1 / 33

Professional Practices Framework – What’s New

Professional Practices Framework – What’s New. Purpose of the Session. Understand the PPF Structure. Build Awareness of Major Changes. Web Based Resources To Assist You. New Guidance. CIA. Professional Practices Framework.

etana
Télécharger la présentation

Professional Practices Framework – What’s New

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Professional Practices Framework – What’s New

  2. Purpose of the Session Understand the PPF Structure. Build Awareness of Major Changes. Web Based Resources To Assist You. New Guidance.

  3. CIA Professional Practices Framework • The revised Professional Practices Framework has been adapted to include the new Standards and the updated Practice Advisories. • There has been a major format change to make the guidance more user friendly and accessible. • The Definition • The Code of Ethics • The Standards • Practice Advisories • Topical Index to the Practice Advisories

  4. Professional Practices Framework • Definition of Internal Auditing • Ethics & Standards • Practice Advisories • Development & Practice Aids

  5. Categories of Guidance Ethics & Standards • Code of Ethics • Attribute, Performance, & Implementation Standards Professional Practices Guidance, Representation Practice Advisories Books Research Studies Seminars Conferences Development & Practice Aids

  6. Standards Attribute Standards – address attributes of organizations and individuals performing internal audit services. Performance Standards – describe the nature of internal audit services and provide quality criteria against which the performance can be measured. Implementation Standards – expand upon attribute and performance standards and provide guidance applicable to specific types of engagements. Approved by The IIA’s Auditing Standards Board.

  7. Practice Advisories Endorsed but not mandatory. Interpret and apply the Standards. May be industry, specialty, or geographically specific. May address emerging issues or cover areas without specific Standards. Approved by The IIA’s Professional Issues Committee.

  8. Development & Practice Aids Developed and/or endorsed by The IIA. • Includes – • Research Reports • Books and Other Publications • Seminars • Conferences Also, includes aids developed and/or endorsed by IIA Affiliates.

  9. Major Changes to the Standards - Introduction Internal audit activities are performed in diverse legal and cultural environments; within organizations that vary in purpose, size, complexity, and structure; and by persons within or outside the organization. While differences may affect the practice of internal auditing in each environment, compliance with the International Standards for the Professional Practice of Internal Auditing is essential if the responsibilities of internal auditors are to be met. If internal auditors are prohibited by laws or regulations from complying with certain parts of the Standards, they should comply with all other parts of the Standards and make appropriate disclosures.

  10. Major Changes to the Standards - Introduction Assurance services involve the internal auditor’s objective assessment of evidence to provide an independent opinion or conclusions regarding a process, system or other subject matter. The nature and scope of the assurance engagement are determined by the internal auditor. There are generally three parties involved in assurance services: (1) the person or group directly involved with the process, system or other subject matter – the process owner, (2) the person or group making the assessment – the internal auditor, and (3) the person or group using the assessment - the user.

  11. Major Changes to the Standards - Introduction Consulting services are advisory in nature, and are generally performed at the specific request of an engagement client. The nature and scope of the consulting engagement are subject to agreement with the engagement client. Consulting services generally involve two parties: • the person or group offering the advice – the internal auditor, and (2) the person or group seeking and receiving the advice – the engagement client. When performing consulting services the internal auditor should maintain objectivity and not assume management responsibility.

  12. Major Changes to Specific Standards Information Technology – Attribute Standards 1210.A3 and 1220.A2 Governance – Performance Standards 2130 and 2130.A1 Engagement Planning – Performance Standard 2210.A1 Engagement Involving an Outside Party – Performance Standard 2201.A1 Communicating Results – Performance Standards 2410.A3 and 2440.A2 Significant Consulting Services in an Assurance Engagement– Performance Standard 2220.A2

  13. Major Changes to the Standards - Glossary Consulting Services – Advisory and related client service activities, the nature and scope of which are agreed with the client and which are intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility. Examples include counsel, advice, facilitation and training. Governance – The combination of processes and structures implemented by the board in order to inform, direct, manage and monitor the activities of the organization toward the achievement of its objectives.

  14. Major Changes to the Standards - Glossary Independence – The freedom from conditions that threaten objectivity or the appearance of objectivity. Such threats to objectivity must be managed at the individual auditor, engagement, functional and organizational levels. Residual Risks – The risk remaining after management takes action to reduce the impact and likelihood of an adverse event, including control activities in responding to a risk. Risk Management – A process to identify, assess, manage, and control potential events or situations, to provide reasonable assurance regarding the achievement of the organization’s objectives.

  15. Major Changes to the Standards - Glossary Should – The use of the word “should” in the Standards represents a mandatory obligation. Standard – A professional pronouncement promulgated by the Internal Auditing Standards Board that delineates the requirements for performing a broad range of internal audit activities, and for evaluating internal audit performance. Internal AuditActivity – A department, division, team of consultants, or other practitioner(s) that provides independent, objective assurance and consulting services designed to add value and improve an organization's operations.  The internal audit activity helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

  16. Web Site Information Guidance overview (next slide) Mapping standards to guidance Topical sort of PAs - by subject area Governance resource repository IT resource repository Security management repository Ethics resources Government auditor’s resource center IT Audit reference library Responses to exposure drafts

  17. Web Site Information

  18. IIA “Linked” Guidance http://www.theiia.org/Guidance Professional Practices FrameworkThe IIA's blueprint for the profession that offers practitioners a full range of internal audit guidance, including the Standards, Code of Ethics, practice advisories, and development and practice aids. Positions Papers & ResponsesThe latest position papers and responses to exposure drafts from other organizations related to internal auditing. Additional ResourcesFind the guidance resources you need in such areas as Corporate Governance, Risk Management, Expressing an Opinion on Internal Control, COSO Guidance, Establishing an Audit Shop, Sustainable Development, and many more subject areas.

  19. Guidance Overview Upcoming development information • Development and practice aids (DPAs) Adding resource items based on member inquiries, e.g establishing a new audit shop, SOX support, technology and security resources

  20. Practice Advisories • Practice advisories cover a wide subject matter Over 80 practice advisories issued Reflects good practice – developed and approved by the Professional Issues Committee (PIC) New Ideas team guide PIC’s priorities Topical sort provides a subject area overview

  21. Governance Repository • Started in response to Enron, etc Has evolved over time Highlights IIA’s numerous efforts in governance - papers, research, guidance, support for risk management and audit committees, other initiatives Recently, adding resources from other organizations

  22. Information Technology Repository • Expanded in response to SD#2 Highlights IIA’s numerous efforts in technology - papers, research, guidance, support for critical infrastructure protection, other initiatives Recently, adding resources from other organizations and for other management practices, e.g project management Global Technology Audit Guide is one of the major IIA guidance efforts

  23. Information Security Repository • Started in response to security concerns Has evolved over past year Highlights IIA’s numerous efforts in security - papers, research, guidance, support for CIAO and CISWG efforts, other initiatives Have added resources from other organizations

  24. Resources for Ethics Consolidate IIA and others resources in regards to Ethics • Has evolved over past year • Continue to review and refine

  25. Government Auditor’s Resource Center • Started by the Government Relations Committee (GRC) • Highlights various resources of use by government auditors

  26. IT Audit Reference Library Maintained by the editor of the bi- monthly IT Audit newsletter • Provides a comprehensive library of links and useful online information for auditors looking for specific IT-related information Continues to grow

  27. New Guidance Technology – Practice Advisories based on ISACA Standards issued Privacy – 2 Practice Advisories issued Internal Auditor roles in SOX 302/404 – position paper Existing PA’s review and update • New & Improved Version of the Professional Practices Framework Book • Ethics • Updated Standards • Updated Practice Advisories • Topical Index

  28. New Position Paper Guidance • Why Standards Matter • IIA Response to Basel Committee • Resourcing Alternatives for the Internal Audit Function • Practical Considerations Regarding Internal Auditing Expressing an Opinion on Internal Control

  29. Practice AdvisoriesNew Guidance Practice Advisory 1220-2 CAATS Practice Advisory 2100-9 Applications Systems Review Practice Advisory 2100-10 Audit Sampling Practice Advisory 2100-11 Effect of Pervasive IS Controls Practice Advisory 2100-12 Outsourcing of IS Activities

  30. Practice AdvisoriesNew Guidance Practice Advisory 2100-13 Effect on Third Parties on an Organization's IT Controls Practice Advisory 2100-14 Audit Evidence Requirement Practice Advisory 1000.C1-3 Additional Considerations for Consulting Engagements in Government Oraganizational Settings Practice Advisory 1311-2 Establishing Measures (Quantitative Metrics and Qualitative Assessments) to Support Reviews of Internal Audit Activity Performance

  31. Practice AdvisoriesProfessional Practices Pamphlets Under Consideration for Revision to Practice Advisories 98-3 Automating the Audit Workpaper Process 98-2 A Perspective on Control Self-Assessment 97-1 Electronic Commerce and the Internet IIA Position Paper on the Audit Committee in the Public Sector

  32. Practice AdvisoriesProfessional Practices Pamphlets Under Consideration for Revision to Practice Advisories IIA Position Paper on Whistleblowing Internal Audit and the Audit Committee: Working Together Toward Common Goals What Audit Directors Disclose About Outsourcing

  33. Contact Information If you have any questions regarding the Professional Practices Framework or guidance materials or you wish to forward additions, contributions or suggestions e-mail The IIA at: issues@theiia.org

More Related