Download presentation
Published byReginald Newton Modified over 9 years ago
1
The New IPPF: What to Know and What Does It Tell Us?
Puget Sound IIA Chapter September 17, 2015 Andy Dahle Partner, PwC This presentation will describe the New IPPF, the changes that have been made to the IPPF, and the changes that will be coming in the future.
2
Agenda The Process Leading to Change
The Result – What Is and Is Not Changing Informal Comparisons What to Expect Going Forward What Now for You? Today’s agenda: a brief review of the IPPF up until now and why we believe it was important to make changes, as well as what is not changing, what’s new and why, and what to expect going forward.
3
What Now for You? “The world is changing at light speed. Stakeholder expectations at the board and regulator level are raising the bar. They want us to be an integral part of understanding risk.” - Larry Harrington, Chairman, Board of Directors, IIA as quoted by Compliance Week Leverage to Raise the Bar – Engage Stakeholders, Ignite Staff Communicate Self Assess Educate Can This Help Drive Positive Change in Internal Audit?
4
The International Professional Practices Framework – Then and Now
The IPPF as it has existed until July 2015—divided into Mandatory and Strongly Recommended Guidance. Mandatory Guidance included the Definition of Internal Auditing, the International Standards for the Professional Practice of Internal Auditing, and the Code of Ethics. Strongly Recommended Guidance comprised Position Papers, Practice Advisories, and Practice Guides.
5
Questions surfacing … Why Consider a New IPPF?
Should The IIA revise the Definition? Should The IIA react to the elevated regulatory pressure in the Banking/FS sector? Are the Standards too easy? Too hard? Should the Standards be the minimum, or should they be more aspirational? Can The IIA be quicker to market with guidance? And so on … In 2013, a number of questions had been surfacing that pointed to the bigger question, “Should we revisit the IPPF?” Some of the questions were: The Definition has remained the same since Should it be revised? Regulatory activity in banking and financial services sector globally has increased, and regulators expectations of the internal audit activity and what it needs to accomplish have been elevated. Some people felt that the Standards are too easy, and others felt that they are too difficult; maybe they should be more aspirational to encourage achieving level of excellence, instead of the proposing only the minimum expectations. Can The IIA be quicker to market with guidance being introduced into authoritative framework like the IPPF? The IIA decided it was appropriate to recommend to The IIA’s Global Board of Directors and Global Executive Committee to consider forming a task force to take a look, or a “relook,” so to speak, at the IPPF. The task force became known as the IPPF Relook Task Force; its purpose was to relook at the framework to determine whether it was fit for purpose today and could continue to be a central part of good governance over the next 10 years, as the profession evolves.
6
The Process, the Actions
The Process – Nov 2013 to July 2015 The Actions Add: The Mission of Internal Audit Add: 10 Core Principles for the Professional Practice of Internal Auditing Change: Practice Advisories to become Implementation Guidance Change: Practice Guides to become Supplemental Guidance Change: Strongly Recommended to Recommended Remove: Position Papers Timeline of the IPPF Relook’s Global Task Force, convening first in November 2013. Bob Hirth, COSO Board Chair, served as chair of the Relook Task Force. The task force comprised more than a dozen global members. By July 2014, the Relook Task Force was already making recommendations to The IIA’s Global Board. The proposed changes to the IPPF were exposed for 90 days, from August through November 2014. The exposure generated nearly 850 responses and thousands of comments and several distinct comment letters. Task force reviewed each and every comment and based on all feedback, and made final recommendations to the Global Board by March 2015. Officially launched new framework at The IIA’s International Conference, in Vancouver, Canada, in July 2015. Here are the details of the proposals that were exposed between August and November 2014: Possible additions to the IPPF: A Mission of Internal Audit: Distinct from a definition (what internal audit is), the mission would encapsulate what internal audit is trying to achieve/accomplish through its activities. 12 Core Principles for the Professional Practice of Internal Auditing: because although the Standards are based on principles, those supporting principles had never been expressly specified and stated. Possible restructuring: Practice Advisories would become Implementation Guidance, which has always been their intended purpose; that is, guidance to help practitioners of internal audit achieve conformance with the Standards. The renaming captured the true purpose of the content. Task force also felt that the content of the current Practice Advisories could be enhanced to become more robust. Practice Guides (including GTAGs) would become part of Supplemental Guidance. Possible introduction of a new and separate layer of guidance on Emerging Issues. Remove Position Papers from The IPPF—Because they are geared toward stakeholders (non-practitioners), Position Papers would continue to be written, but would no longer be part of the IPPF. Renaming Mandatory Guidance to Required Guidance and renaming Strongly Recommended to Recommended. Exposure Feedback: Addition of a Mission of Internal Audit was overwhelmingly supported. Addition of Core Principles as new element in framework was seen as valuable. Detailed feedback/comments were instrumental and influential in our final proposals—the number of Core Principles and wording of Mission and Core Principles. Restructure of Practice Advisories to become Implementation Guidance and of Practice Guides to become Supplemental Guidance was well supported. Emerging Issues--Respondents agreed that The IIA needs to do a better job of publishing timely information on Emerging Issues. However, due diligence process to get emerging issues guidance into IPPF would take too long and therefore, respondents felt guidance concerning emerging issues shouldn’t be a part of the IPPF. Emerging issues should be handled outside of the IPPF. Position Papers—Removal was supported by the majority, but concerns were that content or concepts could be lost. The IIA has a plan to maintain current content and will continue to develop and promulgate Position Papers, but they will not be part of the IPPF. Changing Mandatory to Required—overwhelmingly, respondents liked Mandatory better than Required. No change. Renaming Strongly Recommended to Recommended—was supported. Emerging Issues: Through the exposure process, it was determined that Emerging Issues guidance will not be incorporated into the IPPF, but should be developed by The IIA for the benefit of members. A process for developing a form of guidance on timely issues (hot topics) is underway and expected to be launched in early 2016.
7
The Final Result … The result is represented by this new graphical depiction. As it is now depicted, the IPPF includes: Mandatory Guidance--the name stays the same, but in the New IPPF, the new Core Principles for the Professional Practice of Internal Audit will be added to this layer of guidance, accompanying the existing mandatory elements: the Definition of Internal Audit, the Standards, and the Code of Ethics. Conformance with the principles set forth in Mandatory Guidance is required and essential for the professional practice of internal auditing. (Conformance during the transition will be discussed later in the presentation.) Mandatory Guidance is developed through a due-diligence process that includes public exposure. The Core Principles will be reviewed later in this presentation. Recommended Guidance is now the name for the layer that includes Implementation Guidance (formerly Practice Advisories) and Supplemental Guidance (Practice Guides and GTAGs). Recommended Guidance is endorsed by The IIA through a formal approval process. It describes practices for effective implementation of the new Mission of Internal Audit and the mandatory elements. The Mission of Internal Audit is not included as within the Mandatory or Recommended layers of guidance, but encircles/encompasses the entire framework.
8
What’s Not Changed? What didn’t change:
Definition—originally promulgated in 1999, has been codified into law and regulation around the world; task force evaluated it and concluded that it was basically good; didn’t seem prudent to change. Code of Ethics and Standards remain the same. The IIASB (Standards Board) is currently evaluating the Standards to determine necessary changes to align them with the addition of the Core Principles. An exposure proposing changes to better align with the new IPPF is expected in the near future.
9
Add: The Mission of Internal Audit
“To enhance and protect organizational value by providing risk-based and objective assurance, advice and insight.” [Note to Presenter: Read the Mission aloud: “The new Mission of Internal Audit is to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.” The Mission of Internal Audit articulates what internal audit aspires to accomplish within an organization. Its place in the New IPPF is deliberate, demonstrating how practitioners should leverage the entire framework to facilitate their ability to achieve the Mission.
10
Add: The Core Principles
Demonstrates integrity Demonstrates competence and due professional care Is objective and free from undue influence (independent) Aligns with the strategies, objectives and risks of the organization Is appropriately positioned and adequately resourced Demonstrates quality and continuous improvement Communicates effectively Provides risk-based assurance Is insightful, proactive, and future-focused Promotes organizational improvement Task force discussed descriptors of effective internal audit. Through an exercise conducted by the Relook Task Force and through feedback received during the exposure process, the exposed group of 12 Core Principles was reduced to a group of 10 that articulate what effective internal audit looks like in practice. [See next slide for detailed, final list of 10 Core Principles.] 10 Final Core Principles for the Practice of Internal Auditing: Demonstrates integrity. Demonstrates competence and due professional care. Is objective and free from undue influence. Aligns with the strategies, objectives, and risks of the organization. Is appropriately positioned and adequately resourced. Demonstrates quality and continuous improvement. Communicates effectively. Provides risk-based assurance. NOTE: First 8 likely represent what you do today and reflect the Standards and the Code of Ethics. Last 2 are newer concepts introduced by the task force: Is insightful, proactive, and future focused. Promotes organizational improvement. The 10 principles together are intended to support the Standards as they exist today and as they will be modified in the future. The task force expects that the Mission and the Core Principles will be a good way to succinctly and effectively communicate the significance and purpose of the internal audit activity to internal audit’s stakeholders (senior management and audit committee). If they understand the mission and principles, then they will have a basic understanding of how internal audit can help their organization.
11
Changes: Recommended Guidance
Practice Advisories reposition to: Implementation Guidance To better help practitioners achieve conformance with the Standards. Practice Guides reposition to: Supplemental Guidance Initially, all Practice Guides and GTAGs are part of the Supplemental Guidance. Position Papers are removed from the IPPF We have already briefly addressed the concepts and elements that comprise Implementation Guidance. Making up one segment of the Recommended Guidance, Implementation Guidance is an expanded, more comprehensive suite of guidance to replace Practice Advisories to assist internal auditors in implementing the Standards. It provides potential or acceptable approaches to achieve Standards’ conformance. Implementation Guides address internal auditing's approach, methodologies, and consideration, but do not detail processes or procedures. Next, we’ll see the first two Implementation Guides that have been released: The first two pieces of Implementation Guidance were released at International Conference in Vancouver in July 2015: Implementation Guide 1000 and Implementation Guide They are named and numbered in alignment with the related standards. After release: As each Implementation Guide is released, it replaces one or more Practice Advisories related to a specific standard. Those Practice Advisories are individually “sunsetted” or “retired.” It will take the next 18 months to publish the complete set of Implementation Guides. In the meantime, Practice Advisories remain valid and appropriate. Implementation Guides will be released in batches on a quarterly basis through 2016.
12
INFORMAL COMPARISONS MISSION DEFINITION
“To enhance and protect organizational value by providing risk-based and objective assurance, advice and insight.” DEFINITION “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
13
INFORMAL COMPARISONS CORE PRINCIPLES (NEW) Demonstrates integrity
Demonstrates competence and due professional care Is objective and free from undue influence (independent) Aligns with the strategies, objectives and risks of the organization Is appropriately positioned and adequately resourced Demonstrates quality and continuous improvement Communicates effectively Provides risk-based assurance Is insightful, proactive, and future-focused Promotes organizational improvement CODE OF ETHICS Integrity, Objectivity, Confidentiality, Competency STANDARDS Attribute Standards: Purpose, Authority and Responsibility (1000) Independence and Objectivity (1100) Proficiency and Due Professional Care 1200) Quality Assurance and Improvement Program (1300) Performance Standards: Managing the Internal Auditing Activity.(2000) Nature of Work.(2100) Engagement Planning (2200) Performing the Engagement (2300) Communicating Results (2400) Monitoring Progress (2500) Communicating the Acceptance of Risks (2600)
14
What to Expect Going Forward
Standards Q Exposure External assessments will not expect compliance with the revised Standards until at least a year after their release. Implementation Guides Two released July 2015: IG 1000 – Purpose, Authority and Responsibility IG 2110 – Governance Quarterly releases starting October 2015 through end of 2016 Emerging Issues Guidance Outside of the IPPF, as a benefit to members, the IIA has underway a process for developing guidance on timely issues and hot topics is expected to be launched in early 2016. Changes to the IPPF are not something The IIA takes lightly, and they affect everything The IIA does and all internal auditors around the world. Specifics: The Standards The IIASB is reviewing the Standards to see how well the Core Principles are supported by the Standards as they exist today and what opportunities exist to enhance the Standards. First quarter 2016, the IIASB expects to launch a 90-day exposure looking for feedback to proposed enhancements to the Standards with changes expected to be released during 2016, barring any need to re-expose. External assessments will not expect compliance with the revised Standards until at least a year after their release. Implementation Guides: Quarterly release schedule, including October The IIA expects to have completed all the releases by end of 2016. Red Book: Last Red Book is dated 2013 (it’s the one currently available through the bookstore); much of the content will remain valuable. The IIA is evaluating subscription to interactive, online version of the Red Book in the future. In the meantime, The IIA website will always have the most current content. Certifications: The CIA exam is based upon the IPPF content. Testing does not cover new content until at least 6 months after the release of the new content. The IIA works closely with the providers of exam review materials to ensure that preparatory materials are made available for timely updates. External Quality Assessments No changes are expected regarding the definition or process of External Assessments (Standard 1312). These will continue to be assessments of conformance with the Standards, as they exist today. The Core Principles will begin to be introduced as concepts to consider during an external assessment, but The IIA will not base any conclusions specifically on the implementation of the Core Principles at this time. IIA Committee Structures The IIA relies heavily on volunteer subject matter experts that serve on committees. Some changes are currently being made to the structures of IIA committees to better support changes to the IPPF. In September, The IIA extends invitations soliciting volunteers for committee participation. The IIA encourages member participation.
15
Learn More and Stay Up-to-Date
Fun Video and 5 Hyperlinks Offer More Information Get to know the New Framework Download Implementation Guidance Access the FAQs Learn more on what to expect Understand how this Framework was established Video gives fun and quick overview of the changes. Get to Know the New Framework—Defines and links to each element of the framework. Download Implementation Guidance--Links to new Implementation Guides, as well as existing Practice Advisories. See next slide for preview. Access the FAQs—See next slide for more information. Learn More on What to Expect—Links to a loose timeline of changes to the IPPF. Understand How This Framework was Established--Links to the exposure draft, comment letters, exposure survey results, and more about the process.
16
Returning to the Question: What Now for You?
“The world is changing at light speed. Stakeholder expectations at the board and regulator level are raising the bar. They want us to be an integral part of understanding risk.” - Larry Harrington, Chairman, Board of Directors, IIA as quoted by Compliance Week Leverage to Raise the Bar – Engage Stakeholders, Ignite Staff Communicate Self Assess Educate Can This Help YOU Drive Positive Change in Internal Audit?
17
Questions? Questions can be ed to
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.