Professional Documents
Culture Documents
SPEAKER:
D O T T. R O B E R T O R O S AT O
DECEMBER 2015
IPPF:
Authoritative Guidance for Internal Auditing Practitioners
3
The Framework for Internal Audit Effectiveness:
The New IPPF
4
Path to Internal Audit Effectiveness
5
What internal audit aspires to
What do IAs try to achieve
accomplish within an MISSION through their activity?
organization?
The Mission of Internal Audit describes internal audit’s primary purpose and overarching
goal. Achievement of the mission is supported by the entire IPPF, including the mandatory
elements of the Definition, Core Principles for the Professional Practice of Internal Auditing,
the Code of Ethics, and Standards, as well as all recommended guidance.
6
MISSION: A changing role
Strategic
Business
Assurance Advisor
Provider
Compliance
Inspector
7
Which are IA nature of work
What internal audit is? DEFINITION and objects of evaluation?
8
Which are the focal point for
Which are the criteria in order
IA in order to be present and Core Principles to evaluate IA effectiveness?
operating effectively?
Input Output
Process
Failure to achieve any of the Principles would imply that an internal audit activity was
not as effective as it could be in achieving internal audit’s mission
9
Provides RISK-BASED Assurance
Assessing
risk
maturity
Periodic
audit
planning
Individual
audit
assignments
10
Provides RISK-BASED Assurance
11
Which are behavioral
Which are the minimum
requirements for conduct?
Code of Ethics expectations rather than
specific activities?
4 PRINCIPLES 12 RULES
Honesty, Diligence, Responsibility
Integrity
Compliance No illegal acts
The integrity of internal auditors establishes trust and
thus provides the basis for reliance on their judgment Respect of company ethical value
Objectivity
Internal auditors exhibit the highest level of professional objectivity No operational responsibilities
in gathering, evaluating, and communicating information about the
activity or process being examined. Internal auditors make a Avoid any pressures
balanced assessment of all the relevant circumstances and are not Conflicts of Interest Disclosure
unduly influenced by their own interests or by others in forming
judgments.
Confidentiality
Internal auditors respect the value and ownership of information Prudency
they receive and do not disclose information without appropriate Correct use of info
authority unless there is a legal or professional obligation to do so.
12
Which are the Attributes of
International Which are the criteria against
organizations and individuals Standards which the performance of IA
performing internal audit services? services can be measured?
13
How to implement the Mandatory
Recommended How to conduct the activity in
Guidance? Guidance compliance with the
Standards?
14
Attribute Standards
1000 – Purpose, Authority, and Responsibility
Approved by Internal
Board Audit
Authority
• IA objectives and
responsibilities.
Charter
reporting lines
• Level of authority (including
access to records, physical
property and personnel)
15
Attribute Standards
1100 – Independence and Objectivity
The internal audit activity must be independent, and internal auditors must
be objective in performing their work.
Organizational Individual
Independence Objectivity
to carry out internal audit Impartial e unbiased
responsibilities in an mental attitude that avoids
unbiased manner any conflict of interest.
16
Attribute Standards
1200 – Proficiency and Due Professional Care
internal audit standards, procedures, and techniques / accounting Extent of work needed to achieve the engagement's objectives
principles and techniques / indicators of fraud. Relative complexity, materiality, or significance of matters
key information technology risks and controls Adequacy and effectiveness of governance, risk management, and
an understanding of management principles / an appreciation of control processes;
accounting, economics, commercial law, taxation, finance, quantitative Probability of significant errors, fraud, or noncompliance; and
methods, information technology, risk management, and fraud. Cost of assurance in relation to potential benefits
skills in dealing with people / in oral and written communications
OR
competent advice and assistance
The chief audit executive must develop and maintain a quality assurance
and improvement program that covers all aspects of the internal audit
activity.
External
• Ongoing monitoring Assessments • Statement of
• Periodic self- conformity with the
assessments • Full external International
assessment Standards for the
• External validation Professional Practice
of Internal Auditing
Internal
CERTICATION
Assessments
18
Performance Standards
2000 – Managing the Internal Audit Activity
The chief audit executive must effectively manage the internal audit
activity to ensure it adds value to the organization.
Planning
Communi
Resource
cation and
Management
Reporting
Policies and
Coordination
Procedures
19
Planning
Institutional Risks (as identified through ARMSC
processes) Audit Universe
Academic Leadership & Academic
Faculty Renewal Reputation
Admin Structure
Sword
Impact
M
L
Operatio Risk mapping
nal to multiple
sources L M H
process
Probabi
es
Audit audit lity
universe plan Risk-Based Internal Audit Plan
Departm
Total Assurance Type
ents sources Projects Description Priority Timi Level of
ng Effort
Project 1 Scope and Audit - Quarter / Year Hours
Objective Assurance
Multiple Project 2 Scope and Audit - Quarter / Year Hours
Objective Assurance
risk
Project 3 Scope and Audit - Quarter / Year Hours
sources Intervention
Objective Consulting
type
Project 4 Scope and Audit - Quarter / Year Hours
Objective Assurance
20
Planning
21
Performance Standards
2100 – Nature of Work
The internal audit activity must evaluate and contribute to the improvement of
governance, risk management, and control processes using a
systematic and disciplined approach
Ethical principles and values? Identification of objectives in line with mission? Controls proportionated to risks?
Efficient organization and accountability? Evaluation of significant risks?? Controls in line with
Information & communication on risks and controls? Selection of risk response in line with risk appetite? risk tolerance and acceptance?
Coordination and information flows between Risk reporting? Reasonable assurance of achieving the objectives
Key Governance Actors? (strategic; reliability and integrity of information;
effectiveness and efficiency of operations;
Safeguard the assets; Compliance)?
22
Performance Standards
2200 – Engagement Planning
Internal auditors must develop and document a plan for each engagement,
including the engagement's objectives, scope, timing, and resource
allocations
• Objectives of the • Risk to be audited
activity • Criteria to be used
• Significant risks • Errors tollerance
• Adequacy of ERM&
SCI
• Opportunity of
improvememnts
Planning Engagement
Considerations Objectives
Engagement Engagement
Resource Scope
Allocation
23
Performance Standards
2240 – Engagement Work Program
Internal auditors must develop and document work programs that achieve
the engagement objectives.
Audit Objectives
Evidences Performance
Program
collecting
Identifying Information
Sufficient
Analysis and Evaluation
Reliable Data Analytics &
Documenting Information
Continuous Auditing
25
Performance Standards
2400 – Communicating Results
Involved
Accurate Management
Timely Objective
Top
Board
Management
Disseminating
Results
Quality of
Communications Parties who can ensure
Complete Clear
that the results are given
due consideration
Corporate
Governance CEO / CFO
Bodies
26
Performance Standards
2500 – Monitoring Progress
The chief audit executive must establish and maintain a system to monitor
the disposition of results communicated to management.
Monitoring
Tools
27
Performance Standards
2600 - Communicating the Acceptance of Risks
When the chief audit executive concludes that management has accepted a level
of risk that may be unacceptable to the organization, the chief audit executive
must discuss the matter with senior management. If the chief audit executive
determines that the matter has not been resolved, the chief audit executive must
communicate the matter to the board.
28
Audit Charter and Internal Audit
Manual: Case Study
SPEAKER:
D O T T. R O B E R T O R O S AT O
DECEMBER 2015
Audit Charter Purpose
Audit Charter
Must
Define the position of IA into the Indicate the extent of Internal Auditing
organization activities
30
Audit Charter:
main of Independence and Objectivity
Independence allows Internal Adequate organizational position The Board approves the
Auditor to formulate an unbiased and objectivity of Internal audit charter
and objective opinion Auditor resulting from
proficiency and due professional
care are prerequisite of
independence.
31
Audit Charter:
Minimum Content
INTERNAL AUDIT
VISION
MISSION
Elements
of Audit Charter DEFINITION
SCOPE
32
Audit Charter:
Vision and Mission
33
Audit Charter:
Definition and Scope
The scope of internal auditing encompasses, but is not limited to, the
examination and evaluation of the adequacy and effectiveness of the
organization's governance, risk management, and internal controls
as well as the quality of performance in carrying out assigned
responsibilities to achieve the organization’s stated goals and
objectives.
The internal audit activity, with strict accountability for
Responsabilità and
Scope Authority
confidentiality and safeguarding records and information, is
authorized full, free, and unrestricted access to any and all of
organization records, physical properties, and personnel pertinent
to carrying out any engagement. All employees are requested to
assist the internal audit activity in fulfilling its roles and
responsibilities. The internal audit activity will also have free and
unrestricted access to the Board
34
Audit Charter:
Position
Board
Audit Committee
Position Statutory
CEO
Auditors Board
Internal Audit
Activity
Functional reporting line
Hierarchic reporting line
Administrative reporting line
35
Internal Audit Manual
The form and content of policies and procedures are dependent upon the size and
structure of the internal audit activity and the complexity of its work:
36
IA Manual Objectives
NEEDS
37
IA Manual Content
7. Human Resource
Management
38