iia standards

Download IIA standards

Post on 22-Jan-2015



Economy & Finance

1 download

Embed Size (px)




  • 1. IIA Standards EvaluationABC ORGANIZATIONTool 19

2. ACKNOWLEDGEMENTSThis is a revision of Tool 19 released in August 2006 in order to provide a morestandardized and Standards-based approach to facilitate the consistentevaluation of the conformance, by internal audit activities undergoing qualityassessments, to the Institute of Internal Auditors International Standards for theProfessional Practice of Internal Auditing (Standards).This revised control plan, adapted from similar methods from affiliates in France(IFACI), Germany (IRR), Belgium, and South Africa, was prepared by a taskforce of the IIAs Committee on Quality, with special assistance of Deborah F.Ridel CISA and Ronald J. Ridel, CISA 3. TOOL 19 STANDARDS COMPLIANCE EVALUATION SUMMARY(Circle Evaluators Decision)OVERALL EVALUATION GCPCDNC1. ATTRIBUTE STANDARDS GCPCDNC1000 Purpose, Authority, and Responsibility (Charter)GCPCDNC1100 Independence and ObjectivityGCPCDNC 1110 Organizational IndependenceGCPCDNC 1120 Individual Objectivity GCPCDNC 1130 Impairments to Independence or Objectivity GCPCDNC1200 Proficiency and Due Professional Care GCPCDNC 1210 ProficiencyGCPCDNC 1220 Due Professional careGCPCDNC 1230 Continuing Professional DevelopmentGCPCDNC1300 Quality Assurance/Improvement Program GCPCDNC 1310 Quality Program AssessmentsGCPCDNC 1311 Internal Assessments GCPCDNC 1312 External Assessments GCPCDNC 1320 Reporting on the Quality Program GCPCDNC 1330 Use of Conducted in Accordance with StandardsGCPCDNC 1340 Disclosure of NoncomplianceGCPCDNC2. PERFORMANCE STANDARDS GCPCDNC2000 Managing the Internal Audit ActivityGCPCDNC 2010 Planning GCPCDNC 2020 Communication and Approval GCPCDNC 2030 Resource ManagementGCPCDNC 2040 Policies and ProceduresGCPCDNC 2050 Coordination GCPCDNC 2060 Reporting to the Board and SeniorManagement GCPCDNC2100 Nature of WorkGCPCDNC 2110 Risk ManagementGCPCDNC 2120 ControlGCPCDNC 2130 Governance GCPCDNC2200 Engagement Planning GCPCDNC 2201 Planning ConsiderationsGCPCDNC 2210 Engagement ObjectivesGCPCDNC 2220 Engagement Scope GCPCDNC 2230 Engagement Resource Allocation GCPCDNC 2240 Engagement Work ProgramGCPCDNC 4. 2300 Performing the Engagement GCPC DNC 2310 Identifying InformationGCPC DNC 2320 Analysis and EvaluationGCPC DNC 2330 Recording InformationGCPC DNC 2340 Engagement Supervision GCPC DNC2400 Communicating Results GCPC DNC 2410 Criteria for Communicating GCPC DNC 2420 Quality of CommunicationsGCPC DNC 2421 Errors and Omissions GCPC DNC 2430 Engagement Disclosure of Noncompliance with StandardsGCPC DNC 2440 Disseminating ResultsGCPC DNC2500 Monitoring Progress GCPC DNC2600 Managements Acceptance of RisksGCPC DNC3. IIA Code of EthicsGCPC DNCEvaluators name/signature:Date: 5. Evaluation of Conformance with IIA Standards GeneralInstructions/DefinitionsTogether with completion of all of the applicable tools in the IIA Quality AssessmentManual, Tool 19 should be used to provide an overall assessment of the organizationsconformance with the Standards.Evaluation Procedures When evaluating conformance to the Standards, carefully read the Standard and consider only the Standard, not the ideal situation, best practice, etc. Consider each individual Standard (1110 Organizational Independence, 2420 Quality of Communications, etc.), including the relevant Implementation Standards (which give additional guidance on assurance and consulting services), and conclude as to the degree of conformity by the activity to each one using the Key Conformance Criteria and examples of evidence for guidance. In the table below, any of the Key Conformance Criteria not achieved strongly suggest a rating of does not conform or at least only partially conforms for that individual Standard. Consider each section of the Standards (numbers ending in 00): 1200 Proficiency and Due Professional Care, 2300 Performing the Engagement, etc.), and conclude as to the degree of conformity by the activity to each section taken as a whole, based on conclusions reached for the related individual Standards in the section and on other relevant observations made during the quality assessment. If all underlying Standards are non-conforms, then the overall standard is does not conform. Otherwise, the team must make a judgment based on the number of non-conforms and the specific conditions present as to whether the overall rating is does not conform or partially conforms. On the same basis as for sections of the Standards, conclude as to the degree of conformity by the activity to the major categories of the Standards (ATTRIBUTE and PERFORMANCE); then make an overall evaluation as to the activitys conformance to the Standards as a whole (the first line of this evaluation form). Consider the four principles and related rules of conduct in the Code of Ethics and conclude whether or not the activitys management and staff uphold each of the principles and apply the related rules of conduct.DefinitionsGC Generally Conforms means the evaluator has concluded that the relevant structures,policies, and procedures of the activity, as well as the processes by which they are applied,comply with the requirements of the individual Standard or element of the Code of Ethics in all 6. material respects. For the sections and major categories, this means that there is generalconformity to a majority of the individual Standards or elements of the Code of Ethics, and atleast partial conformity to the others, within the section/category. There may be significantopportunities for improvement, but these should not represent situations where the activity hasnot implemented the Standards or the Code of Ethics, has not applied them effectively, or hasnot achieved their stated objectives. As indicated above, general conformance does not requirecomplete/perfect conformance, the ideal situation, best practice, etc.PC Partially Conforms means the evaluator has concluded that the activity is makinggood-faith efforts to comply with the requirements of the individual Standard or element of theCode of Ethics, section, or major category, but falls short of achieving some major objectives.These will usually represent significant opportunities for improvement in effectively applying theStandards or Code of Ethics and/or achieving their objectives. Some deficiencies may bebeyond the control of the activity and may result in recommendations to senior management orthe board of the organization.DNC Does Not Conform means the evaluator has concluded that the activity is not awareof, is not making good-faith efforts to comply with, or is failing to achieve many/all of theobjectives of the individual Standard or element of the Code of Ethics, section, or majorcategory,. These deficiencies will usually have a significant negative impact on the activityseffectiveness and its potential to add value to the organization. These may also representsignificant opportunities for improvement, including actions by senior management or the board.Often, the most difficult evaluation is the distinction between general and partial. It isa judgment call keeping in mind the definition of general conformance above. Carefullyread the Standard to determine if basic compliance exists. The existence ofopportunities for improvement, better alternatives, or other best practices do notreduce a generally conforms rating. 7. TOOL 19 STANDARDS COMPLIANCE EVALUATION MASTER FRAMEWORKOVERALL EVALUATIONGC PC DNCATTRIBUTE STANDARDS GC PC DNCPERFORMANCE STANDARDS GC PC DNC1. ATTRIBUTE STANDARDS EXAMPLES OF EVIDENCE, SOUND PRACTICES AND OTHERSTANDARD KEY CONFORMANCE CRITERIACONSIDERATIONS1000-Purpose authority There is a charter containing theInternal Audit Activity charter:and responsibility purpose, authority, and responsibility of o The charter is approved by senior management.The purpose, authority and responsibility of the internal audit activity.o The purpose, authority, and responsibilities of the internal auditthe internal audit activity should be formally activity defined in the charter.defined in a charter consistent with the The charter has been approved by theo The charter establishes the position of the internal auditStandards and approved by the board. board.department within the organization. o The charter provides unrestricted access to records, personnel,1000. A1 The nature of assurance servicesand physical properties relevant to the performance ofprovided to the organization should be engagements.defined in the audit charter. If assuranceso The charter sets the tone for the internal audit activitysare to be provided to parties outside theinteraction with the board.organization, the nature of these assurances o Charter defines the nature of activities to be performed.should also be defined in the charter.Minutes of board meetings.Interviews of the CAE, senior management, etc.1000.C1 The nature of consulting should bedefined in the audit charter.1000 Purpose, Authority, and ResponsibilityGCPC DNC (Charter)1100 Independence and objectivity. TheSum of 1110-1130internal audit activity should be independentand internal auditors should be objective inperforming work. 8. EXAMPLES OF EVIDENCE, SOUND PRACTICES AND OTHERSTANDARD KEY CONFORMANCE CRITERIA CONSIDERATIONS1100 Independence and Objectivity GC PCDNC1110 Organizational Independence. TheThe chief audit executive reports to a Organizational charts.chief audit executive should report to a level level in the organization that is adequate Annual audit plan.within the organization that allows theto discharge his or her responsibilities. Engagement work programs.internal audit activity to fulfill its Interviews of the CAE, senior management, etc.responsibilities.Any reporting relationship (administrative The internal audit activity reports directly to the highest executive or total) to management does not levels of the organization (e.g. senior management, the board).1110.A1 The internal audit activity should interfere with the chief audit exec


View more >