PRESENTATION

ON

MONDAY 7TH AUGUST, 2006

BYSUDHIR VARMAFCA; CIA(USA)

FOR

THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER

PROFESSIONAL PRACTICES FRAMEWORK

PPF

PPF INCLUDES

DEFINITION OF INTERNAL AUDITING

CODE OF ETHICS

STANDARDS

GUIDANCE

PRACTICE ADVISORIES

DEFINITION OF INTERNAL AUDITING

DEFINITION OF INTERNAL AUDITING

Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

DEFINITION OF INTERNAL AUDITING

Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

INTERNAL AUDITOR

Independent

Objective

Consulting

Add Value

Improve

Systematic

Disciplined

Evaluate

Effective

CODE OF ETHICS

CODE OF ETHICS

Broadly covers :

Applicability & enforcement

Principles

Rules of conduct

Integrity

Objectivity

Confidentiality

Competency

CODE OF ETHICS

APPLICABILITY & ENFORCEMENT

Applies to individuals & entities providing Internal Audit services

IIA members & CIA’s will be evaluated as per the rules of the Institute.

CODE OF ETHICS

INTEGRITY

Internal Auditors shall perform their work with

Honesty

Diligence

Responsibility

Observe Laws of the land

Respect and contribute for legitimate & ethical objectives of the organisation.

CODE OF ETHICS

OBJECTIVITY

Be unbiased

Will not participate in any activity which can effect

objectivity

Will not develop any relationship which can effect

objectivity

Will not accept gifts that can impair professional

judgement

Present all material facts

CODE OF ETHICS

CONFIDENTIALITY

Protect information

Be prudent in use of information

Shall not use information for personal gain

Shall not use information that shall be detrimental to

the legitimate & ethical objectives of the organization.

CODE OF ETHICS

COMPETENCY

Will ensure necessary knowledge

Will ensure necessary skills

Must have adequate experience

Continually improve their proficiency and

effectiveness

Shall perform in accordance with International

Standards for Professional Practice of Internal

Auditors.

STANDARDS

STANDARDS FOR

INTERNAL AUDIT

1. Differences in environment

2. Compliance with standards is essential to meet responsibility.

3. Prohibition by local laws on any standard should be disclosed.

STANDARDS FOR

ASSURANCE

1. The process owner

2. The internal auditor

3. The user

STANDARDS FOR

CONSULTING SERVICES

1. The internal auditor

2. Engagement client

The internal auditor should maintain objectivity

and not assume management responsibility.

PURPOSE OF STANDARDS

1. Define basic principles

2. Framework for performance

3. Basis for evaluation of internal auditor

4. Foster improved processes and operations.

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL

AUDITING

ATTRIBUTE STANDARDS

PERFORMANCE STANDARDS

IMPLEMENTATION STANDARDS

Practice advisories

ATTRIBUTES STANDARDS

1000. Purpose authority & responsibility.

Charter

ATTRIBUTES STANDARDS

1100. Independence & Objectivity

Organizational independence

Free from interference

Individual objectivity

Disclosure of impairments

ATTRIBUTES STANDARDS

1200. Proficiency & due professional care

Knowledge, skills and competencies

Should obtain advice and assistance

Knowledge of key IT risks and controls

Use of computer assisted audit tools

Use of data analysis techniques

ATTRIBUTES STANDARDS

1230. Continuing professional development

By enhancing knowledge, skills and competencies

ATTRIBUTES STANDARDS

Quality assurance and improvement program

Periodic internal and external quality assessments. Ongoing reviews

External assessments every five years by a qualified independent reviewer / review team.

Reporting

Use of “conducted in accordance with the International standards for the professional practice of Internal Auditing.

Disclosure of non-compliance

PERFORMANCE STANDARDS

PERFORMANCE STANDARDS

2000. Managing the Internal Audit activity

Planning

Communication & Approval

Resource Management

Policies & Procedures

Co-ordination

Reporting

PERFORMANCE STANDARDS

2100. Nature of work

Risk management

- significant exposures

- Effectiveness & efficiency operations

- Safeguarding

- Compliance with laws

- Regulations & controls

PERFORMANCE STANDARDS

2100. Nature of work

Controls

- Maintaining effective controls

- Evaluate adequacy & effectiveness of controls

- Reliability & integrity of financial and operational information

- Effectiveness and efficiency of operations

- Safeguarding of assets

- Compliance with laws, regulations and contracts

PERFORMANCE STANDARDS

2100. Nature of work

Governance

- Recommendations for improving governance process to accomplish following objectives

- Promoting ethics and values ensuring effective performance and accountability

- Communicating risk and control information

- Co-ordinating board, external and internal auditors and management

PERFORMANCE STANDARDS

2200. Engagement planning

Develop and record a plan for each engagement

Planning considerations

- Objectives

- Risks

- Adequacy and effectiveness of controls

Establish a written understanding of objectives

Scope – sufficient to satisfy objectives

Resource allocation

Work program

PERFORMANCE STANDARDS

2300. Performing the engagement

Identifying information

Analysis and evaluation

Recording information

Engagement supervision

PERFORMANCE STANDARDS

2400. Communicating results

Criteria

- Define objectives, scope, conclusions and recommendations.

- Acknowledge satisfactory performances

- Define limitations on distribution and use of results.

Quality

Disclosure of non-compliance with standards

Disseminating results

Monitoring progress

Resolution of management’s acceptance of risks

IMPLEMENTATION STANDARDS

Practice advisories

IMPLEMENTATION STANDARDS

Have been established for

(A)Assurance activities

(C) Consulting activities

IMPLEMENTATION STANDARDS

Apply to specific types of engagements.

Multiple sets of implementation standards

One set for each major type of internal audit activity

IMPLEMENTATION STANDARDS

Implementation standards, guidance and practice advisories

are issued by the Professional Issues Committee.

Its an ongoing process with extensive consultations and discussions world wide by exposure draft process.

Exposure drafts are available at the Institute website at

www.theiia.org

The committee welcomes comments and suggestions at

standards@theiia.org

Thank You