^

Business

Who audits the internal auditors?

KPMG CORNER - Reginald C. Nery -
May 25, 2010 | 12:00am

(Conclusion)

How to prepare for an external assessment?

Before the external assessment, the chief audit executive (CAE) should make sure that his/her organization has the following conditions as a minimum:

• Risk-based audit strategy and annual plan approved by the board or its audit committee (a board created committee tasked to oversee internal and external audit and ideally headed by an independent director);

• Audit charter approved by the board or audit committee;

• Functioning audit committee which meets regularly (supported by minutes of meetings and periodic CAE reports [i.e., progress, interim, special and annual] to the committee, and backed by an audit committee charter approved by board);

• Comprehensive audit (procedures and policy) manual

• Organizational independence such that the CAE reports directly to the board or to a level within the organization that allows internal audit activity to fulfill its responsibilities and its activity, is free from interference;

• Quality assurance and improvement program (particularly completion of an internal quality assessment by a Certified Internal Auditor or CIA or equivalent professional with conclusion, findings and recommendations or a “road map” to improvements);

• Final audit reports and corresponding working papers (to support or evidence execution of the approved audit plan)

• Adequate audit staff with the desired professional attitude (by being impartial, unbiased) and proficiency (by obtaining appropriate professional certifications like the CIA and Certified Information System Auditor or CISA), and;

• Continuing professional development program to enhance the auditors’ knowledge, skills and other competencies;

The audit manual should prescribe procedures that are aligned with the International Standards for the Professional Practice of Internal Auditing (ISPPIA or “the Standard”) as well as “leading practices” in internal audit. This manual should include:

• Requirements to implement a risk-based approach;

• Administrative matters like having adequate staffing and engagement supervision;

• Conduct of pre- and post-audit meetings/conferences with the auditees to present and explain the audit objectives, program and scope;

• Validation and clearance of the audit findings/observations noted;

• Minimum working paper requirements/templates to support audit program execution and to evidence findings/observations noted;

• Audit sampling policy

• Report writing standards (as to format, conciseness, contents, draft and final versions, capturing auditees’ response, and timing of release);

• Performance metrics and criteria

• Mandatory follow-up of outstanding issues and recommendations of previous audit reports.

What is a quality assurance and improvement program?

Just like the risk-based approach to internal audit, a quality assurance and improvement program is a set of rigorous, comprehensive processes that the CAE is required to put in place in order to ensure the quality of the internal audit activity. These processes include appropriate supervision, periodic internal assessments and ongoing monitoring of quality assurance, and periodic external assessments (Practice Advisory or PA 1300-1 – Quality Assurance and Improvement Program).

 The Standard defines

Quality Assurance and Improvement Program (QAIP) as a program that is “designed to enable an evaluation of the internal audit activity’s conformance with the Definition of Internal Auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The program also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement” (ISPPIA 1300 – Quality Assurance and Improvement Program). Specifically, “QAIPs include an evaluation of:

• Conformance with the Definition of Internal Auditing, the Code of Ethics, and the Standards, including timely corrective actions to remedy any significant instances of nonconformance;

• Adequacy of the internal audit activity’s charter, goals, objectives, policies, and procedures;

• Contribution to the organization’s governance, risk management, and control processes;

• Compliance with applicable laws, regulations, and government or industry standards;

• Effectiveness of continuous improvement activities and adoption of best practices;

• The extent to which the internal audit activity adds value and improves the organization’s operations.”

(PA 1310-1 – Requirements of the Quality Assurance & Improvement Program)

How to establish a QAIP?

To establish a QAIP, the CAE will need to have the “right people”, “right processes” and “right tools”. For example, the CAE needs to have the “right people”, such as Certified Internal Auditors (CIAs) or other competent audit professionals currently assigned elsewhere in the organization to do a periodic internal assessment (the “right process”) using the “right tools”, like IIA’s Quality Assessment Manual or a comparable set of guidance or tools. The CAE will also have to formulate and issue an audit manual (“right tool”) to be followed by all the members of his/her audit team. To determine whether the members of the team are complying with the established policy and the Standard, a selective peer review of working papers by staff not involved in the respective engagement, as well as a regular or random survey of the auditees (audit customers or other stakeholders), may have to be conducted after the engagement (“right processes”) to obtain feedback (PA 1311-1 – Internal Assessment, paragraphs 1, 3 & 4).

What does it mean to pass the external quality assessment?

To pass the external quality assessment is a major milestone because it provides reasonable assurance to the stakeholders that relevant IA structures, policies and procedures comply with the requirements of the Standards and IIA’s Code of Ethics. It can also be inferred that the CAE and IA team have shown that they have developed and maintained their professional proficiency, performed their work diligently, competently and objectively, and served stakeholders reasonably well for the period covered, hence, have earned the trust and respect of their senior management and the board.

What is greatest value of the  external quality assessment?

Nevertheless, the greatest value of the external quality assessment does not merely rest on the independent reviewer’s overall opinion of “conformance”, “partial conformance”, or “non-conformance” to the Standards, but rather on the key areas for improvements that came out of the independent review.

Based on my professional experience, even the best companies in their industry have “room for improvements” as far as their internal audit activity is concerned. Invariably, there were some bitter critics or unsatisfied parties in the performance of internal audit work, especially those that received not-so-good audit ratings (which is typical and expected). It is very encouraging to note that, despite “angry or strong criticisms”, “gaps” and “shortcomings” noted, all the CAEs we’ve dealt with have exhibited “uncommon humility” and fortitude as well as remarkable openness to all significant issues presented and proposed changes, most especially those that will lead them to adopt “leading or best practice” in internal audit. This positive frame of mind by the CAEs raises the bar of excellence in enterprise assurance and, promotes good corporate governance.

(Reginald C. Nery, CPA, CIA , CISA, CFSA, CCSA, CISSP, CISM. He is the Head & Partner of Performance and Technology Advisory Services of Manabat Sanagustin & Co., CPAs, a member firm of KPMG network of independent member firms affiliated with KPMG International Cooperative, (KPMG International), a Swiss entity.

This article is of general information only and is not intended to be, nor is it a substitute for, informed professional advice. While due care was exercised to ensure the quality of the information contained in this article, readers should carefully evaluate its accuracy, completeness and relevance for their purposes, and should obtain any appropriate professional advice relevant to their particular circumstances. For comments or inquiries, please email [email protected] or [email protected])

vuukle comment

ASSESSMENT

ASSURANCE

AUDIT

BULL

CODE OF ETHICS

INTERNAL

PROGRAM

QUALITY
  • Latest
  • Trending
Trending
Latest
Trending
abtest
abtest

Political hibernation

By Boo Chanco | 1 day ago
First of all, a warm congratulations to Sen. Sonny Angara for his appointment as the Secretary of Education.
Business
fbtw
2.11 million Filipinos jobless in May as rate narrows to 4.1%

2.11 million Filipinos jobless in May as rate narrows to 4.1%

18 hours ago
The Philippine unemployment rate in May edged lower to 4.1% from 4.3% last year, suggesting a modest improvement in the job...
Business
fbtw
‘Still too early to declare victory against inflation’

‘Still too early to declare victory against inflation’

By Keisha Ta-Asan | 1 day ago
Even as headline inflation surprised to the downside in June and stayed within the central bank’s two to four percent...
Business
fbtw
Stocks on upward bias as inflation slows down

Stocks on upward bias as inflation slows down

By Richmond Mercurio | 1 day ago
The stock market is seen resuming its climb this week as investors are expected to capitalize on the momentum provided by...
Business
fbtw
Farm hiring jumps while hospitality sector cuts staff in May

Farm hiring jumps while hospitality sector cuts staff in May

11 hours ago
The latest employment data per sector showed mixed results in May, with most jobs lost in the hospitality sector while agriculture...
Business
fbtw
Latest
abtest
Hike in NAIA fees may start this year

Hike in NAIA fees may start this year

By Elijah Felice Rosales | 4 hours ago
Service fees at the Ninoy Aquino International Airport will be adjusted starting this year, and the first to take the hit...
Business
fbtw
Philippines, South Korea raising air travel seats – DOTr

Philippines, South Korea raising air travel seats – DOTr

By Elijah Felice Rosales | 4 hours ago
Filipinos no longer have to scramble over limited seats when booking a flight to South Korea as the government is raising...
Business
fbtw

Tools for strategic planning sessions

4 hours ago
The Center for Global Best Practices will host a two-session online training, titled “Best Practices Guide to Using Balanced Scorecard for Strategic Planning,” on July 25 and 26, from 9 a.m. to 12 noon...
Business
fbtw
Government revenue collection grows to P2.13 trillion in H1

Government revenue collection grows to P2.13 trillion in H1

By Louise Maureen Simeon | 4 hours ago
The government has collected P2.13 trillion in revenues as of the first half of the year, allowing it to be on track to hitting...
Business
fbtw
BDO eyes P5 billion from new ASEAN sustainability bonds

BDO eyes P5 billion from new ASEAN sustainability bonds

By Keisha Ta-Asan | 4 hours ago
BDO Unibank Inc. is targeting to raise at least P5 billion through the issuance of peso-denominated fixed-rate sustainability...
Business
fbtw
Recommended
Are you sure you want to log out?
X
Login

Philstar.com is one of the most vibrant, opinionated, discerning communities of readers on cyberspace. With your meaningful insights, help shape the stories that can shape the country. Sign up now!

Get Updated:

Signup for the News Round now

FORGOT PASSWORD?
SIGN IN
or sign in with