Subject: AUD 1201 – Internal Audit and Entity’s Control Environment

Module: The Emergence in Global Profession of Internal Auditing

Professor: Normandy P. Yco
Target Date of Discussion: February 08, 2024

Lesson/Topics:
➢ Discuss the Internal Auditing profession by providing the development, trends, and career
opportunities for the profession;
➢ Explain the globally recognized advocate, educator, and provider of standards, guidance, and
certification, The Institute of Internal Auditors Global;
➢ Discuss the leading global certifications related to Internal Auditing profession (e.g., Certified
Internal Auditor (CIA), Certified Information Systems Auditor (CISA), Certified Fraud Examiner
(CFE), and other related certifications.);
➢ Explain the statistics of CIA passers and other related information globally and in Philippine
setting;
➢ Explain the CIA Qualifications, and its exam process.
Topics Discussion:

An internal auditor (IA) is a trained professional employed by companies to provide independent and
objective evaluations of financial and operational business activities, including corporate governance.
They are tasked with ensuring that companies comply with laws and regulations, follow proper
procedures, and function as efficiently as possible.

Myth of the traditional auditor perception:

- Police, Fault finder, feared upon, necessary evil, one who blames/pin down, always
right/authoritative image.

Facts:
- Internal auditor as adviser, business partner, valued resource, solicits audit customer’s inputs, help
for improvement.

IA practitioners want to demystify the internal audit function and to be recognized as a strategic and
valued advisor/partner in an organization and as a leader in promoting governance, risk management
and internal control practices in the Bank.

Further, IA practitioners aims to establish more open communications, cooperation and collaboration
with stakeholders and other assurance providers.

Requirements for Internal Auditors

The Institute of Internal Auditors (IIA), established in 1941 and headquartered in Florida, is the
international professional organization that sets standards, guidance, best practices, and code of ethics
for practitioners.

On its website, the IIA defines Internal Auditing as: “an independent, objective assurance and
consulting activity designed to add value and improve an organization's operations. It helps an
organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and
improve the effectiveness of risk management, control, and governance processes.”
Key Components of the Definition:
➢ Helping the organization accomplish its objectives;
➢ Evaluating and improving the effectiveness of risk management, control, and governance
processes;
➢ Assurance and consulting activity designed to add value and improve operations;
➢ Independence and objectivity;
➢ Systematic and disciplined approach (specifically, the engagement process).

IIA Guidance 1100 - Independence and Objectivity

The internal audit activity must be independent, and internal auditors must be objective in
performing their work.

Independence is the freedom from conditions that threaten the ability of the internal audit activity to
carry out internal audit responsibilities in an unbiased manner. To achieve the degree of independence
necessary to effectively carry out the responsibilities of the internal audit activity, the chief audit
executive has direct and unrestricted access to senior management and the board. This can be achieved
through a dual-reporting relationship. Threats to independence must be managed at the individual
auditor, engagement, functional, and organizational levels.

Objectivity is an unbiased mental attitude that allows internal auditors to perform engagements in such
a manner that they believe in their work product and that no quality compromises are made. Objectivity
requires that internal auditors do not subordinate their judgment on audit matters to others. Threats
to objectivity must be managed at the individual auditor, engagement, functional, and organizational
levels.

Organizational Objectives:
➢ Strategic - Strategic goals are the specific financial and non-financial objectives and results a
company aims to achieve over a specific period of time, usually the next three to five years.
➢ Operational - In business, operational objectives (also known as tactical objectives) are short-
term goals whose achievement brings an organization closer to its long-term goals. It is slightly
different from strategic objectives, which are longer term goals of a business, but they are
closely related, as a business will only be able to achieve strategic objectives when operational
 objectives have been met. Operational objectives are usually set by middle managers for the
next six to twelve months based on an organization's aim. They should be attainable and
specific so that they can provide a clear guidance for daily functioning of certain operations.
This business term is typically used in the context of strategic management and operational
planning.
➢ Reporting - pertain to internal and external financial and non-financial reporting and may
encompass reliability, timeliness, transparency, or other terms as set forth by regulators,
standard setters, or the entity’s policies.
➢ Compliance - pertain to internal and external financial and non-financial reporting and may
encompass reliability, timeliness, transparency, or other terms as set forth by regulators,
standard setters, or the entity’s policies.

Governance, Risk Management, and Control:

➢ Governance - is the combination of processes and structures implemented by the board to
inform, direct, manage, and monitor the activities of the organization toward the achievement
of its objectives.
➢ Risk Management - closely interlinked with governance, is the process conducted by
management to understand and deal with uncertainties (risks and opportunities) that could
affect the organization’s ability to achieve its objectives.
➢ Control - is any action taken by management, the board, and other parties to manage risk and
increase the likelihood that established objectives and goals will be achieved. Management
plans, organizes, and directs the performance of sufficient actions to provide reasonable
assurance that objectives and goals will be achieved.

Assurance vs. Consulting Services:

➢ Assurance Services - pertain to an objective examination of evidence for the purpose of
providing an independent assessment on risk management, control, or governance processes
for the organization.
➢ Consulting Services - pertain to advisory and related client service activities, the nature and
scope of which are agreed upon with the client to improve the organization’s operations.
Systematic and Disciplined Approach:
To truly add value and improve operations, internal assurance and consulting engagements must be
performed in a systematic and disciplined manner. The three fundamental phases in the internal audit
engagement process are planning the engagement, performing the engagement, and communicating
engagement outcomes.

About the Institute of Internal Auditors (IIA):

Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association
with global headquarters in Lake Mary, Florida, USA. The IIA is the internal audit profession's global
voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Generally,
members work in internal auditing, risk management, governance, internal control, information
technology audit, education, and security.

Globally, The IIA has more than 200,000 members. The IIA in North America comprises 159 chapters
serving more than 70,000 members in the United States, Canada, the Caribbean (Aruba, Bahamas,
Barbados, Cayman Islands, Curacao, Jamaica, Puerto Rico, and Turks & Caicos), Bermuda, and Trinidad
& Tobago. Members enjoy benefits offered by the North American Service Center including local,
national, and global professional networking; world-class training; certification; standards and
guidance; research; executive development; career opportunities; and more. IIA members throughout
North America enjoy free members-only webinars and member savings on national conferences such
as the General Audit Management (GAM) and All Star Conferences. The IIA’s Audit Executive Center
provides chief audit executives relevant and timely thought leadership and connections to peers for
benchmarking and sharing best practices. And resources such as IIA Quality Services make The Institute
an indispensable partner to you and your organization.

Mission of the IIA

The mission of The Institute of Internal Auditors is to provide dynamic leadership for the global
profession of internal auditing. Activities in support of this mission will include, but will not be limited
to:
➢ Advocating and promoting the value internal audit professionals add to their organizations;
➢ Providing comprehensive professional educational and development opportunities, standards
and other professional practice guidance, and certification programs;
 ➢ Researching, disseminating, and promoting knowledge concerning internal auditing and its
appropriate role in control, risk management, and governance to practitioners and
stakeholders;
➢ Educating practitioners and other relevant audiences on best practices in internal auditing;
➢ Bringing together internal auditors from all countries to share information and experiences.

Professional Certifications:
The IIA offers several professional certifications that allow internal auditors to demonstrate their
knowledge, acumen, and leadership ability in three areas: industry, competency, and leadership. These
certifications help internal auditors progress their career by:
➢ Enhancing skills and knowledge of internal auditors;
➢ Helping internal auditors gain credibility and respect in the field;
➢ Increasing the earning potential of internal auditors;
➢ Allowing internal auditors to demonstrate an understanding of and commitment to the practice
of internal auditing.

The premier certification sponsored by The IIA is the Certified Internal Auditor (CIA), the only globally
certification for the internal auditors. The CIA examination tests a candidate’s expertise in three parts:
Internal Audit Basics; Internal Audit Practice; and Internal Audit Knowledge Elements. In addition to
passing the CIA examination, candidates must have a minimum of two years internal audit experience
or tis equivalent to become a CIA. New and rotational internal auditors can obtain the Internal Audit
Practitioner designation by passing the first two (2) parts of the CIA exam. The CIA transcends all
three (3) areas as depicted in the figure below:
In the area of competency, The IIA sponsors two specialty certification programs: Certification in
Control Self-Assessment (CCSA) and Certification in Risk Management Assurance (CRMA). Industry
certifications include Certified Government Auditing Professional (CGAP), Certified Financial Services
Auditor (CFSA), Certified Professional Environmental Auditor (CPEA), and Certified Process Safety
Auditor (CPSA). The Qualification in Internal Audit Leadership (QIAL) is the certification for leaders
working to ascend to the level of CAE in their organizations. Detailed information about each of the
certification programs can be found on The IIA’s website.
CIA Qualifications:
CIA candidates must meet the following entry and exit eligibility requirements to obtain the CIA
designation. Before a candidate application can be approved, ALL documentation (proof of education,
character reference, and identification) must be received and approved by The IIA’s Certification staff.
Entry Requirements
To be approved into the CIA program, candidate must either:
➢ Hold a Bachelor’s degree or higher, or
➢ Hold an active Internal Audit Practitioner designation, or
➢ Possess five years of internal audit experience, or
➢ Be an active student in your final year of college, or *
➢ Be an active student with an approved Internal Audit Education Partnership (IAEP) school.*

*Note: You are able to take the CIA exams, however your certification will not be awarded until your
degree is completed and all program requirements met.

Acceptable Documents:
➢ Copy of your degree or official transcripts (If your name has changed since you earned your
degree, you must also include your legal name change document.);
➢ Letter from university confirming degree;
➢ Letter from evaluation services confirming degree level.

Character Reference
Candidates must exhibit high moral and professional character and must submit a Character
Reference signed by a CIA, CGAP, CCSA, CFSA, CRMA, QIAL, or the candidate's supervisor.

Proof of Identification
Candidates must provide proof of identification in the form of a copy of the candidate’s valid official
passport or national identity card. These must indicate current status; expired documents will not be
accepted.

Exit Requirements:
CIA Exam
Once candidates have been accepted into the CIA program, they must pass all three CIA exam parts
within the program eligibility period.
Work Experience
Candidates may apply to the certification program and sit for exams prior to obtaining the required
work experience. However, candidates will not be certified until unless the experience requirement is
met within the program eligibility period. Experience for the CIA’s certification program is based on
the entry method.
➢ Internal Audit
➢ Quality Assurance
➢ Risk Management
➢ Audit/Assessment/Disciplines
➢ Compliance
➢ External Audit
➢ Internal Control

COMPETENCIES NEEDED TO EXCEL AS AN INTERNAL AUDITOR

If internal auditors are to be trusted advisers to the organizations they serve, they must embody the
five Cs, character traits that are required for success in the internal audit profession:
➢ Competence - the skills and knowledge required to provide assurance and advisory services
that add value;
➢ Credibility - the ability to inspire trust based on consistent competence and integrity;
➢ Connectivity - the ability to understand the needs of each of the stakeholders individually
within the greater whole of the organization;
➢ Communication - instituting methods of relaying information (orally and in multiple written
forms) and listening to the individuals served;
➢ Courage - the personal fortitude to remain independent and objective and to stand by the
results of the engagements conducted.
Text References:
• https://www.investopedia.com/terms/i/internalauditor.asp
• https://www.bdc.ca/en/articles-tools/entrepreneur-toolkit/templates-business-
guides/glossary/strategic-goals
• https://en.wikipedia.org/wiki/Operational_objective
• https://na.theiia.org/standards-guidance/topics/pages/governance-risk-and-control.aspx
• https://na.theiia.org/about-us/Pages/About-The-Institute-of-Internal-Auditors.aspx
• https://na.theiia.org/certification/cia-certification/pages/eligibility-requirements.aspx
• Internal Auditing Assurance and Advisory Services 4th Edition

Video References:
• What is Internal Audit? | Types of Internal Audits | Internal Audit Meaning & Explanation -
https://www.youtube.com/watch?v=jeTOJhujqZ
• What is Internal audit? Explain Internal audit, Define Internal audit, Meaning of Internal
audit - https://www.youtube.com/watch?v=Nq8FrkW3Dvw
• Why is Internal Audit a Great Career Choice? - https://www.youtube.com/watch?v=Zi1L-
0wC7wA&t=51s
• Internal Audit Career Path: The Pros and Cons - https://www.youtube.com/watch?v=MeUt-
sGgm1I&t=196s