Add to collection(s) Add to saved
  1. Business
  2. Management

chapter 1 why are the international professional practices framework

advertisement 
Implementing the International Professional Practices Framework, 3rd Edition
Urton Anderson and Andrew Dahle
© 2009, The IIA Research Foundation
CHAPTER 1
WHY ARE THE INTERNATIONAL PROFESSIONAL
PRACTICES FRAMEWORK AND THE STANDARDS
IMPORTANT?
In order to appreciate the importance of the International Professional Practices Framework (IPPF), it is
useful to understand first its history, and then why it is important to internal audit stakeholders, the
internal audit profession, and to you, the internal audit practitioner.
A Brief History of Guidance and Standards for the Internal Audit Profession
The practice of internal auditing developed over a long period of time. As organizations grew in size and
complexity and developed geographically dispersed operations, managers in the upper echelons of the
organizational structure could no longer personally observe operations for which they were responsible
nor have significant direct contact with people reporting to them. This distancing of upper-level
management from the operations for which they were responsible created a need for other people in the
organization to assist by inspecting the operations and providing reports.
With the founding of The Institute of Internal Auditors (The IIA) in 1941, internal audit practice began
the move toward becoming a profession, including agreement among practitioners about the role of
internal auditing and its basic concepts and practices. The development of guidance for the emerging
profession proceeded relatively slowly in the early years of The IIA. The first guidance came with the
issuance of the Statement of the Responsibilities of the Internal Auditor in 1947. This short document set
out to define the objectives and scope of internal auditing. As the profession evolved, the broadening of
its scope was reflected in subsequent revisions. For instance, in the original 1947 Statement, the scope
was focused primarily on financial matters, but by 1957, it had been broadened to include numerous
services to management regarding review and evaluation of operations as well. Over the years, the
Statement was periodically revised (1957, 1971, 1976, 1981, and 1990) until it was replaced in 1999 by
the current Definition of Internal Auditing.
The IIA provided additional guidance for the profession in 1968 with the issuance of a Code of Ethics for
IIA members. This code consisted of eight articles, the basic principles of which are still found in the
current code. The IIA also provided specifics on what knowledge and skills internal audit practitioners
should possess with the publication of the Common Body of Knowledge in 1972 and implementation of
the Certified Internal Auditor (CIA) certification program the subsequent year. Finally, in 1978, The IIA
issued the Standards for the Professional Practice of Internal Auditing. They consisted of five general
and 25 specific guidelines as to how the internal audit function should be managed and how audit
engagements should be performed. These standards were widely adopted and translated into a number of
different languages. Additionally, they were incorporated into the laws and regulations of various
government entities.
The 1978 Standards proved relatively robust and were able to accommodate the evolving profession,
remaining relatively unchanged for the next 20 years. However, there was a large amount of additional
Implementing the International Professional Practices Framework, 3rd Edition
Urton Anderson and Andrew Dahle
© 2009, The IIA Research Foundation
guidance provided to interpret these standards coming from a number of different sources. These ranged
from guidelines that accompanied the Standards, to a series of Professional Standards Practice Releases,
providing IIA staff’s response to frequently asked questions (FAQs) in terms of implementing the
Standards, to IIA Position Papers, as well as a large number of research studies. By the end of the 1990s,
the body of guidance that had developed alongside the Code of Ethics and the Standards had reached a
point where there were no clear levels of authority among the various sources of guidance, as well as
instances of conflicting guidance.
The landscape of the profession in the 1990s also had altered in terms of how internal audit services were
being provided, with a significant share of the services now being delivered by external service providers.
In some internal audit functions, there was a dramatic shift in the amount of time being allocated from the
traditional services of audits and reviews of operations to nontraditional audit services such as control
self-assessment programs, proactive training on internal control, participation as advisors in system
implementation projects, and other consulting activities. Further, since the mid-1980s, the concept of risk
management as a method of allocating internal audit resources had rapidly developed within the
profession. The 1978 Standards did not specifically address these emerging issues.
Recognizing the important role that the Statement of Responsibilities, The Code of Ethics, and
particularly, the Standards had played in the development of the now global internal audit profession, The
IIA established a Guidance Task Force in 1997 to consider the needs and mechanisms for providing
guidance to the profession in the future. After more than a year of study, the Guidance Task Force issued
its report — A Vision for the Future: Professional Practices Framework for Internal Auditing. This
report proposed a new definition of internal auditing to replace the one found in the Statement of
Responsibilities and a new structure for providing relevant and timely guidance to the profession. The
proposed definition and structure were approved in 1999. Implementation began with the revision of the
Code of Ethics in 2000 and the completion of a new International Standards for the Practice of Internal
Auditing (Standards) in 2002.
By 2006, the Standards had become recognized globally, with authorized translations in 32 languages,
and increasingly incorporated into laws and regulations in a number of countries and jurisdictions.
However, with the increased recognition and status of The IIA’s professional guidance, IIA leadership
saw the need to ensure that its authoritative guidance was clear, current, relevant, and internationally
consistent, and that the guidance-setting processes were suitably transparent to the profession’s
stakeholders and sufficiently responsive to the needs of the profession. A task force and steering
committee was established to review the existing guidance structure and the guidance development,
review, and issuance processes. The result of the review was a new guidance framework (the IPPF) and
reengineering of the guidance-setting processes, including the creation of a new guidance oversight board,
composed predominately of outside stakeholders, to monitor processes used in establishing the mandatory
guidance.
Why Are the IPPF and the Standards Important?
The IPPF and its components are key to those who rely on and use the services of the internal audit
profession as well as all those working in the profession. The components, as further described later,
include mandatory guidance: the Definition of Internal Auditing, the Code of Ethics, the Standards, as
well as strongly recommended guidance: Position Papers, Practice Advisories, and Practice Guides. The
Implementing the International Professional Practices Framework, 3rd Edition
Urton Anderson and Andrew Dahle
© 2009, The IIA Research Foundation
Standards are a fundamental part of the IPPF and provide the basis for discussion of much of the IPPF in
this book.
As described in the Definition of Internal Auditing, an effective internal audit function acts as an
independent, objective assurance and consulting activity that is designed to add value and improve an
organization’s operations. It helps an organization accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the effectiveness of risk management, control, and
governance processes.
Why is the IPPF Important to Internal Auditing’s Stakeholders, Including Audit Committees and Senior
Management?
As noted in the section above on internal audit history, as organizations grew in size and complexity and
developed geographically dispersed operations, internal auditing developed to help organizations, as
managers in the upper echelons of the organizational structure could no longer personally observe all
operations. The emergence of the IPPF and the Standards for the internal audit profession helps ensure
that senior management has a framework with which to focus and measure internal audit performance and
quality.
Internal auditing is one of the cornerstones of corporate governance, along with the board of directors,
senior management, and external audit. Because of its unique position within organizations, internal
auditing provides audit committee members with valuable assistance by giving objective assurance on
governance, risk management, and control processes. To do this effectively, an internal audit function
must be adequately resourced, professionally staffed, and follow the internationally recognized
framework for internal auditing provided by The IIA — the IPPF.
In recent years, the responsibilities of governing bodies such as the audit committee have come under
scrutiny or been enhanced from regulators around the globe. In addition, audit committees frequently
have stated roles related to internal auditing in their charters. The roles typically include monitoring the
effectiveness of internal auditing. The IPPF and the Standards outline what internal auditing needs to do
in order to be effective. By understanding the Standards and how internal auditing complies, audit
committees will be in a better position to appoint, appraise, utilize, and support their internal auditors.
Further, there is a strong link between the considerations in the audit committee related to internal
auditing, regulatory requirements regarding audit committees’ oversight of internal auditing, and the
Standards. See Exhibit 1-1 for a mapping of common audit committee roles and the Standards. This
clearly illustrates that in organizations whose internal audit function complies with the Standards, the
audit committees will find it much easier to comply with their own charter and regulatory requirements.
Key questions that the audit committee can ask to see if they are properly understanding, assessing, and
supporting internal auditing are provided in Exhibit 1-2. Chief audit executives may find these exhibits
useful in educating the audit committee in the importance of conformance with the Standards and the
IPPF.
Why is the IPPF Important to the Internal Audit Profession?
A professional framework and standards are a core attribute that differentiates professions from
unstructured groups of people who happen to be employed in similar roles. It differentiates a group
conforming to a level of performance and quality from a general grouping of people with similar interests,
Implementing the International Professional Practices Framework, 3rd Edition
Urton Anderson and Andrew Dahle
© 2009, The IIA Research Foundation
but inconsistent performance or cohesion. A dictionary definition of what it means to be professional
states, “characterized by or conforming to the technical or ethical standards of a profession.”
The IPPF and its elements define and provide assurance of quality and professionalism in internal
auditing. The mandatory elements of the IPPF, the Definition of Internal Auditing, the Standards, and the
Code of Ethics are followed by all IIA members and are the foundation of the profession of internal
auditing. This allows others to rely upon internal auditing, including the stakeholders discussed earlier.
Further, the IPPF allows other major institutions in society, such as regulatory bodies and governments, to
rely upon internal auditing and reflect it in its regulations and laws. An ever-increasing number of
regulatory bodies are recognizing the importance of the Standards in ensuring internal auditing is
effective.
Why is the IPPF Important to Each Internal Auditor?
The IPPF for internal auditing is the sole global set of professional requirements for the internal audit
profession. At the most basic level, the IPPF exists to help contribute to each and every internal audit
professional around the world being able to perform to a certain fundamental level of performance.
When you devote your professional career to any cause, it is important that you excel in what you do. The
IPPF and the Standards are meant for practitioners. The IPPF is here to help you and your internal audit
activity succeed. It is a road map, uniquely fitted to the needs of internal auditors. It continues to build on
the successful history of our profession.
Why is This Book Important to You?
This book came from the desire in the internal audit profession for:
•
•
•
•
Further explanations of meanings behind the principles-based Standards in the IPPF and answers
to FAQs.
Practical tools that help you implement the Standards in your organization.
Examples of leading practices in implementing the Standards and best practice internal auditing.
Discussion of trends and various points of view on topics core to the profession of internal
auditing.
This book is organized and aligned with the Standards. It contains more than 30 exhibits of models, tools,
and lists that will be useful in implementing the topics discussed in the IPPF and the Standards. Through
understanding the topics and applying the exhibits to your organization, you will be able to leverage the
knowledge of leading thinking and practical real-world applications of the principles-based Standards.
The IPPF and the Standards Are Fundamental to Adding Value Through Internal Auditing
Each internal audit activity will have to determine how best to add value for its organization given the
needs and climate of the organization. In order to best add value, internal auditing needs to understand the
expectations of key stakeholders and their perception of what adds value. This book illustrates how to
take those expectations and — through the IPPF, the Standards, and leading practices and tools for
implementation — embark on the mission to add value.
Related documents
COVER LETTER SAMPLE
COVER LETTER SAMPLE
Continuous Auditing - Global Institute of Internal Auditors
Continuous Auditing - Global Institute of Internal Auditors
CIS 349 – Information Technology Audit and Control
CIS 349 – Information Technology Audit and Control
Recent Changes to IIA Standards
Recent Changes to IIA Standards
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Job Title: IT Audit Senior
Job Title: IT Audit Senior
The Antecedents of Internal Auditors* Adoption of
The Antecedents of Internal Auditors* Adoption of
Proposed Enhancements to the IPPF - The Institute of Internal Auditors
Proposed Enhancements to the IPPF - The Institute of Internal Auditors
Download
advertisement