Upload
ismet-eliskal
View
210
Download
2
Embed Size (px)
DESCRIPTION
IPPF Practice Guide Overview
Citation preview
The International Professional Practices Framework (IPPF)®
Practice Guide OverviewSetting the bar for internal audit efficiency, effectiveness, and professionalism
• Easy-AccessReferenceforPracticeGuides
• Relevant,ValuableandDetailedGuidance
• IIAMemberBenefit
About The IPPFTheInternationalProfessionalPracticesFramework(IPPF)istheconceptualframeworkthatorganizesauthoritativeguidancepromulgatedbyTheInstituteofInternalAuditor(IIA).Itcomprises:
Mandatory Guidance
•DefinitionofInternalAuditing
•CodeofEthics
•International Standards
Strongly Recommended Guidance
•PositionPapers
•PracticeAdvisories
•PracticeGuides
TheIPPFsetsthebarforinternalauditefficiency,effectiveness,andprofessionalism,guidinginternalauditprofessionalsthroughouttheworld.AsanIIAmember,TheIIAGuidanceisacomplimentaryserviceofyourmembership.
About Practice Guides IIAPracticeGuidesprovidedetailedguidanceforconductinginternalauditactivities.Theyrepresentstrongly recommended guidancethatincludesdetailedprocessesandprocedures,suchastoolsandtechniques,programs, andstep-by-stepapproachesforeffectiveimplementationofTheIIAmandatoryguidance.
Thisbrochureisausefulquickreferencetounderstandthemostrecentguidereleases.Alloftheguidesincludedin thisreferencetoolareavailableas a free download to members at www.globaliia.org/standards-guidance. Guides are available for purchase for nonmembers through The IIA Research Foundation Bookstore. Download your copies today!
To learn more and download the IPPF, go to
www.globaliia.org/standards-guidance.
Practice Guide – Independence And Objectivity
Theimportanceofindependenceandobjectivity,whichhasalwaysbeensignificantforinternalauditors,continuestoincreaseamongthechallengesfacinginternalauditactivitiesintheconstantlychangingbusinessenvironment.Anever-growingnumberofstakeholders,bothinsideandoutsideanorganization,continuetodemandgreatertranspar-ency,increaseddisclosures,expandedinternalauditservices,increasedprofessionalism,improvedcoordinationamonginternalandexternalauditors,greaterresponsibilities,andmoreaccountabilityfrominternalauditprofessionals.Thispracticeguidewasdevelopedtoaddressthesechangesandincreasedexpectations.
IndependenceandobjectivityareintegralpartsofthemandatoryguidanceofTheIIA’sInternationalProfessionalPrac-ticesFramework(IPPF).ObjectivityisalsooneofthefourkeyprinciplesofTheIIA’sCodeofEthics(Code),whichdefinestherulesofconductthatsupporttheseprinciples.
Thepurposeofthispracticeguideisto:• HighlightIIAguidanceonindependenceandobjectivity.• Discusspotentiallyconfusingaspectsencompassingindependenceandobjectivity.• Identifyactivitiesthatsupportindependenceandobjectivity.• Identifyvariousconsiderationsandpotentialchallengesrelatedtoindependenceandobjectivity.• Provideframeworksformanagingindependenceandobjectivity.
To download the entire practice guide, go to
www.globaliia.org/standards-guidance. The guides are free for members
and available for purchase for non-members through The IIA Research
Foundation Bookstore.
Practice Guide – Interaction With The Board
Boardsandinternalauditorshaveinterlockinggoals.Astrongworkingrelationshipbetweenthetwoisessentialfortheinternalauditactivitytofulfillitsresponsibilitiestonotonlytheboard,butalsoseniormanagement,shareholders,andotherstakeholders,asappropriate.Thechiefauditexecutive(CAE)oftenreportsdirectlytotheboard,dependingontheorganization’sgovernancestructure.Aneffectiveinternalauditactivityprovidestheboardassuranceandsuggestsimprovementopportunitiesrelatedtotheorganization’sgovernance,riskmanagement,andrelatedinternalcontrols.
Thepurposeofthispracticeguideistoassistthechiefauditexecutive(CAE)inmeetingtherequirementsoftheInter-nationalProfessionalPracticesFramework(IPPF)asitrelatestointeractingandcommunicatingwiththeboard.TheIPPF’sGlossarydefinestheboardas“anorganization’sgoverningbody,suchasaboardofdirectors,supervisoryboard,headofanagencyorlegislativebody,boardofgovernorsortrusteesofanonprofitorganization,oranyotherdesignatedbodyoftheorganization,includingtheauditcommitteetowhomthechiefauditexecutivemayfunctionallyreport.”
To download the entire practice guide, go to
www.globaliia.org/standards-guidance. The guides are free for members
and available for purchase for non-members through The IIA Research
Foundation Bookstore.
Practice Guide – Auditing The Control Environment
Thecontrolenvironmentisthefoundationofaneffectivesystemofinternalcontrol.Mostofthewell-publicizedfailures(includingnotonlyEnronandWorldCom,butalsothegovernancefailuresthatledtothe2008financialcrisis)were,atleastinpart,theresultofweakcontrolenvironments.Intheabsenceofademonstrablyeffectivecontrolenvironment,nolevelof“designandoperating”effectivenessofcontrolswithinbusinessandITprocessescanprovidemeaningfulassurancetostakeholdersoftheintegrityofanorganization’sinternalcontrolstructure.
Thecontrolenvironmentincludesthefollowingelements:•Integrityandethicalvalues.•Managementphilosophyandoperatingstyle.•Organizationalstructure.•Assignmentofauthorityandresponsibility.•Humanresourcepoliciesandpractices.•Competenceofpersonnel.
ThepurposeofthisPracticeGuideistoprovideguidancetotheinternalauditoronthesignificanceofthecontrolenvironment;howtodeterminewhichelementsofthecontrolenvironmentshouldbeaddressedbyengagementsintheperiodicauditplan;howtoscope,staff,andplansuchengagements;andwhichitemstoconsiderinperformingrelatedauditwork,includingevaluatingandreportingdeficiencies.
To download the entire practice guide, go to
www.globaliia.org/standards-guidance. The guides are free for members
and available for purchase for non-members through The IIA Research
Foundation Bookstore.
Practice Guide – Assisting Small Internal Audit Activities In Implementing The International Standards For The Professional Practice Of
Internal Auditing
Thispracticeguideprovidesaworkingdefinitionofthetermsmallinternalauditactivity.TheguideacknowledgesthechallengesthatCAEsandauditleadershipinsmallauditactivitiesmayfaceinimplementingtheStandards,providessuggestionsformeetingthosechallenges,anddiscussesthebenefitsofusingtheStandards.
Typically,asmallinternalauditactivitywillhaveoneormoreofthesecharacteristics:•Onetofiveauditors.•Productiveinternalaudithoursbelow7,500ayear.•Limitedlevelofco-sourcingorout-sourcing.
Beingsmalldoesnotequatetobeingineffectiveorunderresourced.Inmanycircumstances,asmallinternalauditactivityisappropriatelystructuredforthesizeandrisksattributabletothebusinessitserves.However,smallerauditactivitiesmayhavechallengesnottypicallyfacedbylargerauditactivitiesthathavegreatereconomiesofscale.
Thispracticeguideprovidesspecificexamplesandleadingpractices,relevanttotheCAEandauditmanagementofsmallinternalauditactivities,onhowtobestapproachimplementationoftheStandards.
To download the entire practice guide, go to
www.globaliia.org/standards-guidance. The guides are free for members
and available for purchase for non-members through The IIA Research
Foundation Bookstore.
Practice Guide – Assessing The Adequacy Of Risk Management
Overthelastfewyears,theimportanceofmanagingriskaspartofstrongcorporategovernancehasbeenincreasinglyacknowledged.Organizationsareunderpressuretoidentifythesignificantbusinessriskstheyface—social,ethical,andenvironmentalaswellasstrategic,financial,andoperational—andtoexplainhowtheymanagethem.Theuseofenterprise-wideriskmanagementframeworkshasexpandedasorganizationsrecognizetheadvantagesofcoordinatedapproachestoriskmanagement.
RiskmanagementisdefinedintheGlossaryoftheInternationalStandardsfortheProfessionalPracticeofInternalAuditing(Standards)as“aprocesstoidentify,assess,manage,andcontrolpotentialeventsorsituationstoprovidereasonableassuranceregardingtheachievementoftheorganization’sobjectives.”Acomprehensiveriskmanagementframeworkprovidesanend-to-endlinkbetweenobjectives,strategy,andexecutionofstrategy,risks,controls,andas-suranceacrossalllevelsintheorganization.
ThispracticeguideusesISO31000asabasisfortheriskmanagementframework.Otherframeworksmaybeusedtoperformtheriskassessment.Thisguidancedoesnotimplyimplicitorexplicitendorsementofthisoranyotherframework.
To download the entire practice guide, go to
www.globaliia.org/standards-guidance. The guides are free for members
and available for purchase for non-members through The IIA Research
Foundation Bookstore.
Practice Guide – Measuring Internal Audit Effectiveness And Efficiency
Internalauditingplaysacriticalroleinthegovernanceandoperationofanorganization.Wheneffectivelyimplemented,operated,andmanaged,itisanimportantelementinhelpinganorganizationachieveitsobjectives.Organizationsthateffectivelyuseinternalauditingarebetterabletoidentifybusinessrisksandprocessandsysteminefficiencies,takeappropriatecorrectiveaction,andultimatelysupportcontinuousimprovement.Tomaintainandenhanceinternalaudit-ing’scredibility;however,itseffectivenessandefficiencymustbemonitored.
Thispracticeguideprovidesguidancetointernalauditactivitiesonmeasuringtheireffectivenessandefficiencyandthelevelofcustomerservicetheyprovidetostakeholders.
Effectivenessandefficiencymeasurementscanbequantitativeandqualitativeandexamplesofauditactivityperfor-mancemeasuresmayinclude:
• Achievementofkeygoalsandobjectives.• Evaluationofprogressagainstauditactivityplan.• Improvementinstaffproductivity.• Increaseinefficiencyoftheauditprocess.• Increaseinnumberofactionplansforprocessimprovements.• Adequacyofengagementplanningandsupervision.• Effectivenessinmeetingstakeholders’needs.
To download the entire practice guide, go to
www.globaliia.org/standards-guidance. The guides are free for members
and available for purchase for non-members through The IIA Research
Foundation Bookstore.
Practice Guide – CAEs – Appointment, Performance Evaluation And Termination
Intoday’sbusinessenvironment,wherethereisincreasingfocusongovernance,riskmanagement,andcontrol,ap-pointingaCAEisacriticalundertakingforanyorganization.Thisimperativeactivityisoneofthekeyresponsibilitiesoftheorganization’sboard.TheCAEwillhaveahighdegreeofinteractionwithseniormanagementandtheboardandthusneedstodemonstratetherightattributesandskillsfortheposition.
TheCAE’suniqueroleintheorganizationrequiresindependenceandobjectivitywhilealsodemonstratinganabilitytopartnerwithintheorganizationtoaddvaluetoitsoperations.IndependenceandobjectivityarefundamentaltotheCAE’srolebecausetheindividualmustbewillingtoraisedifficultissueswithbothseniormanagementandtheboard,evenifthatprovesunpopular.Tomaintaincredibility,CAEsmustdemonstratetheabilitytoescalatedifficultissuestoanappropriateleveltoensuretheyareadequatelyaddressed.Inaddition,aCAEexhibitstheattributesofintegrity,intellectualcuriosity,andafocusonauditquality.
Thispracticeguidediscussesthetypesofconsiderationsseniormanagementandboardsofdirectorswouldtypicallyaddresswhenappointing,evaluating,orterminatingachiefauditexecutive(CAE).
To download the entire practice guide, go to
www.globaliia.org/standards-guidance. The guides are free for members
and available for purchase for non-members through The IIA Research
Foundation Bookstore.
Practice Guide – Auditing Executive Compensation and Benefits (ECB)
AuditingthestructureandoperationofECBprogramsisalegitimateandappropriateroleforinternalauditing.Ifariskassessmentindicatesareviewiswarranted,thechiefauditexecutive(CAE)shouldaddECBtotheauditplan,whichtheboardwillreviewandapprove.Internalauditingwillchoosetheauditapproachanddesignrisk-basedauditprocedures.Thispracticeguideprovidesdiscussionsrelatingtosuchanauditandincludesseveralconsiderationsthatmayberelevanttoanorganization’sbusinessactivitiesorriskprofile.
StronggovernancesystemsareneededforECBprograms,asmanagementoftenisinthepositionofbothdesigningandrecommendingitsowncompensation.Thereareseveralspecificrisksinternalauditorsshouldconsider,includingemploymentmarket,compliance,financialreporting,reputation,operating,andexternalbusinessrelationshiprisks.ECBprogramsalsoaresubjecttofraudrisk.
Thisguidewillassistinternalauditorswithanexplanationoftheauditapproach,auditconsiderationssuchasaccesstoinformationandprivilegedcommunications,aswellastheskillsandknowledgenecessarytoserveontheauditteam.Asectiononauditprogramdevelopmentincludesvariousconcepts,potentialtests,andquestionstohelpaudi-torscreateanauditprogram.
To download the entire practice guide, go to
www.globaliia.org/standards-guidance. The guides are free for members
and available for purchase for non-members through The IIA Research
Foundation Bookstore.
Practice Guide – Evaluating Corporate Social Responsibility/Sustainable Development (CSR)
CSRpresentssignificantrisksandopportunitiesformanyorganizations.Stakeholdersexpectboardsandmanagementtoacceptresponsibilityandimplementstrategiesandcontrolstomanagetheirimpactonsocietyandtheenvironment,toengagestakeholdersintheirendeavors,andtoinformthepublicabouttheirresults.TheproliferationofregulationandvoluntarystandardshasmadeCSRmanagementacomplexendeavor.
InternalauditorsshouldunderstandtherisksandcontrolsrelatedtoCSRobjectives.Whereappropriate,theCAEshouldplantoaudit,facilitatecontrolself-assessments,verifyresults,and/orconsultonthevarioussubjects.Internalauditorsshouldmaintaintheskillsandknowledgenecessarytounderstandandevaluatethegovernance,risks,andcontrolsofCSRstrategies.
Thisguidewillassistinternalauditorsinunderstandingthefollowing:• TherisksassociatedwithCSRactivitiesandhowtousesuchknowledgeinauditplanning• TheapproachestoevaluatingCSRactivitiesandconsiderationsindevelopingtheinternalauditprogram• Auditconsiderationssuchasuseoftheauditopinion,independenceandobjectivity,andtypesofresources
To download the entire practice guide, go to
www.globaliia.org/standards-guidance. The guides are free for members
and available for purchase for non-members through The IIA Research
Foundation Bookstore.
Practice Guide – Internal Auditing And Fraud
Fraudencompassesawiderangeofirregularitiesandillegalactscharacterizedbyintentionaldeceptionormisrep-resentationandcannegativelyimpactorganizationsinmanywaysincludingfinancial,reputation,psychologicalandsocialimplications.Accordingtovarioussurveys,monetarylossesfromfraudaresignificant.However,thefullcostoffraudisimmeasurableintermsoftime,productivity,andreputationincludingcustomerrelationships.Dependingontheseverityoftheloss,organizationscanbeirreparablyharmedduetothefinancialimpactoffraudactivity.Therefore,itisimportantfororganizationstohaveastrongfraudprogramthatincludesawareness,prevention,anddetectionprograms,aswellasafraudriskassessmentprocesstoidentifyfraudriskswithintheorganization.
Thisguidewilldiscussfraudandprovidegeneralguidancetohelpinternalauditorscomplywithprofessional Standardsincluding:
• Fraudawareness• Fraudrolesandresponsibilities• Fraudriskassessment• Fraudpreventionanddetection.• Fraudinvestigation.• Forminganopiniononinternalcontrolsrelatedtofraud
To download the entire practice guide, go to
www.globaliia.org/standards-guidance. The guides are free for members
and available for purchase for non-members through The IIA Research
Foundation Bookstore.
Practice Guide – Auditing External Business Relationships (EBRs)
OrganizationsconductbusinesswithEBRsforavarietyofreasons.Organizationsmayseekbenefitslikeenhancingrevenuesthroughlicensinganddistributionarrangements,reducingcostsinareasofanorganization’sthatareoutsideofitscorecompetencies,oraugmentingexistingresourcesfocusedonitscorecompetencies.However,withthesebusi-nessrelationshipsalsocomesinherentandcontrolrisksassociatedwithworkingwithexternalbusinesspartners.
Theorganizationisresponsibleforriskmanagementactivitiesencompassingtaskssuchasselectionofbusinesspartners,contracteffectiveness,partner/customercontractmanagementcontrols,contractcompliancemonitoringandreporting,andbusinessrelationshipmanagement.Withoutpropercontrolsinplacetoaddresstherisksassociatedwiththeseresponsibilities,theorganizationmayloserevenueorincurhighercosts,aswellashaveinefficientoperations,misreporting,andevendamagedbrand,inadditiontoimpactedbusinessrelationships.
InternalauditorsneedtounderstandalltheelementsassociatedwithEBRs,frominitiatingarelationship,contractinganddefiningarelationship,procurement,managingandmonitoringthecontinuedrelationship,andfinallydiscontinu-ingtherelationship.
ThisguideprovidesinternalauditorswithguidanceinauditingEBRs.Managementalsomayusethisguideinmanag-ingandmonitoringtherisksassociatedwiththeserelationships.
To download the entire practice guide, go to
www.globaliia.org/standards-guidance. The guides are free for members
and available for purchase for non-members through The IIA Research
Foundation Bookstore.
Practice Guide – Formulating And Expressing Internal Audit Opinions
Internalauditorsarebeingaskedbytheboard,management,andotherstakeholderstoprovideopinionsaspartofeachindividualauditreportaswellasontheoveralladequacyofgovernance,riskmanagement,andcontrolwithintheorganization.Theserequestsmaybeforanassuranceoropinionatabroadlevelfortheorganizationasawhole(macro-levelopinion)oronindividualcomponentsoftheorganization’soperations(micro-levelopinion).
Theneedforauditopinionsandtheabilityofinternalauditingtoexpressthemdependsonseveralcircumstances,includingunderstandingtheneedsofstakeholders;determiningthescope,nature,timing,andextentofauditworkrequired;ensuringtherearesufficientresourcestocompletethework;andassessingtheresultsoftheworkperformed.
Stakeholderrequirementsforinternalauditopinions,includingthelevelofassurancerequired,shouldbeclarifiedbytheCAEwithseniormanagementandtheboard.
Thisdocumentprovidespracticalguidancetointernalauditorswhowishtoformandexpressanopiniononsomeorallofanorganization’sgovernance,riskmanagement,andinternalcontrolsystems.
To download the entire practice guide, go to
www.globaliia.org/standards-guidance. The guides are free for members
and available for purchase for non-members through The IIA Research
Foundation Bookstore.
Additional IIA Guidance and Publications
GTAG® (Global Technology Audit Guide)TheGTAGseries,aspartofpracticeguides,arewritteninstraightforwardbusinesslanguageto addressatimelyissuerelatedtoITmanagement,control,andsecurity.
GAIT (Guide to the Assessment of IT Risk)TheGAITseries,aspartofpracticeguides,describestherelationshipsamongbusinessrisk,key controlswithinbusinessprocesses,automatedcontrolsandothercriticalITfunctionality,andkeycontrolswithinITgeneralcontrols.
Educational Products – IIARF BookstoreThefollowingbooksareavailabletohelpyouunderstandandapplytheStandards:
International Professional Practices Framework ThenewIPPFcontainstheStandards,aglossary,theCodeofEthics,PracticeAdvisories,PositionPapers,andPracticeGuides.
Implementing the Professional Practices Framework, 3rd Edition ThishandbookservesasapracticalguideforapplyingtheIPPFandoutlinesthespecificactionsneededtocomplywiththeStandards.
Independence and Objectivity: A Framework for Internal Auditors Thisreportexplainsthecriticalissuesassociatedwithauditorobjectivityandincludesaframeworktousewhenconfrontingchallengesandopportunities.
Available at www.globaliia.org/bookstore.
The IIA guides the international profession with not only Standards, but numerous additional resources to implement best practices in our ever-changing and growing field:
guides, advisories, papers, educational products, and tools. Go to www.globaliia.org/standards-guidance
to learn more and download.
The Institute of Internal Auditors – Global Headquarters 247MaitlandAvenue/AltamonteSprings,FL32701-4201Phone:+1-407-937-1111/www.globaliia.org
11/1
1103
1/PM
/jP