TIAPS Module 1 Audit and Assurance workbook
B.3: Reflection Have you ever experienced a situation where you were discouraged (from within the internal audit function or outside of it) from looking at an area or activity? Have you ever been denied the necessary resources or access to people and data needed to conduct your audit to the full extent of the engagement scope and objectives? Have you ever been asked to change your report by “toning it down” or removing inconvenient findings? 38
B.4 Safeguards for Independence and Objectivity In accordance with Standard 1110 – Organizational Independence, “the chief audit executive must confirm to the board, at least annually, the organizational independence of the internal audit activity.” 34 If there is interference in determining scope, performing work, or communicating results, “the chief audit executive must disclose such interference to the board and discuss the implications.” 35 Certain safeguards to avoid or limit impairments to independence and objectivity and to reduce the threat of impairment to an acceptable level are specified in Standard 1130 – Impairment to Independence or Objectivity. These include: • Internal auditors should not provide assurance for operations for which they were responsible within the previous year. • Assurance engagements for areas over which the head of internal audit has responsibility should be overseen by a party outside of the internal audit function. • Caution is required where auditors previously provided advisory services to ensure this does not impair objectivity in an assurance engagement. There are specific requirements when the head of internal audit is asked to assume additional responsibilities that may impair independence and/or objectivity. Standard 1112 – Chief Audit Executive Roles Beyond Internal Auditing states the following: The chief audit executive may be asked to take on additional roles and responsibilities outside of internal auditing, such as responsibility for compliance or risk management activities. These roles and responsibilities may impair, or appear to impair, the organizational independence of the internal audit activity or the individual objectivity of the internal auditor. Safeguards are those oversight activities, often undertaken by the board, to address these potential impairments, and may include such activities as periodically evaluating reporting lines and responsibilities and developing alternative processes to obtain assurance related to the areas of additional responsibility. 36 To identify impairments, it is necessary to consider the perspectives of stakeholders. The appearance of impropriety can undermine trust. Close relationships with individuals do not automatically weaken an internal auditor’s professionalism but can create an impression or even an expectation of bias or “friendly” reporting. The same is true of strong familiarity with an area of responsibility or activity. An auditor may well be capable of making an objective assessment, but others may regard the audit work with some skepticism. Regular reminders and training for internal auditors regarding independence and objectivity are important. Requirements for maintaining independence and objectivity can also be reinforced through policies, procedures, audit manuals, templates, and so on. 34 The International Professional Practice Framework, The Institute of Internal Auditors, 2016 35 The International Professional Practice Framework, The Institute of Internal Auditors, 2016 36 The International Professional Practice Framework, The Institute of Internal Auditors, 2016 39
- Page 1 and 2: Module 1: Audit and Assurance TIAPS
- Page 3 and 4: Table of Contents Module 1: Audit a
- Page 5 and 6: Relevant Standards Reference is mad
- Page 7 and 8: • Close scrutiny. The activities
- Page 9 and 10: A.2 Public Sector Governance IIA In
- Page 11 and 12: The need for governance arises for
- Page 13 and 14: Although developed for government a
- Page 15 and 16: A.3 Governance Models When evaluati
- Page 17 and 18: defensive aspects to minimize negat
- Page 19 and 20: A.3.3 CIPFA International Framework
- Page 21 and 22: 8. Ensure that its arrangements for
- Page 23 and 24: • Consideration of overlapping in
- Page 25 and 26: A.3: Reflection Which model or mod
- Page 27 and 28: Although they are related, the prin
- Page 29 and 30: B.1.1 Independence, Objectivity, an
- Page 31 and 32: B.1: Reflection Is it possible to
- Page 33 and 34: According to The IIA Position Paper
- Page 35 and 36: B.2: Reflection When was the last t
- Page 37: When independence or objectivity ar
- Page 41 and 42: In other cases, there is no audit c
- Page 43 and 44: C. Assurance and Advisory Engagemen
- Page 45 and 46: It is common to build an allowance
- Page 47 and 48: The following list is taken from Sa
- Page 49 and 50: helping managers developing control
- Page 51 and 52: C.1.5 Internal Audit Opinions Audit
- Page 53 and 54: Leadership and Communication Intern
- Page 55 and 56: C.2 Auditing Governance The IIA Sup
- Page 57 and 58: C.2: Reflection How does your inter
- Page 59 and 60: Fraud may be perpetrated via measur
- Page 61 and 62: circumstances (unethical and often
- Page 63 and 64: Management Issues • Lack of area
- Page 65 and 66: Risk management techniques can be a
- Page 67 and 68: IT controls may be manual, automate
- Page 69 and 70: The IIA’s Cybersecurity Toolkit d
- Page 71 and 72: C.3: Reflection Fraud: How are susp
- Page 73 and 74: Global Perspectives and Insights -
- Page 75: CIPFA: 77 Mansell Street, London E1
B.4 Safeguards for Independence <strong>and</strong> Objectivity<br />
In accordance with St<strong>and</strong>ard 1110 – Organizational Independence, “the chief audit executive<br />
must confirm to the board, at least annually, the organizational independence of the internal<br />
audit activity.” 34 If there is interference in determining scope, performing work, or<br />
communicating results, “the chief audit executive must disclose such interference to the<br />
board <strong>and</strong> discuss the implications.” 35<br />
Certain safeguards to avoid or limit impairments to independence <strong>and</strong> objectivity <strong>and</strong> to<br />
reduce the threat of impairment to an acceptable level are specified in St<strong>and</strong>ard 1130 –<br />
Impairment to Independence or Objectivity. These include:<br />
• Internal auditors should not provide assurance for operations for which they were<br />
responsible within the previous year.<br />
• <strong>Assurance</strong> engagements for areas over which the head of internal audit has<br />
responsibility should be overseen by a party outside of the internal audit function.<br />
• Caution is required where auditors previously provided advisory services to ensure<br />
this does not impair objectivity in an assurance engagement.<br />
There are specific requirements when the head of internal audit is asked to assume<br />
additional responsibilities that may impair independence <strong>and</strong>/or objectivity. St<strong>and</strong>ard 1112 –<br />
Chief <strong>Audit</strong> Executive Roles Beyond Internal <strong>Audit</strong>ing states the following:<br />
The chief audit executive may be asked to take on additional roles <strong>and</strong> responsibilities<br />
outside of internal auditing, such as responsibility for compliance or risk management<br />
activities. These roles <strong>and</strong> responsibilities may impair, or appear to impair, the<br />
organizational independence of the internal audit activity or the individual objectivity of<br />
the internal auditor. Safeguards are those oversight activities, often undertaken by the<br />
board, to address these potential impairments, <strong>and</strong> may include such activities as<br />
periodically evaluating reporting lines <strong>and</strong> responsibilities <strong>and</strong> developing alternative<br />
processes to obtain assurance related to the areas of additional responsibility. 36<br />
To identify impairments, it is necessary to consider the perspectives of stakeholders. The<br />
appearance of impropriety can undermine trust. Close relationships with individuals do not<br />
automatically weaken an internal auditor’s professionalism but can create an impression or<br />
even an expectation of bias or “friendly” reporting. The same is true of strong familiarity with<br />
an area of responsibility or activity. An auditor may well be capable of making an objective<br />
assessment, but others may regard the audit work with some skepticism. Regular reminders<br />
<strong>and</strong> training for internal auditors regarding independence <strong>and</strong> objectivity are important.<br />
Requirements for maintaining independence <strong>and</strong> objectivity can also be reinforced through<br />
policies, procedures, audit manuals, templates, <strong>and</strong> so on.<br />
34<br />
The International Professional Practice Framework, The Institute of Internal <strong>Audit</strong>ors, 2016<br />
35<br />
The International Professional Practice Framework, The Institute of Internal <strong>Audit</strong>ors, 2016<br />
36<br />
The International Professional Practice Framework, The Institute of Internal <strong>Audit</strong>ors, 2016<br />
39