Introduction to

Internal Auditing

Page 1
 Audit

✓ Objective examination of factual evidence

✓ Providing an independent and reasonable assurance against an
established criteria

Source: https://global.theiia.org/

Page 2
 History of Audit

Source: https://global.theiia.org/

Page 3
 History of Audit

PRIOR TO 1840

• Historians have traced

the roots of internal
auditing to centuries B.C.
• Merchants verified
receipts for grain brought
to market.
•

Source: https://global.theiia.org/

Page 4
 History of Audit

PRIOR TO 1840

• Historians have traced

the roots of internal
auditing to centuries B.C.
• Merchants verified
receipts for grain brought
to market.
•

Source: https://global.theiia.org/

Page 5
 History of Audit

1840s TO 1920s

Source: https://global.theiia.org/

Page 6
 History of Audit

1920s TO 1960s

• Victor Z. Brink, John B. Thurston, and Robert B.

Milne had been contemplating establishing an
organization for internal auditors.
• They agreed that further progress in bringing
internal auditing to its proper level of recognition
would be best made possible by forming an
independent organization for internal auditors.
• Brink, Milne, Thurston, contacted a small group
of internal audit practitioners throughout the
United States who expressed interest in forming
a national – even international – organization for
internal auditors. Source: https://global.theiia.org/

Page 7
 History of Audit

1920s TO 1960s

• Established in 1941
• Is an international professional association with global headquarters in Lake
Mary, Florida, USA.
• Is the internal audit profession’s global voice, recognized authority,
acknowledged leader, chief advocate, and principal educator
• Has more than 185,000 members globally

Source: https://global.theiia.org/

Page 8
 History of Audit

1920s TO 1960s

Source: https://global.theiia.org/

Page 9
 History of Audit

1960s to present

Source: https://global.theiia.org/

Page 10
 History of Audit

1960s to present

Source: https://global.theiia.org/

Page 11
 History of Audit

1960s to present

Source: https://global.theiia.org/

Page 12
 History of Audit

1960s to present

Source: https://global.theiia.org/

Page 13
 History of Audit

1960s to present

Source: https://global.theiia.org/

Page 14
 History of Audit

1960s to present

Source: https://global.theiia.org/

Page 15
 History of Audit

1960s to present

Source: https://global.theiia.org/

Page 16
 Reasons to make a career move
to internal auditing

1 The pay is going up

2 Demand is strong

3 It’s in the corporate spotlight

4 Fast track opportunities and promotions

Page 17
Reasons to make a career move
to internal auditing

Page 18
Reasons to make a career move
to internal auditing

Page 19
 Internal Audit Career Path

Career opportunities

Internal audit
Entry-level supervisor /
internal auditor manager

Lead / Senior Internal audit

internal auditor executive /
chief audit
executive (CAE)

Page 20
Growth of Philippine CIAs
1,825
2000 new curriculum;
1800 Paper and Computer-based CCMS
Pen Testing 1,133
1600
1400
1200
1000 378
800
600 14
400
200
0
Year '73 '85 '94 '98 '99 '00 '01 '02 '03 '04 '05 '06 '07 '08 '09 '10 '11 '12 '13 '14 '15 '16 '17

Vision: To continuously Golden harvest Rank To-date Certified professionals To-date

produce and sustain Gold Top 1 4 CGAP 1

certified professionals Silver Top 2 1 CCSA 57

Student Award (Bronze) Top 3 1 CFSA 67
Certificate of excellence Top 10 17 CRMA 96
Certificate of honor Top 50 54 CIA (as of Dec 2017) 1,825
Total 2,046
Source: https://global.theiia.org/
Page 21
 Reasons to make a career move
to internal auditing

Future-proofing the profession

Recent developments from CHED and the Board of Accountancy

Certified Public
Certified Professional Accountant
Accountant
(CPA)
(CPA)

Advanced Advanced Advanced Advanced

+ 3y/OJT + 3y/OJT + 3y/OJT + 3y/OJT

Certified Accountant (CA)

BSA BSMA BS-AIS BS Internal Auditing

K-12 Program
(ABM Stem)

Page 22
 Reasons to make a career move
to internal auditing

Is Internal Auditing a great career choice?

ain experience in all aspects of an organization.

espected, rewarding and diverse work.

xcellent benefits and compensation.

dvancement opportunities and a fast-

track to management.

ravel and networking opportunities.

Page 23
 Reasons to make a career move
to internal auditing

Is Internal Auditing a great career choice?

Page 24
 Reasons to make a career move
to internal auditing

Is Internal Auditing a great career choice?

Page 25
Definition of Terms

Page 26
 Definition of Terms

Chief Audit Executive

“..describes a person in a senior position responsible for
effectively managing the internal audit activity in
accordance with the internal audit charter and the
Definition of Internal Auditing, the Code of Ethics, and
the Standards...”
---
IPPF Glossary

Page 27
 Definition of Terms

Chief Audit Executive

“..The chief audit executive or others reporting to the
chief audit executive will have appropriate professional
certifications and qualifications. The specific job title of
the chief audit executive may vary across organizations.”

- IPPF Glossary

Page 28
 Definition of Terms

Board
“The highest level of governing body charged with the responsibility to direct and/or
oversee the activities and management of the organization. Typically, this includes an
independent group of directors (e.g., a board of directors, a supervisory board, or a
board of governors or trustees)…”

It needs to be structured so that it provides an independent check on management.

- IPPF Glossary

Page 29
1. Composition of the Board

The Board shall be composed of at least five (5) but not more than fifteen
(15) members elected by shareholders.

Public companies shall have at least two (2) independent directors or such
independent directors shall constitute at least twenty percent (20%) of the
members of such Board, whichever is the lesser.

All other companies are encouraged to have independent directors as

well.

Page 30
Every director shall own at least one (1) share of the capital stock of the
corporation of which he is a director, which share shall stand in his name in
the books of the corporation.

The Board may provide for additional qualifications of a director such as,
but not limited to, the following:
a. Educational attainment
b. Adequate competency and understanding of business
c. Age requirement
d. Integrity/probity
e. Assiduousness

https://ir.ayalaland.com.ph/corporate-
governance/board-of-directors/

http://www.sanmiguel.com.ph/articles/boar
d-of-directors
Page 31
 Definition of Terms

Board
“…If such a group does not exist, the “board” may refer to the head of the
organization. “Board” may refer to an audit committee to which the governing body
has delegated certain functions. .”

- IPPF Glossary

Page 32
 Definition of Terms

Audit Committee
✓ Operating committee that is in charge of overseeing financial reporting and
disclosure
✓ Independent member of the board of directors
✓ One member is a financial expert
✓ Directly responsible for appointing, compensating, and overseeing work of
external and internal auditors
✓ Helping auditors remain independent from management

- Sarbanes-Oxley Act of 2002

https://ir.ayalaland.com.ph/corporate-
governance/board-committees/
Page 33
 Definition of Terms

Internal Audit Activity

“A department, division, team of consultants, or other practitioner(s) that provides
independent, objective assurance and consulting services designed to add value and
improve an organization’s operations…”

- IPPF Glossary

Page 34
Definition of Terms

What is assurance?
“..means an engagement in which a practitioner
expresses a conclusion designed to enhance
the degree of confidence of the intended users
other than the responsible party about the
outcome of the evaluation or measurement of
a subject matter against criteria.”

- International Framework for Assurance

Engagements

Page 35
Definition of Terms

What is audit?
✓ Objective examination of factual evidence
✓ Providing an independent and reasonable assurance
against an established criteria

International Framework for Assurance Engagements

The word audit is derived from a Latin word "audire" which

means "to hear“
Kinds of Audit
a. Internal Audit
b. External Audit/Financial Statements audit
c. IT Audit

Page 36
Definition of Terms

What is external audit?

“..an independent examination of financial statements of an
entity that enables an auditor to express
an opinion whether the financial statements are prepared
(in all material respects) in accordance with an identified
and acceptable financial reporting framework (e.g.
international or local accounting standards and national
legislations)

- Brink’s Modern Internal Auditing

Page 37
38

5 Categories of Management Assertion

► Existence or occurrence assertion

► Completeness assertion
► Rights and obligations assertion
► Valuation or allocation assertion
► Presentation and disclosure assertion

Page 38
 What is Internal Audit?
Internal Audit is a professional activity which helps organisations to achieve their
stated objectives by:
➢ Analyzing key processes, procedures & operations
➢ Identifying key controls in each such operation, procedure & process

➢ Evaluating the adequacy of these controls

➢ Testing compliance of sample transactions against these controls
➢ Reporting results of the evaluation of controls and compliance testing of
transactions
➢ Recommending stronger controls wherever necessary

➢ Suggesting methods to improve compliance with key controls

➢ Follow up of action taken on recommendations made in previous reports

39
 How are Internal Audit & External Audit different?
Internal audit is focused at internal management support and improving
systems, procedures and processes

⇉ External audit (EA): normally statutory requirement, unlike internal audit (IA)

⇉ EA reports are addressed to stakeholders: IA reports are addressed to

Management

⇉ EA reports express an opinion on the financial statements prepared by the

entity for a specified period: IA reports evaluate and check compliance
against key internal controls

⇉ EA reports are usually public documents which are available to all

stakeholders. IA reports are for use only by Management

⇉ EA reports do not make recommendations, although may have a

Management Letter: IA reports are incomplete without

⇉ EA is basically a review of financial statements for compliance: IA seeks to

ensure value for money to Management
40 Page 40
IIAP CERTIFICATION AWARDEES
IIAP CERTIFICATION AWARDEES
IIAP CERTIFICATION AWARDEES
IIAP CERTIFICATION AWARDEES
IIAP CERTIFICATION AWARDEES
IIAP CERTIFICATION AWARDEES
IIAP CERTIFICATION AWARDEES
 IA’s Proactive Role

✓ Identify Risks
✓ Find Better Ways and Best Practices
✓ Partner With Management to Find Solutions
✓ Prevent Problems
✓ Provide training
✓ Respond to policy & technical accounting questions
✓ Offer suggestions for improvement
✓ Advisory role

49 Page 49
Page 50
 Internal Audit (IA) Mandate
Compliance & Advisory roles

What does it do?

✓ Primary role in improving internal control, accuracy, reliability &
integrity of information including financial & operational reporting
✓ Monitoring & evaluation of effectiveness of risk management
processes
✓ Role in corporate oversight, safeguarding of assets, economical
& efficient use of resources, compliance with laws & regulations,
deterring fraud

What does it not do?

 Perform management activities/ responsibilities (these include establishing

internal controls)

51 Page 51
 International Professional
Practices Framework (IPPF)

Page 52
 IPPF

✓ Is the conceptual framework that organizes authoritative guidance promulgated

by the IIA
✓ Trustworthy, global, guidance-setting body
✓ presents current, relevant, internationally
consistent information that is required by
internal audit professionals worldwide.
✓ It is intended to assist practitioners and
stakeholders throughout the world.

Page 53
Page 54
 IPPF

“The Standards apply to individual internal auditors and internal audit activities. All
internal auditors are accountable for conforming with the Standards related to
individual objectivity, proficiency, and due professional care.

In addition, internal auditors are accountable for conforming with the Standards,
which are relevant to the performance of their job responsibilities.

Chief audit executives are accountable for overall conformance with the Standards.”

Page 55
IPPF

Page 56
 INTERNATIONAL PROFESSIONAL PRACTICE
FRAMEWORK (IPPF)
MANDATORY GUIDANCE STRONGLY RECOMMENDED GUIDANCE

OFFICIAL DEFINITION OF INTERNAL AUDITING IMPLEMENTATION GUIDANCE

IIA’S CODE OF ETHICS SUPPLEMENTAL GUIDANCE

INTERNATIONAL STANDARDS FOR THE

PROFESSIONAL PRACTICE OF INTERNAL
AUDITING (STANDARDS)

A. Mandatory Guidance: A. Strongly Recommended Guidance

• REQUIRED and ESSENTIAL for the • Describes practices for effective
professional practice of internal implementation of the
audit. Mandatory Guidance
• The mandatory nature of the • While endorsed by the IIA it is not
Standards is emphasized by the use mandatory and has been
of the word “must”. developed to provide solutions to
• The Standard use the “word “ to meet requirements of the
specify an unconditional Mandatory Guidance.
requirement.
IPPF

Definition
“Internal Auditing is an independent, objective
assurance and consulting activity designed to add
value and improve an organization's operations. It
helps an organization accomplish its objectives by
bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk
management, control, and governance
processes.”

Page 58
 IPPF

Independence
“The freedom from conditions that threaten the ability of the internal audit
activity to carry out internal audit responsibilities in an unbiased manner. ”

- IPPF Glossary

Page 59
 IPPF

Objectivity
“An unbiased mental attitude that allows internal auditors to perform
engagements in such a manner that they believe in their work product and
that no quality compromises are made. Objectivity requires that internal
auditors do not subordinate their judgment on audit matters to others. ”

- IPPF Glossary

Page 60
 IPPF

Assurance Services

“An objective examination of evidence for the

purpose of providing an independent
assessment on governance, risk management,
and control processes for the organization.
Examples may include financial, performance,
compliance, system security, and due diligence
engagements. ”

- IPPF Glossary

Page 61
 IPPF

Consulting Services

“Advisory and related client service activities,

the nature and scope of which are agreed with
the client, are intended to add value and
improve an organization’s governance, risk
management, and control processes without
the internal auditor assuming management
responsibility. Examples include counsel,
advice, facilitation, and training ”

- IPPF Glossary

Page 62
IPPF

Definition
“Internal Auditing is an independent, objective
assurance and consulting activity designed to add
value and improve an organization's operations. It
helps an organization accomplish its objectives by
bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk
management, control, and governance
processes.”

Page 63
 IPPF

Definition

Risk management
► process to identify, assess, manage, and control potential events or
situations to provide reasonable assurance regarding the
achievement of the organization's objective

Control
► any action taken by management, the board, and other parties to
manage risk and increase the likelihood that established objectives
and goals will be achieved

Governance
► combination of people, policies, procedures, and processes that
help ensure that an entity effectively and efficiently directs its
activities toward meeting the objectives of its stakeholders

Source: International Professional Practices Framework (IPPF) of the IIA

Page 64
IPPF

Page 65
 IPPF

Mission
To enhance and [protect]
organizational value
by providing

risk-based and objective

assurance, advice, and insight.

Page 66
IPPF

Page 67
➢CODE OF ETHICS – states the principle and expectations governing behavior
of individual and organizations in the conduct of internal audit.
➢It describes the minimum requirement for conduct, and behavioral
expectations rather than specific activities.

Page 68
Code of Ethics

► Purpose: Promote an ethical culture in the profession of

internal auditing
► It is necessary and appropriate for the profession of internal
auditing.
► “Internal Auditors” refers to:
a. Institute members
b. Recipients/Candidates for IIA certification
c. Those who perform internal audit services
within the Definition of Internal Auditing

Page 69
Code of Ethics

► Code of Ethics applies to both entities and individuals that

perform internal audit services.
► For IIA members/ recipients of or candidates for IIA
professional certifications - breaches of the Code of Ethics will
be evaluated
► Violation could result to disciplinary action
► Violations should be reported to IIA’s Board of Directors

Page 70
Code of Ethics

I – O – C –C
I – NTEGRITY
O – BJECTIVITY
C- ONFIDENTIALITY
C- OMPETENCY

Page 71
VIDEO KO ANALYZE MO

Page 72
Page 73
 IPPF

Integrity
The integrity of internal auditors establishes trust and thus provides the basis
for reliance on their judgment.

Page 74
 IPPF

Integrity – Rules of Conduct

Internal Auditors:
1.1. Shall perform their work with honesty, diligence, and responsibility.
1.2. Shall observe the law and make disclosures expected by the law and
the profession.

Page 75
 IPPF

Integrity – Rules of Conduct

Internal Auditors:
1.3. Shall not knowingly be a party to any illegal activity, or engage in acts
that are discreditable to the profession of internal auditing or to the
organization.
1.4. Shall respect and contribute to the legitimate and ethical objectives of
the organization.

Page 76
Group Activity

Discuss among your groupmates the pictures that will shown to

you and assess the following: (5 mins)

► Rate their level of integrity from 10 highest and 0 – lowest

► Why do you gave such rating?
► Rank the personalities in the pictures based on their level of
integrity and explain why.
► The professor will pick one student per group (through draw
lots) who will report their assessment.

Page 77
Page 78
Page 79
Page 80
Page 81
Page 82
Page 83
Page 84
Page 85
 IPPF

Objectivity
Internal auditors exhibit the highest level of professional
objectivity in gathering, evaluating, and communicating
information about the activity or process being examined.

Internal auditors make a balanced assessment of all the

relevant circumstances and are not unduly influenced by
their own interests or by others in forming judgments

Page 86
 IPPF

Objectivity – Rules of Conduct

Internal Auditors:
2.1. Shall not participate in any activity or relationship that may impair or
be presumed to impair their unbiased assessment. This participation
includes those activities or relationships that may be in conflict with the
interests of the organization.

Page 87
 IPPF

Objectivity – Rules of Conduct

Internal Auditors:
2.2. Shall not accept anything that may impair or be presumed to impair
their professional judgment.
2.3. Shall disclose all material facts known to them that, if not disclosed,
may distort the reporting of activities under review.

Page 88
 IPPF

Objectivity – Rules of Conduct

Potential Impairments
► Past or future work assignments

► Conflict of interest

► Gifts and gratuities

► Assignment of non-audit functions

► Scope limitation

► Resource limitation

► Access restriction

Page 89
Page 90
 IPPF

Confidentiality
Internal auditors respect the value and ownership of information they receive and do
not disclose information without appropriate authority unless there is a legal or
professional obligation to do so.

Page 91
 IPPF

Confidentiality – Rules of Conduct

Internal Auditors:
3.1. Shall be prudent in the use and protection of information acquired in
the course of their duties.
3.2. Shall not use information for any personal gain or in any manner that
would be contrary to the law or detrimental to the legitimate and ethical
objectives of the organization.

Page 92
 IPPF

Competency
Internal auditors apply the knowledge, skills, and experience needed in the
performance of internal audit services.

Page 93
 IPPF

Competency – Rules of Conduct

Internal Auditors:
4.1. Shall engage only in those services for which they have the necessary
knowledge, skills, and experience.
4.2. Shall perform internal audit services in accordance with the
International Standards for the Professional Practice of Internal Auditing.
4.3. Shall continually improve their proficiency and the effectiveness and
quality of their services.

Page 94
IPPF

Page 95
 IPPF

Core Principles
► Demonstrates integrity.

► Demonstrates competence and due professional care.

► Is objective and free from undue influence (independent).

Page 96
 IPPF

Core Principles
► Is appropriately positioned and adequately resourced.

► Demonstrates quality and continuous improvement.

► Provides risk-based assurance.

Page 97
 IPPF

Core Principles
► Aligns with the strategies, objectives, and risks of the organization.

► Is insightful, proactive, and future-focused.

► Promotes organizational improvement.

► Communicates effectively.

Page 98
IPPF

Page 99
Page 100
Page 101
 ISPPIA

International Standards for the Professional Practice of Internal Auditing (The

Standards)

• principle-focused and provide a framework for performing and promoting internal

auditing
• essential in meeting the responsibilities of the internal audit activity
• in case of prohibition by law or regulation from conformance with certain parts of
the Standards, conformance with all other parts of the Standards and appropriate
disclosures are needed

Page 102
 ISPPIA

International Standards for the Professional Practice of Internal Auditing (The

Standards)

• should cite the use of other standards, as appropriate

• if inconsistencies exist between the Standards and other standards, internal audit
activity must conform with the Standards, and may conform with the other
standards if they are more restrictive

Page 103
 ISPPIA

Purpose
1. Delineate basic principles that represent the practice of internal auditing.
2. Provide a framework for performing and promoting a broad range of value-added
internal auditing.
3. Establish the basis for the evaluation of internal audit performance.
4. Foster improved organizational processes and operations.

Page 104
 ISPPIA

Parts
1. Statements of basic requirements for the professional practice of internal
auditing and for evaluating the effectiveness of its performance.
2. Interpretations, which clarify terms or concepts within the statements.
3. Glossary terms.

Page 105
 ISPPIA

Structures of Statements
1. Attribute Standards - address the characteristics of organizations and individuals
performing internal
2. Performance Standards - describe the nature of internal auditing and provide
quality criteria against which the performance of these services can be
measured
3. Implementation Standards - providing the requirements applicable to assurance
(A) or consulting (C) activities

Page 106
 ISPPIA

Structures of Statements

Page 107
Page 108
Questions

Page 109