Upload
anastasia-southwood
View
213
Download
0
Embed Size (px)
Citation preview
PRESENTATION
ON
MONDAY 7TH AUGUST, 2006
BYSUDHIR VARMAFCA; CIA(USA)
FOR
THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER
PROFESSIONAL PRACTICES FRAMEWORK
PPF
PPF INCLUDES
DEFINITION OF INTERNAL AUDITING
CODE OF ETHICS
STANDARDS
GUIDANCE
PRACTICE ADVISORIES
DEFINITION OF INTERNAL AUDITING
DEFINITION OF INTERNAL AUDITING
Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
DEFINITION OF INTERNAL AUDITING
Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
INTERNAL AUDITOR
Independent
Objective
Consulting
Add Value
Improve
Systematic
Disciplined
Evaluate
Effective
CODE OF ETHICS
CODE OF ETHICS
Broadly covers :
Applicability & enforcement
Principles
Rules of conduct
Integrity
Objectivity
Confidentiality
Competency
CODE OF ETHICS
APPLICABILITY & ENFORCEMENT
Applies to individuals & entities providing Internal Audit services
IIA members & CIA’s will be evaluated as per the rules of the Institute.
CODE OF ETHICS
INTEGRITY
Internal Auditors shall perform their work with
Honesty
Diligence
Responsibility
Observe Laws of the land
Respect and contribute for legitimate & ethical objectives of the organisation.
CODE OF ETHICS
OBJECTIVITY
Be unbiased
Will not participate in any activity which can effect
objectivity
Will not develop any relationship which can effect
objectivity
Will not accept gifts that can impair professional
judgement
Present all material facts
CODE OF ETHICS
CONFIDENTIALITY
Protect information
Be prudent in use of information
Shall not use information for personal gain
Shall not use information that shall be detrimental to
the legitimate & ethical objectives of the organization.
CODE OF ETHICS
COMPETENCY
Will ensure necessary knowledge
Will ensure necessary skills
Must have adequate experience
Continually improve their proficiency and
effectiveness
Shall perform in accordance with International
Standards for Professional Practice of Internal
Auditors.
STANDARDS
STANDARDS FOR
INTERNAL AUDIT
1. Differences in environment
2. Compliance with standards is essential to meet responsibility.
3. Prohibition by local laws on any standard should be disclosed.
STANDARDS FOR
ASSURANCE
1. The process owner
2. The internal auditor
3. The user
STANDARDS FOR
CONSULTING SERVICES
1. The internal auditor
2. Engagement client
The internal auditor should maintain objectivity
and not assume management responsibility.
PURPOSE OF STANDARDS
1. Define basic principles
2. Framework for performance
3. Basis for evaluation of internal auditor
4. Foster improved processes and operations.
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL
AUDITING
ATTRIBUTE STANDARDS
PERFORMANCE STANDARDS
IMPLEMENTATION STANDARDS
Practice advisories
ATTRIBUTES STANDARDS
1000. Purpose authority & responsibility.
Charter
ATTRIBUTES STANDARDS
1100. Independence & Objectivity
Organizational independence
Free from interference
Individual objectivity
Disclosure of impairments
ATTRIBUTES STANDARDS
1200. Proficiency & due professional care
Knowledge, skills and competencies
Should obtain advice and assistance
Knowledge of key IT risks and controls
Use of computer assisted audit tools
Use of data analysis techniques
ATTRIBUTES STANDARDS
1230. Continuing professional development
By enhancing knowledge, skills and competencies
ATTRIBUTES STANDARDS
Quality assurance and improvement program
Periodic internal and external quality assessments. Ongoing reviews
External assessments every five years by a qualified independent reviewer / review team.
Reporting
Use of “conducted in accordance with the International standards for the professional practice of Internal Auditing.
Disclosure of non-compliance
PERFORMANCE STANDARDS
PERFORMANCE STANDARDS
2000. Managing the Internal Audit activity
Planning
Communication & Approval
Resource Management
Policies & Procedures
Co-ordination
Reporting
PERFORMANCE STANDARDS
2100. Nature of work
Risk management
- significant exposures
- Effectiveness & efficiency operations
- Safeguarding
- Compliance with laws
- Regulations & controls
PERFORMANCE STANDARDS
2100. Nature of work
Controls
- Maintaining effective controls
- Evaluate adequacy & effectiveness of controls
- Reliability & integrity of financial and operational information
- Effectiveness and efficiency of operations
- Safeguarding of assets
- Compliance with laws, regulations and contracts
PERFORMANCE STANDARDS
2100. Nature of work
Governance
- Recommendations for improving governance process to accomplish following objectives
- Promoting ethics and values ensuring effective performance and accountability
- Communicating risk and control information
- Co-ordinating board, external and internal auditors and management
PERFORMANCE STANDARDS
2200. Engagement planning
Develop and record a plan for each engagement
Planning considerations
- Objectives
- Risks
- Adequacy and effectiveness of controls
Establish a written understanding of objectives
Scope – sufficient to satisfy objectives
Resource allocation
Work program
PERFORMANCE STANDARDS
2300. Performing the engagement
Identifying information
Analysis and evaluation
Recording information
Engagement supervision
PERFORMANCE STANDARDS
2400. Communicating results
Criteria
- Define objectives, scope, conclusions and recommendations.
- Acknowledge satisfactory performances
- Define limitations on distribution and use of results.
Quality
Disclosure of non-compliance with standards
Disseminating results
Monitoring progress
Resolution of management’s acceptance of risks
IMPLEMENTATION STANDARDS
Practice advisories
IMPLEMENTATION STANDARDS
Have been established for
(A)Assurance activities
(C) Consulting activities
IMPLEMENTATION STANDARDS
Apply to specific types of engagements.
Multiple sets of implementation standards
One set for each major type of internal audit activity
IMPLEMENTATION STANDARDS
Implementation standards, guidance and practice advisories
are issued by the Professional Issues Committee.
Its an ongoing process with extensive consultations and discussions world wide by exposure draft process.
Exposure drafts are available at the Institute website at
www.theiia.org
The committee welcomes comments and suggestions at
Thank You