|
Attribute Standard 1000
|
|
Purpose, Authority, and Responsibility
The purpose, authority, and responsibility of the internal audit activity should be formally defined in a charter, consistent with the Standards, and approved by the board .
|
|
| |
Implementation Standard 1000.A1
(Assurance Engagements)
|
|
The nature of assurance services provided to the organization should be defined in the audit charter. If assurances are to be provided to parties outside the organization, the nature of these assurances should also be defined in the charter.
|
|
| |
Implementation Standard 1000.C1
(Consulting Engagements)
|
|
The nature of consulting services should be defined in the audit charter.
|
|
|
Attribute Standard 1100
|
|
Independence and Objectivity
The internal audit activity should be independent, and internal auditors should be objective in performing their work.
|
|
|
Attribute Standard 1110
|
|
Organizational Independence
The chief audit executive should report to a level within the organization that allows the internal audit activity to fulfill its responsibilities.
|
|
| |
Implementation Standard 1110.A1
(Assurance Engagements)
|
|
The internal audit activity should be free from interference in determining the scope of internal auditing, performing work, and communicating results.
|
|
|
Attribute Standard 1120
|
|
Individual Objectivity
Internal auditors should have an impartial, unbiased attitude and avoid conflicts of interest.
|
|
|
Attribute Standard 1130
|
|
Impairments to Independence or Objectivity
If independence or objectivity is impaired in fact or appearance, the details of the impairment should be disclosed to appropriate parties. The nature of the disclosure will depend upon the impairment.
|
|
| |
Implementation Standard 1130.A1
(Assurance Engagements)
|
|
Internal auditors should refrain from assessing specific operations for which they were previously responsible. Objectivity is presumed to be impaired if an internal auditor provides assurance services for an activity for which the internal auditor had responsibility within the previous year.
|
|
| |
Implementation Standard 1130.A2
(Assurance Engagements)
|
|
Assurance engagements for functions over which the chief audit executive has responsibility should be overseen by a party outside the internal audit activity.
|
|
| |
Implementation Standard 1130.C1
(Consulting Engagements)
|
|
Internal auditors may provide consulting services relating to operations for which they had previous responsibilities.
|
|
| |
Implementation Standard 1130.C2
(Consulting Engagements)
|
|
If internal auditors have potential impairments to independence or objectivity relating to proposed consulting services, disclosure should be made to the engagement client prior to accepting the engagement.
|
|
|
Attribute Standard 1200
|
|
Proficiency and Due Professional Care
Engagements should be performed with proficiency and due professional care.
|
|
|
Attribute Standard 1210
|
|
Proficiency
Internal auditors should possess the knowledge, skills, and other competencies needed to perform their individual responsibilities. The internal audit activity collectively should possess or obtain the knowledge, skills, and other competencies needed to perform its responsibilities.
|
|
| |
Implementation Standard 1210.A1
(Assurance Engagements)
|
|
The chief audit executive should obtain competent advice and assistance if the internal audit staff lacks the knowledge, skills, or other competencies needed to perform all or part of the engagement.
|
|
| |
Implementation Standard 1210.A2
(Assurance Engagements)
|
|
The internal auditor should have sufficient knowledge to identify the indicators of fraud but is not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud.
|
|
| |
Implementation Standard 1210.A3
(Assurance Engagements)
|
|
Internal auditors should have knowledge of key information technology risks and controls and available technology-based audit techniques to perform their assigned work. However, not all internal auditors are expected to have the expertise of an internal auditor whose primary responsibility is information technology auditing.
|
|
| |
Implementation Standard 1210.C1
(Consulting Engagements)
|
|
The chief audit executive should decline the consulting engagement or obtain competent advice and assistance if the internal audit staff lacks the knowledge, skills, or other competencies needed to perform all or part of the engagement.
|
|
|
Attribute Standard 1220
|
|
Due Professional Care
Internal auditors should apply the care and skill expected of a reasonably prudent and competent internal auditor. Due professional care does not imply infallibility.
|
|
| |
Implementation Standard 1220.A1
(Assurance Engagements)
|
|
The internal auditor should exercise due professional care by considering the:
- Extent of work needed to achieve the engagement's objectives .
- Relative complexity, materiality, or significance of matters to which assurance procedures are applied.
- Adequacy and effectiveness of risk management, control , and governance processes .
- Probability of significant errors, irregularities, or noncompliance.
- Cost of assurance in relation to potential benefits.
|
|
| |
Implementation Standard 1220.A2
(Assurance Engagements)
|
|
In exercising due professional care the internal auditor should consider the use of computer-assisted audit tools and other data analysis techniques.
|
|
| |
Implementation Standard 1220.A3
(Assurance Engagements)
|
|
The internal auditor should be alert to the significant risks that might affect objectives, operations, or resources. However, assurance procedures alone, even when performed with due professional care, do not guarantee that all significant risks will be identified.
|
|
| |
Implementation Standard 1220.C1
(Consulting Engagements)
|
|
The internal auditor should exercise due professional care during a consulting engagement by considering the:
- Needs and expectations of clients, including the nature, timing, and communication of engagement results.
- Relative complexity and extent of work needed to achieve the engagement's objectives.
- Cost of the consulting engagement in relation to potential benefits.
|
|
|
Attribute Standard 1230
|
|
Continuing Professional Development
Internal auditors should enhance their knowledge, skills, and other competencies through continuing professional development.
|
|
|
Attribute Standard 1300
|
|
Quality Assurance and Improvement Program
The chief audit executive should develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity and continuously monitors its effectiveness. This program includes periodic internal and external quality assessments and ongoing internal monitoring. Each part of the program should be designed to help the internal auditing activity add value and improve the organization's operations and to provide assurance that the internal audit activity is in conformity with the Standards and the Code of Ethics .
|
|
|
Attribute Standard 1310
|
|
Quality Program Assessments
The internal audit activity should adopt a process to monitor and assess the overall effectiveness of the quality program. The process should include both internal and external assessments.
|
|
|
Attribute Standard 1311
|
|
Internal Assessments
Internal assessments should include:
- Ongoing reviews of the performance of the internal audit activity; and
- Periodic reviews performed through self-assessment or by other persons within the organization, with knowledge of internal auditing practices and the Standards.
|
|
|
Attribute Standard 1312
|
|
External Assessments
External assessments should be conducted at least once every five years by a qualified, independent reviewer or review team from outside the organization. The potential need for more frequent external assessments as well as the qualifications and independence of the external reviewer or review team, including any potential conflict of interest, should be discussed by the CAE with the Board. Such discussions should also consider the size, complexity and industry of the organization in relation to the experience of the reviewer or review team.
|
|
|
Attribute Standard 1320
|
|
Reporting on the Quality Program
The chief audit executive should communicate the results of external assessments to the board.
|
|
|
Attribute Standard 1330
|
|
Use of "Conducted in Accordance with the Standards"
Internal auditors are encouraged to report that their activities are "conducted in accordance with the Standards for the Professional Practice of Internal Auditing. " However, internal auditors may use the statement only if assessments of the quality improvement program demonstrate that the internal audit activity is in compliance with the Standards.
|
|
|
Attribute Standard 1340
|
|
Disclosure of Noncompliance
Although the internal audit activity should achieve full compliance with the Standards and internal auditors with the Code of Ethics , there may be instances in which full compliance is not achieved. When noncompliance impacts the overall scope or operation of the internal audit activity, disclosure should be made to senior management and the board.
|
