The document defines internal auditing as an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The purpose of internal auditing is to evaluate and improve the effectiveness of risk management, control, and governance processes through a systematic and disciplined independent and objective assurance approach.
3. Statement of internal auditing’s
fundamental purpose, nature, and
scope:
IA is an independent, objective
assurance and consulting activity
designed to add value and improve an
org’s operations. It helps an org
accomplish its objectives by bringing a
systematic, disciplined approach to
evaluate and improve the effectiveness
of RM, control, and governance
processes.
See Glossary
4. Delineate basic principles that represent the practice of
internal auditing.
Provide a framework for performing and promoting a broad
range of value-added IA.
Establish the basis for the evaluation of internal audit
performance.
Foster improved organizational processes and operations.
• Unconditional requirement“Must”
• Conformance is expected unless, when
applying prof. judgment, circumstances
justify deviation
“Should”
5. Basic
Require-
ment
• Statements of
basic
requirements for
the prof practice
of IA
Evaluati
ng
Perfor -
mance
• Statement for
evaluating the
effectiveness of
perf., which are
interna-tionally
applicable at org
and indv levels.
Interpre-
tations
• Interpretations,
which clarify
terms or
concepts within
the Statements.
(consider
glossary)
Attributes standards
Performance standards
Implementation standards
Interpretation
6. Purpose
• To promote an ethical culture in the profession of
internal auditing.
Summary
• States principles and expectations governing
behavior of individuals and org in the conduct of IA.
• Describes minimum requirements for conduct and
behavioral expectations, rather than specific
activities.
Compone
nts
• 1. Principles (integrity, objectivity, confidentiality,
and competency), relevant to the profession and
practice of IA; and
• 2. Rules of Conduct, describe behavior norms
expected of IAr
7. • Address IA approach, methodology,
and considerations, but not detailed
processes and procedures.
Substance:
• Provide concise and timely assistance
to IAr in conforming to the Code of
Ethics and Standards and promoting
good practices.
Purpose:
• Relate to international-, country-, or
industry-specific issues; specific
types of engagements; and legal or
regulatory issues.
Scope:
• Internal Audit Charter
• Organizational Independence
• Individual Objectivity
• Root Cause Analysis
Include:
8. Substance:
Provide
information on
how to
conduct
internal audit
activities
Includes:
Processes
and
procedures.
Tools and
techniques.
Step-by-step
approaches.
Examples of
deliverables.
Examples:
PG
Measuring IA
Effectiveness
n Efficiency
PG
Assessing the
Adequacy of
RM Using
ISO31000
PG Auditing
IT Risk and
Controls
9. Help a wide range of interested
parties — including those not in
the internal audit profession —
to:
Understand
significant
governance, risk,
and control issues.
Delineate internal
audit-related roles
and
responsibilities.
Examples:
PP: The Role of
Internal Auditing in
Enterprise-Wide Risk
Management.
PP: Managing the
Business Risk of
Fraud: A Practical
Guide
PP: The Three Lines of
Defence in Effcetive
Risk Management and
Control.