You are on page 1of 3

Internal Auditing Standards:

The International Professional Practices Framework

Generally accepted internal auditing standards

Since its formation, the IIA has provided guidance to the internal auditing profession.
As the profession developed, more formal guidance was needed.
 1947 - First IIA guidance published, Statement of the Responsibilities of the
Internal Auditor
 1968 - First Code of Ethics
 1978 – Standards for the Professional Practice of Internal Auditing

In 2006, the Board of Directors of the IIA established an international task force to
review the Professional Practices Framework and the IIA’s guidance structure. The
result of their work was a new International Professional Practices Framework (IPPF),
which was approved by the Board in June 2007. The most recent revision of the
standards was effective January 2017.


Mission of Internal Audit

The Mission of Internal Audit articulates what internal audit aspires to accomplish within
an organization.
To enhance and protect organizational value by providing risk-based and
objective assurance, advice, and insight.

 To see if the internal auditors are following the rules

Mandatory Guidance

1. Definition of Internal Auditing

Internal auditing is an independent, objective assurance and consulting activity
designed to add value and improve an organization's operations. It helps an
organization accomplish its objectives by bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk management, control, and governance

2. Core Principles
 Demonstrates integrity.
 Demonstrates competence and due professional care.
 Is objective and free from undue influence (independent).
 Aligns with the strategies, objectives (mental attitude), and risks of the organization.
 Is appropriately positioned and adequately resourced  should know whom to
report and who should report
 Demonstrates quality and continuous improvement (constantly learning, gaining
more information, trends, technological improvement, new internal audit tools)
 Communicates effectively.
 Provides risk-based assurance.
 Is insightful, proactive, and future-focused – how it is going to affect the company in
the future
 Promotes organizational improvement.

3. A Code of Ethics – principles and expectations governing behavior of individuals

and organizations in the conduct of IA
- personal attributes you bring in that audit
- necessary and important because the work is based on trust

o Integrity – honestly, diligence, and responsibility
o Objectivity – unbiased assessment
o Confidentiality – be prudent in the use and protection of information
o Competency – have the necessary knowledge, skills, and experience

Dodd-Frank Act
 Section 922 established a Whistleblower Program, but left the details up to the
 Final Rules implementing the Whistleblower Program were approved by the SEC
on May 25, 2011 and took effect August 12, 2011.
 SEC will pay awards to whistleblowers who:
o Voluntarily provide the SEC with
o Original information about a
o Violations of the securities laws that leads to
o Successful enforcement of an action
o Resulting in monetary sanctions exceeding $1,000,000

The awards will range between 10-30% of the sanction.

To avoid “unintended consequences”, the SEC proposed that internal auditors
could NOT get a bounty. Exemption:
o The whistleblower believes disclosure may prevent substantial
injury to the financial interest or property of the entity or investors
o Entity is engaging in conduct that will impede an investigation
o At least 120 days have elapsed since the whistleblower reported
the information to his or her supervisor of the entity’s audit
committee, chief legal officer, or chief compliance officer

4. International Standards for the Professional Practice of Internal Auditing

(Standards) and Interpretations-

a. Attribute Standards (1000 series) – characteristics of organizations and

individuals performing IA activities
b. Performance Standards (2000 series) – nature of IA activities, quality
c. Implementation Standards – more details…
Recommended Guidance

1. Implementation Guidance

2. Supplemental Guidance – practice guides, reports about a particular topic