Professional Documents
Culture Documents
Topic 1
Topic 1
Contents
TOPIC 1: International Professional Practice Framework (IPPF) 2
1 AUI4861/SG
TOPIC 1
International Professional Practice
Framework (IPPF)
Contents
LEARNING UNIT 1: Theory and application of the IPPF 4 2
The Institute of Internal Auditors (IIA) has a membership of over 190 000 internal auditors globally
in 170 countries and is faced with the challenge of ensuring that internal auditing is practiced by
all its members in a professional and consistent way.
The International Professional Practice Framework (IPPF) has been developed by the IIA to ensure
professionalism and consistency in the practice of internal auditing. According to the preface to
the IPPF, internal auditing is performed throughout the world, in diverse environments and within
organisations that vary in purpose, size and structure. While differences may affect the practice of
internal auditing in each environment, conformance with the IPPF is essential in meeting the
responsibilities of internal auditors and the internal audit activity (IAA) (2009:xv). Internal
auditors, therefore, demonstrate their professionalism by adhering to the IPPF.
The IIA first introduced professional guidance for internal auditors in 1978 to be used around the
world in order to provide international consistency and also as a measurement tool for audit
quality assurance. Through its research foundation, the IIA ensured that the professional guidance
provided to its members remained current and in touch with developing internal audit practices.
In 2016, the IIA implemented its latest revision of the professional guidance in the form of the IPPF.
2 AUI4861/SG
The purpose of this topic is firstly to guide you in understanding the nature of the IPPF and the
effect that the IPPF has on the practice of internal auditing, and secondly, to guide you in
becoming proficient in the practical application of the IPPF.
MULTIMEDIA
Click on the hyperlinks below to view the following YouTube video about the IPPF and
Internal Audit:
https://www.youtube.com/watch?v=G5a5vchrIh8
LEARNING OUTCOMES
3 AUI4861/SG
Learning unit 1
Theory and application of the IPPF
Contents
1.1 INTRODUCTION 4
1.2 TYPES OF GUIDANCE PROVIDED IN THE IPPF 5
1.3 MANDATORY GUIDANCE 7
1.4 RECOMMENDED GUIDANCE 10
1.1 INTRODUCTION
The IIA Inc. was formed in 1941. Initially, it was based in New York and was confined to the USA.
Its role then was to provide a clearing house for ideas and education, and generally to unite the
developing profession. By the 1960s the IIA had grown and flourished, and had become the
acknowledged international leader of the internal auditing profession. The IIA's motto of
"Progress Through Sharing" defined its role as a non-elitist coming together of like-minded
individuals to offer mutual support and advancement through the propagation of knowledge. As
stated earlier, the IIA first introduced the Guidance for the Professional Practice of Internal
Auditing in 1978 with the intention that it would provide international consistency and be a
measurement tool to measure audit quality assurance around the world.
As the business processes developed and became more complicated, it became evident that the
role of internal auditing had to be redefined. In 1999, the IIA undertook a research project, called
the Competency Framework for Internal Auditing (CFIA), with the intention to compile a common
body of knowledge for internal auditors. The project also addressed the future role of internal
4 AUI4861/SG
auditing, the competencies that internal auditors should possess, and the ways by which these
competencies should be evaluated.
The IIA then summated an international group of professional internal auditors, known as the
Guidance Task Force, to study the needs of the profession and to formulate a framework of
guidance for the future practice of internal auditing.
The report of this task force in 1999 led to a total revision of the definition of internal auditing, the
Standards for the Professional Practice of Internal Auditing (Standards), the guidelines for
internal audit practice and the activities of the IIA. The Professional Practices Framework (PPF)
that developed from this was adopted in 2002 and laid the foundation for internal auditing as it
is practiced today. It became mandatory guidance for all IIA members and Certified Internal
Auditors (CIA's) on January 1, 2004.
The global development of internal auditing and the demands placed on the profession, however,
require constant revision of internal audit practices. In 2015, the IIA published updated guidance
for the profession, now referred to as the International Professional Practice Framework (IPPF),
upon which your study of this module will be based.
The IPPF plays a crucial role in the practice of internal auditing and supports the concept of
internal auditing as a professionally based discipline. It is the compendium of authoritative
guidance promulgated by the IIA. In general, it provides a structural blueprint of how a body of
knowledge and guidance fit together.
MULTIMEDIA
Click on the hyperlink below to view the following YouTube video, which provides a
summary on the updated IPPF, the changes and what has remained the same.
http://www.iia.org.au/sf_docs/default-source/quality/iia-global-new-ippf-
2015.pdf?sfvrsn=2
Recommended - The guidance is endorsed by the IIA through a formal review and
approval process. It describes practices to implement the Core Principles, Definition of
Internal Auditing, Code of Ethics and Standards effectively. Compliance is
recommended.
5 AUI4861/SG
Figure 1.1: The International Professional Practices Framework (IPPF) www.theiia.org
Firstly, the Mission of Internal Audit was introduced by the IIA in 2015 to demonstrate
how internal audit practitioners should use the IPPF to achieve the Mission.
6 AUI4861/SG
1.3 MANDATORY GUIDANCE
CORE PRINCIPLES FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING
The Core Principles, taken as a whole, articulates internal audit effectiveness. The method in
achieving these Principles may differ from organisation to organisation. However, failure to
achieve any of these Principles would indicate that the IAA was not as effective as it could have
been in achieving the internal audit's mission.
STUDY
Study the Core Principles for the Professional Practice of Internal Auditing. Available at
https://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Core-
Principles-for-the-Professional-Practice-of-Internal-Auditing.aspx
The purpose of the IIA's Code of Ethics is to promote an ethical culture in the profession of internal
auditing. A code of ethics is necessary and appropriate for the profession of internal auditing,
founded as it is on the trust placed in its objective assurance regarding governance, risk
management and control. The IIA's Code of Ethics extends beyond the Definition of Internal
Auditing to include two essential components:
1. Firstly, it contains Principles that are relevant to the profession and practice of
internal auditing.
2. Secondly, Rules of Conduct are included, which describe the behavioural norms
expected of internal auditors. These rules are an aid to interpreting the Principles
into practical applications and are intended to guide the ethical conduct of internal
auditors.
7 AUI4861/SG
STUDY
Study the following sections in Internal Auditing: An Introduction, Chapter 3, Section 3.4
INTRODUCTION
The Standards are principle-focused and provide a framework for performing and promoting
internal auditing. They are mandatory requirements consisting of
• statements of basic requirements for the professional practice of internal auditing and for
evaluating the effectiveness of its performance, which are internationally applicable at
organisational and individual levels
• interpretations, which clarify terms or concepts within the statements
It is necessary to consider both the statements and their interpretations to understand and apply
the Standards correctly.
The Standards embody the best in internal auditing practice and principles world-wide. They
provide the basis for the measurement of internal auditing performance and the potential of
internal audit to improve management processes and operations.
The purpose of the Standards is to
• delineate basic principles that represent the practice of internal auditing
• provide a framework for performing and promoting a broad range of value-added internal
auditing
• establish the basis for the evaluation of internal audit performance
• foster improved organisational processes and operations
The review and development of the Standards is an ongoing process. The International Internal
Audit Standards Board (IIASB) engages in extensive consultation and discussion prior to issuing the
Standards. This includes worldwide solicitation for public comment through the exposure draft
process. All exposure drafts are posted on the IIA's website and are also distributed to all IIA
Institutes.
ATTRIBUTE STANDARDS
Attribute Standards address the attributes (characteristics) of organisations and individuals
performing internal audit services.
The following attribute standards are included in the IPPF:
1000 - Purpose, Authority and Responsibility
1100 - Independence and Objectivity
1200 - Proficiency and Due Professional Care
1300 - Quality Assurance and Improvement Program
PERFORMANCE STANDARDS
Performance Standards describe the nature of internal audit services and provide quality criteria
against which to measure performance.
Performance Standards provide guidance on the nature of audit work and planning, conducting,
8 AUI4861/SG
managing, communicating, and reporting throughout the audit activity; they also address aspects
such as resource and risk management, policies and procedures, control, and governance.
Assurance services involve the internal auditor's objective assessment of evidence to provide an
independent opinion or conclusions regarding an entity, operation, function, process, system, or
other subject matter. The nature and scope of the assurance engagement are determined by the
internal auditor. There are generally three parties involved in assurance services:
(1) the person or group directly involved with the entity, operation, function, process, system, or
other subject matter — the process owner,
(2) the person or group making the assessment — the internal auditor, and
(3) the person or group using the assessment — the user.
Consulting services are advisory in nature and are generally performed at the specific request of
an engagement client. The nature and scope of the consulting engagement are subject to
agreement with the engagement client.
Consulting services generally involve two parties:
(1) the person or group offering the advice — the internal auditor, and
(2) the person or group seeking and receiving the advice — the engagement client.
When performing consulting services, the internal auditor should maintain objectivity and not
assume management responsibility.
STUDY
Study the following sections in Internal Auditing: An Introduction, Chapter 2: Section
2.7.5
Study the IPPF, that is, all Attribute and Performance standards (a thorough knowledge
of all the Standards is required). Available at https://na.theiia.org/standards-
guidance/mandatory-guidance/Pages/Standards.aspx
INTERNET SOURCE
9 AUI4861/SG
The evolution of the role of the internal auditor, with more emphasis on consulting activities, has
resulted in questions and concerns regarding the independence and objectivity of the internal
auditor in accepting these services.
As a postgraduate student you should research more articles related to the topic to enhance your
knowledge and understanding of the subject.
The Supplemental Guidance provides guidance on internal audit activities and services.
Topics on sector-specific issues, processes and procedures, and examples of deliverables
are just some of the issues where guidance is offered in the Supplemental Guidance.
As of July 2015, the Supplemental Guidance incorporated the previous Practice Guides,
Global Technology Audit Guides (GTAGS) and Guides to the Assessment of IT Risks (GAIT).
ACTIVITY 1.1
Consider the scenarios that follow below. For each of the scenarios, with reference to
the IPPF, indicate the Standards and/or the principles of the Code of Ethics that have
been violated. Support your answer by explaining the violation and indicating the
requirements that must be met.
1. John has just been appointed as an internal auditor at Moonlight (Pty) Ltd. When he asks
the Chief Audit Executive (CAE) about the internal audit charter, the CAE informs John that
he does not see the need for an internal audit charter, as every staff member has a job
description. The CAE informs John that he has been the CAE for five years and although they
never had a charter, the internal audit activity (IAA) has always been able to deliver
according to the audit plan. While going through some documents John realises that the
CAE was the company's Financial Director in the previous financial year and that he is also
the cousin of the Chief Executive Officer (CEO) of Moonlight (Pty) Ltd. John further realises
that the IAA was recently established (i.e. in the current financial year) and consists mainly
of former employees of the finance department. None of the internal audit staff has had
prior exposure to internal auditing except for John himself. John came across a recent
internal audit report of the Finance Department that was issued by his team. He was not
satisfied with how the report was compiled and sent the report to his former mentor for his
review and advice on how he should go about discussing his concerns with the CAE.
10 AUI4861/SG
2. Peter Brown is a newly appointed internal auditor at Arthur and Sons Accountants and
Auditors. During the audit at one of the company's key clients, Pro King Electronics, Peter
discovers a fraudulent transaction that implicates the CEO of the auditee. He raises the
matter with the audit manager for direction. Excited about his discovery, Peter informs
family and friends about what has transpired and tells them that the CEO may go to jail. As
he continues the audit he comes across major findings that may cause people to lose jobs.
He decides that his conscience will not allow him to report such findings because many
families may suffer as a result. He therefore decides to shred the working papers. The
supervisor on site notices that Peter acts strangely and probes the matter, only to find that
Peter did not raise the issues that he should have raised. The supervisor then writes a report
on those findings that Peter did not want to raise, and issues the report to the management
of Pro King Electronics. Indeed, three managers were fired with immediate effect
11 AUI4861/SG
FEEDBACK
12 AUI4861/SG
Component
# violated Explain the violation IPPF requirements
Code of2 Ethics: Principle 3 and Peter Brown disclosed sensitive audit information Internal auditors shall be prudent in the use and
Rule 3.1 on Confidentiality to family and friends about the possibility of the protection of information acquired in the course of their
CEO going to jail. duties.
Code of Ethics: Principle 1 and Peter should report anything that may seem to Internal auditors shall perform their work with honesty,
Rule 1.4 on Integrity undermine the legitimate and ethical diligence and responsibility; shall observe the law and
responsibility of the organisation. make disclosures expected by the law and the
profession; and shall respect and contribute to the
legitimate and ethical objectives of the organisation.
Code of Ethics: Principle 2 and Peter should have raised the matter himself in the Internal auditors shall disclose all material facts known
Rule 2.3 on Objectivity working paper so that it would eventually be to them that, if not disclosed, may distort the reporting
reported to management. of activities under review.
Standard 2440: Disseminating The supervisor should not have communicated The CAE must communicate results to the appropriate
Results the findings to management of Pro King parties.
Electronics prior to the CAE reviewing the file to The CAE or designee reviews and approves the final
ensure that all the necessary supporting engagement communication before issuance and
documents were in place prior to issuing a report decides to whom and how it will be disseminated.
of such a sensitive nature.
13 AUI4861/SG
REFLECTION
Have you identified any other violations, not mentioned in the feedback above?
SELF-ASSESSMENT QUESTIONS
TOPIC SUMMARY
This topic discussed how professional guidance for internal auditing has developed over
the years and guided you to understand a detailed study of the The topics end with an
activity that is aimed at testing your ability to apply your integrated knowledge of the
theory you have learned in this topic in a practical situation.
REFLECTION
14
AUI4861/SG
NOTES
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
15
AUI4861/SG