Professional Documents
Culture Documents
Overview
of
Internal Auditing
A Compilation Shared by:
JUNN E. NICANOR
IIA-Phils.
Question # 1
WHERE IS THE
INTERNAL AUDIT
PRACTICE
ANCHORED
IA Practice Framework
Question # 1
WHAT IS THE
MISSION OF
INTERNAL AUDIT
Question # 1
Assurance Consulting
(70%) (30%)
OR MORE OR LESS
NOTE:
Ratio indicated above is NOT in the Standards but just the speaker’s take to ensure that providing
assurance is still the priority.
Assurance Services
An objective examination of evidence for the purpose of providing an
independent assessment on governance, risk management, and control
processes for the organization. Examples may include financial,
performance, compliance, system security, and due diligence
engagements.
Consulting Services
Advisory and related client service activities, the nature and scope of
which are agreed with the client, are intended to add value and
improve an organization’s governance, risk management, and control
processes without the internal auditor assuming management
responsibility. Examples include counsel, advice, facilitation, and
training.
INTERNAL AUDIT SCOPE
Risk
Management
Process
Control
Process
Governance
Process
QUESTION # 4
WHERE IS THE
CODE OF ETHICS
FOR AUDIT
PRACTIONERS
ANCHORED
CODE OF ETHICS FOR INTERNAL AUDITORS
ATTRIBUTE PERFORMANCE
STANDARDS STANDARDS
QUESTION # 4
WHAT CONTROL
FRAMEWORK IS
USED BY THE IA
PRACTICE
COSO INTEGRATED INTERNAL CONTROL FRAMEWORK
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a voluntary private-sector organization,
established in the United States, dedicated to providing guidance to executive management and governance entities on
critical aspects of organizational governance, business ethics, internal control, enterprise risk management, fraud, and
financial reporting. COSO has established a common internal control model against which companies and organizations may
assess their control systems.
MONITORING:
throughout
CONTROL
ACTIVITIES:
processes, procedures,
safeguards, access security,
authorization
RISK ASSESSMENT:
identify, prioritize, mitigate risks;
ongoing;
wide participation
CONTROL ENVIRONMENT:
tone at the top, compliance;
culture: integrity and competence of people
The New COSO Cube
3 Objectives
WHAT IS IAD’S
LICENSE TO
OPERATE
IAD License to Operate
HOW THE IA
FUNCTION HAD
EVOLVED
Traditional Modern
Auditor Auditor
Police Consultant
Fault finder Business partner
Feared upon Friend
Necessary Evil Valued resource
One who blames/pins down Help for improvement
Always right/authoritative image Solicits auditee’s inputs
Traditional Modern
Auditor Auditor
Reactive Proactive
Rigid independence Independent business partner
Assign duties & supervises staff Empowered/accountable
Detail oriented Risk-takers
MANAGEMENT
ADVISOR
“SKILLS”
BUSINESS
PROCESS AUDITS
BROADER
FINANCIAL
AUDITS
PROACTIVE
REACTIVE
CHANGE
PROJECTS AUDITS
CONTROL SPECIAL
REVIEWS PROJECTS RISK & CONTROL
ANALYST
NOBOBDY CAN BEST HELP IN ADVANCING
THE INTERNAL AUDIT PROFESSION
EXCEPT OURSELVES…