Professional Documents
Culture Documents
Lesson 1 - Assurance Principles
Lesson 1 - Assurance Principles
Lesson 1 - Assurance Principles
CORPORATE GOVERNANCE
Memorandum Circular No. 19
Date: November 22, 2016
It is the system of stewardship and control to guide organizations in fulfilling their long-term
economic, moral, legal, and social obligations toward their stakeholders.
1. Board of Directors
2. Management
3. Independent director
4. Executive director
5. Non-executive director
Code of Corporate Governance for Publicly-Listed Companies
1. Establishing a competent board
2. Establishing clear roles and responsibilities of the board
3. Establishing board committees
3.2 – The board should establish an Audit Committee to enhance its oversight capability
ove the company’s financial reporting, internal control system, internal and externa
audit process, and compliance with applicable laws and regulations. The committee
should be composed of at least three appropriately qualified non-executive directors,
the majority of whom, including the Chairman, should be independent. All the
members of the committee must have relevant background, knowledge, skills, and/or
experience in the areas of accounting, auditing and finance. The Chairman of the Audit
Committee should not be the chairman of the Board or of any other committees.
The Audit Committee has the following duties and responsibilities, among others:
a. Recommends the approval the Internal Audit Charter (IA Charter)
b. Through the Internal Audit (IA) Department, monitors and evaluates the
adequacy and effectiveness of the corporation’s internal control system,
integrity of financial reporting, and security of physical and information assets.
c. Oversees the Internal Audit Department and recommends the appointment
and/or grounds for approval of an internal audit head or Chief Executive (CAE).
d. Establishes and identifies the reporting line of the Internal Auditor to enable
him to properly fulfill his duties and responsibilities.
e. Reviews and monitors Management’s responsiveness to the Internal Auditor’s
findings and recommendations;
f. Prior to the commencement of the audit, discusses with the External Auditor
the nature, scope, and expenses of the audit, and ensures the proper
coordination
g. Evaluates and determines the non-audit work, if any, of the External Auditor,
and periodically reviews the non-audit fees paid to the External Auditor in
relation to the total fees paid to him and to the corporation’s overall
consultancy expenses.
h. Reviews and approves the Interim and Annual Financial Statements before
their submission to the Board
i. Reviews the disposition of the recommendations in the External Auditor’s
management letter;
DEFINITION OF TERMS
Board - The highest level of governing body charged with the responsibility to direct and/or
oversee the activities and management of the organization. Typically, this includes an
independent group of directors (e.g., a board of directors, a supervisory board, or a board of
governors or trustees). If such a group does not exist, the “board” may refer to the head of the
organization. “Board” may refer to an audit committee to which the governing body has
delegated certain functions.”
Internal Audit Activity - “A department, division, team of consultants, or other practitioner(s)
that provides independent, objective assurance and consulting services designed to add value
and improve an organization’s operations…”
Chief Audit Executive - describes a person in a senior position responsible for effectively
managing the internal audit activity in accordance with the internal audit charter and the
Definition of Internal Auditing, the Code of Ethics, and the Standards... The specific job title of
the chief audit executive may vary across organizations
ASSURANCE
means an engagement in which a practitioner expresses a conclusion designed to enhance the
degree of confidence of the intended users other than the responsible party about the outcome
of the evaluation or measurement of a subject matter against criteria.”
International Framework for Assurance Engagements
Need for Assurance
Potential bias in providing information.
Remoteness between a user and the organization or trading partner.
Complexity of the transactions, information, or processing systems.
ASSURANCE SERVICE
Assurance services (or assurance engagements) are three-party contracts in which assurers
reports on the quality of information.
Scope of Assurance Service:
A wider spectrum of services.
A more diverse group of users.
Greater potential users.
Value of Assurance
The assurance function gives investors, creditors and users of information confidence in
the accuracy of data.
The value of assurance, then, is in the confidence it generates in users of the
information.
LEVELS OF ASSURANCE
1. Reasonable assurance (such as an audit opinion)
2. Limited assurance (such as in reviewed financial statements)
3. No assurance (such as a compilation of financial statements)
AUDIT
Objective examination of factual evidence
Providing an independent and reasonable assurance against an established criteria
International Framework for Assurance Engagements
External Audit
an independent examination of financial statements of an entity that enables an auditor
to express an opinion whether the financial statements are prepared (in all material
respects) in accordance with an identified and acceptable financial reporting framework
(e.g. international or local accounting standards and national legislations)
Brink’s Modern Internal Auditing
Internal Audit
.is an independent, objective assurance and consulting activity designed to add value
and improve an organization's operations. It helps an organization accomplish its
objectives by bringing a systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control, and governance processes.
The IIA is the internal audit profession's global voice, recognized authority, acknowledged
leader, chief advocate, and principal educator.
The only globally accepted designation for internal auditors and the standard by which
individuals demonstrate their professionalism in internal auditing.
Vision: To continuously produce and sustain certified professionals
CODE OF ETHICS
Purpose
States the principles and expectations governing the behavior of individuals and
organizations in the conduct of internal auditing
Describes the minimum requirements for conduct, and behavioral expectations rather
than specific activities.
Promotes an ethical culture in the profession of internal auditing
Two Essential Components
1. Principles - that are relevant to the profession and practice of internal auditing
2. Rules of Conduct - that describe behavior norms expected of internal auditors.
Integrity
The integrity of internal auditors establishes trust and thus provides the basis for
reliance on their judgment.
Integrity – Rules of Conduct
Internal Auditors:
1.1. Shall perform their work with honesty, diligence, and responsibility
1.2. Shall observe the law and make disclosures expected by the law and the profession.
1.3. Shall not knowingly be a party to any illegal activity, or engage in acts that are
discreditable to the profession of internal auditing or to the organization.
1.4. Shall respect and contribute to the legitimate and ethical objectives of the
organization.
Objectivity
Internal auditors exhibit the highest level of professional objectivity in gathering,
evaluating, and communicating information about the activity or process being
examined.
Internal auditors make a balanced assessment of all the relevant circumstances and are
not unduly influenced by their own interests or by others in forming judgments
Objectivity – Rules of Conduct
Potential Impairments
Past or future work assignments
Conflict of interest
Gifts and gratuities
Assignment of non-audit functions
Scope limitation
Resource limitation
Access restriction
Internal Auditors:
2.1. Shall not participate in any activity or relationship that may impair or be presumed
to impair their unbiased assessment. This participation includes those activities or
relationships that may be in conflict with the interests of the organization.
2.2. Shall not accept anything that may impair or be presumed to impair their
professional judgment.
2.3. Shall disclose all material facts known to them that, if not disclosed, may distort
the reporting of activities under review.
Confidentiality
Internal auditors respect the value and ownership of information they receive and do
not disclose information without appropriate authority unless there is a legal or
professional obligation to do so.
Confidentiality – Rules of Conduct
Internal Auditors:
3.1. Shall be prudent in the use and protection of information acquired in the course of
their duties
3.2. Shall not use information for any personal gain or in any manner that would be
contrary to the law or detrimental to the legitimate and ethical objectives of the
organization.
Competency
Internal auditors apply the knowledge, skills, and experience needed in the performance
of internal audit services.
Competency – Rules of Conduct
Internal Auditors:
4.1. Shall engage only in those services for which they have the necessary knowledge,
skills, and experience.
4.2. Shall perform internal audit services in accordance with the International Standards
for the Professional Practice of Internal Auditing.
4.3. Shall continually improve their proficiency and the effectiveness and quality of their
services.
CORE PRINCIPLES
Demonstrates integrity.
Demonstrates competence and due professional care.
Is objective and free from undue influence (independent).
Is appropriately positioned and adequately resourced.
Demonstrates quality and continuous improvement
Provides risk-based assurance.
Aligns with the strategies, objectives, and risks of the organization.
Is insightful, proactive, and future-focused.
Promotes organizational improvement.
Communicates effectively
STANDARDS
International Standards for the Professional Practice of Internal Auditing (The Standards) –
ISPPIA
The Standards comprise two main categories:
Attribute Standards address the attributes of organizations and individuals
performing internal auditing
Performance Standards describe the nature of internal auditing and provide
quality criteria against which the performance of these services can be
measured
The Standards are a set of principles-based, mandatory requirements consisting of:
Statements of core requirements for the professional practice of internal
auditing and for evaluating the effectiveness of performance that are
internationally applicable at organizational and individual levels.
Interpretations clarifying terms or concepts within the Standards.
Applies to individual internal auditors and the internal audit activity
Chief audit executives are additionally accountable for the internal audit
activity’s overall conformance with the Standards.
If prohibited by law or regulation from conformance with certain parts of the
Standards, conformance with all other parts of the Standards and appropriate
disclosures are needed.
The purpose of the Standards is to:
1. Guide adherence with the mandatory elements of the International Professional
Practices Framework.
2. Provide a framework for performing and promoting a broad range of value-added
internal auditing services.
3. Establish the basis for the evaluation of internal audit performance.
4. Foster improved organizational processes and operations.
IA Governance
1000 – Purpose, Authority, and Responsibility
1100 – Independence and Objectivity
1300 – Quality Assurance and Improvement Program
IA Staff
1200 – Proficiency and Due Professional Care
IA Management
2000 – Managing the Internal Audit Activity
2100 – Nature of Work
2600 – Communicating the Acceptance of Risks
IA Process
2200 – Engagement Planning
2300 – Performing the Engagement
2400 – Communicating Results
2500 – Monitoring Progress
Attribute Standards
1000 Purpose, Authority, and Responsibility
1010 Recognizing Mandatory Guidance in the Internal Audit Charter
1100 Independence and Objectivity
1110 Organizational Independence
1111 Direct Interaction with the Board
1112 Chief Audit Executive Roles Beyond Internal Auditing
1120 Individual Objectivity
1130 Impairment to Independence or Objectivity
1200 Proficiency and Due Professional Care
1210 Proficiency
1220 Due Professional Care
1230 Continuing Professional Development
1300 Quality Assurance and Improvement Program
1310 Requirements of the Quality Assurance and Improvement Program
1311 Internal Assessments
1312 External Assessments
1320 Reporting on the Quality Assurance and Improvement Program
1321 Use of “Conforms with the International Standards for the Professional Practice of
Internal Auditing”
1322 Disclosure of Nonconformance
Performance Standard
2000 Managing the Internal Audit Activity
2010 Planning
2020 Communication and Approval
2030 Resource Management
2040 Policies and Procedures
2050 Coordination and Reliance
2060 Reporting to Senior Management and the Board
2070 External Service Provider and Organizational Responsibility for Internal Auditing
2100 Nature of Work
2110 Governance
2120 Risk Management
2130 Control
2200 Engagement Planning
2201 Planning Considerations
2210 Engagement Objectives
2220 Engagement Scope
2230 Engagement Resource Allocation
2240 Engagement Work Program
2300 Performing the Engagement
2310 Identifying Information
2320 Analysis and Evaluation
2330 Documenting Information
2340 Engagement Supervision
2400 Communicating Results
2410 Criteria for Communicating
2420 Quality of Communications
2421 Errors and Omissions
2430 Use of “Conducted in Conformance with the International Standards for the
Professional Practice of Internal Auditing”
2431 Engagement Disclosure of Nonconformance
2440 Disseminating Results
2450 Overall Opinions
2500 Monitoring Progress
2600 Communicating the Acceptance of Risks