Embed Size (px)
Citation preview
' Background - IIA New or Changed Professional Standards
o Consequences of Non-Compliance
o New llA Standards
o Cha nged llA Sta nda rds
' ESI lA s Current Practices vs. New lchanged !!A Standards
round - llA New r Chan ed Professional a rds
Effective January t,2OO9, the lnstitute of !nternal Auditors (llA) made changes tothe lnternal Standards for the Professional Practice of lnternal Auditing(Sto nda rdsl
were previously part of the Practice Advisories
1 Source: 5/2L/O9 Protiviti Presentation, "Changes in the llA Standards: New Requirements for lnternal Audit Functions"
Consequences of Non-Compliance -:
1) Any company listed on the New York Stock Exchange (NYSE) must have an
interna! audit function.
Since the llA is the global leader for the profession (including promulgation ofguidelines and leading practices for lA functions), NYSE-Iisted companies thatare not in compliance with the Sfandords could be out of compliance with theNYSE requirements.
2l Higher likelihood that the external auditor will discount/dismiss ll(s work tosupport the attestation of the year-end financial statements and financialreporting internal controls - resulting in more time required by the externalauditor to perform the attestation and hieher audit fees.
3) Less than optimal effectiveness of the lA activity - particularlv in areas of fraudrisk assessment and management.
2 Source: September 2009 Protiviti, "Changes to the llA Standards: What Board Members and Executive Management Need to Know"
New llA Standards:
1010
LLLL
2tL0.A2
2L20.42
2L20.C3
2430
The mandatory nature of the Definition of lnternal Auditing, the Code of Ethics, andthe Stondords must be recognized in the internal audit charter. The chief auditexecutive should discuss the Definition of lnternal Auditing, the Code of Ethics, and theStandards, with senior management and the board.
The chief audit executive must communicate and interact directly with the board.
The internal audit activity must assess whether the information technology governance
of the organization sustains and supports the organization's strategies and objectives.
The internal audit activity must evaluate the potential for the occurrence of fraud andhow the organization manages fraud risk.
When assisting management in establishing or improving risk management processes,
internal auditors must refrain from assuming any management responsibility byactually managing risks
Internal auditors may report that their engagements are "conducted in conformancewith the International Standards for the Professional Practice of lnternal Auditing", onlyif the results of the quality assurance and improvement program support thestatement.
Chaneed !lA Standards:
1000,1000.A1
&1000.c1
L3L2
L320
The purpose, authority, and responsibility of the internal audit activity must be formallydefined in an internal audit charter; consistent with the Definition of lnternal Auditing,the Code of Ethics, and the Standords. The chief audit executive must periodicallyreview the internal audit charter and present it to senior management and the boardfor approval.
The nature of the assurance services provided to the organization must be defined inthe internal audit charter. lf assurances are to be provided to parties outside theorganization, the nature of these assurances must also be defined in the internal auditcharter.
The nature of consulting services must be defined in the internal audit charter.
External assessments must be conducted at least once every five years by a qualified,independent reviewer or review team from outside the organization. The chief auditexecutive must discusswith the board:The need for more frequent externalassessments; and the qualifications and independence of the external reviewer orreview team, including any potential conflict of interest.
The chief audit executive must communicate the results of the quality assurance andimprovement program to senior management and the board.
ln exercising due professional care, internal auditors must consider the use oftechnology-based audit and other data analysis techniques.
L220.A2
Chaneed llA Standards:
2020
2LLO.AL
2330.42
LL10 &1110.AL
The chief audit executive must communicate the internal audit activity's plans andresource requirements, including significant interim changes, to senior managernentand the board for review and approval. The chief audit executive must also
communicaLe the impact of resource !imitations.
The internalaudit activity must evaluate the design, implementation, and effectivenessof the organization's ethics-related objectives, programs, and activities.
The chief audit executive must develop retention requirements for engagementrecords, regardless of the medium in which each record is stored. These recordretention requirements must be consistent with the organization's guidelines and anypertinent regulatory or other requirements.
The chief audit executive must report to a level within the organization that allows theinternal audit activity to fulfill its responsibilities.
The chief audit executive must confirm to the board, at least annually, theorganizational independence of the internal audit activity.
The internal audit activity must be free from interference in determining the scope ofinternal auditing, performing work, and communicating results.
ESI IAs Current Practices vs. New/Changed llA Standards(lnitial Gaps Only):
.
L L000 & , Purpose, Authority, and1010 r Responsibility
Recognition of the Definition of: !nternal Auditing, the Code of
, Ethics, and the Standards in the
' !A Charter
2 1220.A2 , Due Professional Care -; : Consideration of Use ofi r Computer-Aided Audit
Techniques (CAAT)
i 3 | 2L20.A2 ' Fraud Risk Managementt!j
While the , Revised/included in lA i
December 2006 lA , Charter and approved ,
Charter mentions by Audit Cmte. in 2009.Code of Ethics, itdoes not appear tocite the llAStandards.
CAATs have been . Step #11 added to ',
,i
on audits. , . ACL training ongoing Ir Long-term - consider l
implementation ofcontinuous
;monitoring/au!itin-s- j
At the engagement i Added inquiry ofIevel, a fraud , pot*ntial/actual fraudbrainstorming . to opening meetingmemo is required to agenda templatebe completed.
ES! !ffs Current Practices vs. New/Changed llA Standards(lnitial Gaps Only):
ESI lAs Current Practices vs. New/Changed llA Standards(lnitia! Gaps Only):
