Issued by the Relevant Internal Audit Standard Setters: In collaboration with: Public Sector Internal

More information

INTERNAL AUDIT SERVICES CHARTER

INTERNAL AUDIT SERVICES CHARTER INTERNAL AUDIT SERVICES CHARTER www.afrimat.co.za F2016 MISSION AND SCOPE OF WORK The mission of the Internal Audit Service ( IAS ) is to provide independent, risk based internal auditing and consulting

More information

Internal Audit and Advisory Services DRAFT

Internal Audit and Advisory Services DRAFT Internal Audit and Advisory Services DRAFT PAGE(S) Message from the Internal Audit and Advisory Services...1-2 Internal Audit and Advisory Services Plan...3-5 Objectives...6-7 Risk Assessment Process...8

More information

Internal Audit Charters

Internal Audit Charters Internal Audit Charters Part of a series of notes to help Centers review their own internal management processes from the point of view of managing risks and promoting good governance and value for money,

More information

Application of King III Corporate Governance Principles

Application of King III Corporate Governance Principles APPLICATION of KING III CORPORATE GOVERNANCE PRINCIPLES 2013 Application of Corporate Governance Principles This table is a useful reference to each of the principles and how, in broad terms, they have

More information

INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE

INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE CHARTERED INSTITUTE OF INTERNAL AUDIT DEFINITION OF INTERNAL AUDIT Internal auditing is an independent, objective assurance and consulting activity designed

More information

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS PURPOSE The Audit Committee (the Audit Committee ) is appointed by the Board of Directors (the Board ) of NVIDIA Corporation, a Delaware corporation

More information

OAC Presentation to UNESCO Member States

OAC Presentation to UNESCO Member States OAC Presentation to UNESCO Member States Scope and Purpose of Audit and Risk Committees 29 June 2016 1 Content: 1. Context 2. Audit and Risk Management in UNESCO today 3. Relationship between Entreprise

More information

Office of Internal Audit Annual Report Fiscal Year 2016

Office of Internal Audit Annual Report Fiscal Year 2016 Office of Internal Audit Annual Report Fiscal Year 2016 University of North Carolina Wilmington Office of Internal Audit 1 Message from the Chief Audit Executive Fiscal year 2016 (FY16) was a very successful

More information

HALOZYME THERAPEUTICS, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS ORGANIZATION AND MEMBERSHIP REQUIREMENTS

HALOZYME THERAPEUTICS, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS ORGANIZATION AND MEMBERSHIP REQUIREMENTS HALOZYME THERAPEUTICS, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS I. STATEMENT OF POLICY The Audit Committee (the Committee ) of the Board of Directors (the Board ) of Halozyme Therapeutics,

More information

Title Reference Status Date Internal Audit Department Charter

Title Reference Status Date Internal Audit Department Charter INTERNAL AUDIT DEPARTMENT CHARTER January 2014 Document control Title Reference Status Date Internal Audit Department Charter Version 0 Developed in NITA in Internal Audit Department Draft 1 Version 1

More information

HYDRO ONE GOVERNANCE AND CONTROL FRAMEWORK

HYDRO ONE GOVERNANCE AND CONTROL FRAMEWORK Filed: 0-- EB-0-0 Tab Page of HYDRO ONE GOVERNANCE AND CONTROL FRAMEWORK.0 OVERVIEW The Corporate Governance structure and Internal Control Framework of Hydro One Inc. provide assurance regarding Hydro

More information

INTERNAL AUDIT CHARTER

INTERNAL AUDIT CHARTER APPENDIX A INTERNAL AUDIT CHARTER Version Control Version No Author Date 1.2 Anna Wright September 2014 Senior Auditor 1.3 Lisa Cotton Senior Auditor August 2015 Contents 1 Introduction 1 2 Definitions

More information

Qualification in Internal Audit Leadership (QIAL ) Exam Syllabus

Qualification in Internal Audit Leadership (QIAL ) Exam Syllabus QIAL SYLLABUS MARCH 2015 Qualification in Internal Audit Leadership (QIAL ) Exam Syllabus The QIAL assessment comprises five sections: Case study 1*: Internal Audit Leadership (3 hours and 45 minutes)

More information

Natural Resources Canada Audit Branch. Practice Inspection Report. December 5, 2013

Natural Resources Canada Audit Branch. Practice Inspection Report. December 5, 2013 Natural Resources Canada Audit Branch Practice Inspection Report December 5, 2013 Natural Resources Canada Practice Inspection Report Purpose This document presents 1) the results of the Natural Resources

More information

AGENCY POLICY Effective Date: Revised Date: Revised Date:

AGENCY POLICY Effective Date: Revised Date: Revised Date: State of Oregon OREGON DEPARTMENT OF EDUCATION POLICY MANUAL AGENCY POLICY 581-111 Effective Date: 02-06-2007 Revised Date: 12-17-2007 Revised Date: 04-28-2008 APPROVED: Signature on File at ODE RE: Internal

More information

CITY OF MINNEAPOLIS INTERNAL AUDIT FUNCTION: QUALITY ASSESSMENT. And RECOMMENDATIONS

CITY OF MINNEAPOLIS INTERNAL AUDIT FUNCTION: QUALITY ASSESSMENT. And RECOMMENDATIONS CITY OF MINNEAPOLIS INTERNAL AUDIT FUNCTION: QUALITY ASSESSMENT And RECOMMENDATIONS Submitted By, Internal Audit Review Committee Katie Shea, Metropolitan Council Al Willie, University of Minnesota Cliff

More information

CHAPTER 5 PROFESSIONAL AUDITING STANDARDS AND THE AUDIT OPINION FORMULATION PROCESS

CHAPTER 5 PROFESSIONAL AUDITING STANDARDS AND THE AUDIT OPINION FORMULATION PROCESS A U D I T I N G A RISK-BASED APPROACH TO CONDUCTING A QUALITY AUDIT 9 th Edition Karla M. Johnstone Audrey A. Gramling Larry E. Rittenberg CHAPTER 5 PROFESSIONAL AUDITING STANDARDS AND THE AUDIT OPINION

More information

Public Sector Internal Audit Standards

Public Sector Internal Audit Standards Public Sector Internal Audit Standards Impact on Internal Audit & Audit Committee March 2014 Overview Common set of standards across the public sector Local government / central government / NHS Applying

More information

GUIDELINES ON INTERNAL CONTROL FOR LICENSED FINANCIAL INSTITUTIONS

GUIDELINES ON INTERNAL CONTROL FOR LICENSED FINANCIAL INSTITUTIONS GUIDELINES ON INTERNAL CONTROL FOR LICENSED FINANCIAL INSTITUTIONS Section 1.0 Introduction The guidelines set below form a minimum standard for internal audit unit/ section/ department of all operating

More information