Sonya von Heyking CA,CIA,CCSA,CRMA

Director, Internal Audit University of Lethbridge

The Professional Practice of Internal Auditing

The Professional Practice of Internal Auditing

Institute of Internal Auditors defines internal auditing as:

“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an

organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to

evaluate and improve the effectiveness of risk management, control, and governance processes.”

The Professional Practice of Internal Auditing

“Internal auditing is an independent, objective assurance and consulting activity...”

Commonly accepted best practice: Internal Audit should report functionally to the Board of Governors, or its Audit Committee, and administratively to the CFO, CEO or equivalent.

Independence in fact and in appearance.

• Organizational independence.

• Personal independence.

Objectivity refers to an auditor’s ability to perform engagements without subordinating his or her judgment on matters, or compromising.

The Professional Practice of Internal Auditing

Assurance

“An objective examination of evidence for the purpose of providing an independent assessment…Examples include financial, performance, compliance, system security, and due diligence engagements.”

Consulting

“Advisory and related client service activities, the nature and scope of which are agreed to with the client, are intended to add value…Examples include counsel, advice, facilitation and training.”

The Professional Practice of Internal Auditing

“…designed to add value and improve an organization's operations. It helps an organization accomplish its objectives…”

“The major focus areas for internal auditing in the next five years will be corporate governance, enterprise risk management,

strategic reviews, ethics audits and migration to International Financial Reporting Standards (IFRS). Auditors will place less

emphasis on operational and compliance audits, auditing of financial risks, fraud investigations, and evaluation of internal

controls.”

2010 Global Internal Audit Survey: A Component of

the Common Body of Knowledge (CBOK) Study

What does the University of Lethbridge need to excel at in order to be successful?

Risk Management

Assess how risks are identified and evaluated

Assess the reporting of key risks

Do not set risk appetite

Do not choose risk responses

The Big Picture

Governance

Assess the control environment

Review the Board’s evaluation and monitoring activities

Provide assurance on existing risk and control frameworks

Internal Audit Role in ERM

The Professional Practice of Internal Auditing

“…by bringing a systematic, disciplined approach to evaluate and improve the effectiveness…”

Code of Ethics

Standards

Position Papers

Practice Advisories

Practice Guides

International Professional Practice Framework

Internal Audit Terms of Reference (Charter)

Role

Independence and Authority

Access to Information

Scope of Work

Professional Standards

Conduct of Work

Coordination of Information

The University of Lethbridge

The Professional Practice of Internal Auditing

“…of risk management, control, and governance processes.”

Risk Management ~ University Context

Identify

Measure

Respond (Mitigate, Accept, Transfer, Eliminate)

Internal controls and Governance

Operate effectively

Operate efficiently

Safeguard assets

Produce reliable and timely information

Comply with laws and regulations

Set the overall control environment

The Professional Practice of Internal Auditing

Institute of Internal Auditors defines internal auditing as:

“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an

organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to

evaluate and improve the effectiveness of risk management, control, and governance processes.”

Evaluate the effectiveness of internal controls that prevent and detect fraud

May detect fraud while performing internal audits

May coordinate and conduct fraud investigation

Fraud

Problem and solution identification skills

Accounting and control framework proficiency

Influence and leadership qualities

Conflict resolution and negotiation skills

Project management skills

Business understanding

Proficiency in research and analysis

Familiarity with fraud prevention and detection

Uncompromising integrity and ethics

Emotional intelligence

Ability to communicate appropriately is paramount.

Internal Auditor Core Competencies

Designations

CA, CMA, CGA

Certified Internal Auditor (CIA) (CACIA)

Certified Government Auditing Professional (CGAP)

Certified Financial Services Auditor (CFSA)

Certification in Control Self-Assessment (CCSA)

Certification in Risk Management Assurance (CRMA)

Certified Fraud Examiner (CFE)

MBA

Thank you!

The Professional Practice of Internal Auditing