2012 IIA Standards Update International Internal Audit Standards
2012 IIA Standards Update International Internal Audit Standards Board (IIASB) October 2012 www.globaliia.org 1 Session Overview Why the Standards matter Standards-setting due process
The key changes in 2012 Best practices for implementation Q&A www.globaliia.org 2 2 Why the Standards Matter www.globaliia.org
3 3 The Standards Mandatory Element Under International Professional Practices Framework Mandatory IPPF = www.globaliia.org Non mandatory Strongly recommended 4 4
Overview of the IIA Standards Attribute Standards: Purpose, Authority and Responsibility..(1000) Independence and Objectivity(1100) Proficiency and Due Professional Care(1200) Quality Assurance and Improvement Program ..(1300) Performance Standards:
www.globaliia.org Managing the Internal Auditing Activity...(2000) Nature of Work....(2100) Engagement Planning....(2200) Performing the Engagement.(2300) Communicating Results.....(2400) Monitoring Progress...(2500) Communicating the Acceptance of Risks...(2600) 5 5 Standards are Critical Delineate basic principles that represent the practice of internal auditing
Framework for performing and promoting a broad range of value-added internal auditing Establish the basis for the evaluation of internal audit performance Foster improved organizational processes and operations www.globaliia.org 6 6
Standards-Setting Due Process www.globaliia.org 7 7 8 www.globaliia.org Development IIASB researched and discussed the topics, developed the potential changes to the Standards. Global Ethics Committee reviewed the proposed changes to the Standards to ensure its consistency with Code of Ethics.
Public Exposure 90 days exposure period to get input from the public (Feb 20 May 20) IIASB discussed the emerging issues and feedback from various sources for potential topics that impacts the profession and the Standards. Initiation International Internal Audit Standards Board (IIASB) Standards Setting Standards Exposure Stats Exposure draft was available in 11 languages. Number of responses received: 1,685 in total
1,547 responses from individuals 138 collective responses from organizations 24% of the responses are from North America. 76% of the responses are from outside NA. Your Opinion Counts!!! www.globaliia.org 9 10 Release Date - Oct 1, 2012 Effective Date Jan 1, 2013 IIA Institutes translate the Standards into the local language, prior to the effective date of the new Standards, if possible
www.globaliia.org Issuance Promote and educate the members in your country IIASB reviewed the results and comments from the exposure and made final decision on the Standards changes. IPPF Oversight Council, an independent body, reviewed the Standards-setting due process. Review & Approval International Internal Audit Standards Board (IIASB)
Standards Setting The Key Changes in 2012 www.globaliia.org 11 11 Why Change? The Standards must remain current, relevant, and timely for the profession The IPPF process requires that the Standards be reviewed at least once every three years Ongoing changes are a key component of the continued development of the IPPF www.globaliia.org 12
12 Summary of the Changes Clarify responsibilities for conforming with the Standards Increased focus on Quality Assurance & Improvement Clarify the CAEs role to communicate unacceptable risk Explicitly require timely audit plan adjustments Emphasize coverage of risks to strategic objectives Changes to Glossary Terms www.globaliia.org 13 Responsibilities for Conformance Adding the following wording to the Introduction of the Standards: The Standards apply to individual internal auditors and internal audit activities. All internal auditors are accountable for conforming with the Standards related to individual objectivity, proficiency, and due professional
care. In addition, internal auditors are accountable for conforming with the Standards, which are relevant to the performance of their job responsibilities. Chief audit executives are accountable for overall conformance with the Standards. Exposure Results: Yes: 87%, No: 4.1%, No Opinion: 5.8% www.globaliia.org Standards Board Decision: Adopt the exposed change 14 14 Organizational Independence 1110 - Organizational Independence The chief audit executive must report to a level within the organization that allows the internal audit activity to fulfill its responsibilities. The chief audit executive must confirm to the board, at least annually, the organizational independence of the internal audit activity.
Interpretation: Organizational independence is effectively achieved when the chief audit executive reports functionally to the board. Examples of functional reporting to the board involve the board: Approving the internal audit charter; Approving the risk based internal audit plan; Approving the internal audit budget and resource plan; Receiving communications from the chief audit executive on the internal audit activitys performance relative to its plan and other matters; Approving decisions regarding the appointment and removal of the chief audit executive; Approving the remuneration of the chief audit executive; and Making appropriate inquiries of management and the chief audit executive to determine whether there are inappropriate scope or resource limitations. Exposure Results: Yes: 85%, No: 9.8%, No Opinion: 5.3% www.globaliia.org Standards Board Decision: Adopt the exposed change 15
15 Standard 1110 Best Practices Board or audit committee approve the risk assessment and related audit plans Private meetings with the CAE and audit committee / board chair Frequent interactions with board outside formal board meetings www.globaliia.org 16 Increased Focus Quality Assurance 1312 - External Assessments External assessments must be conducted at least once every five years by a qualified, independent reviewer assessor or review assessment team from outside the organization. The chief audit executive must discuss with the board:
The need for more frequent form and frequency of external assessments; and The qualifications and independence of the external reviewer assessor or review assessment team, including any potential conflict of interest. Interpretation: External assessments can be in the form of a full external assessment, or a selfassessment with independent external validation. Exposure Results: Yes: 86.5%, No: 7.6%, No Opinion: 5.9% www.globaliia.org Standards Board Decision: Modify the exposed change 17 17 Standard 1312 Best Practices
Proactive internal quality assessment and improvement program Fully embrace the spirit and the letter of the external quality Standards Have practices to allow execution and delivery of quality work Leverage the external quality assessment to promote internal audit by including a statement of conformance in each audit report www.globaliia.org
18 Timely Audit Plan Adjustments 2010Planning The chief audit executive must establish a risk-based plans to determine the priorities of the internal audit activity, consistent with the organizations goals. Interpretation: The chief audit executive is responsible for developing a risk-based plan. The chief audit executive takes into account the organizations risk management framework, including using risk appetite levels set by management for the different activities or parts of the organization. If a framework does not exist, the chief audit executive uses his/her own judgment of risks after consultation with senior management and the board consideration of input from senior management and the board. The chief audit executive must review and adjust the plan, as necessary, in response to changes in the organizations business, risks, operations, programs, systems, and controls. Exposure Results: Yes: 92.5%, No: 4.3%, No Opinion: 3.2% www.globaliia.org
Standards Board Decision: Adopt the exposed change 19 19 Standard 2010 Best Practices Identify and consider stakeholder input into the internal audit risk assessment process Dont let major risks go uncovered; find a way to address them before they get too big Educate key stakeholders on important areas of risk
and on actions needed to address issues Develop an ongoing communications process with management to keep current on changing business and risk issues www.globaliia.org 20 Inclusion of Strategic Risk 2120.A1 The internal audit activity must evaluate risk exposures relating to the organizations governance, operations, and information systems regarding the: Achievement of the organizations strategic objectives;
Reliability and integrity of financial and operational information; Effectiveness and efficiency of operations and programs; Safeguarding of assets; and Compliance with laws, regulations, policies, procedures, and contracts. Exposure Results: Yes: 90.6%, No: 5.9%, No Opinion: 3.5% www.globaliia.org
Standards Board Decision: Adopt the exposed change 21 21 Inclusion of Strategic Risk 2130.A1 The internal audit activity must evaluate the adequacy and effectiveness of controls responding to risks within the organizations governance, operations, and information systems regarding the: Achievement of the organizations strategic objectives; Reliability and integrity of financial and operational information;
Effectiveness and efficiency of operations and programs; Safeguarding of assets; and Compliance with laws, regulations, policies, procedures, and contracts. Exposure Results: Yes: 90.9%, No: 5.7%, No Opinion: 3.4% www.globaliia.org Standards Board Decision: Adopt the exposed change 22 22
Standard 2120.A1 and 2130.A1 Best Practices Internal audit involvement in key strategic initiatives A seat at the table Address the organizations key strategic risks Serve on IT development teams
www.globaliia.org 23 Disseminating Results 2440 Disseminating Results The chief audit executive must communicate results to the appropriate parties. Interpretation: The chief audit executive or designee reviews is responsible for reviewing and approves approving the final engagement communication before issuance and decides for deciding to whom and how it will be disseminated. When the chief audit executive delegates these duties, he or she retains overall responsibility. Exposure Results: Yes: 84.7%, No: 11.8%, No Opinion: 3.5% www.globaliia.org Standards Board Decision: Modify the exposed change 24
24 Standard 2440 Best Practices Communicate with impact Develop an ongoing communications process with management to keep current on changing business and risk issues Develop systemic and trending information that would be valued by stakeholders Ensure management is attentive to audit issues and that top management and the audit committee are kept aware of managements corrective actions www.globaliia.org 25 Acceptance of Risk 2600 Resolution of Senior Management's Communicating the Acceptance of Risks
When the chief audit executive believes concludes that senior management has accepted a level of residual risk that may be unacceptable to the organization, the chief audit executive must discuss the matter with senior management. If the decision regarding residual risk is chief audit executive determines that the matter has not been resolved, the chief audit executive must report communicate the matter to the board for resolution. Interpretation: The identification of risk accepted by management may be observed through an assurance or consulting engagement, monitoring progress on actions taken by management as a result of prior engagements, or other means. It is not the responsibility of the chief audit executive to resolve the risk. Exposure Results: Yes: 89%, No: 7%, No Opinion: 4% www.globaliia.org Standards Board Decision: Adopt the exposed change 26 26
Standard 2600 Best Practices When you believe the organization is facing unacceptable risk or certain actions are just not right, speak out Use good judgment on what are real issues, but make it clear that internal auditing has a voice and is willing to use it www.globaliia.org 27 Clarify the Definition of Board Board A board is an organizations governing body, such as a board of directors, supervisory board, head of an agency or legislative body, board of governors or trustees of a non-profit organization, or any other designated body of the organization, including the audit committee to whom the chief audit executive may functionally report.
The highest level of governing body charged with the responsibility to direct and/or oversee the activities and management of the organization. Typically, this includes an independent group of directors (e.g., a board of directors, a supervisory board, or a board of governors or trustees). If such a group does not exist, the board may refer to the head of the organization. Board may refer to an audit committee to which the governing body has delegated certain functions. Exposure Results: Yes: 88%, No: 5.7%, No Opinion: 6.3% www.globaliia.org Standards Board Decision: Modify the exposed change 28 28 New Definition of Engagement Opinion Engagement Opinion The rating, conclusion, and/or other description of results of an individual internal audit engagement, relating to those
aspects within the objectives and scope of the engagement. Exposure Results: Yes: 89.1%, No: 4.8%, No Opinion: 6.2% www.globaliia.org Standards Board Decision: Modify the exposed change 29 29 New Definition of Overall Opinion Overall Opinion The overall ratings, conclusions, or other descriptions of results provided by the chief audit executive addressing, at a broad level, governance, risk management and control processes of the organization. An overall opinion is based on the results of a number of individual engagements and other activities for a specific time interval.
Exposure Results: Yes: 88.2%, No: 5.4%, No Opinion: 6.5% www.globaliia.org Standards Board Decision: Modify the exposed change 30 30 Other Changes 1311 Internal Assessment 1320 Reporting on the Quality Assurance and Improvement Program
2201 Plan Consideration 2220 Engagement Scope 2210.A3 Control Processes Delete the definition of residual risk
Keep the current definition of risk www.globaliia.org 31 31 www.globaliia.org/standards-guidance www.globaliia.org 32 Conformance with the Standards is required and essential for the professional practice of internal auditing. www.globaliia.org
Collect positive information about each student using a variety of tools, including strengths inventories; success portfolios (containing work samples. Teachers and administrators should also have an intimate knowledge of what each student is most passionate about at school. Use data...
A couple of words… We have covered ? potentials both in the form of wells and barriers. However, this lecture will introduce a perfect crystal that is infinitely extending in both directions within the one dimensional system that we are...
Ultimate causation What is the adaptive value to this behavior?? ... Cognitive behavior Chimpanzee Banana Bugs Forging Behavior Obtaining food at the least expense Energy efficient Food vs safety Food vs mating Food vs protection Territoriality Defends an area Usually...
Asthma Diaries Diaries help track Asthma symptoms Use of medicines Peak flow numbers Triggers you've been in contact with Diaries improve communication with your doctor F-survival_skills_eng.ppt Causes of Asthma Goals of Asthma Management No asthma symptoms during day or night,...
Acids and Bases Arrhenius Bronsted-Lowry Lewis Definitions of Acids/Bases Measuring Acid Strength Ka Acid Strength defined by pKa Dissociation in H2O Arrhenius Acid forms H3O+ Bronsted-Lowry Acid donates a H+ Resonance Stabilization Stronger Acid Controls Equilibrium Reaction Described with Arrows...
Font & Slide Text. 1. 2. 3. Use short text lines. No more than twelve. Readers can get lost with long lines. The use of . bolding, underlining, italicizing, and highlighting can be useful to your readers. There are a...
Heat flow is the rate at which heat is moving upwards through a particular part of the Earth's crust. This rate is measured in Watts produced per square metre (Watts/m²). This essay will describe how this heat flow varies across...
Ready to download the document? Go ahead and hit continue!