Institute of Internal Auditors - Revised Standards 2017

modern office.jpg
By Alan Simpson CA

2 August 2017

The Institute of Internal Auditors (IIA Global) has developed standards and guidance for the practice of internal audit.

These are collectively known in the UK as the International Professional Practices Framework (“IPPF”). The IPPF includes mandatory guidance, comprised of the Core Principles, Definition, Code of Ethics and Standards, as well as supplemental recommended guidance.

Whilst observance of the Standards is mandatory on all member of the IIA, ICAS members who work in internal audit and who are not also IIA members will find them of considerable interest. The current edition was revised in October 2016 and is effective from 1 January 2017.

What do the Internal Auditing Standards consist of?

The Standards can be found on the IIA website and are described there as:

“A set of principles-based, mandatory requirements consisting of:

  • Statements of core requirements for the professional practice of internal auditing and for evaluating the effectiveness of performance that are internationally applicable at organizational and individual levels.
  • Interpretations clarifying terms or concepts within the Standards.”

The Standards consist of two categories, attribute standards and performance standards, which both apply to all internal audit services. Most of the standards are quite short in length.

(a) Attribute Standards

Attribute Standards

Cover the attributes of organisations and individuals carrying out internal auditing and comprise:

No.

IIA Standard No.

Title

1

1000

Purpose, Authority, and Responsibility

2

1010

Recognizing Mandatory Guidance in the Internal Audit Charter

3

1100

Independence and Objectivity

4

1110

Organisational Independence

5

1111

Direct Interaction with the Board

6

1112

Chief Executive Roles Beyond Internal Auditing

7

1120

Individual Objectivity

8

1130

Impairment to Independence or Objectivity

9

1200

Proficiency and Due Professional Care

10

1210

Proficiency

11

1220

Due Professional Care

12

1230

Continuing Professional Development

13

1300

Quality Assurance and Improvement Program

14

1310

Requirements of the Quality Assurance and Improvement Program

15

1311

Internal Assessments

16

1312

External Assessments

17

1320

Reporting on the Quality Assurance and Improvement Program

18

1321

Use of “Conforms with the International Standards for the Professional Practice of Internal Auditing”

19

1322

Disclosure of Non-conformance

(b) Performance Standards

Performance Standards

These cover the nature of internal auditing and provide quality control criteria against which the performance of these services can be measured and are as follows:

No.

IIA Standard No.

Title

1

2000

Managing the Internal Audit Activity

2

2020

Communication and Approval

3

2030

Resource Management

4

2040

Policies and Procedures

5

2050

Coordination and Reliance

6

2060

Reporting to Senior Management and the Board

7

2070

External Service Provider and Organizational Responsibility for Internal Auditing

8

2100

Nature of Work

9

2110

Governance

10

2120

Risk Management

11

2130

Control

12

2200

Engagement Planning

13

2201

Planning Considerations

14

2210

Engagement Objectives

15

2220

Engagement Scope

16

2230

Engagement Resource Allocation

17

2240

Engagement Work Program

18

2300

Performing the Engagement

19

2310

Identifying Information

20

2320

Analysis and Evaluation

21

2330

Documenting Information

22

2340

Engagement Supervision

23

2400

Communicating Results

24

2410

Criteria for Communicating

25

2420

Quality of Communications

26

2421

Errors and Omissions

27

2430

Use of “Conducted in Conformance with the International Standards for the Professional Practice of Internal Auditing”

28

2431

Engagement Disclosure of Non-conformance

29

2440

Disseminating Results

30

2450

Overall Opinions

31

2500

Monitoring Progress

32

2600

Communicating the Acceptance of Risks

What has changed in the Standards?

The changes to the Standards are twofold

(a) Two new Standards have been issued (listed below), both of which deal with the evolving role of internal audit and in particular, of the Chief Audit Executive / Head of Internal Audit. These new standards set expectations for how additional responsibilities should be managed within the internal audit function.

  • No. 1112 addresses the common situation where heads of internal audit (called here “chief audit executives”) are asked by management to take on roles beyond the remit of internal audit (such as venturing into compliance or risk management work.). This new Standard says that “Where the chief audit executive has or is expected to have roles and/or responsibilities that fall outside of internal auditing, safeguards must be in place to limit impairments to independence or objectivity.”   

    It describes these as “Safeguards are those oversight activities, often undertaken by the board, to address these potential impairments and may include such activities as periodically evaluating reporting lines and responsibilities and developing alternative processes to obtain assurance related to the areas of additional responsibility.”
  • No. 1130.A3 addresses the potential threat to objectivity where internal audit performs an assurance engagement after previously carrying out consultancy work in that area. This says that “The internal audit activity may provide assurance services where it had previously performed consulting services, provided the nature of the consulting did not impair objectivity and provided individual objectivity is managed when assigning resources to the engagement.”

(b) General updates have also been made to the previously issued Standards.

Topics

  • Audit and Assurance
  • Guidance

Previous Page