IIA Approves Revised Standards
by Terri Eyden on
By Anne Rosivach
The Institute of Internal Auditors (IIA) has issued revisions to the International Standards for the Professional Practice of Internal Auditing (Standards) that will go into effect January 1, 2013. The standards are mandatory under the IIA's International Professional Practices Framework (IPPF).
The proposed standards were exposed for comment in February. After reviewing comments and input from stakeholders, the International Internal Audit Standards Board (IIASB) approved the final revisions for issuance in October.
"The changes will help internal audit focus on timely risks, stay aligned with exemplary practices, and maintain the appropriate stature," said Andy Dahle, chairman IIASB. "The standards are principles based, and global, something that is very exciting for our profession."
Dahle and Warren Hersh, vice chairman IIASB and auditor general New Jersey Transit, presented the revisions and recommended best practices for implementation during a recent IIA webcast. Throughout the webcast, Dahle and Hersh referred to slides that showed a mock-up of the revisions and the percentages of positive and negative comments received for each change.
The IIASB is required to review the standards every three years to enable them to remain current, relevant, and timely for the profession, but "In reality, we are always reviewing the standards." Hersh said.
Most of the eighteen revisions to the standards "clarify the responsibilities of the chief audit executive (CAE) or clarify some other issues that have come up over the years," Hersh said.
- Clarify responsibilities for conforming with the standards.
- Increase the focus on quality assurance and improvement
- Clarify the CAE's role to communicate unacceptable risk
- Explicitly require timely audit plan adjustments
- Emphasize coverage of risks to strategic objectives
- Make changes to glossary terms
The following wording was added to the Introduction of the Standards:
The Standards apply to individual internal auditors and internal audit activities. All internal auditors are accountable for conforming with the Standards related to individual objectivity, proficiency, and due professional care. In addition, internal auditors are accountable for conforming with the Standards, which are relevant to the performance of their job responsibilities. Chief audit executives are accountable for overall conformance with the Standards.
Recommended best practices for Standard 1110 - Organizational Independence include:
- Board or audit committee approve the risk assessment and related audit plans
- Private meetings with the CAE and audit committee / board chair
- Frequent interactions with board outside formal board meetings
Standard 1312 - External Assessments now reads:
External assessments must be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the organization. The chief audit executive must discuss with the board:
- The form and frequency of external assessments; and
- The qualifications and independence of the external assessor or assessment team, including any potential conflict of interest.
"An external assessment reinforces the value of your department," Hersh said. "The CAEs must be an advocate for this."
Standard 2010 - Planning now reads: "The chief audit executive must establish a risk-based plan to determine the priorities of the internal audit activity, consistent with the organization's goals."
The interpretation of Standard 2010 provided by IIA says, in part, "The chief audit executive must review and adjust the plan, as necessary, in response to changes in the organization's business, risks, operations, programs, systems, and controls."
The revised standards clarify and enhance the role of internal audit in evaluating strategic risk and communicating management's acceptance of risk.
The revisions added language [in italics below] to Standard 2120 - Risk Management - to include responsibility to assess strategic risk: "The internal audit activity must evaluate risk exposures relating to the organization's governance, operations, and information systems regarding the achievement of the organization's strategic objectives."
While internal audit cannot make decisions regarding strategic planning, they are allowed to serve as catalysts, both Dahle and Hersh said. Best practices in this area would include internal audit having "a seat at the table," addressing the organization's key strategic risks, and serving on IT development teams.
The language of Statement 2600 - Communicating the Acceptance of Risks (formerly "Resolution of Senior Management's Acceptance of Risks)" - has been changed to read:
When the chief audit executive concludes that management has accepted a level of risk that may be unacceptable to the organization, the chief audit executive must discuss the matter with senior management. If the chief audit executive determines that the matter has not been resolved, the chief audit executive must communicate the matter to the board.
The CAE makes an assessment of residual risk and communicates that assessment; however, the presenters emphasized that the CAE does not own that risk.
- Internal Auditors Play Greater Role in Business
- Global Study Shows New Direction for Internal Auditing
You may like these other stories...
FASB mulling a revamped income statementDavid M. Katz of CFO wrote on Tuesday that the Financial Accounting Standards Board (FASB) is in the early stages of researching whether to launch a project aimed at improving and...
Accountants who specialize in forensic and valuation services point to electronic data analysis, or big data, as the most pressing issue they’ll face in the coming months, according to results of a new survey released...
Renaissance avoided more than $6 billion tax, report saysThe Senate Permanent Subcommittee on Investigations said on Monday that a Renaissance Technologies LLC hedge fund’s investors probably avoided more than $6...
Upcoming CPE Webinars
In this session Excel expert David Ringstrom helps beginners get up to speed in Microsoft Excel. However, even experienced Excel users will learn some new tricks, particularly when David discusses under-utilized aspects of Excel.
FRF for SMEs Series--Measurement and Disclosure Principles for various Consolidations and Business Combinations, Part 4B
This webcast will focus on accounting and disclosure policies for various types of consolidations and business combinations.