CHAPTER 6

QUALITY ASSURANCE AND

IMPROVEMENT PROGRAM
Learning Objectives
After going through this chapter, you should be able to:
Understand the nature of quality assurance and
improvement program(QAIP).
Explain the importance of QAIP in an internal audit
department.
Explain the purposes and benefits of QAIP.
Distinguish different types or approaches of quality
assurance.
Explain the best approach for QAIP and common
issues in a quality assurance review.

2
 Introduction to QAIP
The IIA Standard 1300 states that a quality
assurance program needs to be established
and maintained by the director of internal
auditing or the Chief Audit Executive (CAE)
in order to evaluate activities performed in the
internal audit department.

3
 Relevant International Standards for the
Professional Practice of Internal Auditing
(ISSPIA)
1300 – Quality Assurance and Improvement Program
1310 – Requirements of the Quality Assurance and
Improvement Program
1311 – Internal Assessments
1312 – External Assessments
1320 – Reporting on the Quality Assurance and
Improvement Program
1321 – Use of “Conforms with the International
Standards for the Professional Practice of Internal
Auditing”
4 1322 – Disclosure of Non-conformance
 Importance of QAIP
To enable an evaluation of IA activities which
include operation, processes and methods in
conformance with Definition, Standards and Code
of Ethics
Can assess efficiency and effectiveness of IA
activity and identify opportunities for improvement
Adding value to IA activity and improve
organisation’s operation
Implementation of new internal audit policy
Updates system for evaluation of audit risk, internal
audit staff training
5 Improvement in administrative and monitoring
Purposes and benefits of QAIP

 To ensure scope of IA activity includes all

activities in the standards and in the IIA definition
of IA
 To provide reasonable assurance to the various
stakeholders of IA activity (perform in accordance
with charter, operates in effective and efficient
manner and perceived as adding value and
improving organisation’s operations)

6
Purposes and benefits of QAIP
According to PA 1310-1:
 Conformance to definition, Code of Ethics and ISPPIA
 Adequacy of IA activity’s charter, goals, objectives., policies and
procedures
 Contribution to organisation’s governance, risk management and
control processes
 Compliance with applicable laws, regulations and government or
industry standards
 Effectiveness of continuous improvement activities and adoption
of best practices
 Whether auditing activity add values and improve organisation’s
operations

7
 QAIP Methodologies

2 TYPES

EXTERNAL
INTERNAL
ASSESSMENT
ASSESSMENTS
S

8
 Internal Assessments

2 TYPES

ONGOING
MONITORING OF
THE
PERFORMANCE PERIODIC SELF
OF THE ASSESSMENTS
INTERNAL
AUDIT ACTIVITY

9
 Types of Internal Assessments
1. Ongoing monitoring of the performance of the IA
activity:
 Conducted routinely throughout the process of audit
 Can be an integral part of the day-to-day supervision,
review and measurement of IA activity
 Can be incorporated into routine policies and practices
used

10
 Types of Internal Assessments
2. Periodic self assessments:
 Not a routine but performed through self-
assessments or by other persons within an
organisation with sufficient knowledge in IA
practices
 Can be conducted by special-purpose reviews
and will usually involve compliance testing

11
 External Assessments

2 TYPES

SELF-
FULL ASSESSMENT
EXTERNAL WITH
ASSESSMENT INDEPENDENT
VALIDATION

12
 External Assessments

 Must be conducted at least once every 5 years

by qualified, independent assessor or
assessment team from outside of the
organization
 CAE must discuss with the board:
 Form and frequency of external assessments;
and
 Qualifications and independence of external

13
assessor/assessment team
 Types of External Assessments
1. Full external assessment:
 Involves an outside team under the leadership of an
experienced professional project manager
 The team members should be competent professionals
who are well-versed in the best IA practices

14
 Types of External Assessments
2. Self-assessment with independent validation:
 Conducted by a competent independent evaluator who
is well-versed in quality assessment methodology to
validate the self-assessment of IA activity
 The validator substantiates work done by self-
assessment team, makes an on-site visit and interviews
senior management
 Co-signs CAE’s report or issues separate report

15
 Steps for the External Quality Assessment

Announcement letter
to CAE

Preliminary Survey
Fieldwork: Interviews
and
Substantive Testing

Reporting

16
 Best Approach
Need greater commitment from management
All activities performed must be consistent with IIA’s
standards of quality and Code of Ethics
An organisation should develop a set of policies,
procedures and controls for its QAIP
Both methods of assessments should be implemented
An organisation must implement all corrective actions
recommended

17
 Common Issues
Inappropriate chief audit executive — reporting
relationships
Out-of-date charters
Lack of board approved policy on internal control
responsibility
Client perception of inadequate audit staff
knowledge

18
 Summary
CAE is responsible for enhancing QAIP of the internal
audit function
QAIP is designed to enable an evaluation of IA
activity’s conformance to Definition, ISSPIA and Code
of Ethics
Must implement both types of assessments
Results must be communicated to senior management,
the Board of Directors and the Audit Committee

19
END CHAPTER 6