![Page 1: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/1.jpg)
The ABC’s of the Internal Auditing Standards
Ericka F. Kranitz, CPAAndrew RectorMarch 23, 2016
1
![Page 2: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/2.jpg)
Think about…
• What is your biggest challenge?• Given additional resources, what would you
ask for?
2
![Page 3: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/3.jpg)
Today’s Focus
• How do you APPLY the standards to your organization?A
• What are the BASIC activities you should be doing?B
• Are you COMMUNICATING the right information to your board?C
3
![Page 4: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/4.jpg)
Applying the Standards
4
![Page 5: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/5.jpg)
International Professional Practices Framework (IPPF)
5
![Page 6: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/6.jpg)
Mission Statement
To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.
6
![Page 7: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/7.jpg)
Mandatory Guidance
• Required and essential– Core Principles July 2015– International Standards for the Professional
Practice of Internal Auditing (Standards) 2013– Definition of Internal Auditing– Code of Ethics
7
![Page 8: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/8.jpg)
Core Principles
Demonstrates integrity
Demonstrates competence and due professional care
Is objective and free from undue influence (independent)
Aligns with the strategies, objectives, and risks of the organization
Is appropriately positioned and adequately resourced
8
![Page 9: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/9.jpg)
Core Principles
Demonstrates quality and continuous improvement
Communicates effectively
Provides risk-based assurance
Is insightful, proactive, and future-focused
Promotes organizational improvement
9
![Page 10: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/10.jpg)
Definition of IA
• Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
10
![Page 11: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/11.jpg)
Code of Ethics
Promote an ethical culture in the profession
Expectations on behavior
Principles and Rules of Conduct
• Integrity• Objectivity• Confidentiality• Competence
11
![Page 12: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/12.jpg)
Recommended Guidance
• Implementation Guidance– Previously known as “Practice Advisories”– Revisions - next 18 months
• What’s required for Standards• Suggestions on how to show conformance
• Supplemental Guidance • Global Technology Audit Guides (GTAGs)• Guide to the Assessment of IT Risk (GAITs)
12
![Page 13: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/13.jpg)
The Basic Activities
13
![Page 14: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/14.jpg)
Purpose, Authority, and Responsibility
• Defines role• Assurance and consulting• Position and reporting• Functionally and administratively• Unrestricted access to people,
places, information• Clearly state what will and will NOT
do
IA Charter
14
![Page 15: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/15.jpg)
Purpose, Authority, and Responsibility
• Board approves, document in minutes• Revisit regularlyIA Charter
• Role and responsibility for internal audit• Hire and review top audit executive
Audit Committee Charter
• Standard 1010, Model IA and Audit Committee Charters on IIA websiteReference
15
![Page 16: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/16.jpg)
Independence (STD 1110, 1111)
• Functional reporting line for auditOrganization chart
• No interference as to people and audits
Ability to do the job
• Opportunity to meet directly Access to board
• Scope restrictions, access limitationsImpairment
16
![Page 17: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/17.jpg)
Individual Objectivity (STD 1120)
• Impartial and unbiased• Conflicts of interests
– Fact and appearance
• Code of conduct - does one exist– Process to disclose and manage conflicts
• Examples:– Recent employment – Family member
17
![Page 18: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/18.jpg)
Proficiency (STD 1210)
• Evaluate as a group for competency to do job
Knowledge, skills
• CIA, CPA, CISA, CFE, industry specificCertifications
• IIA opportunity• Network with others – leverage resources
Professional associations
• Fraud and ITBasic
knowledge
18
![Page 19: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/19.jpg)
Due Professional Care (STD 1220)
• Prudent person test• Skills needed for audits
– Extent of detail work – Understand risks and complexity– Brainstorm about potential issues– Consider assistance from other state agencies
• Training and development– Profession and industry
19
![Page 20: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/20.jpg)
Quality Assurance and Improvement Program (STDS 1300)
• Internal assessments– Ongoing monitoring of routine practices
• Proper supervision/review • Adhering to checklists, guidelines, internal processes• Monitoring of audit plan
– Are you following your own practices?– Periodic self-assessments
• Measure conformance with Standards• How to document
20
![Page 21: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/21.jpg)
Quality Assurance and Improvement Program
• External Assessment– Once every 5 years– Leverage self-assessment– Independence of review team– Relevant knowledge of your operations– See questionnaire on OSBM site under QAR– Report results to board
21
![Page 22: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/22.jpg)
Annual Audit Plan (STDS 2010, 2020)
Audit Universe – define
Risk based criteria
Audit what’s important
Be realistic – expect the unexpected
Evaluate resources and skills
Communicate to organization
22
![Page 23: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/23.jpg)
Engagement Planning (STD 2200)
Clear scope and objective • Audit Plan – revisit• What you are and are not reviewing• Reasonable timeframe
Consider errors and fraud
Match work with competencies of staff
Review and oversight
Questionnaires – background information
23
![Page 24: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/24.jpg)
Performing the Engagement (STDS 2300)
• Documentation – Ability to reproduce– Standardize - checklists and templates
• Sufficient, relevant, reliable information• Confirm all facts• Adequate review and supervision• Retention - reports and support
– Final copies only
24
![Page 25: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/25.jpg)
Monitoring Progress (STD 2500)
Timely follow-up
Formal closure of audit
Process if don’t pass?
Discuss concerns with management
Include in audit plan if significant
25
![Page 26: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/26.jpg)
• Doing the wrong audits• Mismatch of staff competencies to work• Communication issues – question and confirm
Audit failure
• Clarify what is/not in scope of work• IA role may be vague
False assurance
• Strong IA processes• Continual training and developmentReputational
Risk of IA Activity
26
![Page 27: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/27.jpg)
Communicating the Right Information
27
![Page 28: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/28.jpg)
Communicating Results (STD 2400)
Clearly state objective and scope
Accurate – verify facts with client
Easily understood – basic terms
Concise and complete – relevant, to the point
Acknowledge good work
Distribute to appropriate individuals
28
![Page 29: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/29.jpg)
Communicating Results
• Condition – “what is”• Requirements – “should be”• Cause – how did this happen• Effect – impact and risk
Audit Reports
• What must be provided• Process for requesting and providing
Public records request
29
![Page 30: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/30.jpg)
Board Communications (STDS 1111, 2060, 2600)
Regular communication – each meeting
What do they want?
Status of audit plan vs. actual
Resource requirements or deficiencies
Unacceptable levels of risk
Opportunity to meet 1:1
NO SURPRISES
30
![Page 31: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/31.jpg)
Board Approvals (STD 1110)
• Audit Plan – Significant changes and why
• Charter – revisit regularly • Budget and resource needs
– Training– Staffing– External assistance
31
![Page 32: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/32.jpg)
Think about…
• What is your biggest challenge?• Given additional resources, what would you
ask for?
32
![Page 33: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/33.jpg)
Resources• IIA: https://www.theiia.org
– Template for IA and Audit Committee Charter– Magazine “Internal Auditor”– Members only webinar
• OSBM– Information on IIA membership
• http://www.osbm.nc.gov/management/internal-audit/iia
– Peer review program http://www.osbm.nc.gov/management/internal-audit/qar
33
![Page 34: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/34.jpg)
IIA Webinars
34
![Page 35: The ABC’s of the Internal Auditing Standardsold.northcarolina.edu/conferences/oia/2016/Session 3 - ABCs of IA... · The ABC’s of the Internal Auditing Standards ... – Previously](https://reader031.vdocument.in/reader031/viewer/2022022519/5b15ba3a7f8b9ac7128e0cc4/html5/thumbnails/35.jpg)
Contact Information
• Ericka F. Kranitz, CPA– Director of Compliance Monitoring– [email protected]
• Andrew Rector– Principal Auditor– [email protected]
35