Presentation is loading. Please wait.

Presentation is loading. Please wait.

Joint Seminar : The IPPFs Pascale Vandenbussche ECIIA Secretary General Brussels, May 11 2017.

Published byTracy Cummings Modified over 6 years ago

Similar presentations

Presentation on theme: "Joint Seminar : The IPPFs Pascale Vandenbussche ECIIA Secretary General Brussels, May 11 2017."— Presentation transcript:

1 Joint Seminar : The IPPFs Pascale Vandenbussche ECIIA Secretary General
Brussels, May

2 Agenda The new IPPFs The new Standards The new Guidance

3 From the Previous IPPFs … To the New IPPFs
The new IPPF, approved by the IIA Global Board of Directors in July 2015, led to the changes to the Standards that were exposed in 2016.

4 Important Dates Revised Standards became effective January 1, 2017.
Implementation Guides to support updated IPPF have been issued. New 2017 IPPF (Red Book) available. New IIA Quality Assessment Manual available 2Q 2017. Certifications: Changes to exam questions no earlier than July 1, 1 – Revised Standards can be reviewed online. This includes a markup and a disposition guide that describes exposure comments and IIASB’s disposition of those comments) 2 – Implementation Guides and completed and being rolled out. These will be included in the printed 2017 Red Book. 3 – Revised Standards become effective January 1, 2017 for internal audit activities and CAEs to begin exercising conformance with them. 4 – Translations of the Standards – As of December 2016, translations into 22 languages had already been posted on The IIA website and others are being prepared to be posted. 5 – New IPPF Red Book includes 2017 Standards and Implementation Guides to replace the 2013 Red Book. Will be available in first quarter of 2017 in the bookstore and online. 6 – New Quality Assessment Manual available in the second quarter. 7- After July 1, 2017, exam questions will begin to be adapted to the new Standards. 9 – The link at the bottom of the page has all of the documents related to the 2016 Standards exposure. To hear the original webinar based on this slide deck, visit

5 The new IPPFs New IPPFs : Introduced Mission.
Introduced 10 Core Principles. Implementation Guides. The Mission of Internal Audit is illustrated at the blue ring encircling the rest of the IPPF elements. The Mission of Internal Audit is “to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight. To answer the question about whether the Standards are rules or principles, the Core Principles for the Professional Practice of Internal auditing were added to express the 10 core principles that underpin the Standards. Implementation Guidance replaced the Practice Advisories as the primary guidance to instruct practitioners about how to implement a particular standard and its interpretation. The content of the Practice Advisories was distributed between Implementation Guidance and Supplemental Guidance, depending upon whether it actually helped practitioners to implement the Standards. If the guidance exceeded the scope of describing the basics for implementing the Standards, then its content may be diverted into Supplemental Guidance, such as Practice Guides.

6 Mission and definition of internal audit
“To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.” Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

7 10 Core Principles Demonstrates integrity.
Demonstrates competence and due professional care. Is objective and free from undue influence (independent). Aligns with the strategies, objectives, and risks of the organization. Is appropriately positioned and adequately resourced. Demonstrates quality and continuous improvement. Communicates effectively. Provides risk-based assurance. Is insightful, proactive, and future-focused. Promotes organizational improvement.

8 Agenda The new IPPFs The new Standards The new Guidance

9 Overview of Changes to the Standards
New standards to address: Chief audit executives taking on roles and responsibilities beyond internal auditing. Potential objectivity-impairing situation of performing assurance role after previous consulting role. Updates to existing standards to clarify requirements: Relationship between new Core Principles, such as “Is insightful, proactive and future- focused,” and the Standards. Quality assessment and improvement program. Communications between chief audit executive, the board, and senior management. Scope of external quality assessment: must opine on conformance with the Standards and Code of Ethics. Two new standards were introduced with this version of the Standards. (Read above). These have arisen from situations where more clarity was needed about what to do under these circumstances. We’ll discuss those in further detail. For the other revisions, the main purposes were To clarify the requirements of the existing Standards and to improve alignment with Core Principles. To improve conformance with the quality assessment and improvement program because this continues to be the area with the lowest degree of conformance. Communications standard: There’s already a standard related to communications, but the revisions bring this together into one standard to clarify what should be included. External quality assessment (1312) scope should focus on opining on conformance with the Standards and Code of Ethics.

10 Overview of Changes to the Standards
Updates to the Introduction to the Standards: Clarify that the Standards, together with the Code of Ethics, encompass all Mandatory Guidance elements including Definition and Core Principles; thus conformance with the Code of Ethics and Standards demonstrates conformance with the IPPF’s Mandatory Guidance. Modifications to enhance the flow and clarify the Introduction. The Introduction to the Standards is really important, even though many people may gloss over it and jump to specific standards. We encourage members to read the Introduction. IIASB wanted to clarify that conformance with the Code of Ethics and the Standards should be the focus of conformance. Definition of Internal Auditing has been removed from many of the Standards in relation to the conformance (1300 series of standards). Changes to the Glossary include adding the Core Principles for the Professional Practice of Internal Auditing.

11 Standards 1000 and 1010 1000 – Purpose, Authority, and Responsibility The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter, consistent with the Mission of Internal Audit and the mandatory elements of the International Professional Practices Framework (the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the Standards, and the Definition of Internal Auditing). The chief audit executive must periodically review the internal audit charter and present it to senior management and the board for approval. The changes communicate the idea that when it comes to the purpose, authority, and responsibility of the internal audit activity, all mandatory elements of the IPPF should be taken into account—internal audit activity should be consistent with these. The Mission and the Core Principles were added. The charter guides what the internal audit activity is supposed to be doing and reminds and provides information to those responsible for the organization’s governance. The Mission gives an opportunity to explain what it means to enhance and protect value in the organization. Value creation is not decided by internal audit activity; however, in order for management to make such decisions, they need the right kind of input (assurance or advice) that will give management the confidence to make their decisions. The Core Principles provide a succinct way for the internal audit activity to express its most important values. It will be important to discuss and educate the board before formally making these changes to the charter. *Consider adding 1010 The IIA’s sample internal audit charter will likely be updated to include these new elements. Regard

12 New – Standard 1112 1112 – Chief Audit Executive Roles Beyond Internal Auditing Where the chief audit executive has or is expected to have roles and/or responsibilities that fall outside of internal auditing, safeguards must be in place to limit impairments to independence or objectivity. Sounds like common sense—reinforces the . The reason this had the highest level of disagreement, however, is that some respondents felt as if this standard implies that The IIA condones the CAE taking on roles within the organization beyond internal audit responsibilities. However, The IIA recognizes that this is happening throughout the world. The standard basically just days that when this situation is the case, in fact, then safeguards to independence and objectivity must be in place. The Implementation Guide related to Standard 1112 explains what needs to be considered, who it needs to be discussed with, and what needs to be documented to put the proper safeguards in place to maintain objectivity. An example of the CAE being asked to fulfill a role beyond internal auditing: when risk management began to gain traction in the 1990s, the CAE was often the most knowledgeable and in the best position to introduce risk management framework. At times, this also occurs when new compliance programs and activities needed to be introduced, some organizations may have found that the internal audit activity was in the best position to introduce those. The hope is that once these are programs have been set up, with proper safeguards, the activities can then be turned over to management.

13 Standard 1130.A3 Addition of new implementation standard for assurance under 1130: 1130 – Impairment to Independence or Objectivity 1130.A3 – The internal audit activity may provide assurance services where it had previously performed consulting services, provided the nature of the consulting did not impair objectivity and provided individual objectivity is managed when assigning resources to the engagement. Standard 1130 implementation for assurance. This implementation standard seeks to provide further clarification about what is required in providing assurance in areas where consulting was done previously. For example, if internal auditor was asked to consult with a procurement department on how to make a vendor setup process more efficient and effective and then several months later the same auditor is asked to provide assurance related to the effectiveness of third-party bidding. Depending upon the organization and the situation, it’s possible that the auditor wouldn’t be impaired in this particular situation if the two processes are different enough. *Consider adding 1010

14 Standard 1300 1300 – Quality Assurance and Improvement Program The chief audit executive must develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. Interpretation: A quality assurance and improvement program is designed to enable an evaluation of the internal audit activity’s conformance with the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The program also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement. The chief audit executive should encourage board oversight in the quality assurance and improvement program.

15 Standard 1320 1320 – Reporting on the Quality Assurance and Improvement Program The chief audit executive must communicate the results of the quality assurance and improvement program to senior management and the board. Disclosure should include: The scope and frequency of both the internal and external assessments. The qualifications and independence of the assessor(s) or assessment team, including potential conflicts of interest. Conclusions of assessors. Corrective action plans.

16 Standard 2010 2010 – Planning The chief audit executive must establish a risk-based plan to determine the priorities of the internal audit activity, consistent with the organization’s goals. Interpretation: To develop the risk-based plan, the chief audit executive consults with senior management and the board and obtains an understanding of the organization’s strategies, key business objectives, associated risks, and risk management processes. The chief audit executive must review and adjust the plan, as necessary, in response to changes in the organization’s business, risks, operations, programs, systems, and controls. The addition to the Interpretation is information about the ways that the CAE can effectively plan to determine the priorities of the internal audit activity and its plan. Doesn’t change the standard, just provides more guidance in the interpretation. But the Implementation Guide will provide even more clarification and how-to suggestions.

17 Standard 2050 Standard 2050 – Coordination and Reliance The chief audit executive should share information, coordinate activities, and consider relying upon the work of other internal and external assurance and consulting service providers to ensure proper coverage and minimize duplication of efforts.

18 Standard 2050 Interpretation: In coordinating activities, the chief audit executive may rely on the work of other assurance and consulting service providers. A consistent process for the basis of reliance should be established, and the chief audit executive should consider the competency, objectivity, and due professional care of the assurance and consulting service providers. The chief audit executive should also have a clear understanding of the scope, objectives, and results of the work performed by other providers of assurance and consulting services. Where reliance is placed on the work of others, the chief audit executive is still accountable and responsible for ensuring adequate support for conclusions and opinions reached by the internal audit activity.

19 Standard 2060 The chief audit executive’s reporting and communication to senior management and the board must include information about: • The audit charter. • Independence of the internal audit activity. • The audit plan and progress against the plan. • Resource requirements. • Results of audit activities. • Conformance with the Code of Ethics and the Standards, and action plans to address any significant conformance issues. • Management’s response to risk that, in the chief audit executive’s judgment, may be unacceptable to the organization.

20 Additional Changes This presentation covers just a few of the Standards and Glossary terms that have been changed. The rest of the changes can be reviewed on The IIA’s website under the Standards section.

21 Agenda The new IPPFs The new Standards The new Guidance

22 Implementation Guidance
Implementation Guides released throughout 2016 have replaced the Practice Advisories that were part of the 2013 IPPF. Part of Recommended Guidance, IGs assist internal auditors in implementing and achieving conformance with the Standards. Each IG corresponds to one primary (attribute or performance) standard. Members can download IGs from the IIA website Practice-Advisories.aspx

23 Recommended Guidance In addition to Implementation Guidance, Recommended Guidance includes Supplemental Guidance: Practice Guides. Global Technology Audit Guides (GTAGs). Guides to the Assessment of IT Risks (GAITs). Supplemental Guidance is being updated to be consistent with 2017 IPPF.

24 Questions?

Download ppt "Joint Seminar : The IPPFs Pascale Vandenbussche ECIIA Secretary General Brussels, May 11 2017."

Similar presentations

Organizational Governance

Organizational Governance
Internal Control–Integrated Framework

Internal Control–Integrated Framework
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Auditing, Assurance and Governance in Local Government

Auditing, Assurance and Governance in Local Government
A Consultative Approach to Auditing

A Consultative Approach to Auditing
Preparing for an External Quality Assessment of your Quality Assurance and Improvement Program Institute of Internal Auditors El Paso Chapter August 29,

Preparing for an External Quality Assessment of your Quality Assurance and Improvement Program Institute of Internal Auditors El Paso Chapter August 29,
Current Developments at the PCAOB Ensuring Integrity: 3 rd Annual Auditing Conference at Baruch College December 4, 2008.

Current Developments at the PCAOB Ensuring Integrity: 3 rd Annual Auditing Conference at Baruch College December 4, 2008.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
External Quality Assessments

External Quality Assessments
Purpose of the Standards

Purpose of the Standards
ASPEC Internal Auditor Training Version 1.0 2013.

ASPEC Internal Auditor Training Version
Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.

Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.
1 Portfolio Committee on Home Affairs Presentation on Internal Audit 19 April 2013 Building a New Home Affairs.

1 Portfolio Committee on Home Affairs Presentation on Internal Audit 19 April 2013 Building a New Home Affairs.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Challenges Faced in Developing Audit Plans and Programs 21 st March, 2013.

Challenges Faced in Developing Audit Plans and Programs 21 st March, 2013.
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.

D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
The Institute of Internal Auditors

The Institute of Internal Auditors
Session 3 & 4. Institute of Internal Auditors Inc (IIA) was created for internal auditors in 1941 Generally accepted criteria of a profession are: –Adopting.

Session 3 & 4. Institute of Internal Auditors Inc (IIA) was created for internal auditors in 1941 Generally accepted criteria of a profession are: –Adopting.
Transitioning to the COSO 2013 Update.  Released on May 14, 2013  Designed to build upon the foundation of the 1992 Framework  Will supersede the 1992.

Transitioning to the COSO 2013 Update.  Released on May 14, 2013  Designed to build upon the foundation of the 1992 Framework  Will supersede the 1992.

Similar presentations

Ads by Google