AUDIT INTRODUCTION OVERVIEW AND DEFINITION

History and evolution of auditing.

Auditing is known to have been practiced as early as we back far as 3,500 B.C during Mesopotamian civilization
where marks were used to record ship cargos and verify financial transactions.

The term “Audit” originated from the latin word “Auditus” referring to the hearing of oral evidence as one official
would verify records with those of another.

Internal auditing evolved through the years, gaining recognition from executives and organization leaders. The
profession has evolved from focusing on financial information, compliance reviews, information technology,
operations processes, and risk and controls.

Throughout the centuries, auditors have continued to pursue the truth, control transactions, and prevent or
detect fraudulent acts. Today, internal audits are independent, unbiased fact-finding exercises that provide
verifiable information to management or outside interests.

Definition

Internal Auditing (According to The Institute of International Auditors - IIA)​ is an independent , objective
assurance and consulting activity, designed to add value and improve an organization’s operations. It helps an
organization accomplish its objectives by bringing a systematic , disciplined approach to evaluate and improve the
effectiveness of risk management, control, and governance processes.

Independence
Internal audit activities must be carried out in an unbiased manner and free from influence and interference from
management to allow auditors to render impartial or unbiased opinions in the course of their engagement.

Objectivity
An unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they
have an honest belief in their work product and that no significant quality compromises are made.

Objectivity requires internal auditors not to subordinate their judgment on audit matters to others .

Assurance Services
An objective examination of evidence for the purpose of providing an independent assessments on governance,
risk management, and control processes for the organization. Examples: financial audit, performance audit,
compliance audit, system security, and due diligence engagements.

Consulting Activity
Advisory and related service activities, the nature and scope of which are agreed with the client and which are
intended to add value and improve an organization’s governance, risk management, and control processes
without internal auditor assuming assuming management responsibility. Examples: counseling, advice, facilitation,
installation of system and processes, and trainings to personnel.

Designed to Add value

Value is provided by improving opportunities to achieve organizational objectives, identifying operational
improvement, and/or reducing risk exposure through both assurance and consulting services. Audit activities are
client- based and are responsive to the needs of the organization. Benefits are aligned to the company’s overall
goals. Suppliers and creditors are looking to internal audit to provide assurance on the reliability and security of
information in the systems forming the interactions and relationships between them and the organization. IIA
provides 4 factors that determine what will add most value to the organization.

Systematic disciplined approach

It has a clear set of professional standards and guidance on policies and procedures in order to deliver quality
service. An audit activity can be efficiently and effectively performed if all elements of a systematic and
disciplined approach are present.

Internal Auditing​ is performed by professionals with an in-depth understanding of the business culture , system,
and processes. Internal Audit Activity may be performed by people within the organization or from outside the
organization as “Outsourcing”.
 Effective internal auditors​ serve as an organization’s corporate conscience and advisors for operational
efficiency, internal control, and risk management They also educate and make recommendations to management
and board of directors and other governance oversight bodies to support the organization in meeting its goals and
objectives.
In fulfilling these responsibilities, internal auditors must demonstrate professionalism, objectivity, knowledge,
integrity and leadership.

Purpose of Internal Audit

The purpose of Internal Audit is to function as a service unit to assist all levels of management in the
effective discharge of their responsibilities. Internal audit seeks to provide assurance to management that
effective stewardship is maintained over company’s resources. All business systems, processes, operations,
functions, and activities within the organization are subject to the internal auditor’s evaluation.

Main objectives of Internal Audit

1. Helping the organization achieve its objectives
2. Evaluating and improving the effectiveness of risk management, control, and governance processes.
3. Assurance and consulting activity designed to add value and improve operations.

Types of Internal Audit

● Performance Audit
● Management audit
● Environmental Audit
● Compliance Audit
● Systems-based Audit
● Risk-based audit
● Financial Audit

To help internal auditors ensure highest-quality internal audit results in widely diverse environments, the
Institute of Internal Auditors (IIA) has developed and maintains a ​full range of guidance​ for practitioners through
an ​International Professional Practices Framework (IPPF).

The Institute of Internal Auditors

The Institute of Internal Auditors (IIA) which was established in 1941 is an international professional
association of more than 150,000 members with global headquarters in Altamonte Ssprings, FLA., United States.
The IIA is recognized as the Internal Audit profession’s leader in certification, education, research, and
technological guidance. The revised mission of The Institute of Internal Auditors is :
Internal Audit aspires “to enhance and protect organizational value by providing risk-based and
objective assurance, advice, and insight.”

International Professional Practices Framework (IPPF)​ is defined as the conceptual framework that organizes the
authoritative guidance promulgated by the IIA.

Authoritative Guidance comprises two categories:

1. Mandatory
2. Endorsed and strongly recommended

The IPPF also includes a ​Standards Glossary​ that defines the use of words “must” and “should” in the following
manner:
● Must: The standard use the word “must” to specify an unconditional requirement.
● Should: The standards use the word “should” where conformance is expected unless, when
applying professional judgment, circumstances justify deviation.

The framework consists of the following mandatory, advisory, and practical categories of guidance.
● The Code of Ethics and the International Standards for the Professional Practice of Internal Auditing
(IAS)
● Practice Advisories (PAs)
● Practice Guides
● Position Papers
● Definition of Internal Auditing
● Glossary

Code of Ethics
A system of accepted laws and regulations that govern procedure of behavior in a particular circumstance or
within a particular profession. It is a set of values that guide the conduct and behavior of the individuals, enabling
them to differentiate between right and wrong, good and bad, and between what should be done, and what
should but cannot be done.

Internal Auditing Standards​ (IAS) are fundamental principles and procedures that make internal auditing a
unique disciplined and systematic activity.

Compliance with the Code of Ethics and the Standards in mandatory for all members of the Institute of Internal
Auditors (IIA) and all Certified Internal Auditors (CIA)

Practice Advisories
Practice advisories are IIA-endorsed guidance on best practices for performance of the standards. They are not
mandatory. They may help to interpret the standards or to apply the standards to specific internal auditing
environment. The practice Advisories and Practice Guides are intended for the use of IIA members.

Practice Guides​ are another form of guidance provided by the IIA to help internal auditors incorporate the
standards in heir practice. This category of guidance provides detailed guidance for conducting internal audit
activities and includes detailed processes and procedures, such as tools and techniques , programs and step by
step approaches, including examples of deliverables.

Position papers​ are IIA statements to assist a wide range of interested parties, including those not In internal
audit profession, in understanding significant governance, risk, or control issues and delineating the related roles
and responsibilities of the internal audit profession.

Purpose of the Standards:

A. Delineate basic principles that represent the practice of internal auditing as it should be.
B. Provide a framework for performing and promoting a broad range of value-added internal auditing
activities.
C. Establish basis for the evaluation of internal audit performance.
D. Foster improved organizational processes and operations

Categories of Standards:
A. Attribute Standards - Addresses the characteristics of organizations and parties performing internal
audit activities. It applies to all internal audit services and internal auditors individually
B. Performance Standards - described the nature of internal audit activities and provide criteria against
which the performance of these services can be evaluated. It applies to all internal audit services as well
as internal auditors.
C. Implementation Standards - expand Attribute and Performance Standards and how they apply to specific
types of assurance or consulting engagements.