AUI3702_summary_notes.

Topic 1: IPPF requirements and guidance for performing tests of controls Code of ethics & The rules of conduct The purpose of the IIA Code of Ethics is to promote an ethical culture in the internal audit profession. Internal auditors should strive to comply with these principles to earn the trust of those who rely on their services.  Integrity o Perform work with honesty, diligence and responsibility o Observe the law and make disclosures expected by law or the profession o Not be part of illegal activity or acts discreditable to the profession or the organisation o Respect and contribute to legitimate and ethical objectives of the organisation  Objectivity o Not participate in any activity or relationship which may impair unbiased assessment or which is in conflict with the interests of the organisation o Not accept anything which may impair professional judgement o Disclose all known material facts that, if not disclosed, may distort the reporting of activities under review  Confidentiality o Be prudent in the use and protection of information acquired o Not use any information for personal gain and/or that is contrary to the law or detrimental to the organisation  Competency o Engage only in those services for which they have the necessary knowledge, skills and experience o Perform internal audit services in accordance with the Standards o Continually improve proficiency and the effectiveness and quality of services INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING The Standards are mandatory requirements consisting of:  statements of basic requirements for the professional practice of internal auditing and for evaluating the effectiveness of its performance which are internationally applicable at organisational and individual levels  interpretations, which clarify terms or concepts within the statements The purpose of the Standards is to  delineate basic principles that represent the practice of internal auditing  provide a framework for performing and promoting a broad range of value-added internal auditing services  establish the basis for the evaluation of internal audit performance  foster improved organisational process and operations The difference between attribute and performance standards is that attribute standards cover the attributes of organisations and individuals performing internal auditing while performance standards describe the nature of internal auditing and provide quality criteria against which the performance of these services can be measured. ATTRIBUTE STANDARDS 1000 – Purpose, Authority and Responsibility 1100 – Independence and Objectivity 1200 – Proficiency and Due Professional Care 1300 – Quality Assurance and Improvement Program The key concepts to focus on when studying the Attribute Standards are  the internal audit charter  assurance and consulting services  organisational independence  individual objectivity  proficiency  due professional care  ongoing monitoring 1 AUI3702_summary_notes.  using the statement “Conforms with the International standards for the Professional Practice of Internal Auditing” PERFORMANCE STANDARDS 2000 – Managing the Internal Audit Activity 2100 – Nature of Work 2200 – Engagement Planning 2300 – Performing the Engagement 2400 – Communicating Results 2500 – Monitoring Progress 2600 – Resolution of Senior Management’s Acceptance of Risks The key concepts to focus on when studying the Performance Standards are  adding value  effectively managing the internal audit activity  risk-based planning  resource management  coordination of activities with other assurance providers  using a systematic and disciplined approach  assessing and improving governance processes  evaluating and improving risk management processes  assist in maintaining effective controls  engagement planning  establishing engagement objectives  engagement scope  resources allocation  work programmes  identifying sufficient, reliable, relevant and useful information  analysing and evaluating engagement results  documenting information  supervision  communicating results  disseminating results  monitoring progress  resolution of senior management’s acceptance of risks Attribute standards: Concept Standard Interpretation/Implementation The internalaudit 1000 •The internalaudit charter should clearly state the internal charter auditor’s responsibility and authority to conduct tests ofcontrols within the organisation.•The charter should authorise access to records,personneland physical properties relevant to performing tests of controls.•Iftests of controls resultinassurances to be provided to partiesoutside the organisation, thecharter must define the nature of these assurances. Assurance& 1000 •The nature of assurance and consulting services consultingservices involving tests of controls should be defined in thecharter. (For a betterunderstanding of the difference between assurance and consulting services, read the section “Assurance and Consulting Services”in Reding et al, chapter 2.) Organisational 1110 •When testing controls, the internal audit activity must be 2 independence f