From the Publisher
This book looks to the one standard setting authority on internal auditing, the Institute of Internal Auditors (IIA) for guidance and finds that guidance in the IIA’s International Professional Practices Framework (IPPF).
When one considers the IPPF, one notices that it is split into mandatory and strongly recommended guidance. This hierarchy is respected in this book, in that where there is any conflict between mandatory and strongly recommended IPPF guidance, the mandatory guidance must stand. This is a distinction which is not readily made by others, who merely refer to guidance without specifying its authority. Disseminating such guidance leads to what we call hearsay guidance.
The mandatory guidance is made up of the definition of internal auditing, the Code of Ethics and the International Standards for the Professional Practice of Internal Auditing (the Standards), each of which is accompanied by an introduction to help with its understanding.
Take the definition of internal auditing, for example. It is in connection with it that most hearsay guidance abounds. The introduction to the definition of internal auditing says that the definition states the fundamental purpose, nature and scope of internal auditing. One will immediately notice that the hearsay guidance will not identify these elements (and their contents) when explaining what internal auditing is.
The fundamental purpose of internal auditing is to help organisations to achieve their objectives. The nature of internal auditing is twofold, provision of assurance and consulting services as is appropriate. The scope of internal auditing is governance, risk management and control processes.
Hearsay guidance will only talk of risks and controls. Proper guidance talks about the processes.
Hearsay guidance emphasises focus on either or both of risks and controls. Proper guidance focus attention on organisational objectives.
Hearsay guidance measures the value added by internal auditing primarily in monetary term s. Proper guidance measures it in terms of whether the appropriate engagement, limited to the scope of internal auditing, was conducted.
Hearsay guidance will talk of internal auditors identifying risks and developing controls. Proper guidance prohibits internal auditors from accepting management responsibility.
In fact, given the fundamental purpose of internal auditing of internal auditing helping the organisation to achieve its objectives, instead of accepting management responsibility, proper guidance insists that, as repeatedly asserted by Harold Geneen in his book “Managing”, Management must manage. MANAGEMENT must manage. Management MUST manage. Management must MANAGE.
In this book, those with an interest in internal auditing are given a proper understanding of this important profession. Myths which have assumed legendary status are dispelled. Organisational staff never has to be afraid of internal auditors. Internal auditors never have to engage in “ambush auditing”.
Both management and internal auditing are working for the same cause - achievement of the organisational objectives. When the board or audit committee considers an internal audit plan, it ensures that whatever organisational objective is focused on, the totality of that objective is considered, rather than a single of few aspects thereof.
The engagement type is never a forgone issue until after the engagement objective stage of engagement planning, whereby full reasons are advanced as to why one rather than the other type of engagement was chosen to be conducted.
This book is intended for students as the first course on internal auditing at either undergraduate or MBA level, internal auditors (practitioners and educators) regardless of level and experience, board or audit committee members, and public and private sector organisational management and staff (especially senior management).
Anyone can “Understand Internal Auditing”!