TIAPS Module 1 Audit and Assurance workbook

10.04.2023 Views
VI. VII. Managing risks and performance through robust internal control and strong public financial management. Implementing good practices in transparency, reporting, and audit, to deliver effective accountability. 12 Principles A and B are at the core of public sector entities and ensure they operate in the public interest. The other principles define the requirements for effective governance, working together as a plan-do-check-act cycle (also known as PDCA). A.3.4 King IV Corporate Governance Report, 2016 The King IV Corporate Governance Report 2016 incorporates a governance code for South Africa. However, it is widely regarded as a leading global standard for governance for all sectors. The report defines corporate governance as “the exercise of ethical and effective leadership by a governing body towards the achievement of the following governance outcomes: ethical culture, good performance, effective control, and legitimacy.” This balance between integrity and effectiveness is a key feature. Doing good and doing well are regarded as complementary rather than being in opposition. The report sets four key responsibilities for the board: • Steering and setting strategic direction. • Approving policy and planning. • Ensuring accountability. • Overseeing and monitoring. These are defined in more detail through 17 principles. These become the basis for assessing the quality of governance. Since the model applies to all organizations, there is a need to “adopt and adapt” according to size and other organizational needs. 1. Lead ethically and effectively. 2. Govern the ethics of the organization in a way that supports the establishment of an ethical culture. 3. Ensure that the organization is and is seen to be a responsible corporate citizen. 4. Appreciate that the organization’s core purpose, its risks and opportunities, strategy, business model, performance, and sustainable development are all inseparable elements of the value creation process. 5. Ensure that reports issued by the organization enable stakeholders to make informed assessments of the organization’s performance and its short, medium, and long-term prospects. 6. Serve as the focal point and custodian of corporate governance in the organization. 7. Comprise the appropriate balance of knowledge, skills, experience, diversity, and independence for it to discharge its governance role and responsibilities objectively and effectively. 12 International Framework: Good Governance in the Public Sector, CIPFA, 2014 20

8. Ensure that its arrangements for delegation within its own structures promote independent judgement, and assist with the balance of power and the effective discharge of its duties. 9. Ensure that the evaluation of its own performance and that of its committees, its chair, and its individual members support continued improvement in its performance and effectiveness. 10. Ensure that the appointment of, and delegation to, management contribute to role clarity and the effective exercise of authority and responsibilities. 11. Govern risk in a way that supports the organization in setting and achieving its strategic objectives. 12. Govern technology and information in a way that supports the organization setting and achieving its strategic objectives. 13. Govern compliance with applicable laws and adopted, non-binding rules, codes, and standards in a way that supports the organization being ethical and a good corporate citizen. 14. Ensure that the organization remunerates fairly, responsibly, and transparently so as to promote the achievement of strategic objectives and positive outcomes in the short, medium, and long term. 15. Ensure that assurance services and functions enable an effective control environment, and that these support the integrity of information for internal decisionmaking and of the organization’s external reports. 16. Adopt a stakeholder-inclusive approach that balances the needs, interests, and expectations of material stakeholders over time. 17. [For institutional investor organizations] Ensure that responsible investment is practiced by the organization and the creation of value by the companies in which it invests. 13 In addition to these principles, the report includes recommended practices. For principle 15, this includes a role for the audit committee and a separation of roles consistent with the Three Lines Model (although King IV advocates for five lines of assurance, adding external audit and the board as lines four and five respectively). Additionally, the report recommends internal audit makes an annual statement on the effectiveness of governance and risk management processes. This reflects the requirements of the IPPF (Standard 2100 – Nature of Work): The internal audit activity must evaluate and contribute to the improvement of the organization’s governance, risk management, and control processes using a systematic, disciplined, and risk-based approach. Internal audit credibility and value are enhanced when auditors are proactive and their evaluations offer new insights and consider future impact. 14 However, the requirement for annual reporting goes beyond Standard 2060 – Reporting to Senior Management and the Board by which the CAE must report “periodically.” (Internal audit opinions are discussed in more detail in C.1.5) 13 “Report on Corporate Governance for South Africa,” King IV, 2016. 14 The International Professional Practice Framework, The Institute of Internal Auditors, 2016 21

Page 1 and 2: Module 1: Audit and Assurance TIAPS

Page 3 and 4: Table of Contents Module 1: Audit a

Page 5 and 6: Relevant Standards Reference is mad

Page 7 and 8: • Close scrutiny. The activities

Page 9 and 10: A.2 Public Sector Governance IIA In

Page 11 and 12: The need for governance arises for

Page 13 and 14: Although developed for government a

Page 15 and 16: A.3 Governance Models When evaluati

Page 17 and 18: defensive aspects to minimize negat

Page 19: A.3.3 CIPFA International Framework

Page 23 and 24: • Consideration of overlapping in

Page 25 and 26: A.3: Reflection Which model or mod

Page 27 and 28: Although they are related, the prin

Page 29 and 30: B.1.1 Independence, Objectivity, an

Page 31 and 32: B.1: Reflection Is it possible to

Page 33 and 34: According to The IIA Position Paper

Page 35 and 36: B.2: Reflection When was the last t

Page 37 and 38: When independence or objectivity ar

Page 39 and 40: B.4 Safeguards for Independence and

Page 41 and 42: In other cases, there is no audit c

Page 43 and 44: C. Assurance and Advisory Engagemen

Page 45 and 46: It is common to build an allowance

Page 47 and 48: The following list is taken from Sa

Page 49 and 50: helping managers developing control

Page 51 and 52: C.1.5 Internal Audit Opinions Audit

Page 53 and 54: Leadership and Communication Intern

Page 55 and 56: C.2 Auditing Governance The IIA Sup

Page 57 and 58: C.2: Reflection How does your inter

Page 59 and 60: Fraud may be perpetrated via measur

Page 61 and 62: circumstances (unethical and often

Page 63 and 64: Management Issues • Lack of area

Page 65 and 66: Risk management techniques can be a

Page 67 and 68: IT controls may be manual, automate

Page 69 and 70: The IIA’s Cybersecurity Toolkit d

Page 71 and 72: C.3: Reflection Fraud: How are susp

Page 73 and 74: Global Perspectives and Insights -

Page 75: CIPFA: 77 Mansell Street, London E1

audit

governance

auditors

assurance

engagements

governing

controls

objectivity

framework

organizational

tiaps

module

workbook

TIAPS Module 1 Audit and Assurance workbook

Delete template?

Save as template ?