03/09/2023, 15:37 LU1 - Mission and Mandate of IA function
LU1 - Mission and Mandate of the IA function
2.7.1 The Mission of Internal Auditing (33)
-- to enhance and protect organisational value by providing risk-based and objective assurance, advice and insight
2.8 The role of Internal Auditing in the business environment: (38) Internal Auditing: An introduction
- IA's add value by advising management regarding governance, risk and control processes
- the comprehensive scope of IA should provide reasonable assurance that the organisation's:
> governance processes are adequate & effective, by establishing and preserving values, setting goals,
monitoring activities and performance, and defining the measures of accountability
> risk management processes are adequate and effective
> control processes are adequate and effective
- the IA function provides assurance and consulting services to management
> assurance: the examination of evidence by the IA to provide independent and objective opinion on whether:
-- policies and procedures are adhered to
-- processes are mitigating the risks threatening management's objectives
-- the organisation is adhering to / complying with relevant laws & regulations
> consulting: includes:
-- conducting staff training
-- provide advice to management on control, risk issues and governance
-- assisting in developing & drafting policies
-- participating in quality teams
- important functions of the IA activity:
> assists management to comply with its reasonable responsibility of financial control and reporting
> IA assists in adding value and improving the organisation's operations (assists in the agency theory)
- the IA activity is a resource within the organisation that can add value and assist management to operate more
economically, efficienty, and effectively
IIA Standard 1000 Purpose, Authority and Responsibility
The purpose, authority and responsibility of the Internal Audit Activity must be
formally defined in an internal audit charter, consistent with the Mission of
Internal Audit and the mandatory elements of the International Professional
Practices Framework (the Core Principles for the Professional Practice of
Internal Auditing, Definition of Internal Auditing, the Code of Ethics, and the
Standards. The chief audit executive must periodically review the internal
audit charter and present it to senior management and the board for approval.
2.7 The International Professional Practices Framework IPPF: (32) Internal Auditing: An introduction
- IPPF: a set of guidelines that define the proper role and responsibilities of the internal audit activity
2 types of guidance of the IPPF:
- mandatory guidance (MUST), consisting of
> the core principles of IA
file:///C:/Users/User/OneDrive - University of South Africa/Unisa/The Internal Audit Process - Specific Engagements and Reporting - AUI3703/IAProces… 1/4
,03/09/2023, 15:37 LU1 - Mission and Mandate of IA function
> the definition of IA
> the Code of Ethics
> the Standards
- recommended guidance, consisting of
> implementation guidance (practice advisories)
> supplemental guidance (practice guides)
Figure 2.1 Framework for internal audit effectiveness: the new IPPF
2.7.1 The Mission of Internal Auditing (33)
-- to enhance and protect organisational value by providing risk-based and objective assurance, advice and insight
2.7.2 Core Principles for the Professional Practice of Internal Auditing (33)
4 NB principles:
- integrity
- objectivity
- confidentiality
- competency
Core principles (from textbook)
- demonstrate integirty
- demonstrate competence and due professional care
- is objective and free from undue influence (independent)
- aligns with the strategies, objectives and risks of the organisation
- is appropriately positioned and adequately resourced
- demonstrates quality and continuous improvement
file:///C:/Users/User/OneDrive - University of South Africa/Unisa/The Internal Audit Process - Specific Engagements and Reporting - AUI3703/IAProces… 2/4
,03/09/2023, 15:37 LU1 - Mission and Mandate of IA function
- communicates effectively
- provides risk-based assurance
- is insightful, proactive and future-focussed
- promotes organisational improvement
2.7.4 Code of Ethics (34)
- the code applies to individuals AND entities that perform internal audit activities
(discussed in ch3)
2.7.5 International Standards for the Professional Practice of internal auditing (34)
'the standards': the minimum requirements which are internationally applicable at organisational and individual
levels and provide a framework for performing and promoting internal auditing
- purpose of the standards:
> delineate basic principles that represent the practice of IA, as it should be
> provide a framework for performing and promoting a broad range of value-added IA activities
> establish the basis for the evaluation of IA performance
> foster improved organisational processes and operations
Figure 2.2 Interrelations of the Standards (36)
- assurance standards deal with the objective evaluation of evidence to provide an independent assessment of
governance, risk management and control processes
file:///C:/Users/User/OneDrive - University of South Africa/Unisa/The Internal Audit Process - Specific Engagements and Reporting - AUI3703/IAProces… 3/4
, 03/09/2023, 15:37 LU1 - Mission and Mandate of IA function
> governance: the processes, procedures and structures implemented by the board to inform, direct, manage and
monitor the activities of the organisation toward the achievement of its objectives
> risk management: the process that management puts into operation to address risk and mitigating the risks to
an acceptable level
> risk: the uncertainty that an event could occur that could have a negative impact on the achievement of
objectives
> control: actions taken by management, the board or other parties to manage risk and enhance the achievement
of organisational objectives and goals
- there are 3 parties involved in assurance services:
> process owner: the people/person involved with the processes
> auditor: the person making the assessment
> user: those who use the assessment to make decisions
- consulting standards involve activities beyond traditional assurance work as requested by management to assist
them to achieve the organisation's objectives
> advisory and non-assurance activities delivered by the IA based on a specific request by an engagement client
- consulting involves 2 parties:
> client
> auditor
Table 2.2 Summary of the Standards (37)
file:///C:/Users/User/OneDrive - University of South Africa/Unisa/The Internal Audit Process - Specific Engagements and Reporting - AUI3703/IAProces… 4/4
LU1 - Mission and Mandate of the IA function
2.7.1 The Mission of Internal Auditing (33)
-- to enhance and protect organisational value by providing risk-based and objective assurance, advice and insight
2.8 The role of Internal Auditing in the business environment: (38) Internal Auditing: An introduction
- IA's add value by advising management regarding governance, risk and control processes
- the comprehensive scope of IA should provide reasonable assurance that the organisation's:
> governance processes are adequate & effective, by establishing and preserving values, setting goals,
monitoring activities and performance, and defining the measures of accountability
> risk management processes are adequate and effective
> control processes are adequate and effective
- the IA function provides assurance and consulting services to management
> assurance: the examination of evidence by the IA to provide independent and objective opinion on whether:
-- policies and procedures are adhered to
-- processes are mitigating the risks threatening management's objectives
-- the organisation is adhering to / complying with relevant laws & regulations
> consulting: includes:
-- conducting staff training
-- provide advice to management on control, risk issues and governance
-- assisting in developing & drafting policies
-- participating in quality teams
- important functions of the IA activity:
> assists management to comply with its reasonable responsibility of financial control and reporting
> IA assists in adding value and improving the organisation's operations (assists in the agency theory)
- the IA activity is a resource within the organisation that can add value and assist management to operate more
economically, efficienty, and effectively
IIA Standard 1000 Purpose, Authority and Responsibility
The purpose, authority and responsibility of the Internal Audit Activity must be
formally defined in an internal audit charter, consistent with the Mission of
Internal Audit and the mandatory elements of the International Professional
Practices Framework (the Core Principles for the Professional Practice of
Internal Auditing, Definition of Internal Auditing, the Code of Ethics, and the
Standards. The chief audit executive must periodically review the internal
audit charter and present it to senior management and the board for approval.
2.7 The International Professional Practices Framework IPPF: (32) Internal Auditing: An introduction
- IPPF: a set of guidelines that define the proper role and responsibilities of the internal audit activity
2 types of guidance of the IPPF:
- mandatory guidance (MUST), consisting of
> the core principles of IA
file:///C:/Users/User/OneDrive - University of South Africa/Unisa/The Internal Audit Process - Specific Engagements and Reporting - AUI3703/IAProces… 1/4
,03/09/2023, 15:37 LU1 - Mission and Mandate of IA function
> the definition of IA
> the Code of Ethics
> the Standards
- recommended guidance, consisting of
> implementation guidance (practice advisories)
> supplemental guidance (practice guides)
Figure 2.1 Framework for internal audit effectiveness: the new IPPF
2.7.1 The Mission of Internal Auditing (33)
-- to enhance and protect organisational value by providing risk-based and objective assurance, advice and insight
2.7.2 Core Principles for the Professional Practice of Internal Auditing (33)
4 NB principles:
- integrity
- objectivity
- confidentiality
- competency
Core principles (from textbook)
- demonstrate integirty
- demonstrate competence and due professional care
- is objective and free from undue influence (independent)
- aligns with the strategies, objectives and risks of the organisation
- is appropriately positioned and adequately resourced
- demonstrates quality and continuous improvement
file:///C:/Users/User/OneDrive - University of South Africa/Unisa/The Internal Audit Process - Specific Engagements and Reporting - AUI3703/IAProces… 2/4
,03/09/2023, 15:37 LU1 - Mission and Mandate of IA function
- communicates effectively
- provides risk-based assurance
- is insightful, proactive and future-focussed
- promotes organisational improvement
2.7.4 Code of Ethics (34)
- the code applies to individuals AND entities that perform internal audit activities
(discussed in ch3)
2.7.5 International Standards for the Professional Practice of internal auditing (34)
'the standards': the minimum requirements which are internationally applicable at organisational and individual
levels and provide a framework for performing and promoting internal auditing
- purpose of the standards:
> delineate basic principles that represent the practice of IA, as it should be
> provide a framework for performing and promoting a broad range of value-added IA activities
> establish the basis for the evaluation of IA performance
> foster improved organisational processes and operations
Figure 2.2 Interrelations of the Standards (36)
- assurance standards deal with the objective evaluation of evidence to provide an independent assessment of
governance, risk management and control processes
file:///C:/Users/User/OneDrive - University of South Africa/Unisa/The Internal Audit Process - Specific Engagements and Reporting - AUI3703/IAProces… 3/4
, 03/09/2023, 15:37 LU1 - Mission and Mandate of IA function
> governance: the processes, procedures and structures implemented by the board to inform, direct, manage and
monitor the activities of the organisation toward the achievement of its objectives
> risk management: the process that management puts into operation to address risk and mitigating the risks to
an acceptable level
> risk: the uncertainty that an event could occur that could have a negative impact on the achievement of
objectives
> control: actions taken by management, the board or other parties to manage risk and enhance the achievement
of organisational objectives and goals
- there are 3 parties involved in assurance services:
> process owner: the people/person involved with the processes
> auditor: the person making the assessment
> user: those who use the assessment to make decisions
- consulting standards involve activities beyond traditional assurance work as requested by management to assist
them to achieve the organisation's objectives
> advisory and non-assurance activities delivered by the IA based on a specific request by an engagement client
- consulting involves 2 parties:
> client
> auditor
Table 2.2 Summary of the Standards (37)
file:///C:/Users/User/OneDrive - University of South Africa/Unisa/The Internal Audit Process - Specific Engagements and Reporting - AUI3703/IAProces… 4/4
