Contents of IPPF

Intro - Board governing body direct and oversee activity and management of organsation e.g. board of directors/governors/trustees operate to safeguard owners interest e.g. shareholders   

Reliance on assurance that activities from the Board, managerial and down to operational levels are managed effectively,that org goals and objs will be achieved.. IAs plays key role providing independent assurance assessing and improving effectiveness of governance, risk management and control processes. Conformance with IPPF ensure done professionaly, competently,SMART with appropriate purpose, authority, responsibility within a charter approved by Board. 

Independent Objective - report to right level, decide scope and opinion, access infor

Assurance and consulting - imparticial view, avoid conflict>facilitate, counsel, train

Add value and improve an organisations to accomplish its objectives- thru assurance, challenge practice, pragmatic recommendations, help met obj risk based approach thru evaluation and improvement to effectiveness of governance, risk management and control processes

WHY - Management place high degree reliance on IA's assurance on adequancy of risk management, control and governance arrangements.

Nov 11 Q4

PART OF IPPF FRAMEWORK AND MANDATORY

PRINCIPLES TO PROFESSIONAL CONDUCT AND FRAMEWORK FOR RULES THAT GOVERN BEHAVIOUR OF AUDITORS

PROVIDE CONSISTENT APPROACH TO WORK AND PERFORMANCE

DEMOSTRATES PROFESSIONALISM AND GIVES CLIENTS CONFIDENCE

4 ELEMENTS : Integrity - basis for trust and reliance on auditor judgements

Rules of conduct incl performance with honesty and integrity

e.g. auditors not taking part in illegal activity or taking credit for recommendation which came from auditees

Objectivity - independence of thought and mindset of auditor. Awareness of circumstances which may impair confidentiality or result in conflict of interest 

e.g. not assigned to work they had previous executive responsibilty 

Confidentiality - awareness access to sensitive and confiencital data - take care to protect and awareness of DP principles

.e.g sight of payroll systeme incld bonus of staff or sick records. Important NOT to DIVULGE! to UNAUTHORISED source

Competence - have required skills and experience to perform

e.g. audit IT infrastructi but assurance given on adequancy security when major weakness auditor failed to pick up due to lack of knowledge and expertise

DIVIDED INTO TWO KEY PARTS - ATTRIBUTE STANDARD AND PERFORMANCE STANDARDS

ATTRIBUTE - DESCRIBE BEHAVIOUR OF INDIVIDUALS AND ORGANISATION1000 PURPOSE, ACCOUNTABILTY AND RESPONSIBILITY - define in charter>re'd by HIA present to SM and board for approval

1100 INDEPENDENT AND OBJECTIVITY - unrestricted access to SM/B who report to>impartial unbias>not unduly influence or passed to others

1200 PROFIENCY AND DUE PROFESSIONAL CARE - knowledge, skills and competencies for role>disclosure of impairment to client>alert to significant risk

1300 QUALITY ASSURANCE - allow evaluation IA conformance and assess its effectiveness and id improvements. Need for internal assessment of ongoing monitoring & perioidic self assessment>external assessment by external reviewers independently qualified at least 5 yrs>HIA comms result to Board and disclosure of non-conformance.

PERFORMANCE - DESCRIBE MOST APPROPRIATE METHOD FOR DELIVERY

2000 MANAGING THE INTERNAL AUDIT ACTIVITY

2100 NATURE OF WORK

2200 ENGAGEMENT PLANNING

2300 PERFORMANCE OF ENGAGEMENT

2400 COMMUNICATING RESULTS

2500 MONITORIING PROGRESSS

2600 RESOLUTION OF SM ACCEPTANCE OF RISKS

AS 1000 Purpose Audit and Authority are defined in audit charter :

Purpose - Defefintion fo intenal audity include improve effectiveness of risk management, control and governance processes

Authority - Access to all organisations's people, property and record for engagement

Responsibiilty - Relations with other assurance funciton, IA and EA, providing audit opnion and assurance

Independence - unrestricted reporting line board/audit committee

Scope - Type of work done e.g. assurance and consultancy

-----------------------------------------------------------------------------------------------------------------------------------------

Position papers - issue of third parties regarding risk, internal  control and corporate governance issues

Practice advisories - address 

Practice guidance - step by step guide on the implication of practice for intemal auditors 

PERFORMANCE - DESCRIBE MOST APPROPRIATE METHOD FOR DELIVERY - nature of IAS and criteria for which performance can be assessed

2000 MANAGING THE INTERNAL AUDIT ACTIVITY - ok when attribute 1000 met>risk based planning which consider organisation risk management and appetite of various parts>communicate approval 

2100 NATURE OF WORK

2200 ENGAGEMENT PLANNING

2300 PERFORMANCE OF ENGAGEMENT

2400 COMMUNICATING RESULTS

2500 MONITORIING PROGRESSS

2600 RESOLUTION OF MANAGEMENT ACCEPTANCE OF RISKS

~Challenges:

Maintain independence 

Ability to have knowledge of governance risk and control

demonstrate added value of results

Solutions:

Strategies - importance to functional reporting as 3rd line of defence and help identify gaps and avoid duplication with assurance from other assurance providers e.g. security

Skill>skill>staff>improve risk management process>alert significant risks>assurance mapping to ensure 

Conformance with standards - clarification of responsibilityss for IA, HIA and Ia activity

Quality Assurance Improvement Programme requiremes - increase focus and way conformance can be achieved.. External assessment in full or self-assessmetn with independent validation to encourge those not yet conforming

Communication by CAE on unacceptable risks - clarifies std 2600 to help IA conform explaining CAE who says SM has accepted level of risk unacceptable to organisation, matter ultimately for board if unresolved, but not to resolve risk

The charter in the standards of IPPF, quality benchmark for internal audit. Consist of a range of feature which allow the internal audit function to conform with mandatory requirements in the Definition of internal audit, code of ethics and the standard of the professional practice for internal auditing.

As per the IPPF Attribute standard 1000, which cover the purpose, accountbiltiy and responsibility of the internal audit function there shoud be the following:

Purpose - the relate to remit of Internal audit activity to provide assurance and  improve the effectivenes of risk management, control and govnernance processes>Accountability - there should be unrestrited access to property, people e.g. the appropriate level of personnel in the organisation and records>Responsiblities - should clearly specify the role and responsibilite of in relation to other assurance function such as health and safety, risk officer, internal audit and external audit>Independence - separate reporting lines to the broad via the audit and risk committee>Scope - the relates to the activities the internal audit provides in terms of assurance and consultancy services to add value and improve an organisation processes.

By conforming with the requirement of the profession Geraldine will be able to clarify the role of the internal auditor to provide assurance over the effectiveness in management of risk, governance and control activities in the role, communicate what the senior manager i.e the finance director, and the board which included the chairman responsiblities.