The Framework for Quality Assurance

Similar documents
Establishing a Quality Assurance and Improvement Program

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

Effective Internal Audit in the Financial Services Sector

Practice guide. quality assurance and IMProVeMeNt PrograM

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization

EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW)

Public Sector Internal Audit Standards. Applying the IIA International Standards to the UK Public Sector

Public Sector Internal Audit Standards

Internal Audit Standards

The Institute of Internal Auditors 247 Maitland Avenue Altamonte Springs, FL USA

Standards for the Professional Practice of Internal Auditing

BOARD OF EDUCATION OF BALTIMORE COUNTY OFFICE OF INTERNAL AUDIT - OPERATIONS MANUAL INTERNAL AUDIT OPERATIONS MANUAL

Public Sector Internal Audit Standards. Applying the IIA International Standards to the UK Public Sector

INTERNAL AUDITING S ROLE IN SECTIONS 302 AND 404

Department of Audit and Compliance. Quality Self-Assessment

Larry Laine, Deputy Land Commissioner and Chief Clerk. Annual Report on the Internal Audit Quality Assurance and Improvement Program

INTERNAL AUDIT MANUAL

INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE

Professionalism does not occur overnight. Rather, it is a process that evolves out of focused commitment and dedication, ongoing study and

Internal Auditing Guidelines

PRACTICE ADVISORIES FOR INTERNAL AUDIT

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

INTERNATIONAL STANDARD ON AUDITING 610 USING THE WORK OF INTERNAL AUDITORS CONTENTS

The IIA Global Internal Audit Competency Framework

Internal Audit Charters

Internal Oversight Division Internal Audit Manual

THE BOARD S ROLE AND RESPONSIBILITIES OVER THE CONTROL ENVIRONMENT. Session 4

Quality Assurance Checklist

Texas Workforce Commission

IPPF Practice guide. MeasurINg INterNal audit effectiveness and efficiency

How quality assurance reviews can strengthen the strategic value of internal auditing*

Internal Audit Charter. Version 1 (7 November 2013)

The Role of Internal Audit in Risk Governance

OAC Presentation to UNESCO Member States

Internal Audit Manual

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

2012 Audit Plan. Finance, Audit and Facilities Committee Board of Regents. November 2011 ATTACHMENT

IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING

W. R. GRACE & CO. AUDIT COMMITTEE CHARTER

MARLIN MIDSTREAM GP, LLC AUDIT COMMITTEE CHARTER

MINNESOTA MUTUAL COMPANIES, INC. Guidelines of the Audit Committee of the Board of Directors

the role of the head of internal audit in public service organisations 2010

IIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL

Internal Audit Quality Assessment Framework

FAIRCHILD SEMICONDUCTOR INTERNATIONAL, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS (As Amended through December 11, 2013)

CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT

OUTSOURCING AND SERVICE AUDITOR S REPORTS

PRACTICE GUIDE. Formulating and Expressing Internal Audit Opinions

Oceaneering International, Inc. Audit Committee Charter

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

Sears Hometown and Outlet Stores, Inc. Audit Committee of the Board of Directors Charter

AMTRUST FINANCIAL SERVICES, INC. AUDIT COMMITTEE CHARTER

The Value of Quality Assurance and Improvement Programs

WELLTOWER INC AUDIT COMMITTEE CHARTER

The Compliance Universe

Internal Audit Charter

ISO 9001:2000 AUDIT CHECKLIST

The Procter & Gamble Company Board of Directors Audit Committee Charter

ALLEGIANT TRAVEL COMPANY AUDIT COMMITTEE CHARTER

Guide to Internal Audit

AUDIT COMMITTEE OF THE TRUSTEES TEXAS PACIFIC LAND TRUST CHARTER

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

august09 tpp Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper

PUBLIC STORAGE CORPORATE GOVERNANCE GUIDELINES AND TRUSTEES CODE OF ETHICS

Positioning the internal audit function within the Solvency II framework Key challenges. Ludovic Bardon Senior Manager Audit Deloitte Luxembourg

Audit Committee Institute Assessment of audit committees

Internal Audit Framework

HKIHRM HR PROFESSIONAL STANDARDS MODEL

GAO. Government Auditing Standards: Implementation Tool

Row Manufacturing Inc. Quality Manual ISO 9001:2008

Guidelines for Corporate Governance

CAMBRIDGE CITY COUNCIL

Guidance for audit committees. The internal audit function

The ADT Corporation. Audit Committee Charter. December 2014

Internal Audit Reporting Relationships: Serving Two Masters. The IIA Research Foundation

South East Water Corporation Finance Assurance and Risk Management Committee Charter

DNV GL Assessment Checklist ISO 9001:2015

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

Internal Audit and Advisory Services DRAFT

UNIVERSAL AMERICAN CORP. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

RESEARCH REPORT. Internal Audit Capabilities and Performance Levels in the Public Sector

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

GREAT PLAINS ENERGY INCORPORATED BOARD OF DIRECTORS CORPORATE GOVERNANCE GUIDELINES. Amended: December 9, 2014

Audit Committee Charter

INTERNAL AUDIT FRAMEWORK

Internal Audit Terms of Reference

QUAๆASSURANCE IN FINANCIAL AUDITING

THE ULTIMATE SOFTWARE GROUP, INC. AUDIT COMMITTEE OF THE BOARD OF DIRECTORS AMENDED AND RESTATED CHARTER

CORPORATE GOVERNANCE GUIDELINES

JAGUAR MINING INC. CORPORATE GOVERNANCE GUIDELINES

ULTRA CLEAN HOLDINGS, INC. a Delaware corporation (the Company ) Corporate Governance Guidelines As Amended and Restated on February 8, 2012

MISSION STATEMENT OBJECTIVES IN ACCOMPLISHING OUR MISSION

CENTRIS CONSULTING. Quality Control Manual

CHARTER FOR THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS SIGMA DESIGNS, INC. (As adopted by the Board of Directors effective as of May 2010)

Company s Audit and a Review of the Outside Auditor

Request for Proposal Research

Association of Local Government Auditors

RALLY SOFTWARE DEVELOPMENT CORP.

Transcription:

Chapter 1 The Framework for Quality Assurance O v e rv i e w One of internal audit s major assets is its credibility with stakeholders. To provide credible assistance and constructive challenge to management, internal auditors must be perceived as professionals. Professionalism requires conforming to a set of professional standards. This chapter provides an overview of The IIA s International Standards for the Professional Practice of Internal Auditing (Standards) and the other documents that make up the International Professional Practices Framework (IPPF). It explains how they have evolved as the profession has matured and how their application should be tailored to each organization without compromising conformance with the Standards. In particular, it presents and discusses the 1300 series of Standards that deals specifically with quality assurance. > 7

S ta n d a r d s Req u i r e Qua l i t y A s s u r a n c e Focus Chief audit executives (CAEs) need assurance that their internal audit department and each member of the staff conform to all mandatory elements of the IPPF, and they need to demonstrate this conformance to their stakeholders. The only way to meet these needs is with a comprehensive Quality Assurance and Improvement Program (QAIP) that includes ongoing and periodic internal assessments and periodic external assessments by qualified independent parties. Standards Have Evolved With the Profession 8 The steadily expanding scope and global reach of internal auditing has both been reflected in and fostered by changes in The IIA s Standards. The biggest change occurred in 1999 with a new definition of internal auditing and the development of the Professional Practices Framework, which became the IPPF in 2009. The definition adds consulting to internal audit s role and expands its scope from internal control to governance, risk management, and control processes. Evaluating risk management and governance processes is much more challenging and meaningful than control alone. It requires internal audit to operate at a higher, more strategic level. To operate at this level, internal auditors need a higher level of credibility with their stakeholders. Quality Assurance Has Evolved With the Standards The original Standards (1978) said the director of internal auditing should establish and maintain a quality assurance program that includes an external quality assessment (QA) every three years. The three-year time frame was chosen to be in line with guidance from the U.S. Government Accountability Office (U.S. GAO). In the 2002 revision of the Standards, The IIA changed the time frame to five years, as this was considered more appropriate for internal auditing. Quality Assessment Manual for the Internal Audit Activity

T h e IPPF Quality internal auditing is defined by the IPPF, which consists of mandatory and strongly recommended guidance. Mandatory Guidance 9 The mandatory guidance is considered to be essential for the professional practice of internal auditing. All mandatory guidance is submitted for review by the entire global profession through the exposure draft process. It consists of three components: Definition of Internal Auditing: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Code of Ethics: The Principles and Rules of Conduct that define ethical behavior for a professional internal auditor. International Standards for the Professional Practice of Internal Auditing: The Standards are the central criteria for internal and external quality assessments. Chapter One The Framework for Quality Assurance

Strongly Recommended Guidance The strongly recommended guidance helps internal auditors understand and apply the Standards. It may also point the way toward going beyond conformance to a higher level of adding value or address issues of concern not related to a specific standard. Practice Advisories and Practice Guides are available for IIA members on The IIA s websites: global. theiia.org and na.theiia.org. Position Papers are available to both members and nonmembers on the same websites. Practice Advisories assist internal auditors in applying the Definition of Internal Auditing, the Code of Ethics, and the Standards, and promoting best practices. Practice Advisories address internal audit s approach, methodologies, and consideration, but do not detail processes or procedures. They include practices relating to international, country, or industry-specific issues, specific types of engagements, and legal or regulatory issues. The References section of this Quality Assessment Manual contains a list of the guidance from the Practice Advisories related to quality assurance. 10 Practice Guides provide detailed guidance for conducting internal audit activities. They include processes and procedures, tools and techniques, programs, and step-by-step approaches, as well as examples of deliverables. Position Papers assist a wide range of interested parties including those not in the internal audit profession in understanding significant governance, risk, or control issues, and delineating the related roles and responsibilities of internal auditing. We include Standard 1300 in full because it defines the requirements for a quality assurance and improvement program. Please note that this is from the 2013 Standards revision. Please consult The IIA s website for the most current Standards. Quality Assessment Manual for the Internal Audit Activity

Standard 1300 Quality Assurance and Improvement Program 1300 Quality Assurance and Improvement Program The chief audit executive must develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. Interpretation: A quality assurance and improvement program is designed to enable an evaluation of the internal audit activity s conformance with the Definition of Internal Auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The program also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement. 1310 Requirements of the Quality Assurance and Improvement Program The quality assurance and improvement program must include both internal and external assessments. 11 1311 Internal Assessments Internal assessments must include: Ongoing monitoring of the performance of the internal audit activity; and Periodic self-assessments or assessments by other persons within the organization with sufficient knowledge of internal audit practices. Interpretation: Ongoing monitoring is an integral part of the day-to-day supervision, review, and measurement of the internal audit activity. Ongoing monitoring is incorporated into the routine policies and practices used to manage the internal audit activity and uses processes, tools, and information considered necessary to evaluate conformance with the Definition of Internal Auditing, the Code of Ethics, and the Standards. Chapter One The Framework for Quality Assurance

Periodic assessments are conducted to evaluate conformance with the Definition of Internal Auditing, the Code of Ethics, and the Standards. Sufficient knowledge of internal audit practices requires at least an understanding of all elements of the International Professional Practices Framework. 1312 External Assessments External assessments must be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the organization. The chief audit executive must discuss with the board: The form and frequency of external assessments; and The qualifications and independence of the external assessor or assessment team, including any potential conflict of interest. Interpretation: 12 External assessments can be in the form of a full external assessment, or a self-assessment with independent external validation. A qualified assessor or assessment team demonstrates competence in two areas: the professional practice of internal auditing and the external assessment process. Competence can be demonstrated through a mixture of experience and theoretical learning. Experience gained in organizations of similar size, complexity, sector or industry, and technical issues is more valuable than less relevant experience. In the case of an assessment team, not all members of the team need to have all the competencies; it is the team as a whole that is qualified. The chief audit executive uses professional judgment when assessing whether an assessor or assessment team demonstrates sufficient competence to be qualified. An independent assessor or assessment team means not having either a real or an apparent conflict of interest and not being a part of, or under the control of, the organization to which the internal audit activity belongs. Quality Assessment Manual for the Internal Audit Activity

1320 Reporting on the Quality Assurance and Improvement Program The chief audit executive must communicate the results of the quality assurance and improvement program to senior management and the board. Interpretation: The form, content, and frequency of communicating the results of the quality assurance and improvement program is established through discussions with senior management and the board and considers the responsibilities of the internal audit activity and chief audit executive as contained in the internal audit charter. To demonstrate conformance with the Definition of Internal Auditing, the Code of Ethics, and the Standards, the results of external and periodic internal assessments are communicated upon completion of such assessments and the results of ongoing monitoring are communicated at least annually. The results include the assessor s or assessment team s assessment with respect to the degree of conformance. 1321 Use of Conforms with the International Standards for the Professional Practice of Internal Auditing 13 The chief audit executive may state that the internal audit activity conforms with the International Standards for the Professional Practice of Internal Auditing only if the results of the quality assurance and improvement program support this statement. Interpretation: The internal audit activity conforms with the Standards when it achieves the outcomes described in the Definition of Internal Auditing, Code of Ethics, and Standards. The results of the quality assurance and improvement program include the results of both internal and external assessments. All internal audit activities will have the results of internal assessments. Internal audit activities in existence for at least five years will also have the results of external assessments. Chapter One The Framework for Quality Assurance

1322 Disclosure of Nonconformance When nonconformance with the Definition of Internal Auditing, the Code of Ethics, or the Standards impacts the overall scope or operation of the internal audit activity, the chief audit executive must disclose the nonconformance and the impact to senior management and the board. A p p l i c at i o n o f t h e IPPF The IPPF is the foundation of quality internal auditing. It is equally applicable to all, but the practice of internal auditing must be adapted to such factors as an organization s legal, regulatory and cultural environment, industry, size, and stakeholder expectations. The CAE must adapt internal auditing to the organization s environment while still conforming to the Standards and assessors should take this adaptation into consideration. Figure 1-1 from The IIA s 2010 Common Body of Knowledge (CBOK) report provides useful perspective on some of the specific factors that must be considered. 14 Internal auditing may be less mature in emerging countries, privately held (not listed) companies, not-for-profits, small companies, and organizations with a relatively new internal audit activity. At the same time, many mature internal audit activities have achieved Generally Conforms on The IIA s standard quality assessment rating system (Generally Conforms/Partially Conforms/Does Not Conform) and would like a higher rating to strive for or to recognize their outstanding practices. For any of these organizations, a maturity model might be used to compliment or replace the standard rating system. Examples of maturity models are available on the Internet, and additional IIA guidance on this topic was anticipated at the time of this writing. Quality Assessment Manual for the Internal Audit Activity

Value of Internal Auditing Determined by Perceived contribution to governance, risk management, and control processes by the internal audit activity, the board of directors, senior management, and other stakeholders. Measured and affected by IA performance measures. Evaluator of IA performance. Affected by Laws and Regulations Corporate Governance Structure, Audit Committee IA Activity Characteristics History Planning Audit strategy Tools, skills, & competencies Role changes IA Standards Use Level of compliance Adequacy QAIP External quality assessment Audit Activities Scope Audit report content Communication of findings Follow-up of corrective actions Organizational Characteristics Region Total employees Total assets Total revenue or budget Industry type Scope of operations Respondent Characteristics Age Gender Highest level of education Academic major Position Professional experience Professional certification Total years as CAE Line of reporting 40 hours of formal training 15 IC report frequency, content, etc. Interaction/ Communication Formal IA activity charter/ strategy, etc. Appointment of CAE Appointment of IA service provider In-house or outsourcing Figure 1-1: Conceptual Framework for Measuring Internal Auditing s Value Chapter One The Framework for Quality Assurance

Q ua l i t y Assurance and I m p r o v e m e n t Pr o g r a m Quality requires monitoring and continuous improvement. The required elements of the QAIP are ongoing monitoring and periodic internal and external quality assessments. Internal Quality Assessment Internal assessments comprise ongoing monitoring of the internal audit activity, coupled with periodic self-assessments. These internal assessments should be conducted by persons within the internal audit activity under the direction of the CAE. The lack of independence must be recognized. The CAE should select and support the internal assessor(s) to ensure the greatest degree of objectivity possible. Internal assessments must include: 16 1. Ongoing monitoring of the performance of the internal audit activity; 2. Periodic self-assessment or assessments by other persons within the organization with sufficient knowledge of internal audit practices. External Quality Assessment External quality assessments can be performed in two ways: 1. A full assessment by a qualified, independent reviewer or review team; 2. A self-assessment with independent validation by a qualified, independent reviewer or review team. Assessments are typically performed by a team hired for that purpose. If budget constraints are an issue, another option for completing a full assessment is through a peer assessment performed between at least three independent organizations, in which each internal audit activity is assessed by a team from the other organizations. The elements of a QAIP are discussed more fully in the next chapters. Quality Assessment Manual for the Internal Audit Activity

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information