Internal Auditing

- designed to add value to and improve an organization's operations.

- helps an organization accomplish its objectives governance processes.

Functions of Internal Auditing

•Application of Legal Requirements •Examination of assets protection
•Analysis of Internal check •Performance appraisal
•Confirmation of liability •Reporting
•Verification of Accuracy •Give suggestions
•Detect fraud

Internal V.S. External Auditing

Internal auditors work within an External auditors are independent of

organization and report to its audit the organization they are auditing.
committee and/or directors They report to the company’s
shareholders

Difference: •Appointment •Responsibility •Objective

Core Principles for the Professional Practice of Internal Auditing

The core principles articulate internal audit effectiveness and they should all be
present and operating effectively
• Demonstrates integrity.
• Demonstrates competence and due professional care.
• Is objective and free from undue influence (independent).
• Aligns with the strategies, objectives, and risks of the organization.
• Is appropriately positioned and adequately resourced.
• Demonstrates quality and continuous improvement.
• Communicates effectively.
• Provides risk-based assurance
• Is insightful, proactive, and future-focused.
• Promotes organizational improvement.

Purpose, Authority and Responsibility of Internal Audit

Purpose
To provide independent assurance that an organization's risk management,
governance and internal processes ate operating effectively.
Authority
Authorized to full, free and unrestricted access
Responsibility
- Evaluating risk exposure relating to achievement of the organization’s
strategic objectives
- Evaluating the reliability and integrity of information and the means used to
identify, measure, classify, and report such information.
- Evaluating the systems established to ensure compliance with those
policies, plans, procedures, laws, and regulations which could have a
significant impact on the organization.
- Evaluating the means of safeguarding assets and, as appropriate, verifying
the existence of such assets.
- Performing consulting and advisory services related to governance, risk
management and control as appropriate for the organization.

Internal Audit Charter

An internal audit charter is a formal document that defines internal audit's
purpose, authority, responsibility and position within an organization. It may also
be known as terms of reference.

What should the contents of a charter be?

There is no right or wrong way to prepare an internal audit charter but it
should be consistent with the Mission of Internal Audit, the Core Principles for the
Professional Practice of Internal Auditing, the Code of Ethics, the Standards and
the Definition of Internal Auditing Here are some headings with typical content:
• MISSION
o Setting out the overall purpose and function of internal audit within
the organization and how it will assist the organization to achieve its
objectives. The mission is a summary of the way internal audit will
provide value to the organization.
• OBJECTIVES
o Clearly stating that it is the provision of assurance on the adequacy
and effectiveness of risk management processes in reducing risk
exposures down to acceptable levels. In addition to the assurance
service, the charter should also refer to the provision and nature of
consulting activities.
 • Role and scope of work
Explaining the role of internal audit i.e.
o assessing the adequacy and effectiveness of the system of risk
management and internal controls operated within the organization;
o reviewing and evaluating compliance with policies, plans,
procedures, laws and regulations;
o assessing the reliability and integrity of information;
o the safeguarding of assets.
In some organizations such as multinationals and groups it may be important to
clarify the precise scope of the internal audit activity to avoid potential overlaps
or gaps.
This may require regular attention to recognize any changes in the structure of
the organization resulting for growth, mergers and acquisitions.
• Independence
o If internal audit is to provide objective and unbiased opinions and
assurances, it is essential that it is independent of the activities it
audits. The charter should explain the way independence is
established and maintained and the requirement to confirm to the
board at least annually the organizational independence of internal
audit.
o Should any conflict or impairment be known or arise, the charter
should specify to whom these should be reported and how, including
any safeguards that will be put in place to limit impairments to
independence or objectivity.
• Access
o To provide assurances to the board internal audit needs to have
unrestricted access to all activities across the organization (access to
records, personnel and physical property). Where assurances are to
be provided to parties outside of the organization, the nature of
these assurances must also be defined in the charter. Internal audit
may need to demonstrate how it will preserve security in respect of
highly sensitive or confidential information.
• Reporting
o Explain the internal audit reporting lines, for example, that it reports
regularly to the audit committee, which is a sub-committee of the
main board.
 • Responsibilities
o Setting out the responsibilities of the HIA, which should include any
specific requirements relating to the sector in which the organization
operates such as the requirement upon the HIA to provide an annual
report or opinion to an annual governance statement.
o Responsibilities might also refer to internal audit's relationship with
other assurance providers such as internal audit's role in developing
an assurance map and the requirement to assess the reliability of
assurance from those in the first and second lines of defense.
• Planning
o Briefly setting out internal audit's approach to risk based internal audit
planning, the resource plan and budget, including arrangements for
approval of the plans, reporting, monitoring progress and providing
updates.
• Quality
o Describing the arrangements for developing an on-going program
of quality assessment and continuous improvement, which will
include brief details of the quality assurance and improvement
program (QAIP), reporting for internal and external assessments and
the relevant mandatory elements of the IPPF.
• Approval
o Formal approval and endorsement should be obtained from the
head of internal audit and audit committee. Other considerations
The Mission of Internal Audit, the Core Principles for the Professional
Practice of Internal Auditing, the Code of Ethics, the Standards and
the Definition of Internal Auditing are recognized in the internal audit
charter, the details of which should be discussed with senior
management and the board.

Internal auditing is defined as an independent, objective assurance and

consulting activity designed to add value and improve an organization’s
operations.
 Assurance Services V.S. Consulting Services
Assurance services
- an objective examination of evidence for the purpose of providing an
independent assessment on risk management, control, or governance processes
for the organization.
Examples of the types of engagements that would be considered assurance
engagements include financial, performance, compliance, system security, and
due diligence audits.
Consulting services
- It includes advisory and related client service activities, the nature and
scope of which are agreed upon with the client and which are intended to add
value and improve an organization’s operations.
- This includes such activities as conducting internal control training,
providing advice to management about the control concerns in new systems,
drafting policies, and participating in quality teams.

Assurance Services Consulting Services

• “Financial Auditing”
This would include situations where
the internal audit function audited a
division’s quarterly results or a claim by
management that a product line was
profitable.
Also, under this type of service
would be compliance attestations such as
audits of travel expenditures or conflict of
interest policies.
This category would also include
work done in conjunction with the
organization’s external auditors for the
audit of the financial statements.
• “Performance Auditing”
AKA Operational Auditing
represents the traditional internal audit.
• “Quick Response Auditing”
Includes services that typically
arise by special request of upper
management.
• “Assessment services”
Are engagements in which the
auditor examines or evaluates a past,
present, or future aspect of operations
and renders information to assist
management in making decisions.
These engagements need to be as
timely as possible and usually don’t
include specific recommendations for
management.
• “Facilitation services”
are engagements in which the
auditor assists management in examining
organizational performance for the
purpose of promoting change.
The auditor does not judge
organizational performance in this role.
Rather, the auditor guides management
in identifying organizational strengths and
opportunities for improvement.
Such engagements include control
self-assessment, benchmarking, business
process reengineering support, assistance
 In this respect they are like
consulting but are not classed as such
because the management requesting
them is typically a third party looking for
assurance. The dominant engagements
of this type are fraud investigations, but
also include valuation and due diligence
engagements.
in developing performance
measurement, and strategic planning
support.
• “Remediation Services”
These are engagements in which
the auditor assumes a direct role designed
to prevent or remediate known or
suspected problems on behalf of the
client.

CONFORMANCE WITH IIA CODE OF ETHICS

What is IIA code of Ethics?
A code of ethics is necessary and appropriate for the profession of internal
auditing, founded as it is on the trust placed in its objective assurance about
governance, risk management, and control.

Purpose of the Code of Ethics:

The purpose of the Code of Ethics is to promote an ethical culture in the
global profession of internal auditing.

Who Must Conform with the Code of Ethics?

Every professional internal auditor and every IAA must follow the mandatory
components of the IPPF. As a set of principles-based, internationally applicable
requirements for the practice and evaluation of internal auditing services, the
Standards are fundamental to successful internal auditing. Those who benefit
include internal auditors, audit committees, management, the board,
shareholders, and regulators
“Internal auditors” refers to Institute members, recipients of or candidates
for IIA professional certifications, and those who perform internal audit services
within the Definition of Internal Auditing.

Why conformance matter?

Conformance to the II Code of Ethics strengthens the delivery of internal audit
services, which in turn helps the organization improve governance, manage risks,
and implement controls to more effectively achieve its goals.
 Internal auditors are expected to apply and uphold the following principles:
1. Integrity
- The integrity of internal auditors establishes trust and thus provides the
basis for reliance on their judgment.
2. Objectivity
- Internal auditors exhibit the highest level of professional objectivity in
gathering, evaluating, and communicating information about the
activity or process being examined.
- Internal auditors make a balanced assessment of all the relevant
circumstances and are not unduly influenced by their own interests
or by others in forming judgments.
3. Confidentiality
- Internal auditors respect the value and ownership of information they
receive and do not disclose information without appropriate
authority unless there is a legal or professional obligation to do so.
4. Competency
- Internal auditors apply the knowledge, skills, and experience needed
in the performance of internal audit services.

Rules of Conduct
1. Integrity
Internal auditors:
1.1. Shall perform their work with honesty, diligence, and responsibility.
1.2. Shall observe the law and make disclosures expected by the law and
the profession.
1.3. Shall not knowingly be a party to any illegal activity or engage in acts
that are discreditable to the profession of internal auditing or to the
organization.
1.4. Shall respect and contribute to the legitimate and ethical objectives of
the organization.

2. Objectivity
Internal auditors:
2.1. Shall not participate in any activity or relationship that may impair or be
presumed to impair their unbiased assessment. This participation
includes those activities or relationships that may be in conflict with the
interests of the organization.
 2.2. Shall not accept anything that may impair or be presumed to impair
their professional judgment.
2.3. Shall disclose all material facts known to them that, if not disclosed, may
distort the reporting of activities under review.

3. Confidentiality
Internal auditors:
3.1. Shall be prudent in the use and protection of information acquired in
the course of their duties.
3.2. Shall not use information for any personal gain or in any manner that
would be contrary to the law or detrimental to the legitimate and
ethical objectives of the organization.

4. Competency
Internal auditors:
4.1. Shall engage only in those services for which they have the necessary
knowledge, skills, and experience.
4.2. Shall perform internal audit services in accordance with the International
Standards for the Professional Practice of Internal Auditing.
4.3. Shall continually improve their proficiency and the effectiveness and
quality of their services.
 FOUNDATIONS OF INTERNAL
AUDITING

REPORTERS:
CAPUNPON, RAINIER JOHN
DAUS, JEREMAE
DE VILLA, AUBREY ROSE
ESTRADA, JOZEL MAE
FERNANDO, MELVIN BRIAN
GARCIA, KRISHNA DASI

BSA II-A1 GBRIC 202