STUDY UNIT TWO INTERNAL AUDIT PROFICIENCY, DUE CARE, AND QUALITY ASSURANCE

Similar documents
Practice guide. quality assurance and IMProVeMeNt PrograM

MISSION STATEMENT OBJECTIVES IN ACCOMPLISHING OUR MISSION

Establishing a Quality Assurance and Improvement Program

The Framework for Quality Assurance

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

Standards for the Professional Practice of Internal Auditing

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization

BOARD OF EDUCATION OF BALTIMORE COUNTY OFFICE OF INTERNAL AUDIT - OPERATIONS MANUAL INTERNAL AUDIT OPERATIONS MANUAL

Quality Assurance Checklist

INTERNAL AUDITING POLICIES AND PROCEDURES MANUAL

Department of Audit and Compliance. Quality Self-Assessment

Public Sector Internal Audit Standards. Applying the IIA International Standards to the UK Public Sector

Public Sector Internal Audit Standards. Applying the IIA International Standards to the UK Public Sector

Public Sector Internal Audit Standards

Internal Audit Standards

Positioning the internal audit function within the Solvency II framework Key challenges. Ludovic Bardon Senior Manager Audit Deloitte Luxembourg

INTERNAL AUDITING S ROLE IN SECTIONS 302 AND 404

Internal Audit Manual

Effective Internal Audit in the Financial Services Sector

INTERNATIONAL STANDARD ON ASSURANCE ENGAGEMENTS 3000 ASSURANCE ENGAGEMENTS OTHER THAN AUDITS OR REVIEWS OF HISTORICAL FINANCIAL INFORMATION CONTENTS

INTERNATIONAL STANDARD ON AUDITING 620 USING THE WORK OF AN AUDITOR S EXPERT CONTENTS

Corporate Governance Code for Banks

How quality assurance reviews can strengthen the strategic value of internal auditing*

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

Internal Auditing Guidelines

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

The Institute of Internal Auditors 247 Maitland Avenue Altamonte Springs, FL USA

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

INTERNAL AUDIT MANUAL

august09 tpp Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper

ISA 620, Using the Work of an Auditor s Expert. Proposed ISA 500 (Redrafted), Considering the Relevance and Reliability of Audit Evidence

Control Environment Questionnaire

IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING

Internal Audit Framework

Audit and Risk Committee Charter. 1. Membership of the Committee. 2. Administrative matters

INTERNATIONAL FRAMEWORK FOR ASSURANCE ENGAGEMENTS CONTENTS

PRACTICE GUIDE. Formulating and Expressing Internal Audit Opinions

APES 320 Quality Control for Firms

CAMBRIDGE CITY COUNCIL

Response to the IFAC Part 2, SMO Self-Assessment Questionnaire

INTERNAL AUDIT FRAMEWORK

Internal Audit Quality Assessment Framework

Effective Internal Audit in the Financial. Services Sector. Non Executive Directors (NEDs) and the Management of Risk

Internal Audit Charters

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

INTERNATIONAL STANDARD ON ASSURANCE ENGAGEMENTS (ISAE) 3402 ASSURANCE REPORTS ON CONTROLS AT A SERVICE ORGANIZATION

GAO. Government Auditing Standards: Implementation Tool

The Role of Internal Audit in Risk Governance

How To Comply With The Law Of The Firm

CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT

Internal Audit and Advisory Services DRAFT

INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE

Data Analysis: The Cornerstone of Effective Internal Auditing. A CaseWare Analytics Research Report

How To Ensure That A Quality Control System Is Working Properly

STATEMENT OF CORPORATE GOVERNANCE GUIDELINES

(Effective as of December 15, 2009) CONTENTS

Internal Audit Charter. Version 1 (7 November 2013)

Audit Quality Assurance Policies. Auditor-Controller/Treasurer-Tax Collector. Financial Reporting and Audits Division. Audit Unit

National Commission for Academic Accreditation & Assessment. Standards for Quality Assurance and Accreditation of Higher Education Institutions

U & D COAL LIMITED A.C.N BOARD CHARTER

JSE Accredited to Audit JSE Listed Companies

Chapter 5 Responsibilities of the Board of Directors Structure of the Board

International Forum of Independent Audit Regulators Report on 2014 Survey of Inspection Findings March 3, 2015

Internal Oversight Division Internal Audit Manual

Quality Assurance. Policy P7

Practical Experience Requirements Initial Professional Development for Professional Accountants

Financial Management Framework >> Overview Diagram

Audit Quality Thematic Review

PRACTICE ADVISORIES FOR INTERNAL AUDIT

Review of an SMSF audit engagement questionnaire

Performance Measures for Internal Auditing

How To Be A Successful Businessperson

CHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems

Larry Laine, Deputy Land Commissioner and Chief Clerk. Annual Report on the Internal Audit Quality Assurance and Improvement Program

QUALITY ASSURANCE POLICY

EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW)

STATEMENT OF VALUES AND CODE OF ETHICS

THE OPTIONS CLEARING CORPORATION BOARD OF DIRECTORS CORPORATE GOVERNANCE PRINCIPLES

FINAL DOCUMENT. Guidelines for Regulatory Auditing of Quality Management Systems of Medical Device Manufacturers Part 1: General Requirements

1.1 Terms of Reference Y P N Comments/Areas for Improvement

Lead Internal Auditor

Corporate Governance Guidelines of Ferrellgas, Inc., as the general partner of Ferrellgas Partners, L.P.

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

PART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2

Compilation of Financial Statements

Documents and Policies Pertaining to Corporate Governance

APPENDIX: CHECKLIST COMPLIANCE WITH THE CODE

DATA ANALYSIS: THE CORNERSTONE OF EFFECTIVE INTERNAL AUDITING. A CaseWare IDEA Research Report

Internal Controls and Financial Accountability for Not-for-Profit Boards NEW YORK STATE OFFICE. of the ATTORNEY GENERAL.

Quality Control for an Engagement Conducted in Accordance With Generally Accepted Auditing Standards

CORPORATE GOVERNANCE GUIDELINES

FRAMEWORK FOR THE PREPARATION OF ACCOUNTS. Best Practice Guidance

Proposed Consequential and Conforming Amendments to Other ISAs

APES GN 30 Outsourced Services

Self-Assessment Duval County School System. Level 3. Level 3. Level 3. Level 4

THE OFFICE OF THE INTERNAL AUDITOR STATUS UPDATE MARCH 11, 2014

INTERNATIONAL STANDARD ON AUDITING 800 SPECIAL CONSIDERATIONS AUDITS OF FINANCIAL STATEMENTS PREPARED IN ACCORDANCE WITH SPECIAL PURPOSE FRAMEWORKS

INTERNATIONAL STANDARD ON AUDITING 250 CONSIDERATION OF LAWS AND REGULATIONS IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

NETGEAR, INC. CODE OF BUSINESS ETHICS AND CONFLICT OF INTEREST POLICY FOR DIRECTORS, OFFICERS AND KEY EMPLOYEES

Transcription:

STUDY UNIT TWO INTERNAL AUDIT PROFICIENCY, DUE CARE, AND QUALITY ASSURANCE 1 2.1 Auditor Proficiency....................................................... 1 2.2 Use of External Service Providers............................................ 3 2.3 Due Professional Care and Continuing Professional Development................... 4 2.4 Quality Assurance and Improvement Program.................................. 6 2.5 Internal Assessments..................................................... 7 2.6 External Assessments..................................................... 8 2.7 Reporting on Quality Assurance............................................. 9 The 18 Attribute Standards contained in the IPPF concern the attributes of organizations and individuals providing internal auditing services. Numbers 1000 through 1130 were discussed in Study Unit 1. Numbers 1200 through 1322 are covered in this study unit. 2.1 AUDITOR PROFICIENCY Attribute Standard 1200 Proficiency and Due Care Engagements must be performed with proficiency and due professional care. 1. Shared and Ultimate Responsibility a. The CAE s ultimate responsibility for, and the ethical necessity of, proficiency are described in Practice Advisory 1200-1, Proficiency and Due Professional Care: 1) Proficiency and due professional care are the responsibility of the chief audit executive (CAE) and each internal auditor. As such, the CAE ensures that persons assigned to each engagement collectively possess the necessary knowledge, skills, and other competencies to conduct the engagement appropriately (para. 1). 2) Due professional care includes conforming with the Code of Ethics... (para. 2). b. The attributes of proficiency and due care also are covered individually in the Standards. Attribute Standard 1210 Proficiency Internal auditors must possess the knowledge, skills, and other competencies needed to perform their individual responsibilities. The internal audit activity collectively must possess or obtain the knowledge, skills, and other competencies needed to perform its responsibilities. 1) This Standard requires only that the internal audit activity as a whole, not each auditor individually, be proficient in all necessary areas. Responses to this requirement will be discussed in more detail in Subunit 2.2.

2 SU 2: Internal Audit Proficiency, Due Care, and Quality Assurance 2. Components of Auditor Proficiency a. The IIA describes four levels of professional competence in Practice Advisory 1210-1, Proficiency: proficiency, knowledge, understanding, and appreciation: 1) Proficiency means the ability to apply knowledge to situations likely to be encountered and to deal with them appropriately without extensive recourse to technical research and assistance. a) All internal auditors must have proficiency in applying i) Internal audit standards, procedures, and techniques in performing engagements ii) Accounting principles and techniques if internal auditors work extensively with financial records and reports (para. 1) 2) Knowledge is not defined in Practice Advisory 1210-1. a) The internal auditor must have knowledge i) To identify the indicators of fraud ii) Of key information technology risks and controls and available technology-based audit techniques (para. 1) 3) An understanding means the ability to apply broad knowledge to situations likely to be encountered, to recognize significant deviations, and to research reasonable solutions. a) The internal auditor must have an understanding of i) Management principles to recognize and evaluate the materiality and significance of deviations from good business practices (para. 1) 4) An appreciation means the ability to recognize the existence of problems or potential problems and to identify the additional research to be undertaken or the assistance to be obtained. a) The internal auditor must have an appreciation of i) The fundamentals of business subjects such as accounting, economics, commercial law, taxation, finance, quantitative methods, information technology, risk management, and fraud (para. 1). Memory aids: We offer the following to help you associate the appropriate subject matter with the requisite level of recognition. P = Proficiency with Produce U = Understanding of Unbelievable I = Internal Instant M = Management Mounted A = Audit Art P = Principles Police S = Standards, etc. Sanctuary A = Appreciation of Appreciate your K = Knowledge of Knock A = Accounting and Accounting F = Fraud and Forcefully E = Economics, etc. Education I = Information In T = Technology Terror

SU 2: Internal Audit Proficiency, Due Care, and Quality Assurance 3 b. Practice Advisory 1210-1 also lists specific skills. 1) Skills in dealing with people, understanding human relations, and maintaining satisfactory relationships with engagement clients. 2) Skills in oral and written communications to clearly and effectively convey such matters as engagement objectives, evaluations, conclusions, and recommendations (para. 1). 2.2 USE OF EXTERNAL SERVICE PROVIDERS 1. Outsourcing and Cosourcing a. An organization may outsource none, all, or some of the functions of the internal audit activity. However, oversight of and responsibility for the internal audit activity must not be outsourced. 1) Regardless of the degree of outsourcing, services must still be performed in accordance with the Standards, and the guidance for obtaining external service providers should be followed. b. Outsourcing alternatives include 1) Partial or total external sourcing on an ongoing basis 2) Cosourcing for a specific engagement or on an ongoing basis 2. CAE s Responsibility a) Cosourcing is performance by internal audit staff of joint engagements with external service providers (Position Paper, The Role of Internal Auditing in Resourcing the Internal Audit Activity). a. The following Implementation Standard requires the use of expertise from outside the internal audit activity during assurance engagements when the internal auditors lack the necessary expertise. Implementation Standard 1210.A1 The chief audit executive must obtain competent advice and assistance if the internal auditors lack the knowledge, skills, or other competencies needed to perform all or part of the engagement. 1) As mentioned earlier, not all internal audit staff will be proficient in all areas. When necessary, the CAE can obtain necessary knowledge, skills, and competencies from external service providers. 3. Guidelines for Use of Non-Internal Audit Personnel a. The IIA provides detailed guidance in Practice Advisory 1210.A1-1, Obtaining External Service Providers to Support or Complement the Internal Audit Activity: 1) Each member of the internal audit activity need not be qualified in all disciplines. The internal audit activity may use external service providers or internal resources that are qualified in disciplines such as accounting, auditing, economics, finance, statistics, information technology, engineering, taxation, law, environmental affairs, and other areas as needed to meet the internal audit activity s responsibilities (para. 1). 4. External Service Providers a. Qualified external service providers (ESPs) may be recruited from many sources, such as the external audit firm, an external consulting firm, or a university. b. However, an ESP associated with the engagement client is unacceptable because the person would not be independent or objective.

4 SU 2: Internal Audit Proficiency, Due Care, and Quality Assurance 2.3 DUE PROFESSIONAL CARE AND CONTINUING PROFESSIONAL DEVELOPMENT Attribute Standard 1220 Due Professional Care Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor. Due professional care does not imply infallibility. 1. Due Care in Practice a. The IIA provides specifics about the application of due care in Practice Advisory 1220-1, Due Professional Care: 1) Exercising due professional care involves internal auditors being alert to the possibility of fraud, intentional wrongdoing, errors and omissions, inefficiency, waste, ineffectiveness, and conflicts of interest, as well as being alert to those conditions and activities where irregularities are most likely to occur (para. 1). 2) Due professional care implies reasonable care and competence, not infallibility or extraordinary performance. As such, due professional care requires the internal auditor to conduct examinations and verifications to a reasonable extent. Accordingly, internal auditors cannot give absolute assurance that noncompliance or irregularities do not exist. Nevertheless, the possibility of material irregularities or noncompliance needs to be considered whenever an internal auditor undertakes an internal audit assignment (para. 2). b. The following Implementation Standards provide guidance for the application of due care during assurance engagements. Implementation Standard 1220.A1 Internal auditors must exercise due professional care by considering the Extent of work needed to achieve the engagement s objectives; Relative complexity, materiality, or significance of matters to which assurance procedures are applied; Adequacy and effectiveness of governance, risk management, and control processes; Probability of significant errors, fraud, or noncompliance; and Cost of assurance in relation to potential benefits. Implementation Standard 1220.A2 In exercising due professional care internal auditors must consider the use of technology-based audit and other data analysis techniques. Implementation Standard 1220.A3 Internal auditors must be alert to the significant risks that might affect objectives, operations, or resources. However, assurance procedures alone, even when performed with due professional care, do not guarantee that all significant risks will be identified.

SU 2: Internal Audit Proficiency, Due Care, and Quality Assurance 5 c. Any unexpected results from analytical procedures should be investigated and adequately explained. d. Due professional care can be demonstrated if the auditor acted as any other auditor would have, given the same facts and circumstances. 2. Continuing Professional Development a. The IIA requires internal auditors to continue expanding their knowledge and abilities throughout their careers. b. More guidance is found in Practice Advisory 1230-1, Continuing Professional Development: 1) Internal auditors are responsible for continuing their education to enhance and maintain their proficiency. a) Internal auditors need to stay informed about improvements and current developments in internal audit standards, procedures, and techniques, including The IIA s International Professional Practices Framework guidance. b) Continuing professional education (CPE) may be obtained through membership, participation, and volunteering in professional organizations such as The IIA; attendance at conferences, seminars, and in-house training programs; completion of college and self-study courses; and involvement in research projects (para. 1). i) Author s note: Continuing professional development is the responsibility of each internal auditor. However, the CAE is uniquely positioned to encourage internal audit staff in this pursuit. 2) Internal auditors are encouraged to demonstrate their proficiency by obtaining appropriate professional certification, such as the Certified Internal Auditor designation, other designations offered by The IIA, and additional designations related to internal auditing (para. 2). 3) Internal auditors are encouraged to pursue CPE (related to their organization s activities and industry) to maintain their proficiency with regard to the governance, risk, and control processes of their unique organization (para. 3). 4) Internal auditors who perform specialized audit and consulting work such as information technology, tax, actuarial, or systems design may undertake specialized CPE to allow them to perform their internal audit work with proficiency (para. 4). 5) Internal auditors with professional certifications are responsible for obtaining sufficient CPE to satisfy requirements related to the professional certification held (para. 5). Attribute Standard 1230 Continuing Professional Development Internal auditors must enhance their knowledge, skills, and other competencies through continuing professional development.

6 SU 2: Internal Audit Proficiency, Due Care, and Quality Assurance 2.4 QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Attribute Standard 1300 Quality Assurance and Improvement Program The chief audit executive must develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. 1. Quality Assurance and Improvement Program (QAIP) a. To provide guidance for internal audit activities in the continuous examination of their processes and efforts to meet the needs of stakeholders, The IIA has issued Practice Advisory 1300-1, Quality Assurance and Improvement Program: 1) The chief audit executive (CAE) is responsible for establishing an internal audit activity whose scope of work includes the activities in the Standards and in the Definition of Internal Auditing. To ensure that this occurs, Standard 1300 requires that the CAE develop and maintain a quality assurance and improvement program (QAIP) (para. 1). 2) The CAE is accountable for implementing processes designed to provide reasonable assurance to the various stakeholders that the internal audit activity: a) Performs in accordance with the internal audit charter, which is consistent with the Definition of Internal Auditing, the Code of Ethics, and the Standards. b) Operates in an effective and efficient manner. c) Is perceived by those stakeholders as adding value and improving the organization s operations. These processes include appropriate supervision, periodic internal assessments and ongoing monitoring of quality assurance, and periodic external assessments (para. 2). Attribute Standard 1310 Requirements of the Quality Assurance and Improvement Program The quality assurance and improvement program must include both internal and external assessments. b. Further specifics are provided in Practice Advisory 1310-1, Requirements of the Quality Assurance and Improvement Program: 1) A quality assurance and improvement program (QAIP) is an ongoing and periodic assessment of the entire spectrum of audit and consulting work performed by the internal audit activity. These ongoing and periodic assessments are composed of rigorous, comprehensive processes; continuous supervision and testing of internal audit and consulting work; and periodic validations of conformance with the Definition of Internal Auditing, the Code of Ethics, and the Standards. This also includes ongoing measurements and analyses of performance metrics (e.g., internal audit plan accomplishment, cycle time, recommendations accepted, and customer satisfaction). If the assessments results indicate areas for improvement by the internal audit activity, the chief audit executive (CAE) will implement the improvements through the QAIP (para. 1).

SU 2: Internal Audit Proficiency, Due Care, and Quality Assurance 7 2) Assessments evaluate and conclude on the quality of the internal audit activity and lead to recommendations for appropriate improvements. QAIPs include an evaluation of: a) Conformance with the Definition of Internal Auditing, the Code of Ethics, and the Standards, including timely corrective actions to remedy any significant instances of nonconformance. b) Adequacy of the internal audit activity s charter, goals, objectives, policies, and procedures. c) Contribution to the organization s governance, risk management, and control processes. d) Compliance with applicable laws, regulations, and government or industry standards. e) Effectiveness of continuous improvement activities and adoption of best practices. f) The extent to which the internal audit activity adds value and improves the organization s operations (para. 2). 3) The QAIP efforts also include follow-up on recommendations involving appropriate and timely modification of resources, technology, processes, and procedures (para. 3). 2.5 INTERNAL ASSESSMENTS Internal assessments must include: Attribute Standard 1311 Internal Assessments Ongoing monitoring of the performance of the internal audit activity; and Periodic reviews performed through self-assessment or by other persons within the organization with sufficient knowledge of internal audit practices. 1. Internal Assessments a. Further specifics are provided in Practice Advisory 1311-1, Internal Assessment: 1) The processes and tools used in ongoing internal assessments include: a) Engagement supervision, b) Checklists and procedures (e.g., in an audit and procedures manual) are being followed, c) Feedback from audit customers and other stakeholders, d) Selective peer reviews of workpapers by staff not involved in the respective audits, e) Project budgets, timekeeping systems, audit plan completion, and cost recoveries, and/or f) Analyses of other performance metrics (such as cycle time and recommendations accepted) (para. 1). 2) The chief audit executive (CAE) establishes a structure for reporting results of internal assessments that maintains appropriate credibility and objectivity. Generally, those assigned responsibility for conducting ongoing and periodic reviews, report to the CAE while performing the reviews and communicate results directly to the CAE (para. 7).

8 SU 2: Internal Audit Proficiency, Due Care, and Quality Assurance 3) At least annually, the CAE reports the results of internal assessments, necessary action plans, and their successful implementation to senior management and the board (para. 8). 2.6 EXTERNAL ASSESSMENTS Attribute Standard 1312 External Assessments External assessments must be conducted at least once every 5 years by a qualified, independent reviewer or review team from outside the organization. The chief audit executive must discuss with the board The need for more frequent external assessments. The qualifications and independence of the external reviewer or review team, including potential conflict of interest. 1. External Assessments a. External assessments provide an independent and objective evaluation of the internal audit activity s compliance with the Standards and Code of Ethics. b. Further specifics are provided in Practice Advisory 1312-1, External Assessments: 1) External assessments cover the entire spectrum of audit and consulting work performed by the internal audit activity and should not be limited to assessing its quality assurance and improvement program (para. 1). 2) External assessments of an internal audit activity contain an expressed opinion as to the entire spectrum of assurance and consulting work performed (or that should have been performed based on the internal audit charter) by the internal audit activity, including its conformance with the Definition of Internal Auditing, the Code of Ethics, and the Standards and, as appropriate, includes recommendations for improvement (para. 2). 3) On completion of the review, a formal communication is to be given to senior management and the board (para. 3). 4) Individuals who perform the external assessment are free from any obligation to, or interest in, the organization whose internal audit activity is the subject of the external assessment or the personnel of such organization (para. 5). 5) The external assessment consists of a broad scope of coverage that includes the following elements of the internal audit activity: a) Conformance with the Definition of Internal Auditing; the Code of Ethics; and the Standards; and the internal audit activity s charter, plans, policies, procedures, practices, and applicable legislative and regulatory requirements, b) Expectations of the internal audit activity expressed by the board, senior management, and operational managers, c) Integration of the internal audit activity into the organization s governance process, including the relationships between and among the key groups involved in the process, d) Tools and techniques employed by the internal audit activity, e) Mix of knowledge, experience, and disciplines within the staff, including staff focus on process improvement, and f) Determination as to whether or not the internal audit activity adds value and improves the organization s operations (para. 10).

SU 2: Internal Audit Proficiency, Due Care, and Quality Assurance 9 2.7 REPORTING ON QUALITY ASSURANCE 1. Reporting Results a. Senior management and the board must be kept informed about the degree to which the internal audit activity achieves the degree of professionalism required by The IIA. Attribute Standard 1320 Reporting on the Quality Assurance and Improvement Program The chief audit executive must communicate the results of the quality assurance and improvement program to senior management and the board. b. The IIA addresses the frequency of reporting on the QAIP with this excerpt from the Interpretation of Standard 1320: To demonstrate conformance with the Definition of Internal Auditing, the Code of Ethics, and the Standards, the results of external and periodic internal assessments are communicated upon completion of such assessments and the results of ongoing monitoring are communicated at least annually. 2. Importance of Conforming with the Standards a. The internal audit activity cannot claim to comply with the Standards unless it has a successfully functioning QAIP. Attribute Standard 1321 Use of Conforms with the International Standards for the Professional Practice of Internal Auditing The chief audit executive may state that the internal audit activity conforms with the International Standards for the Professional Practice of Internal Auditing only if the results of the quality assurance and improvement program support this statement. 3. Importance of Reporting Nonconformance a. The internal audit activity is a crucial part of the modern complex organization s governance processes. Senior management and the board must be informed when an assessment discovers a significant degree of nonconformance. Attribute Standard 1322 Disclosure of Nonconformance When nonconformance with the Definition of Internal Auditing, the Code of Ethics, or the Standards impacts the overall scope or operation of the internal audit activity, the chief audit executive must disclose the nonconformance and the impact to senior management and the board. b. Nonconformance of this type refers to the overall internal audit activity and not to specific engagements.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information