TIAPS Module 1 Audit and Assurance workbook
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
C.1.3 <strong>Assurance</strong> <strong>and</strong> Advisory Engagements Compared<br />
There are many similarities between assurance <strong>and</strong> advisory engagements <strong>and</strong> internal<br />
auditors will apply many common skills. In particular, both types of engagements must be<br />
defined in the internal audit charter <strong>and</strong> internal auditors must adhere to appropriate<br />
st<strong>and</strong>ards <strong>and</strong> apply due professional care. There are also important differences, as shown<br />
below.<br />
Feature<br />
Purpose<br />
Key differences between advisory <strong>and</strong> consulting services<br />
<strong>Assurance</strong> services<br />
Advisory services<br />
To provide assurance through an To offer advice, usually in response<br />
opinion on the adequacy <strong>and</strong> to a request.<br />
effectiveness of governance, risk<br />
management, <strong>and</strong> internal control<br />
based on an objective assessment<br />
of evidence.<br />
Principal parties • Internal auditor.<br />
• Unit manager or process owner.<br />
• Recipient of assurance (senior<br />
management <strong>and</strong> the governing<br />
body).<br />
Scope <strong>and</strong><br />
approach<br />
Objectives<br />
Governance, risk<br />
management, <strong>and</strong><br />
internal control<br />
<strong>Audit</strong>or<br />
assignment<br />
Conflicts of<br />
interest<br />
Determined by internal auditor with<br />
consultation with relevant manager.<br />
Based on a risk assessment, taking<br />
account of the possibility of error,<br />
fraud, <strong>and</strong> noncompliance.<br />
Must be part of the engagement<br />
scope <strong>and</strong> objectives.<br />
The head of internal audit must<br />
obtain the necessary skills for the<br />
engagement, either from the team<br />
or from other sources rather than<br />
defer the engagement.<br />
In accordance with St<strong>and</strong>ard 1130,<br />
internal auditors should not provide<br />
assurance for operations for which<br />
they were responsible within the<br />
previous year.<br />
• Internal auditor.<br />
• Client.<br />
Agreed between client <strong>and</strong> internal<br />
auditor.<br />
Consistent with the organization’s<br />
goals <strong>and</strong> priorities.<br />
May be included in the engagement<br />
scope <strong>and</strong> objectives.<br />
The head of internal audit must wait<br />
until the necessary skills for the<br />
engagement are available.<br />
In accordance with St<strong>and</strong>ard 1130,<br />
internal auditors may provide<br />
consulting services relating to<br />
operations for which they had<br />
previous responsibilities but any<br />
potential impairments to<br />
independence or objectivity must be<br />
disclosed prior to accepting the<br />
engagement.<br />
In undertaking advisory engagements, care must be taken to ensure the independence of<br />
the function <strong>and</strong> objectivity of auditors for future engagements. Implementing controls,<br />
making executive decisions, enforcing policies, directing the application of resources, <strong>and</strong> in<br />
general terms “owning the risk” are responsibilities of management which internal auditors<br />
should not assume. In offering training, facilitating control self-assessment workshops,<br />
48