The Professional Practice of Internal Auditing · The Professional Practice of Internal Auditing...
Transcript of The Professional Practice of Internal Auditing · The Professional Practice of Internal Auditing...
Sonya von Heyking CA,CIA,CCSA,CRMA
Director, Internal Audit University of Lethbridge
The Professional Practice of Internal Auditing
The Professional Practice of Internal Auditing
Institute of Internal Auditors defines internal auditing as:
“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an
organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk management, control, and governance processes.”
The Professional Practice of Internal Auditing
“Internal auditing is an independent, objective assurance and consulting activity...”
Commonly accepted best practice: Internal Audit should report functionally to the Board of Governors, or its Audit Committee, and administratively to the CFO, CEO or equivalent.
Independence in fact and in appearance.
• Organizational independence.
• Personal independence.
Objectivity refers to an auditor’s ability to perform engagements without subordinating his or her judgment on matters, or compromising.
The Professional Practice of Internal Auditing
Assurance
“An objective examination of evidence for the purpose of providing an independent assessment…Examples include financial, performance, compliance, system security, and due diligence engagements.”
Consulting
“Advisory and related client service activities, the nature and scope of which are agreed to with the client, are intended to add value…Examples include counsel, advice, facilitation and training.”
The Professional Practice of Internal Auditing
“…designed to add value and improve an organization's operations. It helps an organization accomplish its objectives…”
“The major focus areas for internal auditing in the next five years will be corporate governance, enterprise risk management,
strategic reviews, ethics audits and migration to International Financial Reporting Standards (IFRS). Auditors will place less
emphasis on operational and compliance audits, auditing of financial risks, fraud investigations, and evaluation of internal
controls.”
2010 Global Internal Audit Survey: A Component of
the Common Body of Knowledge (CBOK) Study
What does the University of Lethbridge need to excel at in order to be successful?
Risk Management
Assess how risks are identified and evaluated
Assess the reporting of key risks
Do not set risk appetite
Do not choose risk responses
The Big Picture
Governance
Assess the control environment
Review the Board’s evaluation and monitoring activities
Provide assurance on existing risk and control frameworks
Internal Audit Role in ERM
The Professional Practice of Internal Auditing
“…by bringing a systematic, disciplined approach to evaluate and improve the effectiveness…”
Code of Ethics
Standards
Position Papers
Practice Advisories
Practice Guides
International Professional Practice Framework
Internal Audit Terms of Reference (Charter)
Role
Independence and Authority
Access to Information
Scope of Work
Professional Standards
Conduct of Work
Coordination of Information
The University of Lethbridge
The Professional Practice of Internal Auditing
“…of risk management, control, and governance processes.”
Risk Management ~ University Context
Identify
Measure
Respond (Mitigate, Accept, Transfer, Eliminate)
Internal controls and Governance
Operate effectively
Operate efficiently
Safeguard assets
Produce reliable and timely information
Comply with laws and regulations
Set the overall control environment
The Professional Practice of Internal Auditing
Institute of Internal Auditors defines internal auditing as:
“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an
organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk management, control, and governance processes.”
Evaluate the effectiveness of internal controls that prevent and detect fraud
May detect fraud while performing internal audits
May coordinate and conduct fraud investigation
Fraud
Problem and solution identification skills
Accounting and control framework proficiency
Influence and leadership qualities
Conflict resolution and negotiation skills
Project management skills
Business understanding
Proficiency in research and analysis
Familiarity with fraud prevention and detection
Uncompromising integrity and ethics
Emotional intelligence
Ability to communicate appropriately is paramount.
Internal Auditor Core Competencies
Designations
CA, CMA, CGA
Certified Internal Auditor (CIA) (CACIA)
Certified Government Auditing Professional (CGAP)
Certified Financial Services Auditor (CFSA)
Certification in Control Self-Assessment (CCSA)
Certification in Risk Management Assurance (CRMA)
Certified Fraud Examiner (CFE)
MBA
Thank you!
The Professional Practice of Internal Auditing