Nicodemus, Daena D.

A-331 AAPRINCIPLES

Journal 14: Internal Auditing (Auditing and Assurance Principles)

1. What is the International Professional Practices Framework? What is its

primary purpose and to whom is it intended for?

The International Professional Practices Framework (IPPF) is a

conceptual framework in which it is the one that organizes the authoritative

guidance. This authoritative guidance was promulgated by the Institute of Internal

Auditors (IIA) (Institute of Internal Auditors, n.d.). With this, the IIA is the one that

provides authoritative guidance organized in the IPPF. The IPPF is the

mandatory and recommended guidance for internal audit professionals all over

the world. The IPPF is updated and the updated version was introduced in 2015

on the month of July.

There is a much needed framework for almost everything. Frameworks

serve as guides for the profession in which for internal auditing, there exists the

International Professional Practices Framework (IPPF) which it is the guiding

principle for internal audit professionals no matter where they are situated in the

world as this is a universal guiding framework.

2. What is Professional Proficiency? How can an internal auditor obtain

such?

According to 1210 – Proficiency of the Attribute Standards, professional

proficiency is being knowledgeable, skillful, and it also pertains to other

characteristics or competencies that internal auditors must posses for them to be

able to carry out their professional responsibilities effectively (Institute of Internal

Nicodemus, Daena D. A-331 AAPRINCIPLES

Auditors North America, 2017). Proficiency is also about being able to carry out

activities in a way that the internal auditor considers the current activities, issues,

and trends to come up with the relevant recommendations that are timely and

applicable.

Internal auditors may obtain such as they continuously educate

themselves with formal education and training, as well as being open to what is

happening in the world in which they take into consideration the underlying

factors and relate them to their work as they perform engagements and as they

make recommendations and give advice to the management for further

improvement.

3. What is Due Professional Care? Why is it needed in the conduct of internal

audit activities?

Due professional care is under 1220 of the Attribute Standards in which as

stated by the Institute of Internal Auditors (2017), it is when the auditors consider

how adequate and effective the governance, the control processes, and the risk

management in the company is; the cost of assurance in the management as

related to the potential benefits, the relative materiality, significance, and

complexity of matters to which procedures in the assurance engagement are

applied; if fraud, significant errors, and noncompliance are probable; and the

extent of work that is needed for which the objectives of the engagement will be

achieved.
Nicodemus, Daena D. A-331 AAPRINCIPLES

Also considered in due professional care are the complexity and extent of

work that is needed for the objectives of the engagement to be achieved; the

expeecations of the clients, their needs, the nature and timing of the engagement

and also the communication of the results; amd the cost of the engagement as

opposed to the benefits that can be garnered from it.

Due professional care is definitely significant in internal audit

engagements or activities as the internal auditors must always give due efforts

into their work for them to be deemed effective and efficient and also for them to

be able to come up with the best results in their audit engagements. Due

professional care helps internal auditors to perform their necessary duties as

they become cautious of the things that they have to do and accomplish. They

consider all the things that they have to consider and probaly more. They exert

efforts and do what is expected that they do with regards to their jobs. With due

professional care, internal audit professionals are reminded of their

responsibilities in audit and the standards that they have to comply with.

4. Why is it necessary to participate in continuing professional development

for internal auditors?

As stated by the CPD Standards Office (n.d.), CPD or continuing

professional development is necessary because it includes the development of

the necessary skills and knowledge that professionals need to perform well in

their field. CPD includes honing the current skills of the professionals in which

they are developed further in order that their levels highten. CPD also includes
Nicodemus, Daena D. A-331 AAPRINCIPLES

the professionals learning new skills to further expand their job roles and

expertise that could lead them to promotion.

Furthermore, as stated by thr Institute of Internal Auditors (2009), in the

Primary Related Standard 1230 – Continuing Professional Development, internal

auditors must also enhance their knowledge, their skills, and also their other

competencies by means of continuing professional development. It also made

mention that internal auditors are responsible of enhancing and maintaining their

proficiency. They must be informed of the developments in the standards and

techniques. They are also encouraged to obtain professional cerification that is

appropriate to their line of work and to pursue CPE related to the activities of

their organization and the industry they belong to. There are also internal

auditors who engage in the performance of consulting work and specialized audit

in which they must undertake specialized CPE to be more proficient with their

internal audit work. Internal auditors must also obtain CPE as it is necessary in

professional certification and those who do not presently have appropriate

certifications are encourage to obtain such.

Thus, internal auditors, like professionals in other fields must always be

cautious of their standing in their work and their competencies in which they must

always be open for more learnings. They must further enhance their skills. Aside

from what has been said, there are always new trends on the field with new

policies and the rapid changes in the world. With that, not just the audit

procedures change or are enhanced but also company policies. Thus, the
Nicodemus, Daena D. A-331 AAPRINCIPLES

internal auditors must always be informed of these changes for them to do their

work effectively.

5. What are the items we check to determine when an internal audit activity is

managed effectively?

In 2000 – Managing the Internal Audit Activity, it states that “the chief audit

executive must effectively manage the internal audit activity to ensure it adds

value to the organization (Institute of Internal Auditors, 2016). In this section, it

states that there are four things that must be considered, and that internal audit

activity is effectively managed when it achieves responsibility as well as the

purpose that is included in the internal audit charter; when it considers the

emerging issues and the trends that could possibly impact the organization,

when the audit activity conforms with the Standards, and when the individual

members conform with the Standards and with the Code of Ethics

Here, internal audit activity adds value to the stakeholders and to the

organization itself in cases that it considers the objectives, the strategies and the

risks, and it strives to offer ways in which the risk management, governance, and

control processes are enhanced, and provides assurance objectively.

6. What are the responsibilities of the Chief Audit Executive (CAE) in

managing the internal audit activities? Identify and explain the role of the

CAE in each.
Nicodemus, Daena D. A-331 AAPRINCIPLES

The Chief Audit Executive (CAE) has several responsibilities in managing

the internal audit activities which includes: Planning, Communication and

Approval, Resource Management, Policies and Procedures, Coordination and

Reliance, and Reporting to Senior Management and the Board (Institute of

Internal Auditors, 2016).

In 2010 – Planning, it was written that the CAE must establish a risk-

based plan in which the goal of this plan is to determine the priorities of the

activity in the internal audit engagement in which it is consistent with the goals of

the organization.

In 2020 – Communication and Approval, the CAE communicated the plans

and the resource requirements of the internal audit activity as well as the interim

changes that are deemed to be significant to the board and to the senior

management. This is for them to review and approve them. The impact of

resource limitations is also communicated by the CAE alongside this.

In 2030 – Resource Management, the CAE ensures that the internal audit

resources are sufficient, appropriate, and that they are effectively deployed so

that the approved plan is achieved.

In 2040 – Policies and Procedures, the CAE must establish procedures

and policies in which they guide the activities under the internal audit.

In 2050 – Coordination and Reliance, the CAE coordinates activities,

shares information, and also considers relying on the work of the internal and

external assurance and on the work of the consulting service providers to ensure

that duplication of efforts is minimized and that there is proper coverage.

Nicodemus, Daena D. A-331 AAPRINCIPLES

In 20160 – Reporting to Senior Management and the Board, the CAE

reports to the senior management and to the board periodically about the

purpose, responsibility, performance, and authority of the internal audit activity in

which these are relative to its plan and also on conforms with the Standards and

with the Code of Ethics. With regards to reporting, control issues and significant

risks as well as other matters that may require the board or the senior

management’s attention are also included.

7. What are the skills required of an internal auditor? Explain why these are

needed.

According to Chambers and McDonald (2013), there are seven secrets of

success if internal auditors which include Integrity in which it requires balance

and confidence in which you perform your duties in a professional manner and

not in an overly authoritative way or even in an egotistical way. Second is

Relationship-Building which means that you cultivate trust with one another and

respect professionals in the business. Third is Partnering which it is about

sharing the best practices and inspiring them to adopt these practices. Fourth is

Communications in which there is effective communication skills in which the

internal audit reports are also effectively communicated. Fifth is Teamwork in

which this is about partnering but internally that instead of partnering with others

outside, you partner with colleagues. Sixth is Diversity which means that there is

consultation with diverse ages, ethnicities, nationalities, et cetera to be more

effective and for stronger teamwork as brought upon globalizarion’s accelerating

Nicodemus, Daena D. A-331 AAPRINCIPLES

pace. Last is Continuous Learning which means that internal auditors are

keeping page with issues and the changing business trends.

As also stated by Birkett et al, in Prawitt (2003), there are six skills that are

required of internal auditors in which three of these skills fall under cognitive skills

while the other three fall under behavioral skills. The skills are as follows:

A. Cognitive Skills

1. Technical skills – following defined routes with some mastery

2. Analytic/Design Skills – problem identification or task definition and the

structuring of prototype solutions or performances

3. Appreciative Skills – making complex and creative judgments, often in

situations of ambiguity

B. Behavioral Skills

1. Personal Skills – handling oneself well in situations of challenge, stress,

conflict, time pressure, and change

2. Interpersonal Skills – securing outcomes through interpersonal

interactions

3. Organizational Skills – securing outcomes through the use of

organizational networks

8. On what circumstances does a CAE engage an external service provider?

What does the CAE need to watch out for when engaging such?

According to the Institute of Internal Auditors (2009), “1210.A1 – The chief

audit executive must obtain competent advice and assistance if the internal
Nicodemus, Daena D. A-331 AAPRINCIPLES

auditors lack the knowledge, skills, or other competencies needed to perform all

or part of the engagement.”

This signifies that there are cases in which the internal auditors may lack

the attributes needed to perform an engagement in which external service

providers may be needed by the company to perform specific tasks.

As stated in the implementation guide 2070 by the Institute of Internal

Auditors (2016), there are requirements when it comes to the responsibilities of

an external service provider as related to the quality assurance and improvement

program (QAIP) which include:

Standard 1300 – Quality Assurance and Improvement Program;

Standard 1310 – Requirements of the Quality Assurance and Improvement

Program;

Standard 1311 – Internal Assessments;

Standard 1312 – External Assessments;

Standard 1320 – Reporting on the Quality Assurance and Improvement Program;

Standard 1321 – Use of “Conforms with the International Standards for the

Professional Practice of Internal Auditing”; and

Standard 1322 – Disclosure of Nonconformance

Also under 1210.A1, the external service provider must possess the

necessary skills in which the following are considered:

 Professional certification, license, or other recognition of the external

service provider’s competence in the relevant discipline.

Nicodemus, Daena D. A-331 AAPRINCIPLES

 Membership of the external service provider in an appropriate professional

organization and adherence to that organization’s code of ethics.

 The reputation of the external service provider. This may include

contacting others familiar with the external service provider’s work.

 The external service provider’s experience in the type of work being

considered.

 The extent of education and training received by the external service

provider in disciplines that pertain to the particular engagement.

 The external service provider’s knowledge and experience in the industry

in which the organization operates.

Furthermore, it states that the objectivity and independence of the external

service provider are assessed by the CAE as the following are considered:

 The financial interest the external service provider may have in the

organization.

 The personal or professional affiliation the external service provider may

have to the board, senior management, or others within the organization.

 The relationship the external service provider may have had with the

organization or the activities being reviewed.

 The extent of other ongoing services the external service provider may be

performing for the organization.

 Compensation or other incentives that the external service provider may

have.
Nicodemus, Daena D. A-331 AAPRINCIPLES

References

Chambers, R. F., & McDonald, P. (2013). Succeeding as a 21st Century Internal

Auditor: 7 Attributes of Highly Effective Internal Auditors.

https://global.theiia.org/news/Documents/7%20Attributes%20of%20Highly

%20Effective%20Internal%20Auditors.pdf

CPD Standards Office. (n.d.). What is CPD? https://www.cpdstandards.com/what-is-

cpd/

Institute of Internal Auditors North America (2017). Attribute Standards.

https://na.theiia.org/standards-guidance/attribute-standards/Pages/Attribute-

Standards.aspx

Institute of Internal Auditors. (2009). Practice Advisory 1210.A1-1: Obtaining External

Service Providers to Support or Complement the Internal Audit Activity.

https://www.iia.nl/SiteFiles/IIA_leden/Parktijkadviezen/PA%201210A1-1.pdf
Nicodemus, Daena D. A-331 AAPRINCIPLES

Institute of Internal Auditors. (2009). Practice Advisory 1230-1: Continuing Professional

Development. https://www.interniaudit.cz/download/ippf/Practice_Advisory/PA

%201230-1-AJ.pdf

Institute of Internal Auditors. (2016). Implementation Guide 2070.

https://www.aiiaweb.it/sites/default/files/imce/pdf/ig2070-2016-12.pdf

Institute of Internal Auditors. (2016). International Standards for the Professional

Practice of Internal Auditing (Standards). https://global.theiia.org/standards-

guidance/Public%20Documents/IPPF-Standards-2017.pdf

Institute of Internal Auditors. (n.d.). Standards & Guidance — International Professional

Practices Framework (IPPF). The Institute of Internal Auditors North America.

https://na.theiia.org/standards-guidance/Pages/Standards-and-Guidance-

IPPF.aspx

Prawitt, D. F. (2003). Managing the Internal Audit Function.

https://na.theiia.org/iiarf/Public%20Documents/Chapter%206%20Managing

%20the%20Internal%20Audit%20Function.pdf