State Internal Audit Advisory Board
Internal Auditing Standards and Requirements in the State of Illinois Review Course
Based on 2017 IIA Standards

Internal Auditing Standards Overview

Pursuant to FCIAA, Section 10/2005(f) requires that the State Internal Audit Advisory Board promulgate a uniform set of professional standards and a code of ethics (based on the standards and ethics of the Institute of Internal Auditors, the General Accounting Office, and other professional standards as applicable) to which all State internal auditors must adhere.

SIAAB has officially adopted the International Standards for the Professional Practice of Internal Auditing and the Code of Ethics, published by the Institute of Internal Auditors, Inc. as the uniform set of professional standards and code of ethics, to which all State internal auditors must adhere (SIAAB Bylaws Article II).

IIA’s International Professional Practices Framework

The Institute of Internal Auditors (IIA) has developed the International Professional Practices Framework (IPPF) which consists of the following categories of guidance:

Mandatory – conformance with the principles set forth in mandatory guidance is required and essential for the professional practice of internal auditing. Mandatory guidance is developed following an established due diligence process, which includes a period of public exposure for stakeholder input.  The mandatory elements of the IPPF are:

  • Core Principles – taken as a whole, articulate internal audit effectiveness. For an internal audit function to be considered effective, all Principles should be present and operating effectively.
  • Definition of Internal Auditing – states the fundamental purpose, nature, and scope of internal auditing.
  • Code of Ethics – states the principles and expectations governing behavior of individuals and organizations in the conduct of internal auditing. It describes the minimum requirements for conduct and behavioral expectations rather than specific activities.
  • The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards)– are principle-based and provide a framework for performing and promoting internal auditing. The Standards are mandatory requirements consisting of:
    • Statements of core requirements for the professional practice of internal auditing and for evaluating the effectiveness of performance, that are internationally applicable at organizational and individual levels.
    • Interpretations, clarifying terms or concepts within the Standards.

It is necessary to consider both the statements and their interpretations to understand and apply the Standards correctly. The Standards employ terms that have been given specific meanings that are included in the IIA’s Glossary.

Recommended Guidance - endorsed by The IIA through a formal approval process. It describes practices for effective implementation of The IIA’s Core Principles, Definition of Internal Auditing, Code of Ethics, and Standards. The recommended elements of the IPPF are:

Implementation Guidance – assist internal auditors in applying the Standards. Supplemental Guidance (Practice Guides) – provide detailed processes and procedures for internal audit professionals.

IIA’s Core Principles:

The Core Principles are:

  • Demonstrates integrity.
  • Demonstrates competence and due professional care.
  • Is objective and free from undue influence (independent).
  • Aligns with the strategies, objectives, and risks of the organization.
  • Is appropriately positioned and adequately resourced.
  • Demonstrates quality and continuous improvement.
  • Communicates effectively.
  • Provides risk-based assurance.
  • Is insightful, proactive, and future-focused.
  • Promotes organizational improvement.

IIA’s Definition of Internal Auditing:

The IIA’s has defined internal auditing as an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

IIA’s Code of Ethics:

The IIA has adopted the following Code of Ethics:

Principles:

Internal auditors are expected to apply and uphold the following principles:

  1. Integrity
    The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment.

  2. Objectivity
    Internal auditors exhibit the highest level of objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments.

  3. Confidentiality
    Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.

  4. Competency
    Internal auditors apply the knowledge, skills, and experience needed in the performance of internal auditing services.
 

Rules of Conduct:

  1. Integrity

    Internal auditors:

    1.1 Shall perform their work with honesty, diligence, and responsibility.

    1.2 Shall observe the law and make disclosures expected by the law and the profession.

    1.3 Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or the organization.

    1.4 Shall respect and contribute to the legitimate and ethical objectives of the organization.

  2. Objectivity

    Internal auditors:

    2.1 Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization.

    2.2 Shall not accept anything that may impair or be presumed to impair their professional judgment.

    2.3 Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.

  3. Confidentiality

    Internal auditors:

    3.1 Shall be prudent in the use and protection of information acquired in the course of their duties.

    3.2 Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.

  4. Competency

    Internal auditors:

    4.1 Shall engage only in those services for which they have the necessary knowledge, skills, and experience.

    4.2 Shall perform internal auditing services in accordance with the International Standards for the Professional Practice of Internal Auditing.

    4.3 Shall continually improve their proficiency and the effectiveness and quality of their services.

The IIA’s International Standards for the Professional Practice of Internal Auditing includes the following:

ATTRIBUTE STANDARDS

1000 – Purpose, Authority, and Responsibility

1010 – Recognizing Mandatory Guidance in the Internal Audit Charter

1100 – Independence and Objectivity

1110 – Organizational Independence

1111 – Direct Interaction with the Board

1112 – Chief Audit Executive Roles Beyond Internal Auditing

1120 – Individual Objectivity

1130 – Impairment to Independence or Objectivity

1200 – Proficiency and Due Professional Care

1210 – Proficiency

1220 – Due Professional Care

1230 – Continuing Professional Development

1300 – Quality Assurance and Improvement Program

1310 – Requirements of the Quality Assurance and Improvement Program

1311 – Internal Assessments

1312 – External Assessments

1320 – Reporting on the Quality Assurance and Improvement Program

1321 – Use of “Conforms with the International Standards for the Professional Practice of Internal Auditing

1322 – Disclosure of Nonconformance

PERFORMANCE STANDARDS

2000 – Managing the Internal Audit Activity

2010 – Planning

2020 – Communication and Approval

2030 – Resource Management

2040 – Policies and Procedures

2050 – Coordination and Reliance

2060 – Reporting to Senior Management and the Board

2070 – External Service Provider and Organizational Responsibility for Internal Auditing

2100 – Nature of Work

2110 – Governance

2120 – Risk Management

2130 – Control

2200 – Engagement Planning

2201 – Planning Considerations

2210 – Engagement Objectives

2220 – Engagement Scope

2230 – Engagement Resource Allocation

2240 – Engagement Work Program

2300 – Performing the Engagement

2310 – Identifying Information

2320 – Analysis and Evaluation

2330 – Documenting Information

2340 – Engagement Supervision

2400 – Communicating Results

2410 – Criteria for Communicating

2420 – Quality of Communications

2421 – Errors and Omissions

2430 – Use of “Conducted in Conformance with the International Standards of the Professional Practice of Internal Auditing

2431 – Engagement Disclosure of Nonconformance

2440 – Disseminating Results

2450 – Overall Opinions

2500 – Monitoring Progress

2600 – Communicating the Acceptance of Risks

 

From: The IIA’s International Professional Practices Framework

Copyright 2017 by The Institute of Internal Auditors, Inc., 1035 Greenwood Blvd, Suite 401, Lake Mary, FL 32746. Reprinted with permission.

Please close this window to return to Ability LMS to take the quiz for this lesson.