Add to collection(s) Add to saved
  1. Business
  2. Accounting
  3. Managerial Accounting

INTERNATIONAL PROfEssIONAL PRAcTIcEs fRAmEwORk (IPPf)

INTERNATIONAL Professional
Practices Framework (IPPF)
Disclosure
Copyright © 2009 by The Institute of Internal Auditors Research
Foundation (IIARF), 247 Maitland Avenue, Altamonte Springs,
Florida 32701-4201. All rights reserved. Printed in the United States
of America. No part of this publication may be reproduced, stored
in a retrieval system, or transmitted in any form by any means
— electronic, mechanical, photocopying, recording, or otherwise —
without prior written permission of the publisher.
The IIARF publishes this document for informational and educational
purposes. This document is intended to provide information, but
is not a substitute for legal or accounting advice. The IIARF does
not provide such advice and makes no warranty as to any legal or
accounting results through its publication of this document. When
legal or accounting issues arise, professional assistance should be
sought and retained.
The mission of The IIARF is to expand knowledge and understanding
of internal auditing by providing relevant research and educational
products to advance the profession globally.
The Institute of Internal Auditors (IIA) International Professional
Practices Framework (IPPF) comprises the full range of authoritative
guidance for the profession. The IPPF provides mandatory and
strongly recommended guidance to internal auditors globally, and
paves the way to world-class internal auditing.
The Institute of Internal Auditors
247 Maitland Avenue
Altamonte Springs, FL 32701-4201 USA
Phone: +1-407-937-1362
FAX: +1-407-937-1101
E-mail: guidance@theiia.org
ISBN: 978-0-89413-639-9
01/09 First Printing
Table of
Contents
What’s New.................................................................................................................................iii
Acknowledgments......................................................................................................................vi
Preface....................................................................................................................................... xv
Definition of Internal Auditing. ......................................................................................... 2
Code of Ethics. ....................................................................................................................... 4
Principles................................................................................................................................ 5
Rules of Conduct.................................................................................................................... 6
International Standards for the Professional Practice of
Internal Auditing (Standards)
Introduction......................................................................................................................... 11
Attribute Standards
1000 – Purpose, Authority, and Responsibility.................................................................. 15
1010 – Recognition of the Definition of Internal Auditing,
the Code of Ethics, and the Standards in the
Internal Audit Charter............................................................................................ 15
1100 – Independence and Objectivity................................................................................ 16
1110 – Organizational Independence................................................................................. 16
1111 – Direct Interaction With the Board......................................................................... 17
1120 – Individual Objectivity.............................................................................................. 17
1130 – Impairment to Independence or Objectivity.......................................................... 17
1200 – Proficiency and Due Professional Care.................................................................. 18
1210 – Proficiency................................................................................................................ 18
Table of Contents
vii
Table of
Contents
1220 – Due Professional Care............................................................................................. 20
1230 – Continuing Professional Development................................................................... 21
1300 – Quality Assurance and Improvement Program..................................................... 21
1310 – Requirements of the Quality Assurance and Improvement Program.................. 21
1311 – Internal Assessments.............................................................................................. 21
1312 – External Assessments............................................................................................. 22
1320 – Reporting on the Quality Assurance and Improvement Program........................ 23
1321 – Use of “Conforms with the International Standards for the
Professional Practice of Internal Auditing”............................................................ 23
1322 – Disclosure of Nonconformance............................................................................... 24
viii
Performance Standards
2000 – Managing the Internal Audit Activity................................................................... 25
2010 – Planning.................................................................................................................. 25
2020 – Communication and Approval................................................................................ 26
2030 – Resource Management............................................................................................ 26
2040 – Policies and Procedures.......................................................................................... 26
2050 – Coordination............................................................................................................ 27
2060 – Reporting to Senior Management and the Board.................................................. 27
2100 – Nature of Work........................................................................................................ 27
2110 – Governance.............................................................................................................. 27
2120 – Risk Management................................................................................................... 28
2130 – Control..................................................................................................................... 30
2200 – Engagement Planning............................................................................................ 31
2201 – Planning Considerations........................................................................................ 31
2210 – Engagement Objectives.......................................................................................... 31
2220 – Engagement Scope.................................................................................................. 32
International Professional Practices Framework
2230 – Engagement Resource Allocation........................................................................... 33
2240 – Engagement Work Program................................................................................... 33
2300 – Performing the Engagement................................................................................... 33
2310 – Identifying Information.......................................................................................... 33
2320 – Analysis and Evaluation......................................................................................... 34
2330 – Documenting Information...................................................................................... 34
2340 – Engagement Supervision........................................................................................ 35
2400 – Communicating Results.......................................................................................... 35
2410 – Criteria for Communicating................................................................................... 35
2420 – Quality of Communications.................................................................................... 36
2421 – Errors and Omissions............................................................................................. 36
2430 – Use of “Conducted in Conformance with the International
Standards for the Professional Practice of Internal Auditing”.............................. 36
2431 – Engagement Disclosure of Nonconformance......................................................... 37
2440 – Disseminating Results............................................................................................ 37
2500 – Monitoring Progress................................................................................................ 38 2600 – Resolution of Senior Management’s Acceptance of Risks..................................... 38
Glossary................................................................................................................................ 40
Practice Advisories
Attribute Standards
PA 1000-1
Internal Audit Charter............................................................................... 45
PA 1110-1
Organizational Independence..................................................................... 47
PA 1111-1
Board Interaction........................................................................................ 49
PA 1120-1
Individual Objectivity................................................................................. 51
PA 1130-1
Impairment to Independence or Objectivity.............................................. 53
Table of Contents
ix
Table of
Contents
PA 1130.A1-1 Assessing Operations for Which Internal Auditors Were
Previously Responsible............................................................................... 55
PA 1130.A2-1 Internal Audit’s Responsibility for Other (Non-audit) Functions............ 57
PA 1200-1
Proficiency and Due Professional Care...................................................... 61
PA 1210-1
Proficiency................................................................................................... 63
PA 1210.A1-1 Obtaining External Service Providers to Support or Complement
the Internal Audit Activity......................................................................... 65
PA 1220-1
Due Professional Care................................................................................. 71
PA 1230-1
Continuing Professional Development....................................................... 73
PA 1300-1
Quality Assurance and Improvement Program......................................... 75
PA 1310-1
Requirements of the Quality Assurance and
Improvement Program................................................................................ 77
PA 1311-1
Internal Assessments.................................................................................. 79
PA 1312-1
External Assessments................................................................................. 81
PA 1312-2
External Assessments: Self-assessment With Independent
Validation..................................................................................................... 87
PA 1321-1 Use of “Conforms with the International Standards for the
Professional Practice of Internal Auditing”................................................ 91
x
Performance Standards
PA 2010-1
Linking the Audit Plan to Risk and Exporsures....................................... 93
PA 2020-1
Communication and Approval.................................................................... 95
PA 2030-1
Resource Management................................................................................ 97
PA 2040-1
Policies and Procedures.............................................................................. 99
PA 2050-1
Coordination.............................................................................................. 101
PA 2060-1
Reporting to Senior Management and the Board.................................... 105
PA 2120-1
Assessing the Adequacy of Risk Management Processes....................... 107
International Professional Practices Framework
PA 2130-1
Assessing the Adequacy of Control Processes......................................... 111
PA 2130.A1-1 Information Reliability and Integrity...................................................... 115
PA 2130.A1-2 Evaluating an Organization’s Privacy Framework................................. 117
PA 2200-1
Engagement Planning.............................................................................. 121
PA 2210-1
Engagement Objectives............................................................................ 123
PA 2210.A1-1 Risk Assessment in Engagement Planning............................................. 125
PA 2230-1
Engagement Resource Allocation............................................................. 127
PA 2240-1
Engagement Work Program..................................................................... 129
PA 2330-1
Documenting Information........................................................................ 131
PA 2330.A1-1 Control of Engagement Records............................................................... 133
PA 2330.A2-1 Retention of Records................................................................................. 135
PA 2340-1
Engagement Supervision.......................................................................... 137
PA 2410-1
Communication Criteria........................................................................... 141
PA 2420-1
Quality of Communications...................................................................... 145
PA 2440-1
Disseminating Results.............................................................................. 147
PA 2500-1
Monitoring Progress.................................................................................. 149
PA 2500.A1-1 Follow-up Process...................................................................................... 151
Translation or Adaptation of the International Professional Practices Framework
and its Related Guidance (Administrative Directive No. 2)................................................. 154
Table of Contents
xi
Table of
Contents
CD-ROM Table of Contents
Definition of Internal Auditing
Code of Ethics
International Standards for the Professional Practice of
Internal Auditing
Position Papers
The Role of Internal Auditing in Enterprise-wide Risk Management
The Role of Internal Auditing in Resourcing the Internal Audit Activity
Practice Advisories
Practice Guides
Global Technology Audit Guides (GTAG®)
GTAG 1 – Information Technology Controls
GTAG 2 – Change and Patch Management Controls: Critical for
Organizational Success
GTAG 3 – Continuous Auditing: Implications for Assurance, Monitoring,
and Risk Assessment
xii
International Professional Practices Framework
CD-ROM
GTAG 4 – Management of IT Auditing
GTAG 5 – Managing and Auditing Privacy Risks
GTAG 6 – Managing and Auditing IT Vulnerabilities
GTAG 7 – Information Technology Outsourcing
GTAG 8 – Auditing Application Controls
GTAG 9 – Identity and Access Management
GTAG 10 – Business Continuity Management
GTAG 11 – Developing the IT Audit Plan
Guide to the Assessment of IT Risk (GAIT)
The GAIT Methodology
GAIT for IT General Control Deficiency Assessment
GAIT for Business and IT Risk (GAIT-R)
Case Studies Using GAIT-R to Scope PCI Compliance
CD-ROM Table of Contents
xiii
Related documents
IT Services Delivery And Support Week Ten
IT Services Delivery And Support Week Ten
COVER LETTER SAMPLE
COVER LETTER SAMPLE
Syllabus Template: Template would be kept online each semester in
Syllabus Template: Template would be kept online each semester in
Continuous Auditing - Global Institute of Internal Auditors
Continuous Auditing - Global Institute of Internal Auditors
Workshop 2: Lean Auditing
Workshop 2: Lean Auditing
The Antecedents of Internal Auditors* Adoption of
The Antecedents of Internal Auditors* Adoption of
Download