What are the basic principles of internal auditing?

The Journal of Accountancy article Proposed new guidance outlines 12 principles for internal auditing provides a further overview of the proposed changes. The actual proposal is available on the IIA’s website. The IIA is seeking comments by November 3, 2014. If approved, elements of the new framework could be available in the first quarter of 2015, followed by a new framework possibly in 2016.

Nội dung chính Show

What are the 7 audit principles?
What are the 5 C's of internal audit?
What are the main principles guiding the internal auditor while executing an internal audit?
What are the four principles that internal auditors need to uphold?

Technical Resources
- Professional guidance
  - Introduction
  - Mission
  - Core Principles
  - Definition
  - Code of Ethics
  - Standards
  - Implementation Guidance
  - Supplemental Guidance
  - Standards Presentation
  - The IIA's Three Lines Model
- 20 Critical Questions Series
- Ask a question
- Benchmarking studies
- Bookstore & publications
  - Internal Audit in Australia
  - Managing Culture - A good practice guide
  - Australian Bookstore
  - Global Bookstore
  - Effective Internal Auditing in the Public Sector - a good practice guide
  - Internal Audit Better Practice Guide for Financial Services in Australia
  - Auditing risk culture - A practical guide
  - Project Assurance
- Case Studies
- Fact sheets
- White Papers
  - Call for White Papers
- Library services
- Member Recommendations - Video series
- Newsletter Q&A
- State of the Nation
- Software directory
- Useful links
- Knowledge Centre

Home
Professional guidance
Core Principles

Core Principles

The Core Principles for the Professional Practice of Internal Auditing, taken as a whole, describe internal audit effectiveness.

For an internal audit function to be considered effective, all Principles should be achieved. How an internal auditor, as well as an internal audit activity, demonstrates achievement of the Core Principles may vary from organisation to organisation, but failure to achieve any of the Principles would imply that an internal audit activity was not as effective as it could be in achieving internal audit’s mission (see Mission of Internal Audit):

Demonstrates integrity.
Demonstrates competence and due professional care.
Is objective and free from undue influence (independent).
Aligns with the strategies, objectives, and risks of the organisation.
Is appropriately positioned and adequately resourced.
Demonstrates quality and continuous improvement.
Communicates effectively.
Provides risk-based assurance.
Is insightful, proactive, and future-focused.
Promotes organisational improvement.

IMPLEMENTATION GUIDANCE

DEMONSTRATING THE CORE PRINCIPLES FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING

In this blog we’ll learn about the 7 key principles of effective management system auditing. Knowledge of these principles will help make sure you deliver an audit program that meets the needs of internal and external stakeholders and produces reliable, valid audit findings.

Takeaways

Integrity is absolutely fundamental to the audit process
Giving a fair report based on the objective evidence, and the facts seen during the audit
Why it's important to avoid making judgement calls about procedures
The importance of being independent of the work activity or the process we are auditing

Professional standards are often interesting documents. Typically they offer a set of core principles that are intended to act as a beacon of light to guide behaviors and decision-making among the noble practitioners and workers who toil under the given occupation’s collective flag.

These professional standards or codes of conduct are generally well-intended, but in reality, they are almost always so over-worked by committees that they are written in a tortured language that is nearly unreadable and even harder to put into practice in daily working environments. On the other end of the spectrum, they may be too basic and “no duh” to offer any real insight. Either way, professional principles are mostly forgettable and offer very little to most professionals who must navigate difficult ethical dilemmas and workplace conundrums on a daily basis.

Many statements of professional core principles are just a list of a few nice words that sound good, but are almost meaningless in practice. Consider the American Institute of Certified Public Accountants’ “Values and Vision Statement,” which lists the principles of integrity, passion, innovation, and collaboration. Along with each is a statement that doesn’t provide much help in terms of how to live by them. Along with Innovation, for example, we get: “We are encouraged to challenge ourselves to take chances and apply creative ideas and approaches to all that we do.” I’m sure all the CPAs out there are feeling invigorated after reading that.

Multa Paucis
Professions that have done this well tend to boil down the message to a single memorable and powerful line made all the more important by being rendered in Latin. Doctors, for example, take the Hippocratic Oath of “primum non nocere,” or “first, do no harm.” Marines, Army Rangers, and other military groups use some form of, “Leave no man behind,” or in Latin, “nemo resideo.” Many police departments adopt some form of the phrase, “To protect and serve.”

My Latin is rusty and I don’t intend—nor would I ever be so bold—to offer an overarching phrase or motto that captures the essential mandate of internal audit in a few words. (Just for fun, though, if you have some ideas for one, please offer them in the comments section below! Extra points for Latin phrases.) But I do want to examine the core principles that are offered by internal audit professional associations.

IIA’s Core Principles
The Institute of Internal Auditors (IIA) offers a set of core principles in its Standards & Guidance — International Professional Practices Framework that is better than most. They are:

Demonstrates integrity
Demonstrates competence and due professional care
Is objective and free from undue influence (independent)
Aligns with the strategies, objectives, and risks of the organization
Is appropriately positioned and adequately resourced
Demonstrates quality and continuous improvement
Communicates effectively
Provides risk-based assurance
Is insightful, proactive, and future-focused
Promotes organizational improvement

Still, some of these are fairly vague, redundant, or beyond the professional’s control. It’s hard to imagine, for example, an internal auditor who sets out to not communicate effectively or chooses not to be “adequately resourced.” Still, they serve as a decent set of reminders for internal auditors to behave in way that is ethical and effective and they are worth revisiting on a regular basis.

“How an internal auditor, as well as an internal audit activity, demonstrates achievement of the Core Principles may be quite different from organization to organization, but failure to achieve any of the principles would imply that an internal audit activity was not as effective as it could be in achieving internal audit’s mission,” the IIA states in its introduction to the principles.

Interestingly, the last principle, “promotes organizational improvement,” is a watered down version of what was proposed in an earlier version of the principles, which was, “promotes positive change.” I’d argue that the earlier version was more powerful, as it evokes a bigger commitment to good than just incremental process improvement, as the resulting principle seems to suggest. It could even serve as that overarching principle that we mentioned earlier. Promote positive change, from the Latin, “ad promovere positivum mutatio.” Has a nice ring to it, right? I just hope Google Translate served me well.

An Alternative Set of Principles
My intention isn’t to criticize the IIA’s Core Principles, since as I mentioned they are better than most. And it could be worse; there could be no principles at all. As far as I know there are no core principles, for example, for compliance professionals. Michael Volkov, CEO of law firm Volkov Law Group, offers a pretty good set of stand-in principles in this article, “The Compliance Profession Needs to Adopt Professional Standards.”

I did recently come across a newly issued set of professional standards for internal auditors issued by the Institute of Chartered Accountants of India’s (ICAI) Internal Audit Standards Board. To be sure, the ICAI’s core principles borrow heavily from the IIA’s and some are identical. I do, however, think in some ways that it may be a more succinct, actionable, and a better-stated version, with clearly elaborated descriptions of what each principle means in practice. I’m not suggesting they are overall a better set of principles, just that they may offer some additional insights on the role of internal audit and the guidelines auditors should follow.

In the interest of finally fulfilling the promise made in the headline of this article, I will run thought them now, with some of the language provided by the ICAI and some of my own thoughts. First a full list, and then I will address each one.

Independence
Integrity and objectivity
Due professional care
Confidentiality
Skills and competence
Risk-based auditing
System and process focus
Avoiding participation in operation decision-making
Sensitivity to multiple stakeholder interests
Quality and continuous improvement

1. Independence
OK, this one is pretty straightforward, and while I prefer the IIA’s move to put integrity at the top of the list, I can certainly understand why independence might come in first in India, where corruption is high. Transparency International scores India just a 40 out of 100 on its Corruption Perception Index. Indeed, it’s often not the integrity of the internal auditors that interferes with a true assessment, but the integrity of those around the auditors trying to influence them. Retaining that independence often requires courage to stand up to others who may seek to influence audit findings. Internal auditors must also advocate for structures that help to maintain independence, such as reporting to the audit committee.

Also, with the continuing trend for internal audit providing more advisory and consulting work, independence has grown in importance. As internal audit does more work to shape risk-management, compliance, and governance structures, they must use care not to abandon independence. Internal Audit can’t compromise its ability to provide an unvarnished take on the processes and functions it audits.

As the ICAI so artfully puts it: “The internal auditor shall be free from any undue influences which force him [or her] to deviate from the truth. This independence shall be not only in mind, but also in appearance. Also, the internal auditor shall resist any undue pressure or interference in establishing the scope of the assignments or the manner in which these are conducted and reported, in case these deviate from set objectives.”

2. Integrity and Objectivity
Interestingly, the ICAI paired integrity with objectivity, rather than its more logical cousin of independence, where the IIA includes it. I think the point here is that objectivity is in the auditor’s control, while independence may not be. The idea is that acting with integrity includes bringing full objectivity to the internal audit process. That means not bowing to undue influence, avoiding conflicts of interest, and standing up to those who want auditors to look the other way—in other words, acting with integrity.

According the ICAI: “The internal auditor shall be honest, truthful, and be a person of high integrity. He [or she] shall operate in a highly professional manner and seen to be fair in all his dealings. He shall avoid all conflicts of interest and not seek to derive any undue personal benefit or advantage from his position.”

What are the 7 audit principles?

observe and comply with any applicable legal requirements; • demonstrate their competence while performing their work; • perform their work in an impartial manner, i.e. remain fair and unbiased in all their dealings; • be sensitive to any influences that may be exerted on their judgement while carrying out an audit.