Cornerstone of Internal Audit (Standards)
Internal Audit abides by the Standards promulgated in The International Professional Practices Framework (IPPF) issued by The Institute of Internal Auditors (IIA), Florida, USA.
Code of Ethics
The purpose of The IIA’s Code of Ethics is to promote an ethical culture in the profession of internal auditing. It applies to both entities and individuals that perform internal audit services.
Internal Auditors are expected to apply and uphold the following principles:
Mission of Internal Audit
Our mission is “to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.” (The IIA).
Definition of Internal Audit
“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” (The IIA).
Scope of Internal Audit
The scope of Internal Audit includes Governance, Risk, and Control, commonly referred to as GRC.
Role in Internal Control
Standard 2130 on Control reads:
“The internal audit activity must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement.”
Role in Risk Management
Standard 2120 on Risk Management reads:
“The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes.”
Role in Corporate Governance
Standard 2110 on Governance reads:
“The internal audit activity must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objective.”
Risk-based Internal Audit Plan
Standard 2010 on Planning reads:
“The chief audit executive must establish a risk-based plan to determine the priorities of the internal audit activity, consistent with the organization’s goals.”
Types of Assurance Services
5. Information Technology (IT)
9. Control-Self Assessment (CSA)
Examples of Consulting Services
1. ERP System
2. Committees / Task Forces
3. Policies and Procedures / Manuals / Charters
4. Authority Matrices
5. Risk Register
6. Budget Process
7. Bidding Process
9. Human Resources