Model Quality Assurance Improvement Program

advertisement
Sample Quality Assurance
Improvement Program
ABC ORGANIZATION (ABC) – INTERNAL AUDIT (INTERNAL AUDIT)
QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP) – GENERAL
Internal Audit’s Quality Assurance and Improvement Program (QAIP) is designed to provide reasonable
assurance to the various stakeholders of the Internal Audit activity that Internal Audit:
(1) Performs its work in accordance with its Charter, which is consistent with The Institute of Internal
Auditors International Standards for the Professional Practice of Internal Auditing (Standards),
Definition of Internal Auditing and Code of Ethics;
(2) Operates in an effective and efficient manner; and
(3) Is perceived by stakeholders as adding value and improving Internal Audit’s operations. To that end,
Internal Audit’s QAIP will cover all aspects of the Internal Audit activity (1300). In this regard, a list of
the features to be considered for the QAIP:
 Monitors the Internal Audit activity to ensure it operates in an effective and efficient manner
(1300).
 Assures compliance with the Standards, Definition of Internal Auditing and Code of Ethics
(1300).
 Helps the Internal Audit activity add value and improve organizational operations (1300).
 Includes both periodic and ongoing internal assessments (1311).
 Includes an external assessment at least once every five years, the results of which are
communicated to the Board of Directors (BOD) through the Audit Committee of the Board of
Directors (Audit Committee) (1312, 1320).
The Chief Audit Executive (CAE) is ultimately responsible for the QAIP, which covers all types of
INTERNAL AUDIT activities, including consulting.
INTERNAL ASSESSMENTS
A. Ongoing Reviews – Ongoing assessments are conducted through:

Supervision of engagements

Regular, documented review of work papers during engagements by appropriate Internal Audit
staff

Audit Policies and Procedures used for each engagement to ensure compliance with applicable
planning, fieldwork and reporting standards

Feedback from customer survey on individual engagements

Analyses of performance metrics established to improve the IAA effectiveness and efficiency

All final reports and recommendations are reviewed and approved by a CAE
B. Periodic Reviews – Periodic assessments are designed to assess conformance with Internal Audit’s
Charter, the Standards, Definition of Internal Auditing, the Code of Ethics, and the efficiency and
effectiveness of internal audit in meeting the needs of its various stakeholders. Periodic
assessments will be conducted through:
Revised: 9/22/2009
The Institute of Internal Auditors
Page 1 of 3

Bi-annual customer survey

Annual risk assessments for purposes of annual audit planning

Semi-annual work paper reviews for performance in accordance with internal audit policies and
with the Standards (using Tool 17 of The IIA Quality Assessment Manual)

Review of internal audit performance metrics and benchmarking of best practices, prepared and
analyzed in accordance with Audit Policies and Procedures

Periodic activity and performance reporting to the President and the Audit Committee
EXTERNAL ASSESSMENTS
A. General Considerations – External assessments will appraise and express an opinion about internal
audit’s conformance with the Standards, Definition of Internal Auditing and Code of Ethics and include
recommendations for improvement, as appropriate.
B. Timing – An external assessment will be conducted every five years.
C. Scope of External Assessment – The external assessment will consist of a broad scope of
coverage that includes the following elements of Internal Audit activity:

Conformance with the Standards, Definition of Internal Auditing, the Code of Ethics, and internal
audit’s Charter, plans policies, procedures, practices, and any applicable legislative and
regulatory requirements.

Expectations of Internal Audit as expressed by the BOD, executive management, and operational
managers.

Integration of the Internal Audit activity into ABC’s governance process, including the audit
relationship between and among the key groups involved in the process.

Tools and techniques used by Internal Audit.

The mix of knowledge, experiences, and disciplines within the staff, including staff focus on
process improvement.

A determination whether Internal Audit adds value and improves ABC’s operations.
D. Considerations – The qualifications and considerations of external reviewers as noted in The IIA’s
Practice Advisory 1312-1 will be considered when contracting with an outside party to conduct the
review.
REPORTING ON QUALITY PROGRAM
A. Internal Assessments – Results of internal assessments will be reported to the Audit Committee
and to the senior management at least annually.
B. External Assessments – Results of external assessments will be provided to the senior
management and the Audit Committee. The external assessment report will be accompanied by a
written action plan in response to significant comments and recommendations contained in the
report.
C. Follow-up – The CAE will implement appropriate follow-up actions to ensure that recommendations
made in the report and action plans developed are implemented in a reasonable timeframe.
Revised: 9/22/2009
The Institute of Internal Auditors
Page 2 of 3
ADMINISTRATIVE MATTERS
This policy will be appropriately updated for changes in the Standards or internal audit’s operating
environment.
QUALITY ASSURANCE AND IMPROVEMENT (QA&I) PROGRAM
POTENTIAL INTERNAL AUDIT COMPONENTS

Oversee the development and implementation of Internal Audit policies/procedures;
administer/maintain the Policy/Procedures manual.

Assist the chief audit executive (CAE) and audit managers with budgeting and financial
administration for internal audit.

Maintain and update the comprehensive audit risk universe, including gathering and incorporating
new information impacting the universe; oversee the division of labor among internal audit, external
audit, evaluation and investigation functions, etc.

Administer the general operation of the system for evaluation of audit risk and long-range planning –
assisting the CAE and the audit managers in this area.

Assist internal audit management in the acquisition and maintenance of audit tools and use of
technology.

Administer external recruitment and internal audit’s participation in the organization’s internal staff
rotation and management development programs.

Oversee the training/development of staff, including selection and administration of training courses;
administration of the career planning and performance evaluation processes in internal audit.

Oversee the system(s) for internal audit statistics/metrics; administer the system for post-audit and
other surveys of internal audit customers.

Administer/monitor quality assurance and process improvement activities, including formal quality
assessment processes (using the tools from The IIA’s Quality Assessment Manual).

Oversee/administer information gathering and preparation of the periodic summary reports by
internal audit to senior management and the audit committee (including reports of the results of
internal and external quality assessments).

Administer/maintain the comprehensive follow-up database for recommendations and action plans
resulting from internal audit engagements and the work of external auditors and other internal
evaluation and investigation functions.

Assist the CAE, audit managers, and internal audit staff in keeping current on changes and
emerging best practices of the internal auditing profession; undertake research into other emerging
issues and opportunities – under the direction of internal audit management.
The QAIP function would be performed by a relatively small staff (from one, part-time, to two-three
people, depending on the size of internal audit activity and the extent to which the chief audit executive
wishes to delegate administrative matters). The words “assist, administer, oversee, monitor, and
maintain” are intended to indicate that the internal audit person(s) responsible for QAIP would not
physically perform much of this work. It would be assigned – either ad-hoc for particular task or on a
longer-term basis – to other internal audit executives and staff, but overseen, administered, etc., by the
QAIP function.
Revised: 9/22/2009
The Institute of Internal Auditors
Page 3 of 3
Download