CIA 1.1: Applicable Guidance

Question 1

What are the Purposes of the International Standards for the Professional Practice of Internal Auditing (“the Standards”)?

Answer 1

• Guide adherence with the mandatory elements of the IPPF.
• Provide a framework for performing and promoting a broad range of value-added internal audit activities.
• Establish the basis for evaluating internal auditing performance.
• Foster improved organizational processes and operations.

Question 2

How does IIA define the mission of internal audit?

Answer 2

1. “To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.”
2. Facilitating the achievement of this mission is the IPPF.

Question 3

What kind of guidance does IPPF contain?

Answer 3

Mandatory and recommended guidance

Question 4

What are the four elements of Mandatory guidance?

Answer 4

1. The definition of Internal Audit
2. The code of ethics
3. The standards
4. Core principles

Question 5

What are the core principles in the IPPF?

Answer 5

The Core Principles are the basis for internal audit effectiveness. The internal audit function is effective if all principles are present and operating effectively. The
following are the Core Principles:

a. “Demonstrates integrity.
b. Demonstrates competence and due professional care.
c. Is objective and free from undue influence (independent).
d. Aligns with the strategies, objectives, and risks of the organization.
e. Is appropriately positioned and adequately resourced.
f. Demonstrates quality and continuous improvement.
g. Communicates effectively.
h. Provides risk-based assurance.
i. Is insightful, proactive, and future-focused.
j. Promotes organizational improvement.”

Question 6

What is the definition of Internal Audit?

Answer 6

“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”

Question 7

What purpose do the standards serve?

Answer 7

a. “Guide adherence with the mandatory elements of the International Professional Practices Framework.
b. Provide a framework for performing and promoting a broad range of value-added internal auditing services.
c. Establish the basis for the evaluation of internal audit performance.
d. Foster improved organizational processes and operations.”

Question 8

What are attribute standards in the framework?

Answer 8

Attribute Standards govern the responsibilities, attitudes, and actions of the organization’s internal audit activity and the people who serve as internal auditors. They appear in boxes with green highlighting (example below) throughout this text.

Attribute Standard 1000

Purpose, Authority, and Responsibility

The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter, consistent with the Mission of Internal Audit and the mandatory elements of the International Professional Practices Framework (the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the Standards, and the Definition of Internal Auditing). The chief audit executive must periodically review the internal audit charter and present it to senior management and the board for approval.

Question 9

What are performance standards in the framework?

Answer 9

Performance Standards, numbered in the 2000s, govern the nature of internal auditing and provide quality criteria for evaluating the internal audit function’s performance. Performance Standards also appear in boxes with green highlighting (example below).

Performance Standard 2120

Risk Management

The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes.

Question 10

What is interpretation of standard in the framework?

Answer 10

Interpretations are provided by The IIA to clarify terms and concepts referred to in Attribute or Performance Standards. Interpretations appear in boxes with blue highlighting (example below) throughout this text.

Interpretation of Standard 1000

The internal audit charter is a formal document that defines the internal audit activity’s purpose, authority, and responsibility. The internal audit charter establishes the internal audit activity’s position within the organization, including the nature of the chief audit executive’s functional reporting relationship with the board; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities. Final approval of the internal audit charter resides with the board.

Question 11

What are implementation standards in the framework?

Answer 11

Implementation Standards expand upon the individual Attribute or Performance Standards by providing the requirements applicable to assurance (.A) or consulting (.C) services. Implementation Standards appear in boxes with gray highlighting (example below) throughout this text.

Implementation Standard 1110.A1

The internal audit activity must be free from interference in determining the scope of internal auditing, performing work, and communicating results. The chief audit executive must disclose such interference to the board and discuss the implications.

Question 12

What is encompassed in the Code of Ethics and Standards?

Answer 12

The Core Principles and the Definition of Internal Auditing are encompassed in the Code of Ethics and the Standards. Thus, conformance with the Code and the Standards demonstrates conformance with all mandatory elements of the IPPF.

Question 13

What are the elements of recommended guidance?

Answer 13

The pronouncements that constitute recommended guidance have been developed by The IIA through a formal approval process. They describe practices for effective implementation of the Core Principles, the Definition of Internal Auditing, the Code of Ethics, and the Standards.

The two recommended elements of the IPPF are

1. Implementation Guidance (IG) and
2. Supplemental Guidance.

Question 14

What do assurance services involve?

Answer 14

Per the Standards, assurance services involve the internal auditor’s objective assessment of evidence to provide opinions or conclusions regarding an entity, operation, function, process, system, or other subject matters. Accordingly, The IIA Glossary defines assurance services as an objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization.

Question 15

Who determines the nature of scope of an assurance engagement?

Answer 15

The nature and scope of an assurance engagement are determined by the internal auditor.

Question 16

How many parties are involved in an assurance engagement?

Answer 16

Generally, three parties are participants in assurance services:

1. The process owner (i.e., the person or group directly involved with the entity, operation, function, process, system, or other subject matter),
2. The internal auditor (i.e., the person or group making the assessment), and
3. The user (i.e., the person or group using the assessment).

Question 17

What do assurance services include?

Answer 17

Assurance services include performing financial, performance, compliance, system security, and due diligence engagements.

Question 18

What do consulting services involve?

Answer 18

Per the Standards, consulting services are advisory in nature and are generally performed at the specific request of an engagement client. Accordingly, The IIA Glossary defines consulting services as activities intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility.

Question 19

Who determines the nature and scope of a consulting engagement?

Answer 19

The nature and scope of the consulting engagement are subject to agreement with the engagement client.

Question 20

How many parties are involved in a consulting engagement?

Answer 20

TWO PARTIES

1. The internal auditor (i.e., the person or group offering the advice)
2. When performing consulting services, the internal auditor should maintain objectivity and not assume management responsibility.
3. The engagement client (i.e., the person or group seeking and receiving the advice)

Question 21

When beginning a consulting engagement…

Answer 21

the internal auditor should maintain objectivity and not assume management responsibility.

Question 22

What is Authority?

Answer 22

The support of management and the board is crucial when inevitable conflicts arise between the internal audit activity and the department or function under review. Thus, the internal audit activity should be empowered to require auditees to grant access to all records, personnel, and physical properties relevant to the performance of every engagement.

A formal charter for the internal audit activity that defines the internal audit activity’s purpose, authority, and responsibility must be adopted, and it should contain a grant of sufficient authority. Final approval of the charter resides with the board. (The internal audit charter is the subject of Subunit 1.8.)

Question 23

What is responsibility?

Answer 23

The internal audit activity’s responsibility is to provide the organization with assurance and consulting services that will add value and improve the organization’s operations. Specifically, the internal audit activity must evaluate and improve the effectiveness of the organization’s governance, risk management, and control processes.