Internal Auditing

(Independence, Objectivity, And

Due Care)

Bashir Abdisamad Hared

 Independence and Objectivity; 1100

 The internal audit activity must be

independent, and internal auditors must be
objective in performing their work,
 IIA clarifies this distinction in the following
Interpretation
 Independence and Objectivity; 1100

 Independence is the freedom from conditions that threaten

the ability of the internal audit activity to carry out
internal audit responsibilities in an unbiased manner.
 To achieve the degree of independence necessary to
effectively carry out the responsibilities of the internal
audit activity, the chief audit executive has direct and
unrestricted access to senior management and the board.
 Threats to independence must be managed at the
individual auditor, engagement, functional, and
organizational levels
 Achieving Independence & Reporting
Level; 1110
 The chief audit executive must report to a level
within the organization that allows the internal
audit activity to fulfill its responsibilities.
 The chief audit executive must confirm to the
board, at least annually, the organizational
independence of the internal audit activity
 Achieving Independence & Reporting
Level; 1110
 Examples of functional reporting to the board involve the board:
 Approving the internal audit charter;
 Approving the risk based internal audit plan;
 Approving the internal audit budget and resource plan;
 Receiving communications from the chief audit executive on the
internal audit activity’s performance relative to its plan and other
matters;
 Approving decisions regarding the appointment and removal of the
chief audit executive;
 Approving the remuneration of the chief audit executive; and
 Making appropriate inquiries of management and the chief audit
executive to determine whether there are inappropriate scope or
resource limitations.
 Implementation Standard
1110.A1 /1111

 The internal audit activity must be free from

interference in determining the scope of
internal auditing, performing work, and
communicating results
 To directly interaction with the Board, the chief
audit executive must communicate and interact
directly with the board:
 The CAE shall regularly participates in board meetings
that relate to the board’s oversight responsibilities for
auditing, financial reporting, organizational governance,
and control.
 OBJECTIVITY OF INTERNAL
AUDITORS

 Internal auditors must be objective in

performing their work
 Standard 1100
 Objectivity is an unbiased mental attitude that allows
internal auditors to perform engagements in such a
manner that they believe in their work product and that no
quality compromises are made.
 Objectivity requires that internal auditors do not
subordinate their judgment on audit matters to others.
 Threats to objectivity must be managed at the individual
auditor, engagement, functional, and organizational
levels
 OBJECTIVITY OF INTERNAL
AUDITORS
 Individual Objectivity (1120): Internal auditors must
have an impartial, unbiased attitude and avoid any
conflict of interest:
 Conflict of interest is a situation in which an internal auditor,
who is in a position of trust, has a competing professional or
personal interest.
 Such competing interests can make it difficult to fulfill his or
her duties impartially.
 A conflict of interest exists even if no unethical or improper
act results.
 A conflict of interest can create an appearance of impropriety
that can undermine confidence in the internal auditor, the
internal audit activity, and the profession.
 A conflict of interest could impair an individual’s ability to
perform his or her duties and responsibilities objectively
levels
 OBJECTIVITY OF INTERNAL
AUDITORS
 What could damage objectivity:
 IA shall not make any significant quality
compromise,
 IA shall not be placed in a situation that impair
his/her ability to make objective professional work,
 IA shall avoid any activity that creates conflict of
interest,
 IA shall not design, install and draft systems, and
then audit that system itself
 IMPAIRMENT TO INDEPENDENCE AND
OBJECTIVITY
 Impairment to Independence or Objectivity; 1130
 If independence or objectivity is impaired in fact or
appearance, the details of the impairment must be
disclosed to appropriate parties. The nature of the
disclosure will depend upon the impairment:
 Impairment to organizational independence and individual
objectivity may include, but is not limited to, personal conflict of
interest, scope limitations, restrictions on access to records,
personnel, properties, & resource limitations, such as funding,
 The determination of appropriate parties to which the details of an
impairment to independence or objectivity must be disclosed is
dependent upon the expectations of the internal audit activity’s and
the CAE’s responsibilities to senior management and the board as
described in the internal audit charter, as well as the nature of the
impairment
 IMPAIRMENT TO INDEPENDENCE AND
OBJECTIVITY
 Example
 An internal audit activity was recently engaged to audit the final
balance of inventory for the financial statements. During the
audit, senior management contacted the lead auditor and stated
that the internal audit activity would not be given access to the
physical inventory,
 The denial of access to the inventory is a scope limitation of the
engagement.
 In accordance with PA1130-1, the internal audit activity needs
to communicate the nature of the scope limitation and its
potential effects to the board. This communication should
preferably be in writing
 IMPAIRMENT TO INDEPENDENCE AND
OBJECTIVITY
 Implementation Standard 1130.A1
 Internal auditors must refrain from assessing specific
operations for which they were previously responsible.
Objectivity is presumed to be impaired if an auditor
provides assurance services for an activity for which
the auditor had responsibility within the previous year,
 Implementation Standard 1130.A2
 Assurance engagements for functions over which the
chief audit executive has responsibility must be
overseen by a party outside the internal audit activity
 AUDITOR PROFICIENCY

 Proficiency and Due Professional Care; 1200

 Engagements must be performed with proficiency and
due professional care,
 Proficiency,
 Due professional care

 Proficiency; 1210; internal auditors must possess the

knowledge, skills, and other competencies needed to
perform their individual responsibilities. The internal audit
activity collectively must possess or obtain the knowledge,
skills, and other competencies needed to perform its
responsibilities:
 AUDITOR PROFICIENCY

 Components of Auditor Proficiency

 Proficiency; means IA shall be able to apply:
 Internal audit standards, procedures, and techniques in

performing engagements,
 Accounting principles and techniques if internal auditors

work extensively with financial records and reports

 Knowledge; IA must have knowledge of:

The indicators of fraud sufficient to identify them,
 Key information technology risks and controls and available

technology-based audit techniques,

 An understanding; IA must have an understanding of
management principles to recognize and evaluate the materiality and
significance of deviations from good business practices
 AUDITOR PROFICIENCY

 Components of Auditor Proficiency

 An appreciation; means the ability to recognize the
existence of potential problems:
 The IA must have appreciation in the subjects of:
 Accounting,

 Economics,

 Commercial law,

 Taxation, (5)
Check
 Finance,
memory aids
 Quantitative methods,

 Fraud,

 Risk management, and

 Information technology
 INTERNAL AUDIT RESOURCES

 Internal Resources
 IA must ensure the necessary knowledge, skills, and
competency for undertaking responsibilities:
 Hiring staff,
 Their skills, & competencies,
 Professional development,

 External Resources
 Outsourcing and co-sourcing,
 Outsourcing partial or total external sourcing on an

ongoing basis,
 Co-sourcing for a specific engagement or on an ongoing

basis
 INTERNAL AUDIT RESOURCES

 Implementation Standard 1210.A1

 The chief audit executive must obtain competent advice and
assistance if the internal auditors lack the knowledge, skills, or
other competencies needed to perform all or part of the
engagement

 Due Professional Care; 1220;

 Internal auditors must apply the care and skill expected of a
reasonably prudent and competent internal auditor. Due
professional care does not imply infallibility
 INTERNAL AUDIT RESOURCES

 Implementation Standard 1220.A1 ; IA must

exercise due professional care by considering the
 Extent of work needed to achieve the:
engagement’s objectives,
 Relative complexity, materiality, or significance of
matters to which assurance procedures are
applied,
 Adequacy and effectiveness of governance, risk
management, and control processes,
 Probability of significant errors, fraud, or
noncompliance, and
 Cost of assurance in relation to potential benefits
 INTERNAL AUDIT RESOURCES

 Implementation Standard 1220.A2 ;

 In exercising due professional care internal auditors
must consider the use of technology-based audit and
other data analysis techniques

 Implementation Standard 1220.A3;

 Internal auditors must be alert to the significant risks
that might affect objectives, operations, or resources.
However, assurance procedures alone, even when
performed with due professional care, do not guarantee
that all significant risks will be identified
 INTERNAL AUDIT RESOURCES

 Continuing Professional Development; 1230;

 Internal auditors must enhance their knowledge, skills,
and other competencies through continuing
professional development
 QUALITY ASSURANCE AND IMPROVEMENT
PROGRAM

 Quality Assurance and Improvement Program; 1300;

 The CAE must develop and maintain a quality
assurance and improvement program that covers all
aspects of the internal audit activity
 Requirements of the Quality Assurance and
Improvement Program; 1310
 The quality assurance and improvement program
must include both internal and external assessments
 REPORTING ON QUALITY ASSURANCE

 Reporting on the Quality Assurance and Improvement

Program; 1320
 The CAE must communicate the results of the quality
assurance and improvement program to senior
management and the board
 Use of “Conforms with the International Standards
for the Professional Practice of Internal Auditing”;
1321,
 The CAE may state that the internal audit activity
conforms with the International Standards for the
Professional Practice of Internal Auditing only if the
results of the quality assurance and improvement
program support this statement
 REPORTING ON QUALITY ASSURANCE

 Disclosure of Nonconformance; 1322

 When nonconformance with the Definition of Internal
Auditing, the Code of Ethics, or the Standards impacts
the overall scope or operation of the internal audit
activity, the CAE must disclose the nonconformance
and the impact to senior management and the board,
 INTERNAL AND EXTERNAL ASSESSMENTS

 Internal Assessments; 1311

 Internal assessments must include
 Ongoing monitoring of the

performance of the internal audit

activity, and
 Periodic self-assessments or

assessments by other persons within

the organization with sufficient
knowledge of internal audit practices
 INTERNAL AND EXTERNAL ASSESSMENTS

 External Assessments; 1312

 External assessments must be conducted at
least once every five years by a qualified,
independent assessor or assessment team from
outside the organization. The CAE must
discuss with the board:
 The form and frequency of external
assessments,
 The qualifications and independence of the

external assessor or assessment team, including

any potential conflict of interest
 IIA Standards
issued by International Internal Audit Standards Board

Attribute Standards:


Purpose, Authority and Responsibility….………….….(1000)


Independence and Objectivity……………………….…(1100)


Proficiency and Due Professional Care…………..……(1200)


Quality Assurance and Improvement Program …….....(1300)
Performance Standards:


Managing the Internal Auditing Activity………..…......….(2000)


Nature of Work.……………………………………...…...….(2100)


Engagement Planning…………………………….............…(2200)


Performing the Engagement………………………......…....(2300)


Communicating Results…………………………….............(2400)


Monitoring Progress…………………………………...........(2500)


Communicating the Acceptance of Risks….…………...…..(2600)
26