What is the

Mission of Internal Audit?

(know word-for-word)

To enhance and protect organizational value by providing

risk-based and objective assurance, advice, and insight.

The Mission of Internal Audit articulates what internal audit

aspires to accomplish within an organization. Its place in
the New IPPF is deliberate, demonstrating how
practitioners should leverage the entire framework to
facilitate their ability to achieve the Mission.
© 2019 HOCK international
 What are the elements of
Mandatory Guidance?

1) Core Principles for the Professional Practice of Internal

Auditing
2) Definition of Internal Auditing
3) Code of Ethics
4) International Standards for the Professional Practice of
Internal Auditing (Standards)

© 2019 HOCK international

 What are the purposes
of the Standards?

1) Guide adherence with the mandatory elements of the

International Professional Practices Framework.
2) Provide a framework for performing and promoting a
broad range of value-added internal auditing services.
3) Establish the basis for the evaluation of internal audit
performance.
4) Foster improved organizational processes and
operations.
© 2019 HOCK international
 What do the Standards consist of?

1) Statements of core requirements for the professional

practice of internal auditing and for evaluating the
effectiveness of performance that are internationally
applicable at organizational and individual levels.
2) Interpretations clarifying terms or concepts within the
Standards.

© 2019 HOCK international

 What are the three
types of Standards?

1) Attribute Standards
2) Performance Standards
3) Implementation Standards

© 2019 HOCK international

 What are the two types of
Recommended Guidance?

1) Implementation Guidance
2) Supplemental Guidance

© 2019 HOCK international

 What are Implementation Guides?

Implementation Guides assist internal auditors in applying

the Standards.

IGs collectively address internal auditing’s approach,

methodologies, and consideration, but do not detail
processes or procedures.

© 2019 HOCK international

 What is Supplemental Guidance?

Supplemental Guidance provides detailed guidance for

conducting internal audit activities. These include topical
areas, sector-specific issues, as well as processes and
procedures, tools and techniques, programs, step-by-step
approaches, and examples of deliverables.

© 2019 HOCK international

 What is the definition of
internal auditing?
(know word-for-word)

Internal auditing is an independent, objective assurance and

consulting activity designed to add value and improve an
organization’s operations. It helps an organization accomplish
its objectives by bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk management,
control, and governance processes.
The Definition of Internal Auditing states the fundamental
purpose, nature, and scope of internal auditing.

© 2019 HOCK international

 What writes the Internal Audit
Charter and who approves it?

The charter should be written by (and periodically reviewed

by) the CAE and approved by senior management and the
board or audit committee.

© 2019 HOCK international

What are the seven sections in the
Internal Audit Charter?

1) Purpose and Mission

2) Standards for the Professional Practice of Internal
Auditing
3) Authority
4) Independence and Objectivity
5) Scope of Internal Audit Activities
6) Responsibility
7) Quality Assurance and Improvement Program
© 2019 HOCK international
 What is the definition of
assurance services?

“An objective examination of evidence for the purpose of

providing an independent assessment on governance, risk
management, and control processes for the organization.
Examples may include financial, performance, compliance,
system security, and due diligence engagements.”
(from the IIA Glossary)

© 2019 HOCK international

 What is the definition of
consulting services?

“Advisory and related client services, the nature and scope

of which are agreed upon with the client and which are
intended to add value and improve an organization’s
operations. Examples include counsel, advice, facilitation,
process design and training.” (from the IIA Glossary)

© 2019 HOCK international

 What consulting services may
internal auditors perform?

The Standards state that internal auditors can only perform

consulting services specifically defined in the internal audit
charter.

© 2019 HOCK international

 What is the difference between
assurance and consulting
engagements?

In an assurance engagement, the auditor provides an

assessment and states an opinion about whether or not
something within the company is operating or performing
correctly. The auditor should be objective in the
investigation and independent in the decision.
In a consulting engagement, the auditor provides advice
or makes a suggestion.

© 2019 HOCK international

 What is the Code of Ethics?

“The Code of Ethics states the principles and expectations

governing the behavior of individuals and organizations in
the conduct of internal auditing. It describes the minimum
requirements for conduct, [sic] and behavioral expectations
rather than specific activities.” (from the Code of Ethics)

© 2019 HOCK international

 What are the four principles
in the Code of Ethics?

1) Integrity
2) Objectivity
3) Confidentiality
4) Competency

© 2019 HOCK international

 What are the Rules of Conduct
related to integrity?
Internal auditors:
1.1. Shall perform their work with honesty, diligence, and
responsibility.
1.2. Shall observe the law and make disclosures expected
by the law and the profession.
1.3. Shall not knowingly be a party to any illegal activity, or
engage in acts that are discreditable to the profession
of internal auditing or to the organization.
1.4. Shall respect and contribute to the legitimate and
ethical objectives of the organization.
© 2019 HOCK international
 What are the Rules of Conduct
related to objectivity?
Internal auditors:
2.1. Shall not participate in any activity or relationship that
may impair or be presumed to impair their unbiased
assessment. This participation includes those activities
or relationships that may be in conflict with the interests
of the organization.
2.2. Shall not accept anything that may impair or be
presumed to impair their professional judgment.
2.3. Shall disclose all material facts known to them that, if not
disclosed, may distort the reporting of activities under
review.
© 2019 HOCK international
 What are the Rules of Conduct
related to confidentiality?

Internal auditors:
3.1. Shall be prudent in the use and protection of
information acquired in the course of their duties.
3.2. Shall not use information for any personal gain or in
any manner that would be contrary to the law or
detrimental to the legitimate and ethical objectives of
the organization.

© 2019 HOCK international

 What are the Rules of Conduct
related to competency?
Internal auditors:
4.1. Shall engage only in those services for which they
have the necessary knowledge, skills, and
experience.
4.2. Shall perform internal auditing services in accordance
with the International Standards for the Professional
Practice of Internal Auditing.
4.3. Shall continually improve their proficiency and the
effectiveness and quality of their services.
© 2019 HOCK international
 What is independence?

“Independence is the freedom from conditions that threaten

the ability of the internal audit activity to carry out internal
audit responsibilities in an unbiased manner. To achieve
the degree of independence necessary to effectively carry
out the responsibilities of the internal audit activity, the chief
audit executive has direct and unrestricted access to senior
management and the board. This can be achieved through
a dual-reporting relationship. Threats to independence
must be managed at the individual auditor, engagement,
functional, and organizational levels.” (from Standard 1100)
© 2019 HOCK international
 What is objectivity?

“Objectivity is an unbiased mental attitude that allows

internal auditors to perform engagements in such a manner
that they believe in their work product and that no quality
compromises are made. Objectivity requires that internal
auditors do not subordinate their judgment on audit matters
to others. Threats to objectivity must be managed at the
individual auditor, engagement, functional, and
organizational levels.” (from Standard 1100)

© 2019 HOCK international

 What does organizational
independence mean?

Organizational Independence means that the internal audit

activity must not have any current or previous relationships
with the departments that it audits.

Organizational independence can be achieved through a

properly designed Internal Audit Charter.

© 2019 HOCK international

 What are examples of
functional reporting?
• Approving the internal audit charter;
• Approving the risk based internal audit plan;
• Approving the internal audit budget and resource plan;
• Receiving communications from the chief audit executive on
the internal audit activity’s performance relative to its plan and
other matters;
• Approving decisions regarding the appointment and removal
of the chief audit executive;
• Approving the remuneration of the chief audit executive; and
• Making appropriate inquiries of management and the chief
audit executive to determine whether there are inappropriate
scope or resource limitations.
© 2019 HOCK international
(from Standard 1110)
 What are examples of
administrative reporting?

• Budgeting and management accounting.

• Human resource administration, including personnel
evaluations and compensation.
• Internal communications and information flows.
• Administration of the internal audit activity’s policies and
procedures.
(from PA 1110-1)

© 2019 HOCK international

 Who does the CAE report to?

The CAE should report to an audit committee, or its

equivalent, for any functional and engagement issues.

For administrative issues, the CAE should report to the

CEO (or a similar position).

© 2019 HOCK international

 What is individual objectivity?

“Internal auditors must have an impartial, unbiased attitude

and avoid any conflict of interest.”
(from Standard 1120)

© 2019 HOCK international

 What are common impairments?
1) A personal conflict of interest.
2) A scope limitation, including a restriction of access to
records, personnel, or properties.
3) Resource limitation, which includes funding limitations.
4) Situations where the auditor is assessing operations for
which they were previously responsible.
5) Assurance engagements for functions over which the
CAE previously had responsibility.
6) Consulting engagements in areas where assurance
engagements are also performed.
© 2019 HOCK international
 What is a conflict of interest?

A situation in which an internal auditor, who is in a position

of trust, has a competing professional or personal interest.
Such competing interests can make it difficult to fulfill his or
her duties impartially. A conflict of interest exists even if no
unethical or improper act results. A conflict of interest can
create an appearance of impropriety that can undermine
confidence in the internal auditor, the internal audit activity,
and the profession. A conflict of interest could impair an
individual’s ability to perform his or her duties and
responsibilities objectively. (from Standard 1120)
© 2019 HOCK international
 May auditors assess operations
that they were previously
responsible for?

Internal auditors must refrain from assessing specific

operations for which they were previously responsible.
Objectivity is presumed to be impaired if an auditor
provides assurance services for an activity for which the
auditor had responsibility within the previous year.
(from PA 1130)

© 2019 HOCK international

May auditors provide consulting for
operations that they were
previously responsible for?

Yes, internal auditors may provide consulting services

relating to operations for which they had previous
responsibilities.

© 2019 HOCK international

 What must be done if
independence is impaired
in fact or in appearance?

“The details of the impairment must be disclosed to

appropriate parties.” (from Standard 1130)

© 2019 HOCK international

What responsibilities does the CAE
have to report independence and
objectivity issues to the board?

1) The CAE will confirm at least annually to the board that

the IAA is organizationally independent. The CAE will
need to make certain that the IAA maintains its
organizational independence at all times.
2) The CAE will disclose to the board any interference with
the IAA determining the scope of work, performing the
work, or communicating the results.

© 2019 HOCK international