CIA_LS_P1_S1.9710580.. - Raven Global Training
advertisement
THE IIA’S CIA LEARNING SYSTEMTM Overview Internal Audit Reviews the effectiveness and efficiency of operations; compliance with laws, regulations, policies, and procedures; achievement of operational/ organizational objectives; reliability of information; and safeguarding of assets Compliance Audit Strictly tests adherence to laws, regulations, standards, and policies and procedures www.LearnCia.com Financial Audit Regulatory Audit Government Audit Provides an attestation solely on the financial reports and statements generated by an organization Reviews compliance with specific regulations Focuses on compliance with programs, performance audits, budget reviews, and management audits Part 1, Overview Part 1 1 – 1 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Section Topics 1. Define purpose, authority, and responsibility of the internal audit activity 2. Maintain independence and objectivity 3. Determine availability of required knowledge, skills, and competencies 4. Develop and/or procure necessary knowledge, skills, and competencies collectively required by internal audit activity www.LearnCia.com 5. Exercise due professional care 6. Promote continuing professional development 7. Promote quality assurance and improvement of the internal audit activity 8. Abide by and promote compliance with The IIA’s Code of Ethics Part 1, Section 1 Part 1 1 – 2 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Internal Auditing, Defined “An independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” www.LearnCia.com Part 1, Section 1, Introduction Part 1 1 – 3 V3.0 THE IIA’S CIA LEARNING SYSTEMTM International Professional Practices Framework (IPPF) Code of Ethics International Standards for the Professional Practice of Internal Auditing (Standards) Mandatory Definition of Internal Auditing Practice Advisories Practice Guides Position Papers www.LearnCia.com Part 1, Section 1, Introduction Not mandatory (but endorsed and recommended by The IIA) Part 1 1 – 4 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Discussion Question During an internal audit, the Standards establish all of the following EXCEPT A. basic auditing principles. B. evaluation criteria for audit performance. C. considerations on how to plan and perform the engagement. D. a framework for a broad range of valueadded internal audit activities. Answer: C. Approach and methodology (but not detailed processes and procedures) are covered in the Practice Advisories. www.LearnCia.com Part 1, Section 1, Introduction Part 1 1 – 5 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Categories of Standards Attribute • • Performance Apply to all internal audit services and internal auditors, individually (organizations; parties performing internal audit activities) Provide guidance for the quality of the internal audit programs www.LearnCia.com • • • Apply to all internal audit services and internal auditors Describe the nature of internal audit activities Provide quality criteria for performance evaluation Part 1, Section 1, Introduction Implementation • • Expand Attribute and Performance Standards Apply to specific engagements Part 1 1 – 6 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Discussion Question Defining characteristics such as independence and objectivity or due professional care are covered in A. Attribute Standards. B. Performance Standards. C. Implementation Standards. D. Practice Guides and Position Papers. Answer: A. Attribute Standards describe the characteristics of organizations and parties performing internal audit activities. www.LearnCia.com Part 1, Section 1, Introduction Part 1 1 – 7 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Types of Internal Audit Activity Assurance Services “An objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization” www.LearnCia.com Consulting Services “Advisory and related client service activities, the nature and scope of which are agreed to by the client and which are intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility” Part 1, Section 1, Introduction Part 1 1 – 8 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Discussion Question Which of the following characteristics differentiates the internal auditor’s activity during assurance and consulting engagements? A. B. C. D. Compliance with applicable Standards Conformance to applicable Standards Assessment or advisory role Internal or external expertise Answer: C www.LearnCia.com Part 1, Section 1, Introduction Part 1 1 – 9 V3.0 THE IIA’S CIA LEARNING SYSTEMTM IIA Guidance and Materials Practice Advisories Strongly endorsed and recommended guidance on best practices for performance of the Standards Practice Guides Detailed processes and procedures, such as tools and techniques, programs, and step-bystep approaches Position Papers Statements to assist a wide range of interested parties www.LearnCia.com Part 1, Section 1, Introduction Part 1 1 – 10 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Internal Audit Activity, Defined “A department, division, team of consultants, or other practitioner(s) that provides independent, objective assurance and consulting services designed to add value and improve an organization’s operations” Helps accomplish organizational objectives through a systematic, disciplined approach Evaluates and improves the effectiveness of risk management, control, and governance processes Requires top-level support (e.g., the board and senior management) communicated throughout the organization www.LearnCia.com Part 1, Section 1, Topic 1 Part 1 1 – 11 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Discussion Question All of the following are reasonable responsibilities for the chief audit executive EXCEPT A. overseeing the service contract with a consultant. B. waiving a regulatory agency’s recommendation on a risk management or control issue. C. developing the audit charter and securing approval by the board. D. reporting to senior management and the board on internal audit activities. Answer: B. This is a management decision, not an internal audit decision. www.LearnCia.com Part 1, Section 1, Topic 1 Part 1 1 – 12 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Internal Audit Charter, Defined “A formal document that defines the internal audit activity’s purpose, authority, and responsibility” www.LearnCia.com Establishes the internal audit activity’s position within the organization Authorizes access to records, personnel, and physical properties relevant to the performance of engagements Defines the scope of internal audit activities Part 1, Section 1, Topic 1 Part 1 1 – 13 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Typical Audit Charter Elements Mission and scope of the internal auditing department Accountability of the CAE to management and an audit committee Independence of the internal auditing function Responsibilities of the CAE and internal auditing staff Range of authority of the CAE and internal auditing staff Applicable standards of audit practice www.LearnCia.com Part 1, Section 1, Topic 1 Part 1 1 – 14 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Types of Engagements Assurance Consulting Formal—Engagements planned and subject to written agreement Informal—Various routine activities Special—Participation in a merger, acquisition, or conversion “Blended” www.LearnCia.com Emergency—Participation in disaster recovery or special business events Part 1, Section 1, Topic 1 Part 1 1 – 15 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Discussion Question Which of the following items is appropriate to include in an internal audit activity charter? A. Authorization and access B. Levels of staff proficiency C. Inquiry and observation processes employed D. Activity objectives for external service providers Answer: A www.LearnCia.com Part 1, Section 1, Topic 1 Part 1 1 – 16 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Key Documents Basic documents to support the purpose, authority, and responsibility of the internal audit department and internal audit activities Internal audit charter Function and responsibility (F and R) statement Statement of policy (corporate audit policy or policy statement missions) Audit manual (policies and procedures) Staff job descriptions www.LearnCia.com Part 1, Section 1, Topic 1 Part 1 1 – 17 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Marketing the Audit Function Brochures Promote the audit function and explain the features and benefits Newsletters Highlight important aspects of internal audit activities Publications Provide softer human interest stories Audit department open house Facilitate introductions and/or dialogue Advisory board of operating managers chaired by CAE Facilitate an exchange of information on related topics Client training Educate client personnel and/or internal auditing new hires Engagement documents and meetings Structure an internal audit activity as a problem-solving partnership www.LearnCia.com Part 1, Section 1, Topic 1 Part 1 1 – 18 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Discussion Question Identify whether the statement is related to the purpose, authority, or responsibility of the internal audit activity. Answers: Responsibility 1. Ensure that staff possesses sufficient expertise to fulfill the engagement charter. Authority 2. Maintain access with the appropriate governing authority. Purpose 3. Add value and improve operations. www.LearnCia.com Part 1, Section 1, Topic 1 Part 1 1 – 19 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Internal Audit Activity Purpose, Authority, and Responsibility • • • • Attribute Standard 1000 Attribute Standard 1130 Performance Standard 2400 Performance Standard 2420 www.LearnCia.com Part 1, Section 1, Topic 1 Part 1 1 – 20 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Independence and Objectivity, Defined Independence Independence “The freedom from conditions that from “… the freedom threaten objectivity or conditions that the appearance of or threaten objectivity objectivity” the appearance of objectivity ...” www.LearnCia.com Objectivity “An unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they have an honest belief in their work product and that no significant quality compromises are made” Part 1, Section 1, Topic 2 Part 1 1 – 21 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Independence and Organizational Reporting Board of Directors Functional reporting Senior Management Audit Committee Administrative reporting Functional reporting CAE and Internal Audit Function www.LearnCia.com Part 1, Section 1, Topic 2 Part 1 1 – 22 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Functional Reporting Administrative Reporting Provides independence and authority Facilitates day-to-day operations Examples: • Approve: – – – – Internal audit activity’s charter. Internal audit risk assessment and related audit plan. All decisions regarding performance evaluation, appointment/removal of CAE. Annual compensation and salary adjustment of CAE. Examples: • Budgeting and management accounting • Human resource administration • Internal communications and information flows • Administration of the internal audit activity’s internal policies and procedures • Receive communications from CAE. • Make appropriate inquiries of management and CAE. www.LearnCia.com Part 1, Section 1, Topic 2 Part 1 1 – 23 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Alignment to Ensure Organizational Independence Have regular and direct communication with the board. Report to an individual at the senior management level with sufficient authority to promote independence and to ensure broad audit coverage. Report directly to the audit committee (or its equivalent). www.LearnCia.com Part 1, Section 1, Topic 2 Part 1 1 – 24 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Discussion Question Which action best exemplifies internal auditing objectivity? A. Strategic synergies B. Win-win conflict resolution C. Periodic communication with the engagement client D. Independent mental attitude Answer: D. An internal auditor must have an unbiased and impartial mindset in regard to all engagements. www.LearnCia.com Part 1, Section 1, Topic 2 Part 1 1 – 25 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Policies to Promote Objectivity Internal auditors should: Have no operational responsibility for the activity under review. Have had no authority or responsibility during the past year or a reasonable time frame. Abide by the Code of Ethics. Not subordinate their judgment to that of others. Not compromise the quality of their work or objectivity of their judgment. Avoid potential conflicts of interest and bias. Have an independent review of engagement results. www.LearnCia.com Part 1, Section 1, Topic 2 Part 1 1 – 26 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Additional Best Practices to Maintain Objectivity CAE Internal Auditor www.LearnCia.com • Periodic query of internal auditing staff • Periodic staff assignment rotation • Refusal of material fees, gifts, or entertainment—consideration of what is “reasonable” Part 1, Section 1, Topic 2 Part 1 1 – 27 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Discussion Question Identify which of the following items exemplify potential impairments. Respond “yes,” “no,” or “probable.” Answers: No 1. Accepting a breakfast invitation Yes 2. An executive demanding the rescheduling of an audit Probable 3. A designer passport travel ID case Yes 4. Denial of facility access Potential impairments should be reported to the CAE. www.LearnCia.com Part 1, Section 1, Topic 2 Part 1 1 – 28 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Reinforcing Activity 1-1 Part 1, Section 1, Topic 2 Maintain Independence and Objectivity www.LearnCia.com Part 1, Section 1, Topic 2 Part 1 1 – 29 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Engagement Staffing Options In-house auditing Establishing a dedicated audit team with requisite resources Total out-sourcing Out-sourcing 100% of the internal audit activity to an external provider, usually on an ongoing basis Co-sourcing A combination of internal staffing and external outsourcing; external providers provide supplementary specialist skills Subcontracting (staff augmentation) Securing a specific individual to perform a specific engagement or part of an engagement Secondment Borrowing an employee from another part of the organization to work in the audit activity for a specified period of time www.LearnCia.com Part 1, Section 1, Topic 3 Part 1 1 – 30 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Requisite Knowledge, Skills, and Competencies Examples Knowledge Information Knowledge required to perform technical audits Skills Proficiency Language/communication skills Competencies Performance www.LearnCia.com Part 1, Section 1, Topic 3 Interpersonal skills/audit tools and techniques Part 1 1 – 31 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Internal Audit Designated Competencies Interpersonal Skills Tools and Techniques Competency Categories Internal Audit Standards, Theory, and Methodology www.LearnCia.com Knowledge Areas Part 1, Section 1, Topic 3 Part 1 1 – 32 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Discussion Question Who is ultimately responsible for ensuring that the internal audit activity is staffed appropriately? A. Audit committee B. Chief audit executive (CAE) C. Board D. Human resources Answer: B. The CAE is responsible for determining levels of education and experience for the organization’s IA positions. www.LearnCia.com Part 1, Section 1, Topic 3 Part 1 1 – 33 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Discussion Question Identify the employment term described in the example. Answers: Job specifications Job description Performance appraisal Career path www.LearnCia.com 1. Requiring CIA certification for an internal audit position 2. List of requisite knowledge, skills, and competencies 3. Evaluation and feedback at the end of an engagement 4. Progressive promotions of an internal auditor Part 1, Section 1, Topic 3 Part 1 1 – 34 V3.0 THE IIA’S CIA LEARNING SYSTEMTM How to Evaluate Staff Proficiency 4 3 2 1 Conduct a staffing analysis. Obtain and review information pertaining to specialized skills required by the IA activity. Review staff and management job descriptions. Review the education and background of the IA activity’s staff. www.LearnCia.com Part 1, Section 1, Topic 3 Part 1 1 – 35 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Discussion Question The CAE must hire an outside service provider to support the internal audit activity with statistical analysis responsibilities. This best describes A. co-sourcing. B. out-sourcing. C. joint venture. D. alliance. Answer: A. In co-sourcing, an external provider supplements the internal audit function; in outsourcing, an outside firm is paid to handle the responsibility. www.LearnCia.com Part 1, Section 1, Topic 4 Part 1 1 – 36 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Co-sourcing and Out-sourcing Advantages + Frees internal resources + Provides flexibility + Can improve efficiency and effectiveness + Can reduce expenses + Can expand coverage + May improve quality and/or timeliness + Can provide additional skill sets www.LearnCia.com Disadvantages – Can cost more – Results in a loss of in-house capabilities and process control – Can undermine morale – Requires a learning curve, oversight, and coordination – Has potential for privacy and confidentiality issues – Can undermine career pathing Part 1, Section 1, Topic 4 Part 1 1 – 37 V3.0 THE IIA’S CIA LEARNING SYSTEMTM CAE Responsibilities for Outside Service Providers Determine the competence. Assess the relationship with the organization. Ensure that independence and objectivity are maintained. Review necessary information (e.g., work objectives, scope, access). Document matters in an engagement letter or contract. Reference compliance with The IIA’s Standards (as applicable). www.LearnCia.com Part 1, Section 1, Topic 4 Part 1 1 – 38 V3.0 THE IIA’S CIA LEARNING SYSTEMTM What Is Fraud? “Any illegal act characterized by deceit, concealment or violation of trust” www.LearnCia.com Examples: • Acceptance of bribes or kickbacks • Diversion of a potentially profitable transaction • Embezzlement • Intentional concealment/misrepresentation of events, transactions, or data • Bogus claims submitted for services or goods • Intentional failure to act • Unauthorized or illegal use of confidential or proprietary information • Unauthorized or illegal manipulation of IT networks or operating systems • Theft Part 1, Section 1, Topic 4 Part 1 1 – 39 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Information Technology Considerations “Internal auditors must have sufficient knowledge of key information technology risks and controls and available technology-based audit techniques to perform their assigned work. However, not all internal auditors are expected to have the expertise of an internal auditor whose primary responsibility is information technology auditing.” (Standard 1210.A3) www.LearnCia.com Part 1, Section 1, Topic 4 Part 1 1 – 40 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Characteristics of Due Professional Care What is due professional care? What are the implications? • Calls for the application of the care and skill expected of a reasonably prudent and competent internal auditor in the same or similar circumstances. • Requires internal auditors to act responsibly. • Exercised when internal audits are performed in accordance with the Standards. • Internal auditors must be independent, competent, and objective. • Audit work must be planned and supervised. • Audit reports must be objective, clear, concise, constructive, and timely. • Internal auditors must follow up on reported audit findings. www.LearnCia.com Part 1, Section 1, Topic 5 Part 1 1 – 41 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Discussion Question Which of the following statements exemplifies due professional care in an assurance engagement? A. Understanding the performance goals of the client B. Recognizing the needs of management C. Being alert to significant risks that affect objectives, goals, and strategies Answer: C www.LearnCia.com Part 1, Section 1, Topic 5 Part 1 1 – 42 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Discussion Question How does due professional care in a consulting engagement differ from that in an assurance engagement? A. More applicable standards B. Increased client needs and expectations C. Fewer potential benefits derived from the engagement Answer: B. Many of the same considerations apply. However, the needs and expectations of clients have increased significance. www.LearnCia.com Part 1, Section 1, Topic 5 Part 1 1 – 43 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Reinforcing Activity 1-2 Part 1, Section 1, Topic 5 Exercise Due Professional Care www.LearnCia.com Part 1, Section 1, Topic 5 Part 1 1 – 44 V3.0 THE IIA’S CIA LEARNING SYSTEMTM What Is Continuing Professional Development? Description The means to maintain, improve, and broaden the knowledge, skills, and competence required in a profession www.LearnCia.com General Examples • • • • • • • • • Occupational assignments Mentoring Networking Training Research projects Collective wisdom Formal education Conferences Membership/activity in professional societies • Certification and recertification Part 1, Section 1, Topic 6 The IIA Offerings • Seminars • Conferences • Web-based training • Vision University Part 1 1 – 45 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Certification Description Achieved By The systematic • Graduation from measurement of accredited or characteristics that approved training results in recognition • Completion of a of meeting suggested specified amount or knowledge and other type of work minimum requirements experience • Acceptable exam performance www.LearnCia.com The IIA Certifications • Certified Internal Auditor® (CIA) • Certification in Control Self-Assessment (CCSA) • Certified Government Auditing Professional (CGAP) • Certified Financial Services Auditor (CFSA) Part 1, Section 1, Topic 6 Part 1 1 – 46 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Quality Assurance and Improvement Program (QA&IP) • Helps provide reasonable assurance to stakeholders that the internal audit activity: – Performs in accordance with its charter and is consistent with the Definition of Internal Auditing, the Code of Ethics, and the Standards. – Operates in an effective and efficient manner. – Is perceived as adding value and improving operations. • Includes appropriate supervision, periodic internal assessments, ongoing monitoring of quality assurance, and periodic external assessments. www.LearnCia.com Part 1, Section 1, Topic 7 Part 1 1 – 47 V3.0 THE IIA’S CIA LEARNING SYSTEMTM QA&IP Internal and External Assessments Periodic internal assessment • Ongoing internal evaluations of the internal audit activity coupled with periodic selfassessments and/or reviews • Conducted by persons within the organization’s internal audit activity • Supervised by the direction of the CAE www.LearnCia.com Periodic external assessment • Evaluation of the internal audit activity compliance with the Standards, the use of best practices, and internal audit activity efficiency and effectiveness • Conducted by a qualified independent reviewer or review team from outside the organization Part 1, Section 1, Topic 7 Part 1 1 – 48 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Discussion Question Identify whether the statement describes internal or external periodic quality assessments or both. Answers: Internal or external 1. Usually incorporated into routine policies and practices 2. Provides an opinion about conformance to the Standards Internal 3. CAE involvement precludes total objectivity External 4. Conducted at least once every five years Internal www.LearnCia.com Part 1, Section 1, Topic 7 Part 1 1 – 49 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Scope of Internal Assessments • Routine and continuous supervision and testing of performance of audit/ consulting work • Ongoing measurements and analyses of performance metrics • Periodic validations of compliance with applicable laws, regulations, standards • Periodic validations of compliance with Standards and Code of Ethics www.LearnCia.com • Evaluation of adequacy of internal audit activity’s charter, goals, objectives, policies, procedures • Assessment of contribution to organization’s governance, risk management, and control processes • Evaluation of effectiveness of continuous improvement activities and adoption of best practices • Whether auditing activity adds value and improves organization’s operations Part 1, Section 1, Topic 7 Part 1 1 – 50 V3.0 THE IIA’S CIA LEARNING SYSTEMTM QA&IP Internal Performance Measures Board/Audit Committee Management & Audit Clients International Professional Practices Framework Internal Audit Process Corporate and Internal Audit Strategies Laws and Regulations Innovation and Capabilities www.LearnCia.com Part 1, Section 1, Topic 7 Part 1 1 – 51 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Discussion Question Which of the following are acceptable teams to perform external quality assessment reviews? (Select all that apply.) I. A team that is totally independent of the organization yet knowledgeable in standards of audit performance II. Internal auditors from a subsidiary organization III. A self-assessment with independent validation by an independent reviewer IV. A peer review team made of members from at least three different organizations Answer: I, III, and IV. External reviewers must be independent of the organization whose internal audit activity is the subject of the assessment. “Independent of the organization” means not a part of or under the control of the organization to which the internal auditing activity belongs. www.LearnCia.com Part 1, Section 1, Topic 7 Part 1 1 – 52 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Scope of External Assessments • Conformance with the Definition of Internal Auditing, the Code of Ethics, and the Standards and with the internal audit activity’s charter, plans, policies, procedures, practices, and applicable legislative and regulatory requirements • Expectations of the internal audit activity expressed by the board, senior management, and operational managers • Integration of the internal audit activity into the organization’s governance process, including the attendant relationships between and among the key groups involved in that process www.LearnCia.com • Tools and techniques employed by the internal audit activity • Mix of knowledge, experience, and disciplines within the staff, including staff focus on process improvement • Determination as to whether or not the audit activity adds value and improves the organization’s operations Part 1, Section 1, Topic 7 Part 1 1 – 53 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Reporting the Results of QA&IP Internal assessments External assessments The CAE should share results, necessary action plans, and their successful implementation with stakeholders such as: • Senior management. • The board. • External auditors. • Preliminary results should be discussed with the CAE during and at the conclusion of the process. • Final results should be communicated in a formal report to: www.LearnCia.com – The CAE or other official who authorized the review. – Appropriate members of senior management and the board. Part 1, Section 1, Topic 7 Part 1 1 – 54 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Compliance/Conformity to the Standards Compliance is conformity and “adherence to policies, plans, procedures, laws, regulations, contracts, or other requirements.” Statement may be used only if validated by assessments of the QA&IP. Assessments should include recommendations for compliance improvement. Compliance may be expressed in one of three ways. • “In compliance with the Standards” • “In conformity to the Standards” • “In accordance with the Standards” www.LearnCia.com Part 1, Section 1, Topic 7 Part 1 1 – 55 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Reinforcing Activity 1-3 Part 1, Section 1, Topic 7 Promote Quality Assurance and Improvement of the Internal Audit Activity www.LearnCia.com Part 1, Section 1, Topic 7 Part 1 1 – 56 V3.0 THE IIA’S CIA LEARNING SYSTEMTM The IIA’s Code of Ethics, Defined Principles: “Principles relevant to the profession and practice of internal auditing and Rules of Conduct that describe behavior expected of internal auditors. The Code of Ethics applies to both parties and entities that provide internal audit services. The purpose of the Code of Ethics is to promote an ethical culture in the global profession of internal auditing.” www.LearnCia.com Integrity Objectivity Confidentiality Competency Part 1, Section 1, Topic 8 Part 1 1 – 57 V3.0 THE IIA’S CIA LEARNING SYSTEMTM Reinforcing Activity 1-4 Part 1, Section 1, Topic 8 Abide By and Promote Compliance With The IIA’s Code of Ethics www.LearnCia.com Part 1, Section 1, Topic 8 Part 1 1 – 58 V3.0 THE IIA’S CIA LEARNING SYSTEMTM End of Section 1 Questions? www.LearnCia.com Part 1, Section 1 Part 1 1 – 59 V3.0
