Draft Revisions to Professional Standards Would Improve the Global Practice of Internal Auditing
The IIA’s International Internal Audit Standards Board is seeking comments before May 20 on its effort to increase conformance with the International Standards for the Professional Practice of Internal Auditing.
ALTAMONTE SPRINGS, Fla., USA — The IIA is soliciting comments on the changes to the International Standards for the Professional Practice of Internal Auditing (Standards) proposed by the organization’s International Internal Audit Standards Board (IIASB).
“Our proposals are the result of IIASB deliberations over the past two years and reflect input the Board already has received from internal auditors and stakeholders, as well as global surveys and other research focused on the Standards,” says IIASB Chairman Andrew Dahle. “Much of the draft revisions would improve the wording clarity of the Standards and would not change the intent of the Standards themselves. However, the IIASB believes these revisions, in their totality, would substantively improve the practice of internal auditing around the globe.”
The IIASB will meet July 12-13 to review comments received by the May 20 deadline. It plans to release a final version of the Standards revisions in October, following a process review by the independent International Professional Practices Framework Oversight Council. Those final changes will take effect Jan. 1, 2013.
The most significant elements of the IIASB proposal would clarify the responsibilities of CAEs and other internal auditors — as well as the internal audit activity as a whole — for conforming with the Standards; clarify the CAE’s role in communicating unacceptable risks; and highlight the option of self-assessment with independent validation as a means of external quality assessment. More specifically, the proposal comprises:
- Responsibility for conformance with the Standards. The IIA’s Code of Ethics unmistakably requires IIA-member practitioners to perform internal audit services in accordance with the Standards, but the IIASB found some internal auditors are confused about their individual responsibility for their organization’s overall conformance with the Standards. The proposed change to the Standards introduction would clarify the differences in responsibilities of internal auditors, the CAE, and the internal audit activity for Standards conformance.
- Communication by the CAE on unacceptable risk. The IIASB notes some surveys indicate that confusing wording may be responsible in substantial part for relatively low conformance with Standard 2600, which requires the CAE to communicate when he or she concludes senior management has accepted a level of risk that may be unacceptable to the organization. The proposed change would simplify and clarify some of that current wording. The proposal also would explain that the CAE’s role is to communicate the matter of unacceptable risk, if unresolved by senior management, to the board but not to resolve the risk itself.
- Quality assurance and improvement program (QAIP) requirements. The IIASB also notes surveys and other research show relatively low conformance with the QAIP requirements of the 1300 series of the Standards. “In order to increase focus on the QAIP requirements and to clarify ways in which conformance may be achieved,” the IIASB is proposing changes that would clarify that external assessments can either be in the form of a full external assessment or a self-assessment with independent validation. Although most internal audit activities would be expected to get the full external assessment, the IIASB says it wants to encourage others not yet conforming “to embrace practical methods of achieving conformance with the QAIP requirement.”
- Timely adjustments to the internal audit plan for organizational changes. Stakeholders have pointed out to the IIASB that the Standards do not specifically require timely changes to the risk-based internal audit plan when substantial and relevant organizational changes occur. Proposed changes to Standard 2010 would require the CAE to review and adjust the audit plan as necessary in response to changes in the organization’s business, risks, operations, programs, systems, or controls.
- Addressing risks to the achievement of strategic objectives. Although the current Standards contain language to ensure internal auditing is risk-based, Standards 2120.A1 and 2130.A1 do not specifically ensure coverage of risks to the achievement of the organization’s strategic objectives. Proposed changes to these standards would clarify that internal audit plans should align with strategic risks to the organization.
- Adding examples of functional reporting to the board. The changes to Standard 1110 proposed by the IIASB would add approval of the internal audit budget and of remuneration of the CAE to the examples of functional reporting to the board. These examples, when in place, would further demonstrate the organizational independence of the internal audit activity, the IIASB says.
The IIASB also proposes adding the definitions of overall opinion and engagement opinion to the Standards glossary and changing the definitions of risk, control processes, and board.
The full text of the proposed revisions and an online response tool are available on The IIA’s global website in English, French, German, Italian, Korean, Montenegrin, Polish, Portuguese, Romanian, and Spanish. Comments also can be made via e-mail to firstname.lastname@example.org with the subject line “Standards Exposure.”
Manager, Corporate Communications