Changes To the Public Sector Internal Audit Standards April 2017

Similar documents
International Standards for the Professional Practice of Internal Auditing (Standards)

STANDARDS: QUALITY ASSURANCE

Implementation Guide 2060

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)

Report. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report

2012 IIA Standards Update

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

Implementation Guide 1312

The Red (Book) Rocks The Latest and Greatest Audit Standards

Internal Audit Charter

Implementation Guide 1300

Practice Advisory : Quality Assurance and Improvement Program

Glossary. Chartered Institute of Internal Auditors. 26 July Add value. Adequate control. Assurance services. Board. Charter

International Standards for the Professional Practice of Internal Auditing

Lake County School District. Quality Assurance & Improvement Program. Internal Self-Assessment for. The Internal Audit Department

Internal Audit Annual Assertion on Internal Auditing. for Financial Year

Quality Assessment Review. Agenda. The Law Says 11/16/2015. Internal Audit Management November 19-20, 2015

SIAAB Guidance #02 Internal Audit Independence- Interaction with Agency Head, Senior Staff and Placement Within the Organizational Structure

INTERNAL AUDIT CHARTER

International Standards for the Professional Practice of Internal Auditing (Standards)

What We Will Cover Today

10/5/2016. Quality Assessment Review. Agenda. What s the purpose of a QAR? Internal Audit Manager Training October 3-4, 2016

Internal Audit Quality Policy

Implementation Guides

External Quality Assessment Are You Ready? Institute of Internal Auditors

Audit Standards 6/23/2017. Outline. Let s Refresh. Changes to the IIA Standards

This Internal Audit Charter is intended to define the role, responsibility and accountability of the Society s Internal Audit function.

GoldSRD Audit 101 Table of Contents & Resource Listing

Wokingham Borough Council

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING

Implementation Guide 1200

Implementation Guide 1000

Quality Assurance and Improvement Program (QAIP)

ENERGY QUEENSLAND LIMITED INTERNAL AUDIT CHARTER. [April 2017]

SIAAB Guidance #05. Conforming with FCIAA and Standards in Small Audit Functions in the State of Illinois. Adopted December 8, 2015

The IPPF in How changes to The IIA s guidance framework can benefit internal auditors and SAIs

CGIAR System Management Board Audit and Risk Committee Terms of Reference

Internal Audit Charter

Internal Audit Charter

Caribbean Association of Audit Committee Members Inc. Independent Quality Assurance Assessment of the Internal Audit function

AUDIT COMMITTEE REPORTING: TRENDS & BEST PRACTICES Timothy Etoori Head of Internal Audit UGAFODE Microfinance

Implementation Guide 1311

Corporate Governance Principles

CONNECTING THE INTERNAL AUDIT DOTS AN OVERVIEW OF INTERNAL AUDIT S ROLE, SCOPE, STANDARDS AND ENGAGEMENT APPROACH

Audit and Risk Management Committee Charter

Implementation Guide 2050

2018 Corporate Governance Statement

(

1. Definition & Mission

INTERNAL AUDIT CHARTER

Companies should establish the functions reserved to the board and those delegated to senior executives and disclose those functions.

Audit and Risk Committee Charter

Strathclyde Partnership for Transport

Boral Limited Audit & Risk Committee Charter

Practice Advisory : Internal Audit Charter

Internal Audit Standards Board Disposition on the 2010 Standards Exposure Results/Comments. Introduction

3.6.2 Internal Audit Charter Adopted by the Board: November 12, 2013

Audit and Risk Committee Charter September 2017

UNITED ISD INTERNAL AUDIT DEPARTMENT QUALITY ASSESSMENT SELF-ASSESSMENT WITH INDEPENDENT EXTERNAL VALIDATION

This URL on our website:

Audit and Risk Committee Charter

FLORIDA STATE UNIVERSITY Office of Inspector General Services Report #17-06

In carrying out the responsibilities and powers set out in this Charter, the Board of Digital CC Limited (Company):

ESSEX POLICE, FIRE AND CRIME COMMISSIONER, FIRE AND RESCUE AUTHORITY

OFFICE OF INTERNAL AUDITS APPALACHIAN STATE UNIVERSITY AUDIT MANUAL

Internal Audit Charter

The Board has also adopted the following governance objectives. 9. To ensure the effective monitoring and management of health and safety.

QBE INSURANCE GROUP LIMITED

INTERNAL AUDIT CHARTER SECURE TRUST BANK PLC

THORNEY OPPORTUNITIES LTD ACN AUDIT & RISK COMMITTEE CHARTER

Board of Directors. Charter. Introduction. Board Composition

Corporate Governance Statement

Audit Committee Charter ISSUE DATE: 22 JUNE 2017 AUDIT COMMITTEE CHARTER. ISSUE DATE: 22 JUNE 2017 PAGE 01 OF 07

AUDIT AND RISK MANAGEMENT COMMITTEE CHARTER

Implementation Guide 2000

Group Internal Audit Charter

NORFOLK SOUTHERN CORPORATION. Committee s Role and Purpose

This URL on our website:

External Quality Assessment of Conformance to the Public Sector Internal Audit Standards

Board Charter POL-00007

KING IV GOVERNANCE PRINCIPLES APPLICATION BY MURRAY & ROBERTS FY The governing body should lead ethically and effectively (Leadership)

Planning Guides. Planning. IA Governance

RISK AND AUDIT COMMITTEE CHARTER

TRANS HEX GROUP LIMITED REGISTER OF APPLICATION OF THE KING IV PRINCIPLES

CORPORATE GOVERNANCE STATEMENT

Quality Assurance and Improvement Program

GENERAL GUIDANCE NOTE Summary of King IV Disclosure Requirements

VBI VACCINES INC. BOARD OF DIRECTORS MANDATE. Adopted September 23, 2016

Implementation Guide 2431

Corporate Governance Statement

Bank of Botswana Internal Audit Charter March 18, 2013 INTERNAL AUDIT CHARTER BANK OF BOTSWANA

GRM OVERSEAS LIMITED RISK MANAGEMENT POLICY

INTERNAL AUDIT PLAN AND CHARTER 2018/19

The Corporate Governance Statement is accurate and up to date as at 30 June 2018 and has been approved by the board.

Corporate Governance Statement John Bridgeman Limited

Receiving communications from the chief audit executive on the internal audit activity's performance relative to its plan and other matters;

Corporate Governance Statement

HOMECHOICE INTERNATIONAL PLC AUDIT AND RISK COMMITTEE CHARTER Review 12 May 2017

Corporate Governance Statement

BOARD CHARTER TOURISM HOLDINGS LIMITED

Transcription:

s To the Public Sector Internal Audit Standards April 2017

The Public Sector Internal Audit Standards (PSIAS) were updated in April 2017. The latest version of the document can be accessed on The Chartered Institute of Public Finance & Accountancy s website via the following link (http://www.cipfa.org/policy-andguidance/standards/public-sector-internal-audit-standards). The PSIAS were reviewed to ensure they remained compliant with the amended version of the Institute of Internal Auditors International Standards that came into effect in January 2017. A consultation process was undertaken from this time to ensure there were no issues with compatibility in incorporating the new Standards. The changes made are summarised in the table below.

s To PSIAS KEY: red text text grey text text removed Page / 15 S1010 The mandatory nature of the Definition of Internal Auditing and CoE must be recognised in the Internal Audit Charter. The CAE should discuss the Definition of Internal Auditing, the CoE, and the Standards with Senior Management and the Board. 17 S1110. A1 17 1112 new section The CAE should discuss the Mission of Internal Audit and the mandatory elements of the IPPF with Senior Management and the Board. The internal audit activity must be free from interference in determining the scope of internal auditing, performing work and communicating results. The chief audit executive must disclose such interference to the board and discuss the implications. CAE Roles Beyond Internal Auditing Where the chief audit executive has or is expected to have roles and/or responsibilities that fall outside of internal auditing, safeguards must be in place to limit impairments to independence or objectivity. The chief audit executive may be asked to take on additional roles and responsibilities outside of internal auditing, such as responsibility for compliance or risk management activities. These roles and responsibilities may impair, or appear to impair, the organisational independence of the internal audit activity or the individual objectivity of the internal auditor.

Safeguards are those oversight activities, often undertaken by the board, to address these potential impairments, and may include such activities as periodically evaluating reporting lines and responsibilities and developing alternative processes to obtain assurance related to the areas of additional responsibility. 18 1130.A 3 19 1210 20 1300 new section text Public sector interpretation: When asked to undertake any additional roles/responsibilities outside of internal auditing, the chief audit executive must highlight to the board any potential or perceived impairment to independence and objectivity having regard to the principles contained within the Code of Ethics as well as any relevant requirements set out by other professional bodies to which the CAE may belong. The board must approve and periodically review any safeguards put in place to limit impairments to independence and objectivity (see also Standard 1000 Purpose, Authority and Responsibility). The internal audit activity may provide assurance services where it had previously performed consulting services, provided the nature of the consulting did not impair objectivity and provided individual objectivity is managed when assigning resources to the engagement. Proficiency is a collective term that refers to the knowledge, skills, and other competencies required of internal auditors to effectively carry out their professional responsibilities. It encompasses consideration of current activities, trends and emerging issues, to enable relevant advice and recommendations. Internal auditors are encouraged to demonstrate their proficiency by obtaining appropriate professional certifications and qualifications, such as the Certified Internal Auditor designation and other designations offered by The Institute of Internal Auditors and other appropriate professional organisations. A quality assurance and improvement programme is designed to enable an evaluation of the internal audit activity s conformance with the Definition of Internal Auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The programme also assesses the efficiency and effectiveness of the internal audit activity and

21 1311 21 1312 21 1312 22 1320 Update text text identifies opportunities for improvement. The chief audit executive should encourage board oversight in the quality assurance and improvement programme. Periodic assessments are conducted to evaluate conformance with the Definition of Internal Auditing, the Code of Ethics and the Standards. External assessments may be accomplished through a full external assessment, or a self-assessment with independent external validation. The external assessor must conclude as to conformance with the Code of Ethics and the Standards; the external assessment may also include operational or strategic comments. An independent assessor or assessment team means not having either an actual or a perceived conflict of interest and not being a part of, or under the control of, the organisation to which the internal audit activity belongs. The chief audit executive should encourage board oversight in the external assessment to reduce perceived or potential conflicts of interest. Disclosure should include: The scope and frequency of both the internal and external assessments. The qualifications and independence of the assessor(s) or assessment team, including potential conflicts of interest. Conclusions of assessors. Corrective action plans. 22 1321 Indicating that the internal audit activity conforms with the International Standards for the Professional Practice of Internal Auditing is appropriate only if supported by the results of the quality assurance and improvement programme. The CAE may state that the internal audit activity conforms with the ISPPIA only if the results if the QAIP support this statement. 22 When non-conformance with the Definition of Internal Auditing, Code of Ethics or the Standards impacts the overall

1322 scope or operation of the internal audit activity, the chief audit executive must disclose the non-conformance and the impact to senior management and the board. Public sector requirement: Such non-conformances must be highlighted by the chief audit executive to be considered for inclusion in the governance statement. 23 2000 Instances of non-conformance must be reported to the Board. More significant deviations must be considered for inclusion in the governance statement. The internal audit activity is effectively managed when: It achieves the purpose and responsibility included in the internal audit charter. It conforms with the Standards. Its individual members conform with the Code of Ethics and the Standards. It considers trends and emerging issues that could impact the organisation. The internal audit activity adds value to the organisation and its stakeholders when it considers strategies, objectives and risks; strives to offer ways to enhance governance, risk management, and control processes; and objectively provides relevant assurance. The results of the internal audit activity s work achieve the purpose and responsibility included in the internal audit

charter. The internal audit activity conforms with the Definition of Internal Auditing and the Standards. The individuals who are a part of the internal audit activity demonstrate conformance with the Code of Ethics and the Standards. 23 2010 The internal audit activity adds value to the organisation (and its stakeholders) when it considers strategies, when it provides objective and relevant assurance, and contributes to the effectiveness and efficiency of governance, risk management and control processes. To develop the risk-based plan, the chief audit executive consults with senior management and the board and obtains an understanding of the organisation s strategies, key business objectives, associated risks and risk management processes. The chief audit executive must review and adjust the plan, as necessary, in response to changes in the organisation s business, risks, operations, programmes, systems, and controls. 24 2050 The CAE is responsible for developing a risk based plan. The CAE takes into account the organisation s risk management framework, including using risk appetite levels set by management for the different activities or parts of the organisation. If a framework does not exist, the CAE uses his own judgement of risks after consideration if input from senior management and the Board. The CAE must review and adjust the plan, as necessary, in response to changes in the organisations business, risks, operations, programs, systems, and controls. In coordinating activities, the chief audit executive may rely on the work of other assurance and consulting service providers. A consistent process for the basis of reliance should be established, and the chief audit executive should consider the competency, objectivity and due professional care of the assurance and consulting service providers. The chief audit executive should also have a clear understanding of the scope, objectives and results of the work performed by other providers of assurance and consulting services. Where reliance is placed on the work of others, the chief audit executive is still accountable and responsible for ensuring adequate support for conclusions and opinions reached by the internal audit activity.

25 2060 The chief audit executive s reporting and communication to senior management and the board must include information about: The audit charter. Independence of the internal audit activity. The audit plan and progress against the plan. Resource requirements. Results of audit activities. Conformance with the Code of Ethics and the Standards, and action plans to address any significant conformance issues. Management s response to risk that, in the chief audit executive s judgment, may be unacceptable to the organisation. 25 2110 Update These and other chief audit executive communication requirements are referenced throughout the Standards. The internal audit activity must assess and make appropriate recommendations to improve the organisation s governance processes for: making strategic and operational decisions overseeing risk management and control promoting appropriate ethics and values within the organisation ensuring effective organisational performance management and accountability communicating risk and control information to appropriate areas of the organisation, and coordinating the activities of and communicating information among the board, external and internal auditors other assurance providers and management.

The internal audit activity must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives: Promoting appropriate ethics and values within the organisation Ensuring effective organisational performance management and accountability Communicating risk and control information to appropriate areas of the organisation Coordinating the activities of and communicating information among the Board, external and internal auditors, and management. 27 2200 28 2210.A3 29 2230 30 2410 32 2450 text change of change Internal auditors must develop and document a plan for each engagement, including the engagement s objectives, scope, timing and resource allocations. The plan must consider the organisation s strategies, objectives and risks relevant to the engagement. s of criteria may include: Internal (eg policies and procedures of the organisation). External (eg laws and regulations imposed by statutory bodies). Leading practices (eg industry and professional guidance). Appropriate refers to the mix of knowledge, skills, and other competencies needed to perform the engagement. Sufficient refers to the quantity of resources needed to accomplish the engagement with due professional care. Communications must include the engagement s objectives, scope and results as well as applicable conclusions, recommendations, and action plans. The annual report must also include a statement on conformance with the Public Sector Internal Audit Standards and the

of results of the quality assurance and improvement programme. The annual report must incorporate: The opinion A summary of the work that supports the opinion A statement on conformance with the PSIAS and the results of the QAIP. 34 text The highest level governing body (eg a board of directors, a supervisory board, or a board of governors or trustees) charged with the responsibility to direct and/or oversee the organisation s activities and hold senior management accountable. Although governance arrangements vary among jurisdictions and sectors, typically the board includes members who are not part of management. If a board does not exist, the word board in the Standards refers to a group or person charged with governance of the organisation. Furthermore, board in the Standards may refer to a committee or another body to which the governing body has delegated certain functions (eg an audit committee).

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback