Part 2

Overview
of
Internal Auditing
A Compilation Shared by:

JUNN E. NICANOR
IIA-Phils.
Question # 1

WHERE IS THE
INTERNAL AUDIT
PRACTICE
ANCHORED
IA Practice Framework
Question # 1

WHAT IS THE
MISSION OF
INTERNAL AUDIT
Question # 1

WHAT ARE THE

CORE PRINCIPLES OF
INTERNAL AUDIT
PRACTICE
 HOW IS THE
IA FUNCTION
POSITIONED IN THE
PRIVATELY OWNED
ORGANIZATIONS?
 The SEC Corporate Governance Framework - Table

GROUP PARTIES ROLE FUNCTIONS

External External Auditors Assurance Statutory Audit

Regulatory Authorities, Statutes/ Assurance Monitoring & Regulating

Acts

Internal Shareholder / Owner;

Board of Directors Oversight Broad Policy-Making;
Corp Responsibility;
Audit Committee Oversight Coordinating & Enforcing

Internal Audit; Assurance Independent Appraisal

Compliance Function Monitoring
Executive or Senior Stewardship, Planning, Directing, Organizing &
Controlling
Management Accountability

Management Performance Execution

QUESTION # 3

WHAT ARE THE

3 LINES OF
DEFENSE
IN AN
ORGANIZATION
AND HOW IS
INTERNAL AUDIT
POSITIONED
 OLD: 3 LINES OF DEFENSE
Low assurance High assurance
Governing Body/Board/Audit Committee
Senior Management E
X
1st line of 2nd line of 3rd line of T R
defense defense defense E E
Financial Control R G
N U
Management Risk Management
A L
Controls & Quality L A
Internal T
Internal Security
Audit A O
Control Environmental
R
U
Measures Health & Safety
D S
Compliance I
Independent T
Management Assurance Review
 WHAT IS THE
OFFICIAL DEFINITION
OF INTERNAL
AUDITING?
 Internal Auditing Defined…..
- an independent objective assurance and consulting activity
designed to add value and improve an organization’s operations.

- helps an organization accomplish its objectives by bringing a

systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control and governance
processes.

As defined by The Institute of Internal Auditors, International in the

International Professional Practices Framework (IPPF) for internal auditors.
GENERAL TYPES OF AUDIT SERVICES

Assurance Consulting
(70%) (30%)
OR MORE OR LESS

NOTE:
Ratio indicated above is NOT in the Standards but just the speaker’s take to ensure that providing
assurance is still the priority.
Assurance Services
An objective examination of evidence for the purpose of providing an
independent assessment on governance, risk management, and control
processes for the organization. Examples may include financial,
performance, compliance, system security, and due diligence
engagements.

Consulting Services

 Advisory and related client service activities, the nature and scope of
which are agreed with the client, are intended to add value and
improve an organization’s governance, risk management, and control
processes without the internal auditor assuming management
responsibility. Examples include counsel, advice, facilitation, and
training.
INTERNAL AUDIT SCOPE

Risk
Management
Process
Control
Process
Governance
Process
QUESTION # 4

WHERE IS THE
CODE OF ETHICS
FOR AUDIT
PRACTIONERS
ANCHORED
CODE OF ETHICS FOR INTERNAL AUDITORS

PRINCIPLES RULES OF CONDUCT

-Integrity
-Objectivity
-Confidentiality
-Competency
QUESTION # 5

WHAT ARE THE

GLOBAL
STANDARDS OF
INTERNAL AUDIT
PRACTICE
 ISPPIA
(INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING)

ATTRIBUTE PERFORMANCE
STANDARDS STANDARDS
QUESTION # 4

WHAT CONTROL
FRAMEWORK IS
USED BY THE IA
PRACTICE
 COSO INTEGRATED INTERNAL CONTROL FRAMEWORK
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a voluntary private-sector organization,
established in the United States, dedicated to providing guidance to executive management and governance entities on
critical aspects of organizational governance, business ethics, internal control, enterprise risk management, fraud, and
financial reporting. COSO has established a common internal control model against which companies and organizations may
assess their control systems.

MONITORING:
throughout

CONTROL
ACTIVITIES:
processes, procedures,
safeguards, access security,
authorization

RISK ASSESSMENT:
identify, prioritize, mitigate risks;
ongoing;
wide participation

CONTROL ENVIRONMENT:
tone at the top, compliance;
culture: integrity and competence of people
 The New COSO Cube

3 Objectives

5 Elements Levels of Mgt.

QUESTION # 7

WHAT IS IAD’S
LICENSE TO
OPERATE
IAD License to Operate

Internal Audit Charter

- defines the purpose, authority
and responsibility
- approved by the Board Audit
Committee and ratified by the whole
Board
QUESTION # 5

HOW THE IA
FUNCTION HAD
EVOLVED
Traditional Modern
Auditor Auditor

Police Consultant
Fault finder Business partner
Feared upon Friend
Necessary Evil Valued resource
One who blames/pins down Help for improvement
Always right/authoritative image Solicits auditee’s inputs
Traditional Modern
Auditor Auditor

Reactive Proactive
Rigid independence Independent business partner
Assign duties & supervises staff Empowered/accountable
Detail oriented Risk-takers

Process improvement – a by-product Targets process improvements

Policy-driven internal control Self-assessment & continuous

improvement programs
 AUDIT IN TRANSITION

TRADITIONAL AUDIT DYNAMIC AUDIT

MANAGEMENT
ADVISOR

“SKILLS”
BUSINESS
PROCESS AUDITS
BROADER
FINANCIAL
AUDITS

PROACTIVE

REACTIVE
CHANGE
PROJECTS AUDITS

CONTROL SPECIAL
REVIEWS PROJECTS RISK & CONTROL
ANALYST
NOBOBDY CAN BEST HELP IN ADVANCING
THE INTERNAL AUDIT PROFESSION
EXCEPT OURSELVES…