Professional Documents
Culture Documents
Auditing is known to have been practiced as early as we back far as 3,500 B.C during Mesopotamian civilization
where marks were used to record ship cargos and verify financial transactions.
The term “Audit” originated from the latin word “Auditus” referring to the hearing of oral evidence as one official
would verify records with those of another.
Internal auditing evolved through the years, gaining recognition from executives and organization leaders. The
profession has evolved from focusing on financial information, compliance reviews, information technology,
operations processes, and risk and controls.
Throughout the centuries, auditors have continued to pursue the truth, control transactions, and prevent or
detect fraudulent acts. Today, internal audits are independent, unbiased fact-finding exercises that provide
verifiable information to management or outside interests.
Definition
Internal Auditing (According to The Institute of International Auditors - IIA) is an independent , objective
assurance and consulting activity, designed to add value and improve an organization’s operations. It helps an
organization accomplish its objectives by bringing a systematic , disciplined approach to evaluate and improve the
effectiveness of risk management, control, and governance processes.
Independence
Internal audit activities must be carried out in an unbiased manner and free from influence and interference from
management to allow auditors to render impartial or unbiased opinions in the course of their engagement.
Objectivity
An unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they
have an honest belief in their work product and that no significant quality compromises are made.
Objectivity requires internal auditors not to subordinate their judgment on audit matters to others .
Assurance Services
An objective examination of evidence for the purpose of providing an independent assessments on governance,
risk management, and control processes for the organization. Examples: financial audit, performance audit,
compliance audit, system security, and due diligence engagements.
Consulting Activity
Advisory and related service activities, the nature and scope of which are agreed with the client and which are
intended to add value and improve an organization’s governance, risk management, and control processes
without internal auditor assuming assuming management responsibility. Examples: counseling, advice, facilitation,
installation of system and processes, and trainings to personnel.
Internal Auditing is performed by professionals with an in-depth understanding of the business culture , system,
and processes. Internal Audit Activity may be performed by people within the organization or from outside the
organization as “Outsourcing”.
Effective internal auditors serve as an organization’s corporate conscience and advisors for operational
efficiency, internal control, and risk management They also educate and make recommendations to management
and board of directors and other governance oversight bodies to support the organization in meeting its goals and
objectives.
In fulfilling these responsibilities, internal auditors must demonstrate professionalism, objectivity, knowledge,
integrity and leadership.
To help internal auditors ensure highest-quality internal audit results in widely diverse environments, the
Institute of Internal Auditors (IIA) has developed and maintains a full range of guidance for practitioners through
an International Professional Practices Framework (IPPF).
International Professional Practices Framework (IPPF) is defined as the conceptual framework that organizes the
authoritative guidance promulgated by the IIA.
The IPPF also includes a Standards Glossary that defines the use of words “must” and “should” in the following
manner:
● Must: The standard use the word “must” to specify an unconditional requirement.
● Should: The standards use the word “should” where conformance is expected unless, when
applying professional judgment, circumstances justify deviation.
The framework consists of the following mandatory, advisory, and practical categories of guidance.
● The Code of Ethics and the International Standards for the Professional Practice of Internal Auditing
(IAS)
● Practice Advisories (PAs)
● Practice Guides
● Position Papers
● Definition of Internal Auditing
● Glossary
Code of Ethics
A system of accepted laws and regulations that govern procedure of behavior in a particular circumstance or
within a particular profession. It is a set of values that guide the conduct and behavior of the individuals, enabling
them to differentiate between right and wrong, good and bad, and between what should be done, and what
should but cannot be done.
Internal Auditing Standards (IAS) are fundamental principles and procedures that make internal auditing a
unique disciplined and systematic activity.
Compliance with the Code of Ethics and the Standards in mandatory for all members of the Institute of Internal
Auditors (IIA) and all Certified Internal Auditors (CIA)
Practice Advisories
Practice advisories are IIA-endorsed guidance on best practices for performance of the standards. They are not
mandatory. They may help to interpret the standards or to apply the standards to specific internal auditing
environment. The practice Advisories and Practice Guides are intended for the use of IIA members.
Practice Guides are another form of guidance provided by the IIA to help internal auditors incorporate the
standards in heir practice. This category of guidance provides detailed guidance for conducting internal audit
activities and includes detailed processes and procedures, such as tools and techniques , programs and step by
step approaches, including examples of deliverables.
Position papers are IIA statements to assist a wide range of interested parties, including those not In internal
audit profession, in understanding significant governance, risk, or control issues and delineating the related roles
and responsibilities of the internal audit profession.
Categories of Standards:
A. Attribute Standards - Addresses the characteristics of organizations and parties performing internal
audit activities. It applies to all internal audit services and internal auditors individually
B. Performance Standards - described the nature of internal audit activities and provide criteria against
which the performance of these services can be evaluated. It applies to all internal audit services as well
as internal auditors.
C. Implementation Standards - expand Attribute and Performance Standards and how they apply to specific
types of assurance or consulting engagements.