09/08/2023, 15:59 Topic 01 - LU 1 and 2
Topic 01: IPPF requirements and guidelines for performing engagement procedures (test of
controls)
Learning Unit 01: Insitute of Internal Auditors (IIA) Code of Ethics
ch 2, 3 of Internal Auditing: An introduction
2.6 The definition of Internal Auditing: (30)Internal Auditing: An introduction
Internal Auditing: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an
organisation's operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and
improve its effectiveness of risk management, control and governance processes.
2.7 The International Professional Practices Framework IPPF: (32)Internal Auditing: An introduction
- IPPF: a set of guidelines that define the proper role and responsibilities of the internal audit activity
2 types of guidance of the IPPF:
- mandatory guidance (MUST), consisting of
> the core principles of IA
> the definition of IA
> the Code of Ethics
> the Standards
- recommended guidance, consisting of
> implementation guidance (practice advisories)
> supplemental guidance (practice guides)
Figure 2.1 Framework for internal audit effectiveness: the new IPPF
2.7.1 The Mission of Internal Auditing (33)
-- to enhance and protect organisational value by providing risk-based and objective assurance, advice and insight
2.7.2 Core Principles for the Professional Practice of Internal Auditing (33)
4 NB principles:
- integrity
file:///C:/Users/User/OneDrive - University of South Africa/Unisa/The Internal Audit Process - Test of Controls - AUI3702/pdf summaries AUI3702/The … 1/25
,09/08/2023, 15:59 Topic 01 - LU 1 and 2
- objectivity
- confidentiality
- competency
Core principles (from textbook)
- demonstrate integirty
- demonstrate competence and due professional care
- is objective and free from undue influence (independent)
- aligns with the strategies, objectives and risks of the organisation
- is appropriately positioned and adequately resourced
- demonstrates quality and continuous improvement
- communicates effectively
- provides risk-based assurance
- is insightful, proactive and future-focussed
- promotes organisational improvement
2.7.4 Code of Ethics (34)
- the code applies to individuals AND entities that perform internal audit activities
(discussed in ch3)
2.7.5 International Standards for the Professional Practice of internal auditing (34)
'the standards': the minimum requirements which are internationally applicable at organisational and individual levels and provide a framework
for performing and promoting internal auditing
- purpose of the standards:
> delineate basic principles that represent the practice of IA, as it should be
> provide a framework for performing and promoting a broad range of value-added IA activities
> establish the basis for the evaluation of IA performance
> foster improved organisational processes and operations
Figure 2.2 Interrelations of the Standards (36)
- assurance standards deal with the objective evaluation of evidence to provide an independent assessment of governance, risk management and
control processes
> governance: the processes, procedures and structures implemented by the board to inform, direct, manage and monitor the activities of
the organisation toward the achievement of its objectives
> risk management: the process that management puts into operation to address risk and mitigating the risks to an acceptable level
> risk: the uncertainty that an event could occur that could have a negative impact on the achievement of objectives
file:///C:/Users/User/OneDrive - University of South Africa/Unisa/The Internal Audit Process - Test of Controls - AUI3702/pdf summaries AUI3702/The … 2/25
,09/08/2023, 15:59 Topic 01 - LU 1 and 2
> control: actions taken by management, the board or other parties to manage risk and enhance the achievement of organisational
objectives and goals
- there are 3 parties involved in assurance services:
> process owner: the people/person involved with the processes
> auditor: the person making the assessment
> user: those who use the assessment to make decisions
- consulting standards involve activities beyond traditional assurance work as requested by management to assist them to achieve the
organisation's objectives
> advisory and non-assurance activities delivered by the IA based on a specific request by an engagement client
- consulting involves 2 parties:
> client
> auditor
Table 2.2 Summary of the Standards (37)
3.4 The ethics of the Internal auditor: (49)Internal Auditing: An introduction
3.4.1 The International Professional Practices Framework: Code of Ethics (50)
- 2 essential components of the Code of Ethics:
> principles that are relevant to the profession and practice of IA
> rules of conduct that descibe behaviour norms expected of IA's
(these rules are an aid to interpreting the principles into practical applications and are intended to guide the ethical conduct of IA's)
3.4.2 Principles (50)
Integrity
Objectivity
Confidentiality
Competency
3.4.3 Rules of conduct (51)
file:///C:/Users/User/OneDrive - University of South Africa/Unisa/The Internal Audit Process - Test of Controls - AUI3702/pdf summaries AUI3702/The … 3/25
, 09/08/2023, 15:59 Topic 01 - LU 1 and 2
Integrity
- IA's shall:
> perform their work with honesty, diligence, and responsibility
> observe the law and make disclosures expected by the law and the profession
> not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession or an organisation
> respect and contribute to the legitimate and ethical objectives of the organisation
Objectivity
- IA's shall:
> not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment (incl any conflicts of
interest)
> not accept anythnig that may impair or be presumed to impair their professional judgement
> disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review
Confidentiality
- IA's shall:
> be prudent in the use and protection of information acquired in the course of their duties
> not use information for any persona gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical
objectives of the organisation
Competency
- IA's shall:
> enage only in those services for which they have the necessary knowledge, skills and experience
> perform IA services in accordance with the International Standards for the Professional Practices of Internal Auditing
> continually improve their proficiency and the effectiveness and qualiy of their services
Learning Unit 02: International standards for the professiona practice of Internal Auditing
3.5 Attribute Standards: (53)Internal Auditing: An introduction
- attribute standards: focus on characteristics of the IA activity as well as on the individuals who perform the IA engagements
- these standards are addressed in the 1000 series of the Standards
1000 Purpose, Authority and Responsibility (54)
- these must be formally defined in an IA charter, consistent with the mission of IA and the mandatory elements of the IPPF
- the IA Charter is a formal document that defines the IA Activity's purpose, authority and responsibility
> establishes the IA activity's position within the organisation, including:
-- nature of the Chief Audit Executives functional reporting relationship with the board
-- authorises access to records, personnel and physical property relevant to the performance of engagements
-- defines the scope of IA activities
> final approval of the IA charter resides with the board
1100 - Independence & Objectivity (55)
- Independence: the freedom from conditions that threaten the ability of the Internal Audit Activity or the chief audit executive to carry out
internal audit responsibilities in an unbiased manner
> threats to independence must be managed at the individual auditor, engagement, functional and organisational levels
- objectivity: an unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they believe in their work
product and that no quality compromises are made
> threats to objectivity must be managed at the individual auditor, engagement, functional and organisational levels
1120 - Individual Objectivity (57)
- conflict of interest: a situation in which an internal auditor, who is in a position of trust, has a competing professional or personal interest
file:///C:/Users/User/OneDrive - University of South Africa/Unisa/The Internal Audit Process - Test of Controls - AUI3702/pdf summaries AUI3702/The … 4/25