Professional Documents
Culture Documents
Charter, Independence, and Objectivity PDF
Charter, Independence, and Objectivity PDF
2.1 Charter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
2.2 Independence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.3 Objectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
2.4 Independence and Objectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.5 Study Unit 2 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
The purpose, authority, and responsibility of internal auditing should be adequate to enable the
internal audit activity to accomplish its objectives. For that reason, the purpose, authority, and
responsibility should be stated in a written charter and periodically reassessed.
Internal auditing is an independent, objective assurance and consulting activity designed to add
value and improve an organization’s operations. Accordingly, the Standards require the internal audit
activity to be independent and the internal auditors to be objective in performing their work. Thus,
independence is an attribute of an organizational unit, and objectivity is an attribute of individuals. In
this context, independence means that internal auditors can carry out their duties freely and
objectively. Objectivity means independence in mental attitude.
Core Concepts
■ The purpose, authority, and responsibility of the internal audit activity should be defined in a formal
charter.
■ The nature of assurance and consulting services should be defined in the charter.
■ The internal audit activity should be independent, and the internal auditor should be objective.
■ The chief audit executive should report functionally to the audit committee.
■ Impairment of independence or objectivity should be disclosed.
■ Internal auditors should not assess operations for which they were previously responsible.
2.1 CHARTER
1. This subunit concerns the content of the charter of the internal audit activity. One General
Attribute Standard, an Assurance Implementation Standard, a Consulting Implementation
Standard, and four Practice Advisories currently address this topic.
2. 1000 Purpose, Authority, and Responsibility – The purpose, authority, and
responsibility of the internal audit activity should be formally defined in a charter,
consistent with the Standards, and approved by the board.*
*The term “board” here and elsewhere in pronouncements of The IIA includes “an
organization’s governing body, such as a board of directors, supervisory board,
head of an agency or legislative body, board of governors or trustees of a non-
profit organization, or any other designated body of the organization, including
the audit committee, to whom the chief audit executive may functionally report”
(Glossary).
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
2 SU 2: Charter, Independence, and Objectivity
PA Summary
● The purpose, authority, and responsibility of the IAA (internal audit activity)
should be defined in a formal written charter approved by senior management and
accepted by the board.
● The charter establishes the position of the IAA, authorizes access relevant to
engagement performance, and defines the scope of its activities.
● A charter is critical in managing the auditing function. It establishes the IAA’s role
and provides a basis for its evaluation.
● The CAE should periodically reassess the adequacy of the charter. The result
should be communicated to senior management and the board.
3. 1000.A1 – The nature of assurance services provided to the organization should be defined
in the audit charter. If assurances are to be provided to parties outside the organization,
the nature of these assurances should also be defined in the charter.
4. 1000.C1 – The nature of consulting services should be defined in the audit charter.
a. PRACTICE ADVISORY 1000.C1-1: PRINCIPLES GUIDING THE PERFORMANCE
OF CONSULTING ACTIVITIES OF INTERNAL AUDITORS
1. Value Proposition – The value proposition of the internal audit activity is
realized within every organization that employs internal auditors in a manner
that suits the culture and resources of that organization. That value proposition
is captured in the definition of internal auditing and includes assurance and
consulting activities designed to add value to the organization by bringing a
systematic, disciplined approach to the areas of governance, risk, and control.
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
SU 2: Charter, Independence, and Objectivity 3
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
4 SU 2: Charter, Independence, and Objectivity
PA Summary
● The value proposition of the IAA is realized in a way suiting the organization’s
culture and resources. It is reflected in the definition of internal auditing. It
extends to assurance, consulting, and other evolving forms of value-adding
services, including nonaudit roles, investigations, and activities that combine
assurance and consulting. Moreover, consulting may result from assurance or
vice versa.
● The IAA performs consulting, e.g., analysis of controls in systems development.
The board and charter should therefore empower consulting that is not a conflict of
interest. Consulting may enhance understanding of business processes and does
not necessarily impair objectivity because management makes decisions about
adoption of IAA recommendations.
● Consulting is often an extension of assurance. It may consist of formal (informal)
advice, analysis, or assessments. The IAA is uniquely positioned to do such work
because of its objectivity and breadth of knowledge.
● A primary IAA value is to provide assurance to senior management and the audit
committee. Consulting must not conceal information that should be reported as
part of that function.
● The organization’s rules for consulting should be understood by all its
members. They should be codified in the charter.
● Instead of hiring outsiders for formal consulting tasks, the organization may find
that the IAA is uniquely qualified for some of these engagements. In formal
consulting, the IAA should adopt a systematic, disciplined approach.
● The breadth and time frame of an engagement are based on managerial needs.
But the CAE should set audit techniques and be able to report to senior managers
and the board when results indicate significant risk.
● Internal auditors should follow the Code of Ethics and the Standards when
performing all services, even those involving unforeseen conflicts and activities.
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
SU 2: Charter, Independence, and Objectivity 5
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
6 SU 2: Charter, Independence, and Objectivity
PA Summary
● The Glossary in the Standards defines “consulting services.” The CAE determines
the methods for classifying engagements. Blended rather than separate
assurance and consulting engagements may be appropriate.
● Consulting may be done as a routine IAA function or in response to requests by
management.
● Consulting engagements may be formal, informal, special, and emergency. Formal
engagements are planned and subject to written agreement. Informal
engagements are routine, such as ad-hoc meetings and routine information
exchange. An example of a special engagement is participation on a system
conversion team. Emergency engagements involve participation on a team
established (1) for recovery operations after an extraordinary business event or
(2) to supply temporary help to meet a special request or unusual deadline.
● Consulting should not be done to avoid the requirements of an assurance
engagement. But adjusting methods is appropriate if services once conducted as
assurance engagements are more suitably performed as consulting engagements.
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
SU 2: Charter, Independence, and Objectivity 7
1
This principle has been articulated by numerous standard-setting bodies, including guidance published
by IAASB/IFAC in its Code of Professional Ethics and the U.S. Government Accountability Office in its
Generally Accepted Government Auditing Standards.
2
This risk is raised in the January 2003 Smith Report on Audit Committees and Combined Code
Guidance, appointed by the Financial Reporting Council, and is addressed in guidance published by
ICAEW (Institute of Chartered Accountants in England and Wales), among others.
3
Examples of specific restrictions include U.K.’s Government Internal Audit Standard 2.4.2, which
states: “Objectivity is presumed to be impaired when individual auditors review any activity in which they
have previously had executive responsibility, or in which they have provided consultancy advice.” This
standard is supplemented by Good Practice Guidance on Consultancy, which states: “In this role it is
important that the internal auditor offers advice to management and does not undertake the task on
behalf of, or as a substitute for, management. Acceptance by management of the advice offered by the
internal auditor does not transfer or reduce management’s accountability for their own areas of
responsibility.” (3.5.3)
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
8 SU 2: Charter, Independence, and Objectivity
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
SU 2: Charter, Independence, and Objectivity 9
Attachment A
Example Language for Control Techniques Minimizing Threats to Auditor Independence
Charter language defining non-audit (consulting) service parameters. Charter language will
establish the boundaries within which the audit function will operate but is not expected to detail the
specific services that would or would not be provided. Accordingly, if a baseline for independence has
been described elsewhere in the Charter document, or is included in specifically applicable auditing
standards that are referenced; the Charter may need only to include a reference to those other
requirements to set parameters for services to be provided. Three examples below show language
used in two cases where non-audit (consulting) services are limited to those where independence or
objectivity should not be compromised, and for a case where the audit function may be called upon to
do work that is normally management’s responsibility.
■ Where the audit function will be limiting non-audit (consulting) services to those that do not
compromise objectivity or independence:
“The auditor may also assist the mayor, the City Council, and management staff in carrying out
their responsibilities by providing them with objective and timely information on the conduct of city
operations or advising on appropriate management controls, in accordance with [title of
applicable] Auditing Standards.”
“The internal audit department may perform other non-audit functions, consistent with other
provisions of this Charter, and prepare and submit such other reports as may be assigned by the
Commission.”
■ Where the audit function will be providing a full range of non-audit services, even if certain such
services may threaten objectivity or independence for audit work:
“The auditor may from time to time be called upon to participate in non-audit activities of the
Agency, to assist the Executive Director and managers in carrying out their responsibilities, as
authorized by the Audit Committee.”
Policies and procedures limiting type, nature, and/or level of participation in non-audit
(consulting) projects; or establishing controls that minimize future threats to objectivity or
independence from participation in non-audit engagements. If auditors do perform management
functions for the organization, the audit unit should establish relevant policies and procedures.
Specifically, policies should prohibit those individuals from planning, conducting, or reviewing future
audits of the subject matter involving the non-audit (consulting) service. Moreover, if the audit function
performs a non-audit (consulting) engagement that will impair the entire audit function’s independence
or objectivity, the audit function’s oversight entity (e.g., the audit committee) should be notified before
the engagement begins that audit independence will be impaired on any future audit work performed
within the area. Should the audit function proceed to conduct an audit in the activity where the
impairment exists, this impairment should be identified in the audit report.
These prohibitions can be relaxed if there are significant changes to the subject matter area after the
assistance work was performed or if the assistance work involved some established de minimums
standard, such as “under 40 hours.”
The example policy and procedure below describes non-audit (consulting) services, and includes
language (see underlined text) that limits the services to within parameters that minimize threats to
objectivity and independence of the auditors.
Policy: In addition to audit services, the Auditor’s Office provides three other types of services to
managers in the jurisdiction, or at the request of the Commission—Quality Assurance for projects
in process, Consulting and Training, and Control Self Assessment facilitated workshops.
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
10 SU 2: Charter, Independence, and Objectivity
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
SU 2: Charter, Independence, and Objectivity 11
If the Audit Committee directs the audit function to conduct an audit that includes in its scope
activities or operations that were part of a prior non-audit engagement conducted by the audit
function, about which the CAE previously determined that the non-audit engagement would
create an impairment for future audit work, the following procedures should be carried out:
1. Prior to commencing the audit engagement, the CAE will communicate in writing with the
Audit Committee, provide notice and description of the impairment, and indicate options for
carrying out the work with a maximum of objectivity (e.g., contracting with a third-party
provider, or requesting the assistance of auditors from partner or regulatory entities).
2. If the Audit Committee directs the audit function to proceed with the audit engagement, the
CAE will document the impairment in:
● The audit engagement’s planning documentation; and
● The audit engagement’s final report.
3. In addition, the CAE shall disclose the occurrence and provide full documentation to the
audit function’s external quality assurance providers at its next quality assurance review.
Screening process for non-audit (consulting) projects. When accepting and performing consulting
work, auditors should document their rationale for providing consulting services and demonstrate their
judgment that the services do not violate the core elements of the audit role. This information should
be disclosed to external quality assurance reviewers. One example policy for screening is below:
1. Upon receipt of a request for non-audit (consulting) services, the Internal Audit Department
will consider whether providing such services would create a personal impairment either in
fact or appearance that would adversely affect either the assigned auditor’s objectivity or to
the department’s independence for conducting subsequent audits within the same area. If
the engagement is determined to constitute an impairment to independence or objectivity,
the request should be declined. If declined, the factors and final conclusion will be
documented in a memorandum addressed to the requestor of the services.
2. Before performing non-audit (consulting) services, the auditor in charge will document an
understanding with the requestor(s) that the requestor(s) are responsible for the outcome of
the work; and, therefore, has a responsibility to be in a position in fact and appearance to
make an informed judgment on the results of the non-audit (consulting) work. The Internal
Audit Department will establish an agreement with the requestor(s) concerning the objec-
tive, scope, and limitations imposed on the non-audit (consulting) engagement services.
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
12 SU 2: Charter, Independence, and Objectivity
PA Summary
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
SU 2: Charter, Independence, and Objectivity 13
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
14 SU 2: Charter, Independence, and Objectivity
g. The chief audit executive and staff of the IAA are authorized to
1) Have unrestricted access to all functions, records, property, and personnel.
2) Have full and free access to the audit committee.
3) Allocate resources, set frequencies, select subjects, determine scopes of work,
and apply the techniques required to accomplish audit objectives.
4) Obtain the necessary assistance of auditee personnel and other specialized
services from within or outside the organization.
h. The chief audit executive and staff of the IAA are not authorized to
1) Perform any operational duties for the organization or its affiliates.
2) Initiate or approve accounting transactions external to the IAA.
3) Direct the activities of any organization employee not employed by the IAA or
assigned to assist the internal auditors.
i. The IAA should meet or exceed the International Standards for the Professional
Practice of Internal Auditing.
6. An alternative to staffing an internal audit activity is to outsource internal auditing functions.
a. To a large organization, the primary advantage of outsourcing is that large outside
service providers ordinarily have offices in various locations. Thus, engagement
requirements in distant locations are more easily accommodated.
b. The disadvantages are that internal auditors tend to be more familiar with the
organization, and they are more readily available to the organization because they
are unaffected by other priorities, such as other clients.
1) Another disadvantage is that legal requirements may prevent the external audit
firm from providing internal audit services.
c. Cosourcing is an approach in which the internal audit activity obtains external aid in
performing certain activities.
2.2 INDEPENDENCE
1. Independence and objectivity are closely related. This subunit primarily addresses the
independence attribute of the internal audit activity. It describes the appropriate reporting
level of the internal audit activity and states that it should be free from interference. These
subjects are covered in one General Attribute Standard, one Specific Attribute Standard,
one Assurance Implementation Standard, and four Practice Advisories.
2. 1100 Independence and Objectivity – The internal audit activity should be
independent, and internal auditors should be objective in performing their work.
a. PRACTICE ADVISORY 1100-1: INDEPENDENCE AND OBJECTIVITY
1. Internal auditors are independent when they can carry out their work freely and
objectively. Independence permits internal auditors to render the impartial and
unbiased judgments essential to the proper conduct of engagements. It is
achieved through organizational status and objectivity.
PA Summary
Internal auditors are independent when they can carry out their work freely and
objectively. Independence permits internal auditors to render the impartial and
unbiased judgments essential to the proper conduct of engagements. It is achieved
through organizational status and objectivity.
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
SU 2: Charter, Independence, and Objectivity 15
3. 1110 Organizational Independence – The chief audit executive should report to a level
within the organization that allows the internal audit activity to fulfill its
responsibilities.
a. PRACTICE ADVISORY 1110-1: ORGANIZATIONAL INDEPENDENCE
1. Internal auditors should have the support of senior management and of the
board so that they can gain the cooperation of engagement clients and perform
their work free from interference.
2. The chief audit executive should be responsible to an individual in the
organization with sufficient authority to promote independence and to ensure
broad engagement coverage, adequate consideration of engagement
communications, and appropriate action on engagement recommendations.
3. Ideally, the chief audit executive should report functionally to the audit
committee, board of directors, or other appropriate governing authority, and
administratively to the chief executive officer of the organization.
4. The chief audit executive should have direct communication with the board,
audit committee, or other appropriate governing authority. Regular
communication with the board helps assure independence and provides a
means for the board and the chief audit executive to keep each other informed
on matters of mutual interest.
5. Direct communication occurs when the chief audit executive regularly attends
and participates in meetings of the board, audit committee, or other appropriate
governing authority that relate to its oversight responsibilities for auditing,
financial reporting, organizational governance, and control. The chief audit
executive’s attendance and participation at these meetings provide an
opportunity to exchange information concerning the plans and activities of the
internal audit activity. The chief audit executive should meet privately with the
board, audit committee, or other appropriate governing authority at least
annually.
6. Independence is enhanced when the board concurs in the appointment or
removal of the chief audit executive.
PA Summary
● The IAA should be supported by senior management and the board to gain the
cooperation of clients and work free from interference.
● The CAE should be responsible to an individual with sufficient authority to
promote independence and to ensure broad coverage, consideration of
communications, and appropriate action on recommendations.
● The CAE should report functionally to the governing authority and
administratively to the CEO.
● The CAE should communicate directly and regularly with the governing authority.
Direct communication involves attendance at meetings of the governing authority
relating to its oversight of auditing, financial reporting, governance, and control.
The CAE should meet privately with the governing authority at least annually.
● The board should concur in appointment or removal of the CAE.
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
16 SU 2: Charter, Independence, and Objectivity
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
SU 2: Charter, Independence, and Objectivity 17
3. This advisory also recognizes that CAE reporting lines are affected by the
nature of the organization (public or private as well as relative size); common
practices of each country; growing complexity of organizations (joint ventures,
multinational corporations with subsidiaries); and the trend towards internal
audit groups providing value-added services with increased collaboration on
priorities and scope with their clients. Accordingly, while The IIA believes that
there is an ideal reporting structure with functional reporting to the Audit
Committee and administrative reporting to the CEO, other relationships can
be effective if there are clear distinctions between the functional and
administrative reporting lines and appropriate activities are in each line to
ensure that the independence and scope of activities is maintained. Internal
auditors are expected to use professional judgment to determine the extent to
which the guidance provided in this advisory should be applied in each given
situation.
4. The Standards stress the importance of the chief audit executive reporting to
an individual with sufficient authority to promote independence and to ensure
broad audit coverage. The Standards are purposely somewhat generic about
reporting relationships, however, because they are designed to be applicable at
all organizations regardless of size or any other factors. Factors that make “one
size fits all” unattainable include organization size and type of organization
(private, governmental, corporate). Accordingly, the CAE should consider the
following attributes in evaluating the appropriateness of the administrative
reporting line.
● Does the individual have sufficient authority and stature to ensure the
effectiveness of the function?
● Does the individual have an appropriate control and governance mindset
to assist the CAE in their role?
● Does the individual have the time and interest to actively support the CAE
on audit issues?
● Does the individual understand the functional reporting relationship and
support it?
5. The individual responsible for the administrative reporting line also may be
responsible for other activities in the organization that are subject to internal
audit. For example, some CAEs report administratively to the Chief Financial
Officer, who is also responsible for the organization’s accounting functions. In
such a case, the CAE should ensure that independence is maintained.
Moreover, the internal audit function should be free to audit and report on any
activity, assuming that engagement provides coverage the CAE deems to be
appropriate for the audit plan. This principle applies even when the activity
reports to the same administrator as the internal audit function. Any limitation
in scope or reporting of results of these activities should be brought to the
attention of the audit committee.
6. Under the recent move to a stricter legislative and regulatory climate
regarding financial reporting around the globe, the CAE’s reporting lines should
be appropriate to enable the internal audit activity to meet any increased needs
of the audit committee or other significant stakeholders. Increasingly, the
CAE is being asked to take a more significant role in the organization’s govern-
ance and risk management activities. The reporting lines of the CAE should
facilitate the ability of the internal audit activity to meet these expectations.
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
18 SU 2: Charter, Independence, and Objectivity
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
SU 2: Charter, Independence, and Objectivity 19
PA Summary
● To achieve necessary independence, the CAE should report functionally to the
audit committee or its equivalent. For administrative purposes, the CAE should
report directly to the CEO. The functional reporting line is the ultimate source of
the IAA’s independence and authority. Thus, the governing authority should
(1) approve the IAA’s charter and its risk assessment and related audit plan;
(2) receive communications on the results of IAA activities or other necessary
matters, including private meetings with the CAE without management;
(3) approve decisions about appointing, removing, and compensating the CAE;
and (4) inquire of management and the CAE about scope or budgetary limits on
the IAA’s ability to do its job.
● Administrative reporting facilitates daily operations of the IAA. It typically
concerns budgeting, management accounting, managing human resources,
internal communications, and administration of internal policies and procedures.
● CAE reporting lines are critical to establishing the IAA’s independence, objectivity,
status, information flow, and access to key persons. Reporting relationships
impairing independence and effective operations are serious scope limitations.
● Reporting lines are affected by the size of the entity, local practices, greater
complexity of organizations, and the trend toward IAA collaboration with clients.
Lines other than the ideal may be effective, given clear distinctions between the
functional and administrative, with appropriate activities in each line. Internal
auditors must use professional judgment about such matters.
● The CAE considers various attributes in evaluating the administrative line,
including whether the individual (1) has sufficient authority to ensure the
effectiveness of the IAA, (2) has an appropriate control and governance mindset,
(3) actively supports the CAE, and (4) understands and supports the functional
reporting relationship.
● Independence may be threatened if the individual responsible for the
administrative line also is responsible for audited activities. In such a case, the
CAE should ensure that independence is maintained. Moreover, the IAA should
be free to audit and report on any activity, assuming engagement coverage is
appropriate for the audit plan. This principle applies even when the activity reports
to the same administrator. Any limitation on scope or reporting should be
reported to the audit committee.
● CAE reporting lines should support the greater regulatory needs of the audit
committee and other stakeholders and the greater involvement of the CAE in
governance and risk management.
● Certain key actions regarding functional reporting support the IAA’s
effectiveness, for example, (1) audit committee authority to approve the final audit
plan and review the CAE’s performance, (2) CAE access to the audit committee or
board, (3) annual audit committee review of CAE performance and approval of
CAE compensation, and (4) stating reporting lines in the IAA charter.
● Administrative reporting should include positioning the IAA and the CAE in the
organization’s structure to afford it appropriate status. The administrative
reporting line also should not have ultimate authority over the scope or reporting
of results. Moreover, it should facilitate open and direct communications with
executive and line management and enable adequate and timely flow of
information about the organization. Finally, budgetary controls and
considerations imposed by the administrative reporting line should not impede the
ability of the IAA to accomplish its mission.
● The CAE considers relationships with other control functions and facilitates
reporting of material issues.
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
20 SU 2: Charter, Independence, and Objectivity
4. 1110.A1 – The internal audit activity should be free from interference in determining the
scope of internal auditing, performing work, and communicating results.
a. PRACTICE ADVISORY 1110.A1-1: DISCLOSING REASONS FOR INFORMATION
REQUESTS
1. At times, an internal auditor may be asked by the engagement client or other
parties to explain why a document is relevant to an engagement. Disclosure or
nondisclosure during the engagement of the reasons documents are needed
should be determined based on the circumstances. Significant irregularities
may dictate a less open environment than would normally be conducive to a
cooperative engagement. However, that is a judgment that should be made by
the chief audit executive in light of the specific circumstances.
PA Summary
The specific circumstances determine whether the auditor should disclose during the
engagement the reasons for a document request. Significant irregularities may dictate a
less open environment than would normally be conducive to a cooperative engagement.
2.3 OBJECTIVITY
1. This subunit addresses objectivity, which is covered in one General Attribute Standard, one
Specific Attribute Standard, and two Practice Advisories.
2. 1100 Independence and Objectivity – The internal audit activity should be
independent, and internal auditors should be objective in performing their work.
a. Practice Advisory 1100-1 (see Subunit 2.2) states that independence is achieved
through objectivity as well as organizational status.
3. 1120 Individual Objectivity – Internal auditors should have an impartial, unbiased
attitude and avoid conflicts of interest.
a. PRACTICE ADVISORY 1120-1: INDIVIDUAL OBJECTIVITY
1. Objectivity is an independent mental attitude that internal auditors should
maintain in performing engagements. Internal auditors are not to subordinate
their judgment on engagement matters to that of others.
2. Objectivity requires internal auditors to perform engagements in such a manner
that they have an honest belief in their work product and that no significant
quality compromises are made. Internal auditors are not to be placed in
situations in which they feel unable to make objective professional judgments.
3. Staff assignments should be made so that potential and actual conflicts of
interest and bias are avoided. The chief audit executive should periodically
obtain from the internal auditing staff information concerning potential conflicts
of interest and bias. Staff assignments of internal auditors should be rotated
periodically whenever it is practicable to do so.
4. The results of internal auditing work should be reviewed before the related
engagement communications are released to provide reasonable assurance
that the work was performed objectively.
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
SU 2: Charter, Independence, and Objectivity 21
PA Summary
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
22 SU 2: Charter, Independence, and Objectivity
2. A scope limitation is a restriction placed upon the internal audit activity that
precludes the audit activity from accomplishing its objectives and plans. Among
other things, a scope limitation may restrict the:
● Scope defined in the charter.
● Internal audit activity’s access to records, personnel, and physical
properties relevant to the performance of engagements.
● Approved engagement work schedule.
● Performance of necessary engagement procedures.
● Approved staffing plan and financial budget.
3. A scope limitation along with its potential effect should be communicated,
preferably in writing, to the board, audit committee, or other appropriate
governing authority.
4. The chief audit executive should consider whether it is appropriate to inform the
board, audit committee, or other appropriate governing authority regarding
scope limitations that were previously communicated to and accepted by
the board, audit committee, or other appropriate governing authority. This may
be necessary, particularly when there have been organization, board, senior
management, or other changes.
PA Summary
● Any conflict of interest or bias should be reported. The CAE should then
reassign such auditors.
● A scope limitation on the IAA precludes it from accomplishing its objectives and
plans. A scope limitation may restrict the (1) scope defined in the charter;
(2) IAA’s access to records, personnel, and physical properties; (3) approved
work schedule; (4) performance of procedures; and (5) approved staffing plan
and financial budget. A scope limitation should be reported, preferably in writing,
to the governing authority.
● The CAE must consider whether to report scope limitations previously accepted
by the governing authority.
3. 1130.A1 – Internal auditors should refrain from assessing specific operations for which they
were previously responsible. Objectivity is presumed to be impaired if an internal auditor
provides assurance services for an activity for which the internal auditor had responsibility
within the previous year.
a. PRACTICE ADVISORY 1130.A1-1: ASSESSING OPERATIONS FOR WHICH
INTERNAL AUDITORS WERE PREVIOUSLY RESPONSIBLE
1. Internal auditors should not assume operating responsibilities. If senior
management directs internal auditors to perform nonaudit work, it should be
understood that they are not functioning as internal auditors. Moreover,
objectivity is presumed to be impaired when internal auditors perform an
assurance review of any activity for which they had authority or responsibility
within the past year. This impairment should be considered when
communicating audit engagement results.
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
SU 2: Charter, Independence, and Objectivity 23
● If internal auditors are directed to perform nonaudit duties that may impair
objectivity, such as preparation of bank reconciliations, the chief audit
executive should inform senior management and the board that this
activity is not an assurance audit activity; and, therefore, audit-related
conclusions should not be drawn.
● In addition, when operating responsibilities are assigned to the internal
audit activity, special attention must be given to ensure objectivity when a
subsequent assurance engagement in the related operating area is
undertaken. Objectivity is presumed to be impaired when internal auditors
audit any activity for which they had authority or responsibility within the
past year. These facts should be clearly stated when communicating the
results of an audit engagement relating to an area where an auditor had
operating responsibilities.
2. At any point that assigned activities involve the assumption of operating
authority, audit objectivity would be presumed to be impaired with respect to that
activity.
3. Persons transferred to or temporarily engaged by the internal audit
activity should not be assigned to audit those activities they previously
performed until a reasonable period of time (at least one year) has elapsed.
Such assignments are presumed to impair objectivity, and additional
consideration should be exercised when supervising the engagement work and
communicating engagement results.
4. The internal auditor’s objectivity is not adversely affected when the auditor
recommends standards of control for systems or reviews procedures
before they are implemented. The auditor’s objectivity is considered to be
impaired if the auditor designs, installs, drafts procedures for, or operates
such systems.
5. The occasional performance of nonaudit work by the internal auditor, with
full disclosure in the reporting process, would not necessarily impair
independence. However, it would require careful consideration by
management and the internal auditor to avoid adversely affecting the internal
auditor’s objectivity.
PA Summary
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
24 SU 2: Charter, Independence, and Objectivity
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
SU 2: Charter, Independence, and Objectivity 25
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
26 SU 2: Charter, Independence, and Objectivity
PA Summary
4. 1130.A2 – Assurance engagements for functions over which the chief audit executive has
responsibility should be overseen by a party outside the internal audit activity.
5. 1130.C1 – Internal auditors may provide consulting services relating to operations for which
they had previous responsibilities.
6. 1130.C2 – If internal auditors have potential impairments to independence or objectivity
relating to proposed consulting services, disclosure should be made to the engagement
client prior to accepting the engagement.
a. PRACTICE ADVISORY 1000.C1-2: ADDITIONAL CONSIDERATIONS FOR
FORMAL CONSULTING ENGAGEMENTS
The following is the portion of this comprehensive Practice Advisory relevant to
Standards 1130.C1 and 1130.C2:
Independence and Objectivity in Consulting Engagements
5. Internal auditors are sometimes requested to provide consulting services
relating to operations for which they had previous responsibilities or had
conducted assurance services. Prior to offering consulting services, the Chief
Audit Executive should confirm that the board understands and approves the
concept of providing consulting services. Once approved, the internal audit
charter should be amended to include authority and responsibilities for
consulting activities, and the internal audit activity should develop appropriate
policies and procedures for conducting such engagements.
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
SU 2: Charter, Independence, and Objectivity 27
PA Summary
● The board should approve, and the charter should provide authority for, consulting
services relating to operations for which internal auditors had (1) previous
responsibility or (2) performed assurance services. The IAA should have policies
and procedures for these services.
● Objectivity should be maintained, and impairment of objectivity or independence
should be disclosed. Impairment may occur if an assurance service is
performed within a year. Steps should be taken to minimize the effects of
impairment, and management should be responsible for implementing
recommendations.
● Internal auditors should not inappropriately assume management
responsibilities.
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
28 SU 2: Charter, Independence, and Objectivity
5. The chief audit executive should report to a level within the organization that allows the
internal audit activity to fulfill its responsibilities.
6. The internal audit activity should be free from interference in determining the scope of
internal auditing, performing work, and communicating results.
7. Internal auditors should have an impartial, unbiased attitude and avoid conflicts of interest.
8. Internal auditors should refrain from assessing specific operations for which they were
previously responsible. Objectivity is presumed to be impaired if an internal auditor
provides assurance services for an activity for which the internal auditor had responsibility
within the previous year.
9. Assurance engagements for functions over which the chief audit executive has responsibility
should be overseen by a party outside the internal audit activity.
10. Internal auditors may provide consulting services relating to operations for which they had
previous responsibilities.
11. If internal auditors have potential impairments to independence or objectivity relating to
proposed consulting services, disclosure should be made to the engagement client prior to
accepting the engagement.
Copyright © 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com