Pursuant to FCIAA, Section 10/2005(f) requires that the State Internal Audit Advisory Board promulgate a uniform set of professional standards and a code of ethics (based on the standards and ethics of the Institute of Internal Auditors, the General Accounting Office, and other professional standards as applicable) to which all State internal auditors must adhere.
SIAAB has officially adopted the International Standards for the Professional Practice of Internal Auditing and the Code of Ethics, published by the Institute of Internal Auditors, Inc. as the uniform set of professional standards and code of ethics, to which all State internal auditors must adhere (SIAAB Bylaws Article II).
IIA’s International Professional Practices Framework
The Institute of Internal Auditors (IIA) has developed the International Professional Practices Framework (IPPF) which consists of the following categories of guidance:
Mandatory – conformance with the principles set forth in mandatory guidance is required and essential for the professional practice of internal auditing. Mandatory guidance is developed following an established due diligence process, which includes a period of public exposure for stakeholder input. The mandatory elements of the IPPF are:
- Core Principles – taken as a whole, articulate internal audit effectiveness. For an internal audit function to be considered effective, all Principles should be present and operating effectively.
- Definition of Internal Auditing – states the fundamental purpose, nature, and scope of internal auditing.
- Code of Ethics – states the principles and expectations governing behavior of individuals and organizations in the conduct of internal auditing. It describes the minimum requirements for conduct and behavioral expectations rather than specific activities.
- The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards)– are principle-based and provide a framework for performing and promoting internal auditing. The Standards are mandatory requirements consisting of:
- Statements of core requirements for the professional practice of internal auditing and for evaluating the effectiveness of performance, that are internationally applicable at organizational and individual levels.
- Interpretations, clarifying terms or concepts within the Standards.
It is necessary to consider both the statements and their interpretations to understand and apply the Standards correctly. The Standards employ terms that have been given specific meanings that are included in the IIA’s Glossary.
Recommended Guidance - endorsed by The IIA through a formal approval process. It describes practices for effective implementation of The IIA’s Core Principles, Definition of Internal Auditing, Code of Ethics, and Standards. The recommended elements of the IPPF are:
Implementation Guidance – assist internal auditors in applying the Standards. Supplemental Guidance (Practice Guides) – provide detailed processes and procedures for internal audit professionals.
IIA’s Core Principles:
The Core Principles are:
- Demonstrates integrity.
- Demonstrates competence and due professional care.
- Is objective and free from undue influence (independent).
- Aligns with the strategies, objectives, and risks of the organization.
- Is appropriately positioned and adequately resourced.
- Demonstrates quality and continuous improvement.
- Communicates effectively.
- Provides risk-based assurance.
- Is insightful, proactive, and future-focused.
- Promotes organizational improvement.
IIA’s Definition of Internal Auditing:
The IIA’s has defined internal auditing as an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
IIA’s Code of Ethics:
The IIA has adopted the following Code of Ethics:
Principles:
Internal auditors are expected to apply and uphold the following principles:
- Integrity
The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment.
- Objectivity
Internal auditors exhibit the highest level of objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments.
- Confidentiality
Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.
- Competency
Internal auditors apply the knowledge, skills, and experience needed in the performance of internal auditing services.
Rules of Conduct:
- Integrity
Internal auditors:
1.1 Shall perform their work with honesty, diligence, and responsibility.
1.2 Shall observe the law and make disclosures expected by the law and the profession.
1.3 Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or the organization.
1.4 Shall respect and contribute to the legitimate and ethical objectives of the organization.
- Objectivity
Internal auditors:
2.1 Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization.
2.2 Shall not accept anything that may impair or be presumed to impair their professional judgment.
2.3 Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.
- Confidentiality
Internal auditors:
3.1 Shall be prudent in the use and protection of information acquired in the course of their duties.
3.2 Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.
- Competency
Internal auditors:
4.1 Shall engage only in those services for which they have the necessary knowledge, skills, and experience.
4.2 Shall perform internal auditing services in accordance with the International Standards for the Professional Practice of Internal Auditing.
4.3 Shall continually improve their proficiency and the effectiveness and quality of their services.
The IIA’s International Standards for the Professional Practice of Internal Auditing includes the following:
ATTRIBUTE STANDARDS
1000 – Purpose, Authority, and Responsibility
1010 – Recognizing Mandatory Guidance in the Internal Audit Charter
1100 – Independence and Objectivity
1110 – Organizational Independence
1111 – Direct Interaction with the Board
1112 – Chief Audit Executive Roles Beyond Internal Auditing
1120 – Individual Objectivity
1130 – Impairment to Independence or Objectivity
1200 – Proficiency and Due Professional Care
1210 – Proficiency
1220 – Due Professional Care
1230 – Continuing Professional Development
1300 – Quality Assurance and Improvement Program
1310 – Requirements of the Quality Assurance and Improvement Program
1311 – Internal Assessments
1312 – External Assessments
1320 – Reporting on the Quality Assurance and Improvement Program
1321 – Use of “Conforms with the International Standards for the Professional Practice of Internal Auditing”
1322 – Disclosure of Nonconformance
PERFORMANCE STANDARDS
2000 – Managing the Internal Audit Activity
2010 – Planning
2020 – Communication and Approval
2030 – Resource Management
2040 – Policies and Procedures
2050 – Coordination and Reliance
2060 – Reporting to Senior Management and the Board
2070 – External Service Provider and Organizational Responsibility for Internal Auditing
2100 – Nature of Work
2110 – Governance
2120 – Risk Management
2130 – Control
2200 – Engagement Planning
2201 – Planning Considerations
2210 – Engagement Objectives
2220 – Engagement Scope
2230 – Engagement Resource Allocation
2240 – Engagement Work Program
2300 – Performing the Engagement
2310 – Identifying Information
2320 – Analysis and Evaluation
2330 – Documenting Information
2340 – Engagement Supervision
2400 – Communicating Results
2410 – Criteria for Communicating
2420 – Quality of Communications
2421 – Errors and Omissions
2430 – Use of “Conducted in Conformance with the International Standards of the Professional Practice of Internal Auditing”
2431 – Engagement Disclosure of Nonconformance
2440 – Disseminating Results
2450 – Overall Opinions
2500 – Monitoring Progress
2600 – Communicating the Acceptance of Risks
From: The IIA’s International Professional Practices Framework
Copyright 2017 by The Institute of Internal Auditors, Inc., 1035 Greenwood Blvd, Suite 401, Lake Mary, FL 32746. Reprinted with permission.
Please close this window to return to Ability LMS to take the quiz for this lesson.