Please enable JavaScript.
Coggle requires JavaScript to display documents.
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING…
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (IPPF STANDARDS)
ATTRIBUTE STANDARDS
1000 – Purpose, Authority, and Responsibility
1000.A1
- The nature of assurance services provided to the organization and to parties outside the
organization must be defined in
the internal audit charter.
1000.C1
– The nature of consulting services must be defined in the internal audit charter.
1010 – Recognizing Mandatory Guidance in the Internal Audit Charter
The mandatory nature of the Core Principles for the Professional Practice of Internal Auditing, the
Code of Ethics, the Standards, and the Definition of Internal Auditing must be recognized in the
internal audit charter.
1100 – Independence and Objectivity
Internal auditor must be independent and objective in performing their work.
1110 – Organizational Independence
Organizational independence is effectively achieved when the CAE reports functionally to the board.
1110.A1
– The internal audit activity must be free from interference in determining the scope of internal auditing, performing work, and communicating results. The CAE must disclose such interference to the board and discuss the implications.
1111 – Direct Interaction with the Board
CAE must communicate and interact directly with the board.
1112 – Chief Audit Executive Roles Beyond Internal Auditing
Where the CAE has or is expected to have roles and/or responsibilities that fall outside of internal auditing, safeguards must be in place to limit impairments to independence or
objectivity.
1120 – Individual Objectivity
Internal auditors must have an impartial, unbiased attitude and avoid any conflict of interest.
1130 – Impairment to Independence or Objectivity
If independence or objectivity is impaired in fact or appearance, the details of the impairoment must be disclosed to appropriate parties.
1130.A1
– Internal auditors must refrain from assessing specific operations for which they were previously responsible.
1130.A2
– Assurance engagements for functions over which the CAE has responsibility must be overseen by a party outside the internal audit activity.
1130.A3
– The internal audit activity may provide assurance services where it had previously performed consulting services, provided the nature of the consulting did not impair objectivity and provided individual objectivity is managed when assigning resources to the engagement.
1130.C1
– Internal auditors may provide consulting services relating to operations for which they had previous responsibilities.
1130.C2
– If internal auditors have potential impairments to independence or objectivity relating to proposed consulting services, disclosure must be made to the engagement client prior to accepting the engagement.
ATTRIBUTE STANDARDS
1200 – Proficiency and Due Professional Care
1210 – Proficiency
Internal auditors must possess the knowledge, skills, and other competencies to perform their individual responsibilities.
1210.A1
– The chief audit executive must obtain competent advice and assistance if the internal auditors lack the knowledge, skills, or other competencies needed to perform all or part of the engagement.
1210.A2
– Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization
1210.A3
– Internal auditors must have sufficient knowledge of key information technology risks and controls and available technology-based audit techniques to perform their assigned work.
1210.C1
– The CAE must decline the consulting engagement or obtain competent advice and assistance if the internal auditors lack the knowledge, skills, or other competencies needed to perform all or part of the engagement.
1220 – Due Professional Care
IA must apply the care and skill expected of a reasonably prudent and competent internal auditor. Due professional care
does not
imply infallibility.
1220.A1
– Internal auditors must exercise due professional care
1220.A2
– In exercising due professional care internal auditors must consider the use of technology-based audit and other data analysis techniques.
1220.A3
– Internal auditors must be alert to the significant risks that might affect objectives, operations, or resources.
1220.C1
– Internal auditors must exercise due professional care during a consulting engagement.
1230 – Continuing Professional Development
Internal auditors must enhance their knowledge, skills, and other competencies through continuing professional development.
1300 – Quality Assurance and Improvement Program
The CAE must develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity.
1310 – Requirements of the Quality Assurance and Improvement Program
Must include
both
internal and external assessments.
1311 – Internal Assessments
Must include:
Ongoing monitoring of the performance of the internal audit activity
Periodic self-assessment / assessment by other persons within the organization with sufficient knowledge of internal audit practices.
1312 – External Assessments
Must be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the organization.
ATTRIBUTE STANDARDS
1320 – Reporting on the Quality Assurance and Improvement Program
CAE must communicate the results of the quality assurance and improvement program to senior management and the board.
1321 – Use of “Conforms with the International Standards for the Professional Practice of Internal Auditing”
Internal audit activity conforms with the International Standards for the Professional Practice of Internal Auditing is appropriate only if supported by the results of the quality assurance and improvement program.
1322 – Disclosure of Nonconformance
When nonconformance with the Code of Ethics, the CAE must disclose the nonconformance and the impact to senior management and the board.
INTRODUCTION
PURPOSE OF THE STANDARDS
Guide adherence with the mandatory elements of the International Professional Practices Framework.
Provide a framework for performing and promoting a broad range of value-added internal auditing services.
Establish the basis for the evaluation of internal audit performance.
Foster improved organizational processes and operations.
MANDATORY REQUIREMENTS
Statements of core requirements for the professional practice of internal auditing and for evaluating the effectiveness of performance that are internationally applicable at organizational and individual levels.
Interpretations clarifying terms or concepts within the Standards.