Introduction to Internal Auditing StandardsGuidelines NIRDPR 182018 Standards

Introduction to Internal Auditing Standards/Guidelines NIRDPR– 1/8/2018

Standards & Guidance — International Professional Practices Framework (IPPF) The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance promulgated by The IIA. A trustworthy, global, guidance-setting body, The IIA provides internal audit professionals worldwide with authoritative guidance organized in the IPPF as mandatory guidance and recommended guidance. Take a look at the video to learn more about it.

The Framework for Internal Audit Effectiveness - The New IPPF

Internal Audit Guidelines (IAG) Set of principles-based mandatory requirements for Internal Audit of Central Civil Ministries/ Departments of Government of India and for evaluating the effectiveness of performance. Apply individually and collectively to the internal audit activity. Complements and supplements IPPF SECTION I - Introduction to IAG for effective internal auditing SECTION II - General guidelines SECTION III - CGA level guidelines SECTION IV - Ministry level guidelines SECTION V - Guidelines for performing internal audit engagements

Objective of IAG Ø Guide the Internal Audit Wings (IAWs) in carrying out an effective internal audit through an objective risk based assurance in the areas of Governance, Risk Management and Control processes Ø To provide a set of best practices which, when followed, mitigate Audit Risk to within a tolerable level as specified by the Ministry’s Audit Committee. Audit risk is the risk of giving false positives (i. e. giving a positive assurance over a subject matter when there is a substantial issue) or a false negative (where an adverse opinion is given over a subject matter while the actual conditions are satisfactory) Ø Establish the basis for the evaluation of internal audit performance Ø Foster improved organizational processes and operations

Mission of Internal Audit “To enhance and protect organizational value at the Ministry by providing riskbased and objective assurance, advice, and insight. ”

Types of Guidance Mandatory ü ü Core Principles Definition Code of Ethics Standards Recommendatory ü Implementation Guidance ü Supplemental Guidance

Core Principles (Guideline #1) 1. 2. 3. 4. Integrity Competence and due professional care Objective and independent Aligns with the strategies, objectives, and risks of the organization 5. Appropriately positioned and adequately resourced 6. Quality and continuous improvement 7. Communicates effectively 8. Provides risk-based assurance 9. Insightful, proactive, and future-focused 10. Promotes organizational improvement

Code of Ethics (Guideline #2) Internal auditors are expected to apply and uphold the following principles: ü ü Integrity Objectivity Confidentiality Competency

Definition of Internal Auditing (Guideline #6) “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes”

“The Standards” • Part of IPPF • International Standards for the Professional Practice of Internal Auditing (ISPPA) Ø What is internal audit Ø Different phases of the process Ø Minimum performance levels

The Standards Attribute Standards 1000 – Purpose, Authority, and Responsibility Define in IA Charter (Unit 3) 1100 – Independence & Objectivity Organizational independence, direct interaction with the Board/Audit Committee, impartial/unbiased, avoid conflict of interest (Guideline #3) 1200 – Proficiency and Due Professional Care Knowledge, skills & other competencies; care and skill expected of a reasonably competent and prudent internal auditor (Guideline #4&5) 1300 – Quality Assurance and Improvement (Guideline #24) Performance Standards

The Standards Performance Standards 2000 – Managing the Internal Audit Activity (Guideline #9) CAE to effectively manage to add value to the organization (conformance with IPPF, considers trends & issues impacting Organization) 2100 – Nature of work (Guideline #7&8) 2200 - 2600 : Internal Audit Process (Guideline #25 to 32) 2200 – Engagement Planning (Guideline #25) 2300 – Performing the Engagement (Guideline #26 TO 30) 2400 – Communicating Results (Guideline #31) 2500 – Monitoring Progress (Guideline #32) 2600 – Communicating the Acceptance of Risks (Guideline #32)

Other Guidelines Establishing best practices in internal audit - #10 The CGA lays down the best practices for effective internal auditing Supporting engagement of PR. CCAS/CAS with the Audit Committees at Ministries - #11 The CGA plays a coordinating / supporting role in the interaction of Pr. CCAs/CAs(I/c. ) of line Ministries / Departments with their respective Audit Committees to create a working relationship between the Audit committee and internal audit Technical support to Pr. CCA/CAs In their capacity as CAEs at Ministries- #12 A technical capability to provide guidance and support to the PR. CCA/CA in their capacity as CAE and the internal audit activity at the Ministries is delivered by the Office of the CGA through an Internal Audit Centre of Excellence (IA-Co. E ) Encouraging to maintain proficiency levels in internal audit - #13 The Office of the CGA will review plans that ensure proficiency both at an individual internal auditor level and engagement team level through Government Internal Auditor certification programmes and other certifications conducted by its training and development institute, INGAF

Ministry Level Guidelines

Internal Audit Has Become The Recognized Third Line of Defense

Usual expectations from Internal Auditing by different stakeholders Stakeholder Expectations of Internal Audit • Board • • • Executive • • Regulators • Board Regulators Assurance GNo Surprises • Assurance Eyes and Ears • No Surprises EInsight • Eyes and Ears U NAssurance • Insight Value B for Money • Assurance EManagement • Tool. Value for Money L Insight RSource of Talent • Management Tool I • Insight and Controls AIndependent Risk • Source of Talent C Assurance L P • Independent Risk and Controls Assurance

THANK YOU!

Nature of Work (Guideline #7) The internal audit activity must evaluate and contribute to the improvement of the organization's governance, risk management, and control processes using a systematic, disciplined, and risk-based approach. The internal audit activity must assess and make appropriate recommendations to improve the organization's governance processes for ü ü Making strategic and operational decisions. Overseeing risk management, and control. Promoting appropriate ethics and values within the organization. Ensuring effective organizational performance management and accountability. ü Communicating risk and control information to appropriate areas. ü Coordinating the activities of, and communicating information among, the board, external and internal auditors, other assurance providers, and management

Types of Services (Guideline #8) Mainly divided into Assurance and Advisory services Assurance - Involves the internal auditor’s objective assessment of evidence to provide opinions or conclusions regarding an entity, operation, function, process, system, or other subject matters. Generally, three parties are involved: (1) Process owner (2) Internal auditor, and (3) User Advisory - Generally performed at the specific request of Ministry/ Department. Generally involves two parties: (1) Internal auditor, and (2) The Ministry/ Department seeking the services. When performing advisory services, the internal auditor should maintain objectivity and should not assume management responsibility.

Quality Assurance & Improvement Programme (QAIP) (Guideline #24) The Pr. CCA/CA in their capacity as CAE is responsible for maintaining and developing a QAIP that covers all activities of the Ministry’s Internal Audit Wings. QAIP includes: Internal Assessments – Ongoing monitoring & periodic self-assessments External Assessments - Once in five years by qualified, independent assessor Reporting on the Quality Assurance and Improvement Program – Integrated Financial Advisor and the audit committee Use of “Conforms with the International Standards for the Professional Practice of Internal Auditing” – only if supported by results of QAIP. Non conformance should be disclosed