Professional Documents
Culture Documents
CHAPTER 6 Quality Assurance and Improvement Program
CHAPTER 6 Quality Assurance and Improvement Program
2
Introduction to QAIP
The IIA Standard 1300 states that a quality
assurance program needs to be established
and maintained by the director of internal
auditing or the Chief Audit Executive (CAE)
in order to evaluate activities performed in the
internal audit department.
3
Relevant International Standards for the
Professional Practice of Internal Auditing
(ISSPIA)
1300 – Quality Assurance and Improvement Program
1310 – Requirements of the Quality Assurance and
Improvement Program
1311 – Internal Assessments
1312 – External Assessments
1320 – Reporting on the Quality Assurance and
Improvement Program
1321 – Use of “Conforms with the International
Standards for the Professional Practice of Internal
Auditing”
4 1322 – Disclosure of Non-conformance
Importance of QAIP
To enable an evaluation of IA activities which
include operation, processes and methods in
conformance with Definition, Standards and Code
of Ethics
Can assess efficiency and effectiveness of IA
activity and identify opportunities for improvement
Adding value to IA activity and improve
organisation’s operation
Implementation of new internal audit policy
Updates system for evaluation of audit risk, internal
audit staff training
5 Improvement in administrative and monitoring
Purposes and benefits of QAIP
6
Purposes and benefits of QAIP
According to PA 1310-1:
Conformance to definition, Code of Ethics and ISPPIA
Adequacy of IA activity’s charter, goals, objectives., policies and
procedures
Contribution to organisation’s governance, risk management and
control processes
Compliance with applicable laws, regulations and government or
industry standards
Effectiveness of continuous improvement activities and adoption
of best practices
Whether auditing activity add values and improve organisation’s
operations
7
QAIP Methodologies
2 TYPES
EXTERNAL
INTERNAL
ASSESSMENT
ASSESSMENTS
S
8
Internal Assessments
2 TYPES
ONGOING
MONITORING OF
THE
PERFORMANCE PERIODIC SELF
OF THE ASSESSMENTS
INTERNAL
AUDIT ACTIVITY
9
Types of Internal Assessments
1. Ongoing monitoring of the performance of the IA
activity:
Conducted routinely throughout the process of audit
Can be an integral part of the day-to-day supervision,
review and measurement of IA activity
Can be incorporated into routine policies and practices
used
10
Types of Internal Assessments
2. Periodic self assessments:
Not a routine but performed through self-
assessments or by other persons within an
organisation with sufficient knowledge in IA
practices
Can be conducted by special-purpose reviews
and will usually involve compliance testing
11
External Assessments
2 TYPES
SELF-
FULL ASSESSMENT
EXTERNAL WITH
ASSESSMENT INDEPENDENT
VALIDATION
12
External Assessments
13
assessor/assessment team
Types of External Assessments
1. Full external assessment:
Involves an outside team under the leadership of an
experienced professional project manager
The team members should be competent professionals
who are well-versed in the best IA practices
14
Types of External Assessments
2. Self-assessment with independent validation:
Conducted by a competent independent evaluator who
is well-versed in quality assessment methodology to
validate the self-assessment of IA activity
The validator substantiates work done by self-
assessment team, makes an on-site visit and interviews
senior management
Co-signs CAE’s report or issues separate report
15
Steps for the External Quality Assessment
Announcement letter
to CAE
Preliminary Survey
Fieldwork: Interviews
and
Substantive Testing
Reporting
16
Best Approach
Need greater commitment from management
All activities performed must be consistent with IIA’s
standards of quality and Code of Ethics
An organisation should develop a set of policies,
procedures and controls for its QAIP
Both methods of assessments should be implemented
An organisation must implement all corrective actions
recommended
17
Common Issues
Inappropriate chief audit executive — reporting
relationships
Out-of-date charters
Lack of board approved policy on internal control
responsibility
Client perception of inadequate audit staff
knowledge
18
Summary
CAE is responsible for enhancing QAIP of the internal
audit function
QAIP is designed to enable an evaluation of IA
activity’s conformance to Definition, ISSPIA and Code
of Ethics
Must implement both types of assessments
Results must be communicated to senior management,
the Board of Directors and the Audit Committee
19
END CHAPTER 6