AUI 3703 SUMMARY STUDY NOTES

Topic 1: International Standards for the Professional Practice of Internal Auditing (IPPF) Mandatory:  The Definition of Internal Auditing  The Code of Ethics  The International Standards for the Professional Practice of Internal Auditing Strongly recommended guidance:  Practice Advisories (Implementation Guidance)  Practice Guides (Supplemental Guidance, guidance on internal audit tools and techniques)  Position papers The Definition of Internal Auditing: Internal auditing is an independent, objective assurance and consulting activity designed to add value to and improve an organisation's operations. It helps an organisation to accomplish its objectives by bringing a systematic, disciplined approach, to evaluate and improve the effectiveness of risk management, control and governance processes. Assurance services Traditional auditing services at various levels such as compliance, investigating & testing, performance evaluation Assurance services involve the internal auditor's objective assessment of evidence to provide an independent opinion or conclusions regarding an entity, operation, function, process, system, or other subject matter. The nature and scope of the assurance engagement are determined by the internal auditor. There are generally three parties involved in assurance services: (1) the person or group directly involved with the entity, operation, function, process, system, or other subject matter – the process owner, (2) the person or group making the assessment – the internal auditor, and (3) the person or group using the assessment – the user. EXAMPLES: • The assessment that management's policies and procedures are adhered to. • Examining whether control procedures are mitigating the risks identified. Consulting services: Objective is to support management in achieving their objectives Consulting services are advisory in nature, and are generally performed at the specific request of an engagement client. The nature and scope of the consulting engagement are subject to agreement with the engagement client. Consulting services generally involve two parties: (1) the person or group offering the advice – the internal auditor, and (2) the person or group seeking and receiving the advice – the engagement client. When performing consulting services the internal auditor should maintain objectivity and not assume management responsibility. EXAMPLES:  Conducting control self-assessment training.  Providing advice to management on risk management, control and governance issues.  Assisting in developing and drafting policies.  Process development  Training  Provision of advice 1 AUI3703 The Internal Audit Process: Specific Audit Assignments and reporting Principles – Code Of Ethics Internal auditors are expected to apply and uphold the following four principles: 1. Integrity The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment. 2. Objectivity Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments. 3. Confidentiality Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so. 4. Competency Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services. Rules of Conduct – Code of ethics 1. Integrity Internal auditors: 1.1. Shall perform their work with honesty, diligence, and responsibility. 1.2. Shall observe the law and make disclosures expected by the law and the profession. 1.3. Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organisation. 1.4. Shall respect and contribute to the legitimate and ethical objectives of the organisation. 2. Objectivity Internal auditors: 2.1. Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organisation. 2.2. Shall not accept anything that may impair or be presumed to impair their professional judgment. 2.3. Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review. 3. Confidentiality Internal auditors: 3.1. Shall be prudent in the use and protection of information acquired in the course of their duties. 3.2. Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organisation. 4. Competency Internal auditors: 4.1. Shall engage only in those services for which they have the necessary knowledge, skills, and experience. 4.2. Shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing (Standards). 4.3. Shall continually improve their proficiency and the effectiveness and quality of their services. 2 AUI3703 The Internal Audit Process: Specific Audit Assignments and reporting Purpose of the standards  to outline basic principles that represent the practice of internal auditing as it should be performed  to provide a framework for performing and promoting a broad range of value-added internal auditing activities  to establish the basis for measuring internal auditing performance  to promote improved organisational processes and operations The standards consist of the following  Attribute standards  Performance standards  Implementation Standards.  Attribute Standards o Attribute standards (the 1000 series) address the characteristics (attributes) of organisations and individuals performing internal audit activities. Attribute standards describe the attributes or characteristics needed for the effective administration of any internal audit activity.The 1000 Series o 1000:Purpose, Authority, and Responsibility o 1100:Independence and objectivity o 1200:Proficiency and due professional care o 1300:Quality assurance and improvement programme  Performance Standards o Performance standards (the 2000 series) describe the nature of internal audit activities and provide quality criteria against which the performance of these services can be measured. Performance standards deal with the actual execution (performance) of internal audits, o The 2000 Series o 2000: Managing the internal audit activity o 2100: Nature of the work o 2200: Engagement planning o 2300: Performing the engagement o 2400: Communicating results o 2500: Monitori