Part 1 1 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM Overview Internal Audit Reviews the...
-
Upload
eleanor-montgomery -
Category
Documents
-
view
219 -
download
1
Transcript of Part 1 1 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEM TM Overview Internal Audit Reviews the...
Part 1 1 – 1V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
OverviewInternal Audit
Reviews the effectiveness and efficiency of operations; compliance with laws, regulations, policies, and procedures; achievement of operational/ organizational objectives; reliability of information; and safeguarding of assets
Compliance Audit
Financial Audit
Regulatory Audit
Government Audit
Strictly tests adherence to laws, regulations, standards, and policies and procedures
Provides an attestation solely on the financial reports and statements generated by an organization
Reviews compliance with specific regulations
Focuses on compliance with programs, performance audits, budget reviews, and management audits
Part 1, Overview
Part 1 1 – 2V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
1. Define purpose, authority, and responsibility of the internal audit activity
2. Maintain independence and objectivity
3. Determine availability of required knowledge, skills, and competencies
4. Develop and/or procure necessary knowledge, skills, and competencies collectively required by internal audit activity
Section Topics5. Exercise due
professional care
6. Promote continuing professional development
7. Promote quality assurance and improvement of the internal audit activity
8. Abide by and promote compliance with The IIA’s Code of Ethics
Part 1, Section 1
Part 1 1 – 3V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Internal Auditing, Defined
“An independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
Part 1, Section 1, Introduction
Part 1 1 – 4V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
International Professional Practices Framework (IPPF)
Practice Advisories
Practice Guides
Position Papers
Not mandatory (but endorsed and recommended by The IIA)
Part 1, Section 1, Introduction
Code of Ethics
International Standards for the Professional Practice of Internal Auditing (Standards)
Definition of Internal Auditing
Mandatory
Part 1 1 – 5V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
A. basic auditing principles.
B. evaluation criteria for audit performance.
C. considerations on how to plan and perform the engagement.
D. a framework for a broad range of value-added internal audit activities.
Answer: C. Approach and methodology (but not detailed processes and procedures) are covered in the Practice
Advisories.
Discussion Question
During an internal audit, the Standards establish all of the following EXCEPT
Part 1, Section 1, Introduction
Part 1 1 – 6V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
• Apply to all internal audit services and internal auditors, individually (organizations; parties performing internal audit activities)
• Provide guidance for the quality of the internal audit programs
Categories of Standards
• Apply to all internal audit services and internal auditors
• Describe the nature of internal audit activities
• Provide quality criteria for performance evaluation
• Expand Attribute and Performance Standards
• Apply to specific engagements
Attribute Performance Implementation
Part 1, Section 1, Introduction
Part 1 1 – 7V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
A. Attribute Standards.
B. Performance Standards.
C. Implementation Standards.
D. Practice Guides and Position Papers.
Answer: A. Attribute Standards describe the characteristics of organizations and parties performing internal audit activities.
Discussion QuestionDefining characteristics such as independence and objectivity or due professional care are covered in
Part 1, Section 1, Introduction
Part 1 1 – 8V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Types of Internal Audit Activity
“An objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization”
“Advisory and related client service activities, the nature and scope of which are agreed to by the client and which are intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility”
Assurance Services Consulting Services
Part 1, Section 1, Introduction
Part 1 1 – 9V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
A. Compliance with applicable Standards
B. Conformance to applicable Standards
C. Assessment or advisory role
D. Internal or external expertise
Answer: C
Discussion Question
Which of the following characteristics differentiates the internal auditor’s activity during assurance and consulting engagements?
Part 1, Section 1, Introduction
Part 1 1 – 10V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Practice Advisories
Strongly endorsed and recommended guidance on best practices for performance of the Standards
Practice Guides
Detailed processes and procedures, such as tools and techniques, programs, and step-by-step approaches
Part 1, Section 1, Introduction
Position Papers
IIA Guidance and Materials
Statements to assist a wide range of interested parties
Part 1 1 – 11V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Internal Audit Activity, Defined
“A department, division, team of consultants, or other practitioner(s) that provides independent, objective assurance and consulting services designed to add value and improve an organization’s operations”
Helps accomplish organizational objectives through a systematic, disciplined approach
Evaluates and improves the effectiveness of risk management, control, and governance processes
Requires top-level support (e.g., the board and senior management) communicated throughout the organization
Part 1, Section 1, Topic 1
Part 1 1 – 12V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
A. overseeing the service contract with a consultant.
B. waiving a regulatory agency’s recommendation on a risk management or control issue.
C. developing the audit charter and securing approval by the board.
D. reporting to senior management and the boardon internal audit activities.
Answer: B. This is a management decision, not an internal audit decision.
Discussion QuestionAll of the following are reasonable responsibilities for the chief audit executive EXCEPT
Part 1, Section 1, Topic 1
Part 1 1 – 13V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Internal Audit Charter, Defined
“A formal document that defines the internal audit activity’s purpose, authority, and responsibility”
Establishes the internal audit activity’s position within the organization
Authorizes access to records, personnel, and physical properties relevant to the performance of engagements
Defines the scope of internal audit activities
Part 1, Section 1, Topic 1
Part 1 1 – 14V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Mission and scope of the internal auditing department
Accountability of the CAE to management and an audit committee
Independence of the internal auditing function
Responsibilities of the CAE and internal auditing staff
Range of authority of the CAE and internal auditing staff
Applicable standards of audit practice
Typical Audit Charter Elements
Part 1, Section 1, Topic 1
Part 1 1 – 15V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Types of Engagements
Assurance
Consulting
“Blended”
Formal—Engagements planned and subject to written agreement
Informal—Various routine activities
Special—Participation in a merger, acquisition, or conversion
Emergency—Participation in disaster recovery or special business events
Part 1, Section 1, Topic 1
Part 1 1 – 16V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
A. Authorization and access
B. Levels of staff proficiency
C. Inquiry and observation processes employed
D. Activity objectives for external service providers
Answer: A
Discussion Question
Which of the following items is appropriate to include in an internal audit activity charter?
Part 1, Section 1, Topic 1
Part 1 1 – 17V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Basic documents to support the purpose, authority, and responsibility of the internal audit department and internal audit activities
Internal audit charter
Function and responsibility (F and R) statement
Statement of policy (corporate audit policy or policy statement missions)
Audit manual (policies and procedures)
Staff job descriptions
Key Documents
Part 1, Section 1, Topic 1
Part 1 1 – 18V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Marketing the Audit Function
Brochures Promote the audit function and explain the features and benefits
Newsletters Highlight important aspects of internal audit activities
Publications Provide softer human interest stories
Audit department open house
Facilitate introductions and/or dialogue
Advisory board of operating managers chaired by CAE
Facilitate an exchange of information on related topics
Client training Educate client personnel and/or internal auditing new hires
Engagement documents and meetings
Structure an internal audit activity as a problem-solving partnership
Part 1, Section 1, Topic 1
Part 1 1 – 19V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Identify whether the statement is related to the purpose, authority, or responsibility of the internal audit activity.
Answers:
Discussion Question
1. Ensure that staff possesses sufficient expertise to fulfill the engagement charter.
2. Maintain access with the appropriate governing authority.
3. Add value and improve operations.
Responsibility
Authority
Purpose
Part 1, Section 1, Topic 1
Part 1 1 – 20V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Internal Audit Activity Purpose, Authority, and Responsibility
• Attribute Standard 1000• Attribute Standard 1130• Performance Standard 2400• Performance Standard 2420
Part 1, Section 1, Topic 1
Part 1 1 – 21V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Independence and Objectivity, Defined
“… the freedom from conditions that threaten objectivity or the appearance of objectivity ...”
Independence
“… the freedom from conditions that threaten objectivity or the appearance of objectivity ...”
Independence “An unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they have an honest belief in their work product and that no significant quality compromises are made”
Objectivity
“The freedom from conditions that threaten objectivity or the appearance of objectivity”
Independence
Part 1, Section 1, Topic 2
Part 1 1 – 22V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Independence and Organizational Reporting
Board of Directors
Senior Management Audit Committee
CAE and Internal Audit Function
Administrative reporting
Functional reporting
Functional reporting
Part 1, Section 1, Topic 2
Part 1 1 – 23V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Examples:
• Approve: – Internal audit activity’s charter.
– Internal audit risk assessment and related audit plan.
– All decisions regarding performance evaluation, appointment/removal of CAE.
– Annual compensation and salary adjustment of CAE.
• Receive communications from CAE. • Make appropriate inquiries of
management and CAE.
Examples:• Budgeting and management
accounting• Human resource administration• Internal communications and
information flows• Administration of the internal
audit activity’s internal policies and procedures
Functional Reporting Administrative Reporting
Provides independence and authority Facilitates day-to-day operations
Part 1, Section 1, Topic 2
Part 1 1 – 24V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Have regular and direct communication with the board.
Report to an individual at the senior management level with sufficient authority to promote independence and to ensure broad audit coverage.
Report directly to the audit committee (or its equivalent).
Alignment to Ensure Organizational Independence
Part 1, Section 1, Topic 2
Part 1 1 – 25V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
A. Strategic synergies
B. Win-win conflict resolution
C. Periodic communication with the engagement client
D. Independent mental attitude
Answer: D. An internal auditor must have an unbiased and impartial mindset in regard to all engagements.
Discussion Question
Which action best exemplifies internal auditing objectivity?
Part 1, Section 1, Topic 2
Part 1 1 – 26V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Policies to Promote Objectivity
Have no operational responsibility for the activity under review.
Have had no authority or responsibility during the past year or a reasonable time frame.
Abide by the Code of Ethics.
Not subordinate their judgment to that of others.
Not compromise the quality of their work or objectivity of their judgment.
Avoid potential conflicts of interest and bias.
Have an independent review of engagement results.
Internal auditors should:
Part 1, Section 1, Topic 2
Part 1 1 – 27V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
• Periodic query of internal auditing staff
• Periodic staff assignment rotation
• Refusal of material fees, gifts, or entertainment—consideration of what is “reasonable”
Additional Best Practices to Maintain Objectivity
CAE
Internal Auditor
Part 1, Section 1, Topic 2
Part 1 1 – 28V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Identify which of the following items exemplify potential impairments. Respond “yes,” “no,” or “probable.”
Discussion Question
1. Accepting a breakfast invitation
2. An executive demanding the rescheduling of an audit
3. A designer passport travel ID case
4. Denial of facility access
Answers:
Yes
Probable
Yes
No
Potential impairments should be reported to the CAE.
Part 1, Section 1, Topic 2
Part 1 1 – 29V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Reinforcing Activity 1-1Part 1, Section 1, Topic 2
Maintain Independence and Objectivity
Part 1, Section 1, Topic 2
Part 1 1 – 30V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Engagement Staffing Options
In-house auditing Establishing a dedicated audit team with requisite resources
Total out-sourcing Out-sourcing 100% of the internal audit activity to an external provider, usually on an ongoing basis
Co-sourcing A combination of internal staffing and external out-sourcing; external providers provide supplementary specialist skills
Subcontracting
(staff augmentation)
Securing a specific individual to perform a specific engagement or part of an engagement
Secondment Borrowing an employee from another part of the organization to work in the audit activity for a specified period of time
Part 1, Section 1, Topic 3
Part 1 1 – 31V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Requisite Knowledge, Skills, and Competencies
Knowledge
Skills
Competencies
Information
Proficiency
Performance
Examples
Knowledge required to perform technical audits
Language/communication skills
Interpersonal skills/audit tools and techniques
Part 1, Section 1, Topic 3
Part 1 1 – 32V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Internal Audit Designated Competencies
Part 1, Section 1, Topic 3
Part 1 1 – 33V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
A. Audit committee
B. Chief audit executive (CAE)
C. Board
D. Human resources
Answer: B. The CAE is responsible for determining levels of education and experience for the organization’s IA positions.
Discussion Question
Who is ultimately responsible for ensuring that the internal audit activity is staffed appropriately?
Part 1, Section 1, Topic 3
Part 1 1 – 34V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Identify the employment term described in the example.
Answers:
Discussion Question
1. Requiring CIA certification for an internal audit position
2. List of requisite knowledge, skills, and competencies
3. Evaluation and feedback at the end of an engagement
4. Progressive promotions of an internal auditor
Job description
Performance appraisal
Career path
Job specifications
Part 1, Section 1, Topic 3
Part 1 1 – 35V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
How to Evaluate Staff Proficiency
1Review the education and background of the IA activity’s staff.
2Review staff and management job descriptions.
3Obtain and review information pertaining to specialized skills required by the IA activity.
4 Conduct a staffing analysis.
Part 1, Section 1, Topic 3
Part 1 1 – 36V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
A. co-sourcing.
B. out-sourcing.
C. joint venture.
D. alliance.
Answer: A. In co-sourcing, an external providersupplements the internal audit function; in out-sourcing, an outside firm is paid to handle the responsibility.
Discussion QuestionThe CAE must hire an outside service provider to support the internal audit activity with statistical analysis responsibilities. This best describes
Part 1, Section 1, Topic 4
Part 1 1 – 37V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Co-sourcing and Out-sourcing
Advantages Disadvantages
+ Frees internal resources+ Provides flexibility + Can improve efficiency and
effectiveness + Can reduce expenses + Can expand coverage + May improve quality and/or
timeliness+ Can provide additional skill
sets
– Can cost more – Results in a loss of in-house
capabilities and process control
– Can undermine morale– Requires a learning curve,
oversight, and coordination– Has potential for privacy and
confidentiality issues– Can undermine career
pathing
Part 1, Section 1, Topic 4
Part 1 1 – 38V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Determine the competence.
Assess the relationship with the organization.
Ensure that independence and objectivity are maintained.
Review necessary information (e.g., work objectives, scope, access).
Document matters in an engagement letter or contract.
Reference compliance with The IIA’s Standards (as applicable).
CAE Responsibilities for Outside Service Providers
Part 1, Section 1, Topic 4
Part 1 1 – 39V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
What Is Fraud?Examples:• Acceptance of bribes or kickbacks• Diversion of a potentially profitable
transaction • Embezzlement• Intentional concealment/misrepresentation
of events, transactions, or data• Bogus claims submitted for services or
goods • Intentional failure to act• Unauthorized or illegal use of confidential
or proprietary information• Unauthorized or illegal manipulation of IT
networks or operating systems• Theft
“Any illegal act characterized by deceit, concealment or violation of trust”
Part 1, Section 1, Topic 4
Part 1 1 – 40V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Information Technology Considerations
“Internal auditors must have sufficient knowledge of key information technology risks and controls and available technology-based audit techniques to perform their assigned work. However, not all internal auditors are expected to have the expertise of an internal auditor whose primary responsibility is information technology auditing.” (Standard 1210.A3)
Part 1, Section 1, Topic 4
Part 1 1 – 41V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
• Calls for the application of the care and skill expected of a reasonably prudent and competent internal auditor in the same or similar circumstances.
• Requires internal auditors to act responsibly.
• Exercised when internal audits are performed in accordance with the Standards.
• Internal auditors must be independent, competent, and objective.
• Audit work must be planned and supervised.
• Audit reports must be objective, clear, concise, constructive, and timely.
• Internal auditors must follow up on reported audit findings.
Characteristics of Due Professional Care
What is due professional care?
What are the implications?
Part 1, Section 1, Topic 5
Part 1 1 – 42V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
A. Understanding the performance goals of the client
B. Recognizing the needs of management
C. Being alert to significant risks that affect objectives, goals, and strategies
Answer: C
Discussion Question
Which of the following statements exemplifies due professional care in an assurance engagement?
Part 1, Section 1, Topic 5
Part 1 1 – 43V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
A. More applicable standards
B. Increased client needs and expectations
C. Fewer potential benefits derived from the engagement
Answer: B. Many of the same considerations apply. However, the needs and expectationsof clients have increased significance.
Discussion QuestionHow does due professional care in a consulting engagement differ from that in an assurance engagement?
Part 1, Section 1, Topic 5
Part 1 1 – 44V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Reinforcing Activity 1-2Part 1, Section 1, Topic 5
Exercise Due Professional Care
Part 1, Section 1, Topic 5
Part 1 1 – 45V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
What Is Continuing Professional Development?
Description General Examples The IIA Offerings
The means to maintain, improve, and broaden the knowledge, skills, and competence required in a profession
• Occupational assignments
• Mentoring
• Networking
• Training
• Research projects
• Collective wisdom
• Formal education
• Conferences
• Membership/activity in professional societies
• Certification and recertification
• Seminars
• Conferences
• Web-based training
• Vision University
Part 1, Section 1, Topic 6
Part 1 1 – 46V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Certification
Description Achieved By The IIA Certifications
The systematic measurement of characteristics that results in recognition of meeting suggested knowledge and other minimum requirements
• Graduation from accredited or approved training
• Completion of a specified amount or type of work experience
• Acceptable exam performance
• Certified Internal Auditor® (CIA)
• Certification in Control Self-Assessment (CCSA)
• Certified Government Auditing Professional (CGAP)
• Certified Financial Services Auditor (CFSA)
Part 1, Section 1, Topic 6
Part 1 1 – 47V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
• Helps provide reasonable assurance to stakeholders that the internal audit activity:
– Performs in accordance with its charter and is consistent with the Definition of Internal Auditing, the Code of Ethics, and the Standards.
– Operates in an effective and efficient manner.
– Is perceived as adding value and improving operations.
• Includes appropriate supervision, periodic internal assessments, ongoing monitoring of quality assurance, and periodic external assessments.
Quality Assurance and Improvement Program (QA&IP)
Part 1, Section 1, Topic 7
Part 1 1 – 48V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
• Ongoing internal evaluations of the internal audit activity coupled with periodic self-assessments and/or reviews
• Conducted by persons within the organization’s internal audit activity
• Supervised by the direction of the CAE
• Evaluation of the internal audit activity compliance with the Standards, the use of best practices, and internal audit activity efficiency and effectiveness
• Conducted by a qualified independent reviewer or review team from outside the organization
QA&IP Internal and External Assessments
Periodic internal assessment Periodic external assessment
Part 1, Section 1, Topic 7
Part 1 1 – 49V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Identify whether the statement describes internal or external periodic quality assessments or both.
Discussion Question
1. Usually incorporated into routine policies and practices
2. Provides an opinion about conformance to the Standards
3. CAE involvement precludes total objectivity
4. Conducted at least once every five years
Answers:
Internal
Internal or external
Internal
External
Part 1, Section 1, Topic 7
Part 1 1 – 50V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
• Routine and continuous supervision and testing of performance of audit/ consulting work
• Ongoing measurements and analyses of performance metrics
• Periodic validations of compliance with applicable laws, regulations, standards
• Periodic validations of compliance with Standards and Code of Ethics
Scope of Internal Assessments• Evaluation of adequacy of internal
audit activity’s charter, goals, objectives, policies, procedures
• Assessment of contribution to organization’s governance, risk management, and control processes
• Evaluation of effectiveness of continuous improvement activities and adoption of best practices
• Whether auditing activity adds value and improves organization’s operations
Part 1, Section 1, Topic 7
Part 1 1 – 51V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
QA&IP Internal Performance Measures
International Professional Practices
Framework
Corporate and Internal Audit Strategies
Laws and Regulations
Innovation and Capabilities
Board/Audit Committee
Internal Audit Process
Management & Audit Clients
Part 1, Section 1, Topic 7
Part 1 1 – 52V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Which of the following are acceptable teams to performexternal quality assessment reviews? (Select all that apply.)I. A team that is totally independent of the organization yet
knowledgeable in standards of audit performanceII. Internal auditors from a subsidiary organizationIII. A self-assessment with independent validation by an
independent reviewerIV. A peer review team made of members from at least three
different organizations
Answer: I, III, and IV. External reviewers must be independent of the organization whose internal audit activity is the subject of the assessment. “Independent of the organization” means not a part of or under the control of the organization to which the internal auditing activity belongs.
Discussion Question
Part 1, Section 1, Topic 7
Part 1 1 – 53V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
• Conformance with the Definition of Internal Auditing, the Code of Ethics, and the Standards and with the internal audit activity’s charter, plans, policies, procedures, practices, and applicable legislative and regulatory requirements
• Expectations of the internal audit activity expressed by the board, senior management, and operational managers
• Integration of the internal audit activity into the organization’s governance process, including the attendant relationships between and among the key groups involved in that process
Scope of External Assessments• Tools and techniques
employed by the internal audit activity
• Mix of knowledge, experience, and disciplines within the staff, including staff focus on process improvement
• Determination as to whether or not the audit activity adds value and improves the organization’s operations
Part 1, Section 1, Topic 7
Part 1 1 – 54V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
The CAE should share results, necessary action plans, and their successful implementation with stakeholders such as:
• Senior management.
• The board.
• External auditors.
• Preliminary results should be discussed with the CAE during and at the conclusion of the process.
• Final results should be communicated in a formal report to:
– The CAE or other official who authorized the review.
– Appropriate members of senior management and the board.
Reporting the Results of QA&IP
Internal assessments External assessments
Part 1, Section 1, Topic 7
Part 1 1 – 55V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Statement may be used only if validated by assessments of the QA&IP.
Assessments should include recommendations for compliance improvement.
Compliance may be expressed in one of three ways.• “In compliance with the Standards”• “In conformity to the Standards”• “In accordance with the Standards”
Compliance is conformity and “adherence to policies, plans, procedures, laws, regulations, contracts, or other requirements.”
Compliance/Conformity to the Standards
Part 1, Section 1, Topic 7
Part 1 1 – 56V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Reinforcing Activity 1-3Part 1, Section 1, Topic 7
Promote Quality Assurance andImprovement of the Internal Audit Activity
Part 1, Section 1, Topic 7
Part 1 1 – 57V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
The IIA’s Code of Ethics, Defined
Integrity
Objectivity
Confidentiality
Competency
“Principles relevant to the profession and practice of internal auditing and Rules of Conduct that describe behavior expected of internal auditors. The Code of Ethics applies to both parties and entities that provide internal audit services. The purpose of the Code of Ethics is to promote an ethical culture in the global profession ofinternal auditing.”
Principles:
Part 1, Section 1, Topic 8
Part 1 1 – 58V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Reinforcing Activity 1-4Part 1, Section 1, Topic 8
Abide By and Promote ComplianceWith The IIA’s Code of Ethics
Part 1, Section 1, Topic 8
Part 1 1 – 59V3.0
THE IIA’S CIA LEARNING SYSTEMTM
www.LearnCia.com
Questions?
End of Section 1
Part 1, Section 1