Following Up on Internal Audit Reports Workshop on

Following Up on Internal Audit Reports Workshop on IIA Standard 2500

The new IPPF framework Effective Date: 1 st January 2017

IPPF - The Changes Explained Changes to the IPPF

Summary of the main IPPF changes The Mission of Internal Audit and the Core Principles for the Professional Practice of Internal Auditing are new elements of the IPPF. Implementation Guidance replaced all the existing Practice Advisories. Members continued to use Practice Advisories to support conformance with the Standards until such time as new Implementation Guides were issued. Various New Implementation Guides issued. Supplemental Guidance: All Practice Guides, Global Technology Audit Guides (GTAGs), and Guides to the Assessment of IT Risks (GAIT) automatically become part of the recommended Supplemental Guidance layer.

Mission and Core Principles Mission Core Principles To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight. § § § § § Demonstrates integrity. Demonstrates competence and due professional care. Is objective and free from undue influence (independent). Aligns with the strategies, objectives, and risks of the organization. Is appropriately positioned and adequately resourced. Demonstrates quality and continuous improvement. Communicates effectively. Provides risk-based assurance. Is insightful, proactive, and future-focused. Promotes organizational improvement.

Standards which were updated 1110 Organisational Independence 1311 Internal Assessment 1312 External Assessment 1320 Reporting on the Quality Assurance and Improvement Program 2010 Planning 2120 Risk Management 2130 Control 2220 Engagement Scope 2201 Planning Considerations 2210 Engagement Objectives 2440 Disseminating Results 2600 Communicating the Acceptance of Risks Changes driven by a comparison of the previous standards to the new Core Principles Other changes in wording were effected in the Standard Introduction and Definitions.

Standard 2500 – Monitoring Progress

Follow-up Internal Audit Assignments Introduction Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes Definition of Internal Auditing, The Institute of Internal Auditors

Follow-up Internal Audit Assignments Standard 2500 The chief audit executive must establish and maintain a system to monitor the disposition of results communicated to management. Standard 2500, International Standards for the Professional Practice of Internal Auditing

Follow-up Internal Audit Assignments Standard 2500 The chief audit executive must establish a follow-up process to monitor and ensure that management actions have been effectively implemented or that senior management has accepted the risk of not taking action. Standard 2500. A 1, International Standards for the Professional Practice of Internal Auditing The internal audit activity must monitor the disposition of results of consulting engagements to the extent agreed upon with the client. Standard 2500. C 1, International Standards for the Professional Practice of Internal Auditing

Follow-up Internal Audit Assignments Implementation Guide: Tracking Observations reported and their rating Nature of agreed corrective action Target dates for implementation Process owner Current status

Follow-up Internal Audit Assignments Considerations Purpose Responsibility Follow-up process Bespoke systems Policies and Procedures Targeting high priority risks Following up recommendations/Management Actions, CIIA

Follow-up Internal Audit Assignments Success Factors Examining responses Communicating effectively Sharing expectations