TIAPS Module 1 Audit and Assurance workbook
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
A.3 Governance Models<br />
When evaluating governance, internal auditors must consider whether the organization has<br />
used “adequate criteria” for monitoring purposes.<br />
If adequate, internal auditors must use such criteria in their evaluation. If inadequate, internal<br />
auditors must identify appropriate evaluation criteria through discussion with management<br />
<strong>and</strong>/or the board.<br />
Types of criteria may include:<br />
• Internal (e.g., policies <strong>and</strong> procedures of the organization).<br />
• External (e.g., laws <strong>and</strong> regulations imposed by statutory bodies).<br />
• Leading practices (e.g., industry <strong>and</strong> professional guidance). 9<br />
To explore governance further we will consider four important models that may be said to<br />
represent “leading practices,” although they must always be contextualized:<br />
• ISO 37000:2021 Governance of organizations – Guidance.<br />
• IIA Three Lines Model.<br />
• CIPFA International Framework: Good Governance in the Public Sector.<br />
• King IV Corporate Governance Report, 2016.<br />
These models have many similarities. Corporate governance codes such as the King IV<br />
Code, while being applicable primarily to private sector companies, are also very informative<br />
for government entities.<br />
A.3.1 ISO 37000:2021 Governance of organizations – Guidance<br />
The ISO model places organizational purpose at its center. Purpose is informed by values<br />
which also determine how the organization pursues its purpose.<br />
Diagram based on<br />
ISO 37000:2021<br />
Governance of Organizations<br />
9<br />
St<strong>and</strong>ard 2210 – Engagement Objectives, International Professional Practices Framework, The IIA, 2016.<br />
15