State Internal Audit Advisory Board
Internal Auditing Standards and Requirements in the State of Illinois Review Course
Based on 2017 IIA Standards

IIA Attribute Standard 1300 – Quality Assurance and Improvement Program

1300 – Quality Assurance and Improvement Program
The chief audit executive must develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity.

Interpretation:
A quality assurance and improvement program is designed to enable an evaluation of the internal audit activity’s conformance with the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The program also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement. The chief audit executive should encourage board oversight in the quality assurance and improvement program.

1310 – Requirements of the Quality Assurance and Improvement Program
The quality assurance and improvement program must include both internal and external assessments.

1311 – Internal Assessments
Internal assessments must include:

  • Ongoing monitoring of the performance of the internal audit activity.
  • Periodic self-assessments or assessments by other persons within the organization with sufficient knowledge of internal audit practices.

Interpretation:
Ongoing monitoring is an integral part of the day-to-day supervision, review, and measurement of the internal audit activity. Ongoing monitoring is incorporated into the routine policies and practices used to manage the internal audit activity and uses processes, tools, and information considered necessary to evaluate conformance with the Code of Ethics and the Standards.

Periodic assessments are conducted to evaluate conformance with the Code of Ethics and the Standards.

Sufficient knowledge of internal audit practices requires at least an understanding of all elements of the International Professional Practices Framework.

1312 – External Assessments
External assessments must be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the organization. The chief audit executive must discuss with the board:

  • The form and frequency of external assessment.
  • The qualifications and independence of the external assessor or assessment team, including any potential conflict of interest.

Interpretation:
External assessments may be accomplished through a full external assessment or a self-assessment with independent external validation. The external assessor must conclude as to conformance with the Code of Ethics and the Standards; the external assessment may also include operational or strategic comments.

A qualified assessor or assessment team demonstrates competence in two areas: the professional practice of internal auditing and the external assessment process. Competence can be demonstrated through a mixture of experience and theoretical learning. Experience gained in organizations of similar size, complexity, sector or industry, and technical issues is more valuable than less relevant experience. In the case of an assessment team, not all members of the team need to have all the competencies; it is the team as a whole that is qualified. The chief audit executive uses professional judgment when assessing whether an assessor or assessment team demonstrates sufficient competence to be qualified.

An independent assessor or assessment team means not having either an actual or perceived conflict of interest and not being a part of, or under the control of, the organization to which the internal audit activity belongs. The chief audit executive should encourage board oversight in the external assessment to reduce perceived or potential conflicts of interest.

1320 – Reporting on the Quality Assurance and Improvement Program
The chief audit executive must communicate the results of the quality assurance and improvement program to senior management and the board. Disclosure should include:

  • The scope and frequency of both the internal and external assessments.
  • The qualifications and independence of the assessor(s) or assessment team, including potential conflicts of interest.
  • Conclusions of assessors.
  • Corrective action plans.

Interpretation:
The form, content, and frequency of communicating the results of the quality assurance and improvement program is established through discussions with senior management and the board and considers the responsibilities of the internal audit activity and chief audit executive as contained in the internal audit charter. To demonstrate conformance with the Code of Ethics, and the Standards, the results of external and periodic internal assessments are communicated upon completion of such assessments, and the results of ongoing monitoring are communicated at least annually. The results include the assessor’s or assessment team’s evaluation with respect to the degree of conformance.

1321 – Use of “Conforms with the International Standards for the Professional Practice of Internal Auditing
Indicating that the internal audit activity conforms with the International Standards for the Professional Practice of Internal Auditing is appropriate only if supported by the results of the quality assurance and improvement program.

Interpretation:
The internal audit activity conforms with the Code of Ethics and the Standards when it achieves the outcomes described therein. The results of the quality assurance and improvement program include the results of both internal and external assessments. All internal audit activities will have the results of internal assessments. Internal audit activities in existence for at least five years will also have the results of external assessments.

1322 – Disclosure of Nonconformance
When nonconformance with the Code of Ethics or the Standards impacts the overall scope or operation of the internal audit activity, the chief audit executive must disclose the nonconformance and the impact to senior management and the board.

SIAAB Requirements:

The SIAAB has adopted a formalized Quality Assurance Program (Quality Assurance Review Program) that incorporates The IIA’s Definition of Internal Auditing, Code of Ethics, Standards, and the Core Principles for the Professional Practice of Internal Auditing. In addition, Article III of the SIAAB Bylaws also provides specific guidelines to be used by State of Illinois government internal audit organizations when conducting external quality assurance reviews.

Chief internal auditors must have a process in place for periodic internal and external quality assessments. External quality assurance (peer) reviews must be conducted pursuant to the process adopted by SIAAB using the SIAAB Quality Assurance Matrix; any alternate QAR processes, such as the IIA QAR Manual or IIA resources, must be approved by SIAAB.

From: The IIA’s International Professional Practices Framework Copyright 2017 by The Institute of Internal Auditors, Inc., 1035 Greenwood Blvd, Suite 401, Lake Mary, FL 32746. Reprinted with permission

Please close this window to return to Ability LMS to take the quiz for this lesson.