Documente Academic
Documente Profesional
Documente Cultură
The internal audit profession is founded on the trust placed in its Add Value Compliance External Service Provider Must
Statement of internal auditing’s Help a wide range of interested Value is provided by improving opportunities to achieve Adherence to policies, plans, procedures, laws, A person or firm outside of the organization that The Standards use the word “must” to specify an
objective assurance about governance, risk management, and control. fundamental purpose, nature, parties — including those not in organizational objectives, identifying operational regulations, contracts, or other requirements. has special knowledge, skill, and experience in a unconditional requirement.
As such, The IIA’s Code of Ethics, comprising Principles and Rules and scope: the internal audit profession — to: improvement, and/or reducing risk exposure through particular discipline.
Position • Understand significant both assurance and consulting services. Conflict of Interest Objectivity
International Professional
of Conduct, is necessary and appropriate. Its purpose is to promote Internal auditing is an governance, risk, and Any relationship that is, or appears to be, not in the Fraud An unbiased mental attitude that allows internal
an ethical culture in the profession of internal auditing. It extends independent, objective Papers control issues. Adequate Control
Present if management has planned and organized
best interest of the organization. A conflict of interest
would prejudice an individual’s ability to perform his
Any illegal act characterized by deceit, concealment,
or violation of trust. These acts are not dependent
auditors to perform engagements in such a
manner that they have an honest belief in their
assurance and consulting • Delineate internal
beyond the definition of internal auditing to include principles that
are relevant to the profession and practice of internal auditing and Definition
activity designed to add value
and improve an organization’s
audit-related roles and
responsibilities.
(designed) in a manner that provides reasonable
assurance that the organization’s risks have been
managed effectively and that the organization’s
or her duties and responsibilities objectively.
Consulting Services
upon the threat of violence or physical force. Frauds
are perpetrated by parties and organizations to
obtain money, property, or services; to avoid
work product and that no significant quality
compromises are made. Objectivity requires
internal auditors not to subordinate their judgment
Practices Framework
operations. It helps an goals and objectives will be achieved efficiently payment or loss of services; or to secure personal on audit matters to others.
rules of conduct that describe behavior norms and provide practical Advisory and related client service activities, the
organization accomplish • Address approach, methodology, and economically. nature and scope of which are agreed with the or business advantage.
applications to guide the ethical conduct of internal auditors. its objectives by bringing and considerations, but client, are intended to add value and improve an Residual Risk
a systematic, disciplined not detailed processes Assurance Services organization’s governance, risk management, and Governance The risk remaining after management takes
Breaches of The IIA’s Code of Ethics by members and certification approach to evaluate and and procedures. An objective examination of evidence for the control processes without the internal auditor The combination of processes and structures action to reduce the impact and likelihood of an
improve the effectiveness of purpose of providing an independent assessment assuming management responsibility. Examples implemented by the board to inform, direct, manage, adverse event.
candidates or holders are evaluated and administered according to The • Provide concise and timely on governance, risk management, and control include counsel, advice, facilitation, and training. and monitor the activities of the organization toward
risk management, control,
IIA’s Bylaws and Administrative Directives. The fact that a particular and governance processes. Practice assistance to internal auditors
in conforming to the Code
processes for the organization. Examples may
include financial, performance, compliance, Control
the achievement of its objectives. Risk
The possibility of an event occurring that will have
conduct is not mentioned in the Rules of Conduct does not prevent it
• Principles and expectations Advisories of Ethics and Standards and system security, and due diligence engagements. Any action taken by management, the board, and
other parties to manage risk and increase the
Impairment
Impairment to organizational independence
an impact on the achievement of objectives. Risk
is measured in terms of impact and likelihood.
from being unacceptable or discreditable, resulting in disciplinary action. promoting good practices.
governing behavior of individuals Board likelihood that established objectives and goals and individual objectivity may include personal
and organizations in the conduct • Relate to international-, country-, A board is an organization’s governing body, such will be achieved. Management plans, organizes, conflicts of interest, scope limitations, restrictions Risk Appetite
Professional internal auditors are expected to apply and uphold the
Code of of internal auditing. or industry-specific issues; as a board of directors, supervisory board, head of and directs the performance of sufficient actions on access to records, personnel, and properties; The level of risk that an organization is willing
principles of integrity, objectivity, confidentiality, and competency. specific types of engagements; an agency or legislative body, board of governors to provide reasonable assurance that objectives and resource limitations (funding). to accept.
Integrity establishes trust and thus provides the basis for reliance Ethics • Minimum requirements for
conduct and behavioral
and legal or regulatory issues. or trustees of a nonprofit organization, or any other
designated body of the organization, including the
and goals will be achieved.
Independence Risk Management
expectations, rather than audit committee to whom the chief audit executive Control Environment The freedom from conditions that threaten
on internal auditors’ judgment. They exhibit the highest level of Provide information on how to may functionally report.
A process to identify, assess, manage, and
specific activities. The attitude and actions of the board and management objectivity or the appearance of objectivity. Such control potential events or situations to provide
professional objectivity in gathering, evaluating, and communicating conduct internal audit activities, regarding the significance of control within the threats to objectivity must be managed at the reasonable assurance regarding the achievement
including detailed: Charter
information about the activity or process being examined. Internal • Basic requirements for the
professional practice of internal
Practice • Processes and procedures. The internal audit charter is a formal document
organization. The control environment provides the
discipline and structure for the achievement of the
individual auditor, engagement, functional, and
organizational levels.
of the organization’s objectives.
auditors make a balanced assessment of all the relevant circumstances auditing and for evaluating Guides • Tools and techniques.
• Programs.
that defines the internal audit activity’s purpose,
authority, and responsibility. The internal audit
primary objectives of the system of internal control. The
control environment includes the following elements: Information Technology (IT) Controls
Should
The Standards use the word “should” where
and are not unduly influenced by their own interests or by others in effectiveness of performance.
• Step-by-step approaches. charter establishes the internal audit activity’s • I ntegrity and ethical values Controls that support business management conformance is expected unless, when applying
position within the organization; authorizes access •M anagement’s philosophy and governance as well as provide general and
forming judgments. They • Internationally applicable • Examples of deliverables. professional judgment, circumstances justify
to records, personnel, and physical properties and operating style technical controls over information technology
at both individual and relevant to the performance of engagements; and •O rganizational structure
deviation.
respect the value and organization levels. infrastructures such as applications, information,
defines the scope of internal audit activities. •A ssignment of authority infrastructure, and people.
ownership of information Significance
Mandatory Guidance International • Principle-focused guidance
Chief Audit Executive (CAE) •H
and responsibility
uman resource policies and practices The relative importance of a matter within the
they receive and do not for performing and promoting Information Technology (IT) Governance context in which it is being considered, including
Developed following the
disclose information
Standards internal auditing: A chief audit executive is a senior position within
the organization responsible for internal audit
• C ompetence of personnel
Consists of the leadership, organizational structures, quantitative and qualitative factors, such as
appropriate due process, and processes that ensure that the enterprise’s magnitude, nature, effect, relevance, and impact.
−− Attribute standards. activities. Normally, this would be the internal Control Processes information technology sustains and supports the
without appropriate audit director. In the case where internal audit The policies, procedures, and activities that are
Professional judgment assists internal auditors
including public exposure. Conformance −− Performance standards. Online Resources activities are obtained from external service part of a control framework, designed to ensure
organization’s strategies and objectives. when evaluating the significance of matters within
with the principles set forth in mandatory authority unless there the context of the relevant objectives.
−− Implementation standards. All of the International Standards for providers, the chief audit executive is the person that risks are contained within the risk tolerances
Internal Audit Activity
guidance is essential for the professional is a legal or professional responsible for overseeing the service contract and established by the risk management process.
A department, division, team of consultants, or
−− Interpretations that clarify the Professional Practice of Internal the overall quality assurance of these activities, Standard
practice of internal auditing. obligation to do so. They terms or concepts within reporting to senior management and the board
other practitioner(s) that provides independent, A professional pronouncement promulgated by
Auditing, the other mandatory guidance, Engagement objective assurance and consulting services the Internal Audit Standards Board that delineates
apply the knowledge, the statements. regarding internal audit activities, and follow-up of A specific internal audit assignment, task, or designed to add value and improve an organization’s the requirements for performing a broad range of
and an ever-growing repository of strongly engagement results. The term also includes titles review activity, such as an internal audit, control
Strongly Recommended Guidance skills, and experience such as general auditor, head of internal audit, chief self-assessment review, fraud examination, or
operations. The internal audit activity helps an internal audit activities, and for evaluating internal
recommended guidance are available online. organization accomplish its objectives by bringing audit performance.
Describes practices for the ef fective internal auditor, and inspector general. consultancy. An engagement may include multiple
needed in the performance a systematic, disciplined approach to evaluate
For more information, visit the Professional tasks or activities designed to accomplish a specific and improve the effectiveness of governance, risk
implementation of T he IIA’s Code Technology-based Audit Techniques
of internal audit services. Code of Ethics set of related objectives. management, and control processes.
of Ethics, the Definition of Internal Guidance section of The IIA’s Web site or The Code of Ethics of The Institute of Internal Any automated audit tool, such as generalized
Auditors (IIA) comprises Principles relevant to the audit software, test data generators, computerized
Auditing, and the International For the complete Code e-mail guidance@theiia.org. To purchase Engagement Objectives International Professional Practices audit programs, specialized audit utilities, and
profession and practice of internal auditing, and Broad statements developed by internal auditors that
Standards for the Professional Practice of Ethics, refer to the hard copies of the entire IPPF, visit Rules of Conduct that describe behavior expected define intended engagement accomplishments.
Framework (IPPF) computer-assisted audit techniques (CAATs).
of internal auditors. The Code of Ethics applies to The conceptual framework that organizes the
of Internal Auditing (Standards). The Professional Guidance The IIA Research Foundation’s online both parties and entities that provide internal audit authoritative guidance promulgated by The
Engagement Work Program IIA. Authoritative Guidance comprises two
guidance is endorsed by The IIA, and section of The IIA’s Web services. The purpose of the Code of Ethics is to
Bookstore or e-mail custserv@theiia.org. promote an ethical culture in the global profession
A document that lists the procedures to be followed categories – (1) mandatory and (2) endorsed
08728/BSP
other stakeholders of professional internal auditing and effective CONSULTING IMPLEMENTATION STANDARD Knowledge of controls gained
2130.C2
organizational governance. *Black and red in this chart are used to identify each series and its related Standards.
from consulting engagements