Final Draft MPA 626 Group 2 Presentation

INTERNAL CONTROL
& INTERNAL
AUDITING
MPA 626
1. Outline
➔IASPPS
➔ICSPPS
➔PGIAM
➔IAS
Internal Auditing Standards for
the Philippine Public Sector
(IASPPS)
Introduction
● Article IX-D of the 1987 Constitution - vests the Commission on Audit (COA)
the exclusive authority to promulgate auditing rules and regulations.
● Internal Auditing Research and Development Committee (IARDC)
○ Review of IPPF, ICIF, PGIAM, NGICS, GAAM
● IARDC - developed IASPPS (Internal Auditing Standards for the Philippine Public
Sector)
○ provides guidance for the professional practice of internal auditing to improve the
effectiveness of governance, risk management, and control processes in all agencies
of the government
Philippine Internal Auditing Framework for Public Sector
A. Mission
The Mission of Internal Audit

articulates what internal audit aspires
to accomplish within an agency:
“To enhance and protect

organizational value by
providing risk- based and
objective assurance, advice, and
insight.”
B. Core Principles
1. Demonstrates integrity;
2. Demonstrates competence and due professional care;
3. Is objective and free from undue influence (independent)
4. Aligns with the strategies, objectives, and risks of the

government agency;
5. Is appropriately positioned and adequately resourced;
6. Demonstrates quality and continuous improvement;
7. Communicates effectively;
8. Provides risk-based assurance;
9. Is insightful, proactive, and future-focused; and
10. Promotes improvement of government operations.

C. Definition of Internal Auditing
Internal Auditing is an independent,

objective assurance and advisory activity
designed to add value and improve
government operations. It helps
government accomplish its objectives by
bringing a systematic, disciplined
approach to evaluate and improve the
effectiveness of governance, risk
management, and control processes.
D. Standards
1. Philippine Application Guidelines (PAG)

- outline elaborations that need to be considered in the
implementation of IASPPS.
1. Supplemental PAG
- outlines additional modifications or updates on the
PAG.
E. Code of Ethics
Republic Act No. 6713 - Code of Conduct

and Ethical Standards for Public Officials
and Employees (General Application)
Code of Ethics of the Institute of Internal

Auditors (Specific Application).
PURPOSE, AUTHORITY and RESPONSIBILITY
The purpose, authority, and responsibility of the internal audit service (IAS) must be
formally defined in an internal audit charter, consistent with the Mission of Internal Audit,
the Core Principles, the Code of Ethics, the Internal Auditing Standards for the Philippine Public
Sector (IASPPS), and the Definition of Internal Auditing. The head of internal audit must
periodically review the internal audit charter; present it to the senior management, for additional
input/ enhancement, if any; and submit, for approval, to the head of agency or the governing
body/audit committee.
- The nature of assurance services must be defined in the internal audit charter.
- The nature of advisory services must be defined in the internal audit charter.
INTERNAL AUDIT CHARTER
- May vary in each agency, may

include
1. Introduction 8. Reporting
2. Purpose of IAS
3. Authority 9. Monitoring
4. Organization and Reporting 10. Quality Assurance and
Structure Improvement
5. Independence and Objectivity
6. Responsibilities 11. Signatures
7. Internal Audit Plan
Recognizing Guidance in the Internal Audit Charter
The nature of the Core Principles, the Code of Ethics, the Internal
Auditing Standards for the Philippine Public Sector (IASPPS), and the
Definition of Internal Auditing must be reflected in the internal audit
charter. The head of internal audit should discuss the Mission of Internal
Audit and the elements of the Philippine Internal Auditing Framework for
Public Sector with senior management, and the head of agency or the
governing body/audit committee.
Independence and Objectivity
The internal audit service (IAS) must be independent, and

internal auditors must be objective in performing their work.
DUAL REPORTING (avoid bias) - head of Internal Audit - direct

functional reporting line to the governing body/audit committee and an administrative
reporting line to the head of agency
ORGANIZATIONAL INDEPENDENCE
The head of internal audit must report to a level within the agency that allows the
internal audit service (IAS) to fulfill its responsibilities. The head of internal audit
must confirm to the head of agency or the governing body/audit committee, at least
annually, the organizational independence of IAS.
The IAS must be free from interference in determining the scope of internal auditing,
performing work, and communicating results. The head of internal audit must
disclose such interference to the head of agency, or the governing body/audit
committee, and discuss the implications.
Direct Interaction with the Head of Agency or the Governing Body/Audit Committee
The head of internal audit must communicate and interact

directly with the head of agency or the governing body/audit
committee.
- allows them to give insights directly to the head of internal audit on new
and emerging issues and concerns facing the agency.
Roles of the Head of Internal Audit Beyond Internal Auditing
Where the head of internal audit has or is expected to have roles and/or
responsibilities that fall outside of internal auditing, safeguards must be in
place to limit impairments to independence or objectivity.
Example:
- The agency’s processes are immature, and the head of internal audit has the
most appropriate expertise to introduce risk management principles in the
agency.
- SAFEGUARDS
INDIVIDUAL OBJECTIVITY
Internal auditors must have an impartial, unbiased attitude and avoid

any conflict of interest.
● CONFLICT OF INTEREST
○ a public official or personnel is the head of agency or the governing body/audit
committee, and is also the officer, substantial stockbroker of a private corporation,
or owner of, or has a substantial interest in a business, and the interest in such
corporation or business, or his rights or duties therein, may be opposed to, or
affected by the faithful performance of official duty.
IMPAIRMENT TO INDEPENDENCE OR OBJECTIVITY
Impairment to organizational independence and individual objectivity may

include, but is not limited to:
- Personal Conflict of Interest
- Scope Limitations
- Restriction on Access to records, Personnel and Properties
- Resource Limitations such as funding
● If independence or objectivity is impaired in fact or appearance, the details of

the impairment must be disclosed to appropriate parties. The nature of the
disclosure will depend upon the impairment.
● Internal auditors must refrain from assessing specific operations for which they
were previously responsible. Objectivity is presumed to be impaired if an
internal auditor provides assurance services for an activity, for which the
internal auditor had previous responsibility within the previous year.
● Assurance engagements for functions over which the head of internal audit has
responsibility must be overseen by a party outside the internal audit service
(IAS).
● IAS may provide assurance services where it had previously performed advisory
services, provided the nature of the advisory did not impair objectivity, and provided
individual objectivity is managed when assigning resources to the engagement.
● Internal auditors may provide advisory services relating to operations for which they had
previous responsibilities.
● If internal auditors have potential impairments to independence or objectivity relating to

proposed advisory services, disclosure must be made to the engagement auditee prior to
accepting the engagement.
Proficiency and Due Professional Care
Engagements must be performed with proficiency and due

professional care.
A responsibility of the Head of Internal Audit and each Internal Auditor. The head of internal
audit ensures that persons assigned to each engagement collectively possess the necessary
knowledge, skills, and other competencies to conduct the engagement appropriately.
Engagement - A specific internal audit assignment, task, or review activity, such as an internal
audit, control self-assessment review, fraud examination, or advisory.
Proficiency
Internal auditors and IAS as a whole, must possess the knowledge,

skills, and other competencies needed to perform their
responsibilities.
Proficiency - knowledge, skills, and other competencies required of internal
auditors to effectively carry out their professional responsibilities. It
encompasses consideration of current activities, trends and emerging
issues to enable relevant advice and recommendations. Knowledgeable in
Accounting, IT, Economics, Taxation, Finance, Fraud, Commercial law, etc.
Due Professional Care
Internal auditors must apply the care and skill expected of a

reasonably prudent and competent internal auditor. Due professional
care does not imply infallibility.
● Includes: conformity with the Code of Ethics, Code of Conduct, and

RA No. 6713 “Code of Conduct and Ethical Standards for Public
Officials and Employees.”
Due Professional Care
● Obtaining appropriate education, experience, certifications, and

training helps internal auditors develop the level of skill and
expertise required to perform their duties with due professional
care
Continuing Professional Development
Internal auditors must enhance their knowledge, skills, and other

competencies through continuing professional development.
Includes participating in conferences, seminars, training programs, online courses

and webinars, self-study programs, or classroom courses; conducting research
projects; volunteering with professional organizations; and pursuing professional
certifications. In areas related to a certain industry or specialization (e.g., data
analytics, financial services, information technology, taxation law, or systems design)
Quality Assurance and Improvement
The head of internal audit must develop and maintain a Quality

Assurance and Improvement Program (QAIP) that covers all
aspects of the internal audit service (IAS)
QAIP is designed to enable an evaluation of the IAS’s conformance with the IASPPS and
whether internal auditors apply the Code of Ethics. It assesses the efficiency and
effectiveness of the IAS and identifies opportunities for improvement. The head of internal
audit should encourage oversight by the head of agency or the governing body/audit
committee on the quality assurance and improvement program.
5 ESSENTIAL COMPONENTS OF QAIP
1. Internal Assessments
2. External Assessments
3. Communication of QAIP Results
4. Proper Use of a Conformance Statement
5. Disclosure of Nonconformance
REQUIREMENTS OF THE QAIP
The quality assurance and improvement program (QAIP) must

include both internal and external assessments.
INTERNAL ASSESSMENT
Internal assessments must include:

● Ongoing monitoring of the performance of the internal audit service (IAS)
○ routine policies and practices used to manage the IAS
● Periodic self-assessments or assessments by other personnel within the agency with sufficient knowledge
of internal audit practices.
○ conducted to evaluate conformance with the Code of Ethics and the IASPPS
Sufficient knowledge of internal audit practices requires at least an understanding of all

elements of the Philippine Internal Auditing Framework for the Public Sector and existing
laws, rules, and regulations.
EXTERNAL ASSESSMENTS
External assessments must be conducted at least once every five years by a

qualified, independent assessor or assessment team from outside the agency,
subject to existing laws, rules, and regulations. The head of internal audit must
discuss with the head of agency or the governing body/audit committee the
following:
● The form and frequency of external assessment; and
● The qualifications and independence of the external assessor or assessment team,
including any potential conflict of interest.
Standard 1321
Use of “Conforms with the IASPPS”
Indicating that the internal audit service (IAS) conforms with the
IASPPS is appropriate only if supported by the results of the quality
assurance and improvement program.
The IAS conforms with the Code of Ethics and IASPPS when it achieves the outcomes described therein.
QAIP = results of internal + external assessments.
All IAS = QAIP
IAS in existence for at least (5) years = results of external assessments.
Standard 1322
Disclosure of Nonconformance
Nonconformance with the Code of Ethics or the IASPPS impacts the

overall scope or operation of the IAS, the head of internal audit must
disclose the nonconformance and the impact to senior management,
and head of agency or the governing body/audit committee.
● Disclosures - discussion (meeting, private sessions, one-on-one, or other appropriate

methods) with senior management and communication to the head of agency or the
governing body/audit committee
Common Examples of Nonconformance
1. An internal auditor was assigned to an audit engagement, but did not

meet individual objectivity requirements (see Standard 1120)
2. An IAS undertook an engagement without having the collective
knowledge, skills, and experience needed to perform its
responsibilities (see Standard 1210), and
3. The head of internal audit failed to consider risk when preparing the
internal audit plan (see Standard 2010).
Standard 2000
Managing the Internal Audit Service
The head of internal audit must effectively manage the internal

audit service (IAS) to ensure it adds value to the agency.
The IAS is effectively managed when it meets the following requisites:

1. It achieves the purpose, authority, and responsibility included in the internal
audit charter.
2. It conforms with IASPPS
3. Its individual members conform with the Code of Ethics and the IASPPS
4. It considers trends and emerging issues that could impact the agency
Standard 2000
Managing the Internal Audit Service
The IAS adds value to the agency and its stakeholders when it
considers strategies, objectives, and risks; strives to offer ways to
enhance governance, risk management, and control processes; and
objectively provides relevant assurance.
Adds Value - when it provides/contributes or intend to improve to the
abovesaid factors, except management responsibility
Standard 2010
Planning
The head of internal audit must establish a risk-based plan to determine the
priorities of the internal audit service (IAS) consistent with the agency’s
goals.
● How?
1. Seeks advice from the senior management, and the head of agency or the governing
body/audit committee;
2. Obtains an understanding of the agency’s strategies, key operation objectives, associated
risks, and risk management processes
3. Review and adjust the plan, as necessary, in response to changes in the agency’s risks,
operations, programs, systems, and controls.
Factors to consider in developing the internal audit plan
1. Inherent risks - absence of any actions management may take to alter

the risks likelihood or impact (ex. Complex and non-routine
financial transactions)
2. Residual risks. - remaining risk after taking actions to reduce impact
3. Mitigating controls, contingency plans, and monitoring activities
4. Risk registers - repository of all risks identified (document)
5. Documentation - written records (work papers/working papers)
Standard 2020
Communication and Approval of IAS Plans
The head of internal audit must communicate the Internal Audit

Service’s plans and resource requirements, including significant
interim changes, to the senior management for
enhancements/additional inputs; and to the head of agency or the
governing body/audit committee for review and approval. The head of
internal audit must also communicate the impact of resource
limitations.
Standard 2030
Resource Management
The head of internal audit must ensure that internal audit resources are
appropriate, sufficient, and effectively deployed to achieve the approved
plan.
● Appropriate - mix of knowledge, skills, and other competencies needed to perform the plan.
● Sufficient - quantity of resources needed to accomplish the plan.
● Effectively deployed when resources are used in a way that optimizes the achievement of
the approved plan.
Standard 2040
Policies and Procedures
The head of internal audit must establish policies and procedures to

guide the internal audit service (IAS)
● The form and content of policies and procedures are dependent upon the size and
structure of the IAS and the complexity of its work.
Standard 2040
Policies and Procedures
Topics generally included in the Internal Audit Manual:

1. Internal audit policies ( The overall purpose and responsibilities of the IAS, Adherence
to the IASPPS, Independence and objectivity, Ethics, Protecting confidential information; and Record
retention)
2. Internal audit procedures (Preparing a risk-based audit plan, Planning an audit and
preparing the engagement work program, Performing audit engagements, Documenting audit
engagements, Communicating results/reporting; and Monitoring and follow-up processes, Quality
assurance and improvement program)
3. Administrative matters (Training and certification opportunities, Continuing
education requirements; and Performance evaluations)
Standard 2050
Coordination and Reliance
The head of internal audit should share information, coordinate

activities, and consider relying upon the work of other internal and
external service providers to ensure proper coverage and minimize
duplication of efforts.
Elements:
● Coordination and Reliance between Internal and External Auditors
● Relying on the works of others
Standard 2060
Reporting to the Head of Agency or the Governing Body/Audit Committee
The head of internal audit must report periodically to the head of

agency or the governing body/audit committee on the IAS purpose,
authority, responsibility, and performance relative to its plan and on
its conformance with the Code of Ethics and the IASPPS. Report
includes significant risk and control issues, including fraud risks,
governance issues, and other matters that require their attention.
Why? To provide assurance to the above re governance processes, risk
management, and control.
Standard 2100
Nature of Work
The internal audit service (IAS) must evaluate and contribute to the
improvement of the agency’s governance, risk management, and
control processes using a systematic, disciplined, and risk-based
approach. Internal audit credibility and value are enhanced when
auditors are proactive and their evaluations offer new insights and
consider future impact.
Standard 2110
Governance
The combination of processes and structures implemented by the head of

agency or the governing body/audit committee to inform, direct,
manage, and monitor the activities of the agency toward the achievement
of its objectives.
Role of Internal Auditing - responsibility to evaluate and improve governance processes as

part of the assurance function. Internal auditors are integral to the agency’s governance
framework.
Standard 2120
Risk Management
The internal audit service (IAS) must evaluate the effectiveness and
contribute to the improvement of risk management processes.
Risk - possibility of an event occurring to have impact on the
achievement of the objective.
● Key responsibility of the senior management, HOA, Audit committee
● Determining whether risk management processes are effective is a judgment resulting
from the internal auditor’s assessment
● Risk management processes are monitored through ongoing management activities,
separate evaluations, or both.
Standard 2130
Control
The internal audit service (IAS) must assist the agency in maintaining
effective controls by evaluating their effectiveness and efficiency, and
by promoting continuous improvement.
Control - any action taken by (M, HOA, GB/AC + other parties) to manage (mitigate) risk and
increase likelihood of the achievement of goals/objectives
Main Goal - to prevent losses to the agency arising from the different hazards in government
operations
Standard 2200
Engagement Planning
Internal auditors must develop and document an engagement plan and work
program for each engagement, including the engagement's objectives, scope,
timing, and resource allocations. The plan must consider agency’s strategies,
objectives, and risks relevant to the engagement.
Engagement - a specific internal audit assignment, task, or review activity (ex. internal audit,
control self-assessment review, fraud examination, or advisory)
Planning Memo - important document to communicate engagement objectives, scope,

and other important background information to audit team members
Standard 2201
Planning and Considerations
Considerations:
1. Strategies and objectives of the activity being reviewed, and the means by which
the activity controls its performance
2. Significant risks to the activity’s objectives, resources, and operations; and the
means by which the potential impact of risk is kept to an acceptable level
3. Adequacy and effectiveness of the activity’s governance, risk management, and
control processes compared to a relevant framework or model;
4. Opportunities for making significant improvements to the activity’s governance,
risk management, and control processes.
Standard 2210
Engagement Objectives
Objectives must be established for each engagement.

Engagement Objectives - broad statements developed by internal auditors that
define intended engagement accomplishments.
Criteria:
1. Internal (e.g., policies and procedures of the agency)
2. External (e.g., laws and regulations imposed by statutory bodies)
3. Leading practices (e.g., industry and professional guidance).
Standard 2220
Engagement Scope
The established scope must be sufficient to achieve the objectives of the

engagement.
- Generally cannot cover everything. Determines what should and should not be included.
Factors:
1. Boundaries of the area or process (extent/range to achieve objectives)
2. In-scope versus out-of-scope locations (established parameters)
3. Sub-processes
4. Components of the area or process, and
5. Time frame (ex. Fiscal quarter, calendar year)
Note: Scope limitations must be reported in the final engagement communications
STANDARD 2230
ENGAGEMENT ALLOCATION RESOURCE
Internal auditors must determine appropriate and sufficient resources

to achieve engagement objectives, based on an evaluation of the
nature and complexity of each engagement, time constraints, and
available resources.
- Appropriate refers to the mix of knowledge, skills, and other competencies needed to perform the engagement.
Sufficient refers to the quantity of resources needed to accomplish the engagement with due professional care.
STANDARD 2240
ENGAGEMENT PLAN AND WORK PROGRAM
Internal auditors must develop and document work programs that achieve the
engagement objectives.
- Work programs must include the procedures for identifying, analyzing,
evaluating, and documenting information during the engagement. The work
program must be approved prior to its implementation, and any adjustments
approved promptly.
-Work programs for advisory engagements may vary in form and content
depending upon the nature of the engagement.
STANDARD 2300
PERFORMING THE ENGAGEMENT
Internal auditors must identify, analyze, evaluate, and document

sufficient information to achieve the engagement’s objectives.
- IA need to consider concerns relating to the protection of personal information gathered during audit
engagements, as advances in information technology and communications continue to present privacy risks
and threats
STANDARD 2310
IDENTIFYING THE INFORMATION
Internal auditors must identify sufficient, reliable, relevant, and useful

information to achieve the engagement’s objectives.
- Sufficient information is factual, adequate, and convincing so that a prudent,
informed person would reach the same conclusions as the auditor. Reliable
information is the best attainable information through the use of appropriate
engagement techniques. Relevant information supports engagement
observations and recommendations, and is consistent with the objectives for
the engagement. Useful information helps the agency meet its goals.
STANDARD 2320
ANALYSIS AND EVALUATION

Internal auditors must base conclusions and engagement results on
appropriate analyses and evaluations.
Examples of manual audit procedures:
● Vouching - test the validity of documented or recorded information by following it backward to a tangible resource
or a previously prepared record
● Tracing - test the completeness of documented or recorded information by tracking information forward from a
document, record, or tangible resource to a subsequently prepared document
● Reperformance - test the accuracy of a control by reperforming the tasks, which may provide direct evidence of the
control’s operating effectiveness
● Independent confirmation - solicit and obtain written verification of the accuracy of information from an
independent third party
STANDARD 2330
DOCUMENTING INFORMATION
Internal auditors must document sufficient, reliable, relevant, and useful information to support the engagement results
and conclusions.
The head of internal audit must
- control access to engagement records. The head of internal audit must obtain the approval of
senior management, legal counsel, or head of agency prior to releasing such records to
external parties, as appropriate
- develop retention requirements for engagement records, regardless of the medium in which
each record is stored. These retention requirements must be consistent with the agency’s
guidelines and any pertinent regulatory or other requirements
- develop policies governing the custody and retention of advisory engagement records, as
well as their release to internal and external parties. These policies must be consistent with
the agency’s guidelines and any pertinent regulatory or other requirements.
STANDARD 2340
ENGAGEMENT SUPERVISION
Engagements must be properly supervised to ensure objectives are achieved,

quality is assured, and staff is developed.
- The extent of supervision required will depend on the proficiency and experience of
internal auditors and the complexity of the engagement. The head of internal audit has
overall responsibility for supervising the engagement, whether performed by or for the
internal audit service (IAS), but may designate appropriately experienced members of the
IAS to perform the review. Appropriate evidence of supervision is documented and
retained.
STANDARD 2400
COMMUNICATING RESULTS
Internal auditors must communicate the results of engagements.
- the head of internal audit also should understand the expectations of the head of agency or the
governing body/audit committee, regarding communication related to engagement results.
- the workpapers will indicate which results will be communicated verbally, and which will be
communicated in writing.
- the internal auditor is encouraged to consult legal counsel in matters involving legal issues.
STANDARD 2410
CRITERIA FOR COMMUNICATING
Communications must include the engagement’s objectives, scope, and results.

- Final communication of engagement results must include applicable conclusions, as well as applicable
recommendations and/or action plans. Where appropriate, the internal auditors’ conclusion should be provided. A
conclusion must take into account the expectations of senior management, the head of agency or the governing
body/audit committee, and other stakeholders, and must be supported by sufficient, reliable, relevant, and useful
information.
- Internal auditors are encouraged to acknowledge satisfactory performance in engagement communications.
- When releasing engagement results to parties outside the agency, the communication must include limitations on
distribution and use of the results.
- Communication of the progress and results of advisory engagements will vary in form and content depending upon
the nature of the engagement, and the needs of the auditee.
Conclusions at the engagement level may be ratings or other descriptions
of the results. Such an engagement may be in relation to controls around a
specific process, risk, or unit of the agency. The formulation of such
conclusions requires consideration of the engagement results and their
significance.
STANDARD 2420
QUALITY OF COMMUNICATIONS
Communications must be accurate, objective, clear, concise,
constructive, complete, and timely .
- Accurate communications are free from errors and distortions, and are faithful to the underlying
facts. Objective communications are fair, impartial, and unbiased and are the result of a fair-minded
and balanced assessment of all relevant facts and circumstances. Clear communications are easily
understood and logical, avoiding unnecessary technical language and providing all significant and
relevant information. Concise communications are to the point and avoid unnecessary elaboration,
superfluous detail, redundancy, and wordiness.
- Constructive communications are helpful to the auditee and the agency, and lead to improvements,
where needed. Complete communications lack nothing that is essential to the target audience, and
include all significant and relevant information and observations to support recommendations and
conclusions. Timely communications are opportune and expedient, depending on the significance
of the issue, allowing management to take appropriate corrective action.
STANDARD 2421
ERRORS AND OMISSIONS
If a final communication contains a significant error or omission, the

head of internal audit must communicate corrected information to all
parties who received the original communication.
STANDARD 2430
Use of “Conducted in Conformance with the Internal Auditing

Standards for the Philippine Public Sector
Indicating that engagements are "conducted in conformance with the Internal Auditing
Standards for the Philippine Public Sector (IASPPS)" is appropriate only if the results of
the quality assurance and improvement program support the statement.
- using this statement builds the IAS’s credibility. This Standard prohibits using the
statement unless the results of the IAS’s QAIP — including current internal and
external assessments — support a conclusion that the IAS generally conforms with
the IASPPS.
STANDARD 2431
ENGAGEMENT DISCLOSURE AND
NONCONFORMANCE
When nonconformance with the Code of Ethics or the Internal Audit Standards for the Philippine
Public Sector (IASPPS) impacts a specific engagement, communication of the results must
disclose the following:
- Principle(s) or rule(s) of conduct of the Code of Ethics or the IASPPS with which full
conformance was not achieved;
- Reason(s) for nonconformance; and
- Impact of nonconformance on the engagement and the communicated engagement results.
STANDARD 2440
DISSEMINATING RESULT
The head of internal audit must communicate results to the appropriate parties. He/She is responsible for
reviewing and approving the final engagement communication before issuance, and for deciding to
whom and how it will be disseminated. When the head of internal audit delegates these duties, he or she
retains overall responsibility.
- Results are given due considerations
- If not otherwise mandated by legal, statutory, or regulatory requirements, prior to releasing results to parties outside the
agency, the head of internal audit must ensure the following:
●Assess the potential risk to the agency;
●Consult with senior management and/or legal counsel as appropriate; and
●Control dissemination by restricting the use of the results.
- During advisory engagements, governance, risk management, and control issues may be identified. Whenever these
issues are significant to the agency, they must be communicated to senior management, and the head of agency or the
governing body/ audit committee.
Disseminating Result
Communications Outside the Agency

- The internal audit charter, laws, regulations, agency policies, or the engagement
agreement may contain guidance related to reporting information outside the agency. If
such guidance does not exist, the head of internal audit may facilitate adoption of
appropriate policies.
- In certain situations, it may be possible to create a special-purpose report based on an
existing report or information to make the report suitable for dissemination outside
the agency
STANDARD 2450
OVERALL OPINION
When an overall opinion is issued, it must take into account the strategies, objectives, and risks of the
agency; and the expectations of senior management, the head of agency or the governing body/ audit
committee, and other stakeholders. The overall opinion must be supported by sufficient, reliable, relevant,
and useful information.
The communication will include the following:
i. The scope, including the time period to which the opinion pertains;
ii. The scope limitations;
iii. Consideration of all related projects, including the reliance on other assurance providers;
iv. A summary of the information that supports the opinion;
v. The risk or control framework, or other criteria used as bases for the overall opinion; and
vi. The overall opinion, judgment, or conclusion reached.
The reasons for an unfavorable overall opinion must be stated.
STANDARD 2500
MONITORING PROGRESS
The head of internal audit must establish and maintain a system to monitor the disposition
of results communicated to management.
- The head of internal audit must establish a follow-up process to monitor and ensure that
management’s actions have been effectively implemented or that senior management, and
the head of agency or the governing body/audit committee has accepted the risk of not
taking action.
- The internal audit service must monitor the disposition of results of advisory
engagements to the extent agreed upon with the auditee.
STANDARD 2600
COMMUNICATING THE ACCEPTANCE OF RISK
When the head of internal audit concludes that management has accepted a level of risk that
may be unacceptable to the agency, the head of internal audit must discuss the matter with
senior management. If the head of internal audit determines that the matter has not been
resolved, the head of internal audit must communicate the matter to the head of agency or the
governing body/audit committee.
- The identification of risk accepted by management may be observed through an assurance or

advisory engagement, monitoring progress on actions taken by management as a result of prior
engagements, or other means. It is not the responsibility of the head of internal audit to resolve
the risk.
Internal Control Standards for
the Philippine Public Sector
(ICSPPS)
Internal Control Standards for the Philippine Public Sector (ICSPPS)
(
COMPOSITION OF ICSPPS
Part 1 – Philippine Internal Control Framework for the Public Sector

Part 2 – Fundamentals of Internal Control
Part 3 – Internal Control Objectives
Part 4 – Internal Control Components
Part 5 – Levels of Agency Structure
Provides the fundamentals on internal control
Guides government agencies in developing and maintaining a

comprehensive internal control system
PURPOSE OF THE INTERNAL CONTROL FRAMEWORK Internal Control

is to identify the requirements for establishing an effective internal Standards for the
control system for government agencies, with the requisite general Philippine Public
objectives, internal control components, and levels of agency Sector (ICSPPS)
structure where internal control operates.
RELATIONSHIP AMONG THE GENERAL OBJECTIVES, INTERNAL CONTROL COMPONENTS AND LEVELS OF AGENCY STRUCTURES
(ICSPPS)
Part II – Fundamentals of Internal Control
INTERNAL CONTROL
– is an integral process
that is effected by an
agency’s management
and personnel and is
designed to address
risks and to provide
reasonable assurance
that in pursuit of the
agency’s mission, the
general objectives are
being achieved.
Per Section 123, Presidential Decree No. 1445
(Government Auditing Code of the Philippines),
11 June 1978, as amended.
Internal control
“is the plan of organization and all the coordinated methods
and measures adopted within an organization or agency to
safeguard its assets, check the accuracy and reliability of its
accounting data, and encourage adherence to prescribed
managerial policies.”
B. Importance of Internal Control
Profitability or sustainability
Observance of management policies
Safeguarding of assets or resources
Prevention and detection of fraud and error
Accuracy and completeness of accounting records
Timely preparation of reliable financial information
Protection of staff members and other stakeholders against
disinformation
C. Limitations of Internal Control Effectiveness
Internal control cannot by itself ensure the achievement of the general

objectives.
Limitations may result from the following:

a. human judgment in decision making can be faulty;
b. breakdowns can occur because of simple errors or mistakes;
c. controls can be circumvented by collusion of two or more people;
d. management can override the internal control system.
ICSPPS
Internal Control
Standards for the
Philippine Public
Sector (ICSPPS)
ICSPPS
Internal Control
Standards for the
Philippine Public
Sector (ICSPPS)
ICSPPS
Internal Control
Standards for the
Philippine Public
Sector (ICSPPS)
Control activities are the policies and procedures established to address risks and
to achieve the agency’s objectives. These are essential for proper stewardship
and accountability of government resources.
ICSPPS
Principles of the control activities component
Management designs control activities
Consistently Comprehensive,
functioning according reasonable, and
Appropriate Cost-effective
to plan throughout the directly related to the
period control objective
Internal Control
Management develops control activities which include a range of diverse Standards for the
policies and procedures. Philippine Public
Sector (ICSPPS)
1 Top level reviews of
actual performance 5 Verifications
9 Supervision
2 Authorization and
Approval procedures 6 Reconciliations 10
Management and
human capital
3 Segregation of Duties
7 Reviews of operating
performance 11 Physical controls over
vulnerable assets
4 Control over access to

resources and records 8 Reviews of operations,
processes and activities 12 Documentation
ICSPPS
Control activities
3 Basic types of controls can be designed and executed
In the following manner:
Vestibulum
Preventive
Controls
congue
Internal Control
Automated Manual
Standards for the
Control Control
Philippine Public
Activities Activities
Sector (ICSPPS)
ngtru m
VDe ongtruo
e
Cco iebcutliuv
estei
oels
Cc
bcut els
srtr
ilvuem
VCeo
ICSPPS
Management develops effective information Technology control activities
Management designs
Management designs an
appropriate type of control
effective information
activities to help ensure
system and use of
information technology
complete and accurate Internal Control
information processing Standards for the
Philippine Public
Sector (ICSPPS)
Three Phases of a processing cycle
Input Processing Output

ICSPPS
Internal Control
Information and communication is essential to the realization of all the internal Standards for the
control objectives. This can be achieved by developing and maintaining reliable Philippine Public
and relevant financial and non-financial information and communicating this Sector (ICSPPS)
information by means of a fair disclosure in timely reports.
ICSPPS
Management develops and maintains reliable and relevant financial and non-
financial informations.
Information should be
An array of pertinent,
captured and
reliable, and relevant
communicated in a
information should be Internal Control
form/content and
identified. Standards for the
timeframe
Philippine Public
Sector (ICSPPS)
Transactions and Information systems
events must be deal not only with
promptly recorded, quantitative and
properly classified, qualitative forms of
and fully and clearly internally generated
documented. data.
ICSPPS
Management communicates information throughout the agency.
01 Information can be communicated in a

verbal, written, and/or electronic form.
02 Communication occurs in all directions

Internal Control
Standards for the
Management communicates information with external parties. Philippine Public
Sector (ICSPPS)
Management provides Management Agency’s method of
adequate means of establishes separate communication
communicating with, reporting line considers the
and obtaining audience to be
information from reached.
external parties.
ICSPPS
Internal Control
Monitoring refers to the process that assesses the quantity of the internal control Standards for the
system’s performance over time. Philippine Public
Sector (ICSPPS)
ICSPPS
Management establishes and operates activities to monitor the internal control

system, and evaluates the results.
1. Management establishes a 2. Management considers ongoing

baseline to monitor the monitoring activities, separate
internal ‘control system evaluations, or a combination of both Internal Control
in the conduct of assessment. Standards for the
Management takes appropriates action on the findings and recommendations of audit Philippine Public
and other reviews. Sector (ICSPPS)
Deficiencies noted during ongoing monitoring or through

separate evaluations are communicated.
The findings and recommendations of audits and

other reviews are adequately and promptly resolved.
ICSPPS
Levels of Agency Structure
1 Government Agency
Division/Office 2
Internal Control
3 Operating Unit Standards for the
Philippine Public
Function 4
Sector (ICSPPS)
Philippine Government
Internal Audit Manual
Philippine Government Internal Audit Manual
dssddfs
CONCEPTS AND PRINCIPLES OF INTERNAL AUDIT
What is Internal Audit?

● evaluation of management controls and operations
performance, and the determination of the degree of
compliance of internal controls with laws, regulations,
managerial policies, accountability measures, ethical
standards and contractual obligations. Chapter 1
● involves the appraisal of the plan of organization and
all the coordinated methods and measures, in order to
recommend courses of action on matters relating to
operations audit and management control
dssddfs
Legal Bases
● The creation of the IAS was first mandated under RA No. 3456
(Internal Auditing Act of 1962), as amended by RA No. 4177, s. 1965.
● With the reorganization of the Executive Branch of government under
Presidential Decree (PD) No. 1, s. 1972, the IAS was effectively
abolished.
● Thereafter, the Administrative Code of 1987, as amended, mandated
the creation of the present IAS and provided the corresponding
internal audit functions, making the same as an integral part in the Chapter 1
organizational structure of the Department of Public Works and
Highways (DPWH).
● It was subsequently adopted and applied across other departments,
agencies, government-owned or -controlled corporations (GOCCs)
and local government units (LGUs) through various executive
issuances.
dssddfs
Scope of Internal Audit
● integral part of the internal control system of public

service organizations.
● encompasses the evaluation of the degree of compliance
of supervision or control with laws, rules and regulations
governing the operations of the agency, the appraisal of
the adequacy of internal controls and the evaluation of Chapter 1
the results of operations, focusing on the effectiveness of
controls of operating and support services units/systems
in the attainment of agency objectives.
dssddfs
Organizing the Internal Audit
Chapter 1
dssddfs
Types of Internal Audit
● Management audit
● separate evaluation of the effectiveness of internal controls
adopted in the operating and support services units/systems to
determine whether or not they achieve the control objectives
over a period of time or as of a specific date
● includes the determination of the degree of compliance of
control or supervision with laws, regulations, managerial Chapter 1
policies, accountability measures, ethical standards and
contractual obligations covering specific timeframes
● review and appraisal of the systems and processes,
organizational and staffing structures, operations and
management practices, records, reports and performance
standards of the agencies/units covered
dssddfs
Management Audit Flow Diagram
Chapter 1
dssddfs
Types of Internal Audit
● Operations audit
● separate evaluation of the outcome, output,
process and input to determine whether
government operations, programs and projects are
effective, efficient, ethical and economical (4Es)
● includes the determination of the degree of Chapter 1
compliance of supervision or controls with laws,

regulations, managerial policies, accountability
measures and contractual obligations.
dssddfs
Operations Audit Flow Diagram
Chapter 1
dssddfs
Principles of Internal Auditing
● Objectivity and Impartiality, and Avoidance of Conflict

of Interest
● Objectivity means an unbiased mental attitude and
professionalism that allows an internal auditor to
perform engagements with no quality compromises
● Impartiality, on the other hand, means that the internal Chapter 1
auditor is free from bias and conflict of interest.
dssddfs
● Professional Competence
● The internal auditor must maintain high standards of
competence and professional integrity commensurate
with his/her responsibilities and mandated functions.
Chapter 1
dssddfs
● Authority and Confidentiality

● the head of agency should authorize internal auditors to
have full, free and unrestricted access to all functions,
premises, assets, personnel, records, and other documents
and information that the IAS/IAU head considers necessary
in undertaking internal audit activities.
● All records, documentation and information accessed in the Chapter 1
course of undertaking internal audit activities are to be used
solely for the conduct of these activities. The internal auditor
should respect the confidentiality of information acquired in
the course of performing the audit activities
dssddfs
● Evidence-based Approach
● Internal auditors should be able to gather sufficient
evidential matters in support of their findings and
recommendations
● Code of Conduct and Ethics Chapter 1

● As public servants, internal auditors are bound by the
Code of Conduct and Ethical Standards for Public
Officials and Employees in the performance of their
functions.
dssddfs
● Hierarchy of Applicable Internal Auditing Standards and

Practice
● The Philippine Constitution;
● Laws, rules, and regulations on public governance and
accountability, and applicable jurisprudence;
● Government policies, standards, guidelines, and regulatory
issuances; Chapter 1
● Standards and other issuances of intergovernmental
organizations
● Relevant or applicable standards and best practices in
governance, accountability, and operations, both local and
international
dssddfs
● IAS/IAU Functions as Distinguished from the

Operations and Processes of Other Units
● Pursuant to the Administrative Code of 1987, as
amended, the IAS/IAU is responsible for the conduct
of a comprehensive audit of various activities of the
agency. It shall cover audit areas in all units of the Chapter 1
agency, including agencies under its supervision and
control and administrative supervision
dssddfs
● Internal Audit as Distinguished from Internal Quality Audit

● Internal audit should be distinguished from internal quality audit,
which is part of the implementation of a QMS, which is a
management system.
Chapter 1
dssddfs
INTERNAL CONTROL SYSTEM AND INSTITUTIONAL ARRANGEMENTS
What is Internal Control?

● is the plan of organization and all the coordinated methods and
measures adopted within an organization or agency to
safeguard its assets, check the accuracy and reliability of its
accounting data, and encourage adherence to prescribed
managerial policies.
● The most basic competence that an internal auditor must Chapter II
possess is the knowledge of internal controls.
dssddfs
Internal Control Framework
Chapter II
dssddfs
Roles and Responsibilities on Internal Control
● DS/HoA or GB/AuditCom – has the direct responsibility to install,

implement and monitor a sound system of internal control.118
● ExeCom/ManCom/Top management – ensures proper check
and balance in the monitoring of internal controls over delivery
units, instills control consciousness in the agency, and utilizes
internal controls to regulate and guide agency operations.
● Delivery units (e.g., bureaus, services, and other offices, Chapter II
including regional and field offices) – conduct performance and
compliance review and improvement of operations and
processes.
dssddfs
Roles and Responsibilities on Internal Control
● Management division/unit, or its equivalent unit – reviews and

monitors whether internal controls are applied at all levels within
and across the agency and sector, and recommends measures
for management improvement of systems and processes.
● IAS/IAU – appraises the internal control system to determine
whether controls are well designed and properly implemented,
and determines the adequacy of internal controls or whether it is Chapter II
achieving the objectives.
dssddfs
Administrative Relationships
● Supervision and Control

● relationship between a department and the bureaus under it.
This includes the authority to act directly whenever a specific
function is entrusted by law or regulation to a subordinate; direct
the performance of duty; restrain the commission of acts; review,
approve, reverse or modify acts and decisions of subordinate
officials or units; determine priorities in the execution of plans Chapter II
and programs; and prescribe standards, guidelines, plans and
programs
dssddfs
● Administrative Supervision
● relationship of a department with regulatory agencies under it.
This is limited to the authority of a department or its equivalent to
generally oversee the operations of such agencies and ensure
that they are managed effectively, efficiently, ethically, and
economically without interference in day-to-day activities.
Chapter II
dssddfs
● Attachment
● relationship of a department with a corporation and other
agencies as may be provided by law. This refers to the lateral
relationship between a department or its equivalent and the
attached agency for purposes of policy and program
coordination
Chapter II
dssddfs
Organizing the Internal Audit
Establishment of the IAS/IAU

Executive Branch is authorized to establish its own IAS to cover audit
areas in the office of the DS, bureaus, offices, agencies, including
regional/field offices, regulatory agencies and other agencies either under
the supervision and control or under the administrative supervision of a
department, consistent with the provisions of the Administrative Code of
1987, as amended, on administrative relationships. Chapter III
In the case of regular agencies attached to a department for policy and

program coordination, their respective HoA or GBs shall determine the
propriety of establishing a separate IAU or availing of the
services of the IAS of their parent department.
Purpose, Authority
Purpose, Authority and
and Functions of the Fu1. of
IAS/IAU
the IAS/IAU
In government, the authority to establish an IAS/IAU, including its purpose,
organization, programs, activities, and functions, should be pursuant to the
Administrative Code of 1987, as amended, this Manual and or other
applicable legal basis SUBTEXT
-
Purpose, Authority
Reporting Lines for the IAS/IAU and Fu1. of
the IAS/IAU
1.
2.
In departments, the IAS shall report directly to the DS.
In the case of a regular agency attached to a Department for policy and
program coordination, the IAU shall report to the HoA. For multi-
headed attached agencies (e.g., commission, council, or board), the IAU SUBTEXT
may report directly to the GB. The GB may opt to organize an -
AuditCom from among its members to which the IAU shall report
directly.
3. In the case of GOCCs/GFIs, the IAS/IAU shall report to the AuditCom
of the GB of the corporation.
4. For SUCs, the IAU shall report to the GB, which may also opt to
organize an AuditCom from among its members to which the IAU shall
report directly.
Purpose, Authority
Roles and Responsibilities on Internal and
Audit Fu1. of
the IAS/IAU
Pursuant to Section 124 of the Government Auditing Code of the Philippines,
the direct responsibility to install, implement and monitor a sound system of
internal control rests with the DS/HoA or the GB/AuditCom. However, the
DS/HoA/GB/AuditCom may task the IAS/IAU to undertake the appraisal of SUBTEXT
the internal control system within the department, agency or GOCC/GFI or -
SUC.
As the official primarily responsible for the installation,

implementation and monitoring of the internal control system, the
DS/HoA or DS/HoA or the GB/AuditCom provides the overall strategic direction
GB/AuditCom in the operationalization of the internal audit function in the
organization, from planning to performance
evaluation.
Purpose, Authority
Roles and Responsibilities on Internal and
Audit Fu1. of
the IAS/IAU As the assigned unit in the appraisal of the internal
control system within the organization, the IAS/IAU
IAS/IAU head is accountable to the DS/HoA or the
GB/AuditCom, as the case may be, for the efficient and
effective operation of the internal audit function. SUBTEXT
-
The auditees, which may refer to the different

bureaus/services/ offices/units in the agency,
Auditees play a cooperative role in the course of the
conduct by the IAS/IAU of internal audit.
Purpose, Authority and Fu1. of

IAS/IAU Relationships with Principals and Key
Stakeholders
the IAS/IAU
Principals DS/HoA/GB/AuditCom
External stakeholders
must always deal with
1. Internal stakeholders include those the principal and not
within the sector (e.g., CSC, Office of directly with the
the Ombudsman, and other review and
IAS/IAU.
Key oversight bodies)
Stakeholders 2. External stakeholders, on the other
hand, pertain to those outside the
sector.

Stakeholders
the IAS/IAU ❏ The IAS/IAU must report directly to the

DS/HoA.
❏ A superior-subordinate relationship exists
between the DS/HoA and the internal auditors.
IAS/IAU and the ❏ This relationship should be used as an SUBTEXT
1 DS/HoA
opportunity for internal audit to gain insights
into new and emerging issues and concerns -
facing the organization, and to discuss the role
that the DS/HoA requires the IAS/IAU to fulfil, in
line with the latter’s mandated function.

Stakeholders
the IAS/IAU ❏ The GB/AuditCom shall periodically

meet with the IAS/IAU head to discuss
reports of evaluation.
In GOCCs, GFIs, multi-
IAS/IAU and the ❏ Again, it is reiterated that the
2 GB/AuditCom relationship between the GB/AuditCom headed attached
and IAS/IAU is that of principal and agencies and SUCs, the
agent, respectively. IAS/IAU reports to the
GB/AuditCom on the
effectiveness of the
internal audit function

Stakeholders
the IAS/IAU ❏ To effectively fulfill its responsibilities, the

IAS/IAU needs to have a professional and
constructive relationship with the
IAS/IAU and ExeCom/ManCom/top management of the SUBTEXT
3 ExeCom/ManCom/
❏
organization in general.
-
Top Management The IAS/IAU members should interact on
a regular basis with the members of the
senior management team, and build a
relationship that is based on cooperation,
mutual respect and adherence to the
highest degree of professionalism.

Stakeholders
the IAS/IAU Internal control in the public sector must conform to

five (5) objectives:
IAS/IAU and 1. Safeguard assets;

4 the DBM
2.
3.
Check accuracy and reliability of accounting data;
Adhere to managerial policies;
The management
4. Comply with laws, rules and regulations; and aspects of the internal
5. Ensure economical, efficient and effective control system that is to
operations.
“encourage adherence to
prescribed managerial
➔ The objective to “encourage adherence to prescribed managerial policies” is performed policies” are established
by the DBM through “control of the National Budget” and “management of government by the Executive Branch
operations”.
➔ Pursuant to OP AO No. 119, as amended, the DBM is mandated to promulgate the
proper and appropriate rules, regulations and circulars for the strengthening of the
internal control systems, including internal audit as a key part thereof, in government.

Stakeholders
the IAS/IAU Internal control in the public sector must conform to

five (5) objectives:
IAS/IAU and 1. Safeguard assets;

5 the COA
2.
3.
Check accuracy and reliability of accounting data;
Adhere to managerial policies; SUBTEXT
4. Comply with laws, rules and regulations; and
5. Ensure economical, efficient and effective -
operations.
➔ The financial aspect of internal control system, “to safeguard its assets” and “check the
accuracy and reliability of its accounting data,” is carried out by the COA in keeping with its
constitutional mandate “to examine, audit, and settle all accounts pertaining to the revenue and
receipts of, and expenditures or uses of funds and property” and to “promulgate accounting and
auditing rules and regulations, including those for the prevention and disallowance of irregular,
unnecessary, excessive, extravagant, or unconscionable expenditures, or uses of government
funds and properties.”

Stakeholders
the IAS/IAU 1. The responsibility for setting

standards/policies/guidelines/programs pertaining to
HRM of the government is placed with CSC. The
CSC conducts audit of personnel actions of
IAS/IAU and
6 the CSC 2.
departments/agencies.
The audit function of the CSC is to “[i]nspect and The CSC is the
audit the personnel actions and programs of the
departments, agencies, bureaus, offices, LGUs and constitutional body
other instrumentalities of the government, including concerned with the
GOCCs.
promulgation of policies,
standards and
guidelines on personnel
administration.

IAS/IAU and Oversight, Regulatory and Other External Bodies
the IAS/IAU
➔ The IAS/IAU head can liaise on behalf of, and with authority
from, the DS/HoA or the GB/AuditCom, with other external
reviewers as part of the organization’s governance SUBTEXT
arrangements. It is critical that these activities are performed -
with authority from the DS/HoA or the GB/AuditCom.

IAS/IAU and Professional Bodies
the IAS/IAU
➔ It is important that the internal auditors are abreast with
professional and industry developments, and use networking
opportunities to assist in their continuing professional SUBTEXT
development. They must continually update themselves on new -
frontiers of internal auditing and respond to developments
affecting their profession, subject to applicable laws and
regulations.

the IAS/IAU
Organizational
Structure of
Figure 1 – Organizational Placement of the IAS in the OSEC the IAS/IAU
The IAS of a Department in the Executive Branch, which shall be a service-level entity, directly reports to the
DS. The organizational placement of the IAS in the Office of the Secretary (OSEC) and in the Department
proper is provided in Figure 1 and Figure 2, respectively.

the IAS/IAU
Organizational
Structure of
Figure 2 – Organizational Placement of the IAS in the Department Proper the IAS/IAU
In the case of regular agencies attached to a Department for policy and program coordination, their
respective board/council shall determine the propriety of establishing a separate unit for the purpose or avail
of the services of the IAS of the Department.

the IAS/IAU
Organizational
Structure of
Figure 3 – Organizational Placement of the Internal Audit
Department in the GOCC/GFI the IAS/IAU
GOCCs/GFIs which have original charters or those created through the Corporation Code shall likewise
establish their respective IAS/IAU, which shall be a department-level entity or its equivalent organizational
unit. The IAS/IAU shall report to the respective AuditCom of the GB of the corporation, as shown in Figure 3.

the IAS/IAU
Organizational
Structure of
Figure 4 – Organizational Placement of the IAU in the SUC
the IAS/IAU
For SUCs, its IAU, the level of which shall depend on its levelling per DBM-Commission on Higher Education
(CHED) Joint Circular (JC) No. 1, s. 2016 176 , shall report to the AuditCom of the GB of the SUC, as shown
in Figure 4.

the IAS/IAU
Organizational
Structure of
Figure 5 – Organizational Chart of an Internal Audit
Service/Department the IAS/IAU
The IAS/IAU in Departments and agencies concerned shall consist of two divisions – an Operations Audit
Division and a Management Audit Division as shown in Figure 5. The Divisions shall be headed by an Internal
Auditor V (SG 24).
Purpose, Authority
Head of the IAS/IAU
and Fu1. of
the IAS/IAU
The IAS/IAU head is responsible for ensuring that the internal audit function and engagement are delivered
efficiently and effectively toward the attainment of the IAS/IAU objectives. In doing so, the IAS/IAU head
should maintain utmost commitment to public interest and the highest degree of excellence, professionalism,
intelligence and skill.
Qualification
Standards for the
IAS/IAU Head
Purpose, Authority
Head of the IAS/IAU
and Fu1. of
the IAS/IAU
The IAS/IAU head is responsible for the following:
a. Ensuring the efficient and effective operation of the internal audit function;
b. Developing strong professional relationships with the DS/HoA or
GB/AuditCom and key stakeholders;
c. Leading the development of the internal audit strategic plan and annual
work plan that outlines the objectives, priorities and proposed internal audit Responsibilities
plan; and
d. Liaising with other policy and regulatory bodies in developing internal
audit plans for the review and approval by the DS/HoA or GB/AuditCom.

Head of the IAS/IAU
the IAS/IAU
To operate effectively, the IAS/IAU head requires a broad range of skills and
specific personal qualities which are critical to the credibility and acceptance
of the internal audit function that he/she leads. These include intellectual,
interpersonal, communication, and information technology skills. Other skills
and qualities that could be expected of the IAS/IAU head include the
following:
a. Clear understanding of the internal audit’s contribution to effective
governance;
b. Ability to develop plans and programs that contribute to the achievement Skills
of mandated objectives;
c. Strong management acumen and the ability to anticipate and assess
management control;
d. Ability to build a strong network and credibility with the DS/HoA or
GB/AuditCom and senior management; and
e. Consistent observance of ethical principles.
Purpose,
Staffing of theAuthority
IAS/IAU and Fu1. of
the IAS/IAU
➔ The rank and salary grades of the IAS/IAU staff are stipulated in
Section 4.1.3 of DBM BC No. 2004-4, and Annex A thereof.
➔ The general policies and related rules on qualification standards are
provided in Rule VIII of CSC Resolution No. 1800692, 2017 Omnibus
Rules on Appointments and Other Human Resource Actions (Revised
July 2018) dated 3 July 2018.
➔ In particular, CSC MC No. 12, s. 2006, “Qualification Standards for
IAS Positions” provides the minimum qualification standards to be
followed for the IAS/IAU positions, namely, Internal Auditor I-V (SG-11
to SG-24), and Internal Auditing Assistant (SG-8).
Purpose, Authority
Qualification Standards and
for the IAS/IAU Fu1. of
Staff
the IAS/IAU

Internal Audit Budget
the IAS/IAU
➔ To provide an effective internal audit function, it is important
that the budget is sufficient to implement the role expected of
the IAS/IAU and, in particular, responds to the priorities and
requirements of the approved strategic and annual work plan.
The DS/HoA or GB/AuditCom approves the internal audit
budget.
➔ If the approved budget is less than the proposed, the IAS/IAU
should review the audit plan and prioritize the activities that
can be undertaken for the year. Other activities may be
rescheduled in the succeeding years.
PERFORMANCE
MONITORING
AND EVALUATION
Chapter IV
Purpose, Authority
Performance Monitoring and Fu1. of
and Evaluation
the IAS/IAU
➔ Periodically assessing performance and addressing
opportunities for improvement can help maximize the
efficiency and effectiveness of the internal audit function.
Measuring performance is also the means whereby the internal
audit’s own performance is assessed and internal audit is held
accountable for the use of its resources.
➔ Since the DS/HoA or GB/AuditCom is responsible for
reviewing the performance of internal auditors, the
performance indicators must be mutually agreed upon between
the DS/HoA or GB/AuditCom and the IAS/IAU head.
Purpose, Authority
Internal Audit Performance and Fu1. of
Measurement
the IAS/IAU
Performance assessment has three (3) interrelated elements, to wit:
a. Performance measurement, which refers to the systematic
analysis of performance against targets taking account of the reasons
behind the performance and the influencing factors;
b. Rating, which refers to the judgment of progress - good or bad -
based on indicators; can also include rating another performance
dimension; and
c. Key performance indicators (KPIs), which are used to verify if
progress towards results has taken place.
Purpose, Authority
Internal Audit Performance and Fu1. of
Measurement
the IAS/IAU
➔ Management information systems and processes should be
established to record and report the required performance data
in a cost-effective way.
➔ Principal and key stakeholders’ surveys at the end of an audit
are useful and well-accepted ways of measuring the level of
satisfaction with internal audit services.
➔ It is expected that the views of the DS/HoA or GB/AuditCom
will be sought periodically, and at least once annually
Purpose, Authority
Internal Audit Annual Performance and
Report Fu1. of
the IAS/IAU
The report should contain:
a. Comments on the internal audit activities and any variance from
approved plans;
b. Progress in the implementation of the internal audit strategic and
annual work plan;
c. Highlights and challenges during the period;
d. Overall contribution of internal audit in managing the
organization’s internal control deficiencies; and
e. Issues that may require attention in relation to the internal audit
function.
A summary of the internal audit reports could be included in the

organization’s annual report.
STRATEGIC AND ANNUAL

WORK PLANNING
Part II
Practices
Chapter I

STRATEGIC AND ANNUAL WORK PLANNING
the IAS/IAU
Part II
Practices
Chapter I

STRATEGIC AND ANNUAL WORK PLANNING
Strategic Planning - is the process of identifying the key audit
the IStrategic
strategic Planning
direction of the IAS/IAU - is the
for a three-year period.
process of identifying the key

audit strategic direction of the Part II
IAS/IAU for a three-year period. Practices
AS/IAU Chapter I
1. Conduct of a Baseline Assessment of the

Internal Control System
the IStrategic Planning - is the

AS/IAU Chapter I
2. Consideration of the Control Risk of Key

Processes

AS/IAU Chapter I

3. Consideration of the Assessment of Risks

4. Assessment of the Internal Audit Risks

AS/IAU Chapter I

5. Formulation of the Strategic Plan

AS/IAU Chapter I

Development of Annual Work Plan
the IStrategic
Annual Work Plan Planning - is the
-Contains the prioritized audit areas from the Strategic Plan
process
and approved of identifying
by the he type and approachthe
of thekey
DS/HoA
or GB/AuditCom which will focus on a one-year period,
audit
audit, andstrategic direction
the timelines of the same. of the Part II
AS/IAU Chapter I

Development of Annual Work Plan

AS/IAU Chapter I
AUDIT PROCESS
Part II
Practices
Chapter II

Overview of the Audit Process

AS/IAU Chapter II
Purpose, Authority
Audit Engagement Planning and Fu1. of
AS/IAU Chapter II

Selection and Determination of the Audit Methodology

AS/IAU Chapter II
Purpose,
Audit SamplingAuthority and Fu1. of

• is a scientific method of selecting the transactions to be subjected
to audit.
process
• Audit sampling of identifying
involves the key
the following activities:
i. Establishing the objectives of the sampling;
audit strategic direction of the
ii. Selecting the extent and composition of the
population to be sampled;
Part II
iii. Selecting a sampling method;
IAS/IAU
iv. Determining for a size
the sample three-year
to be taken; period. Practices
v. Conducting the sampling activity; and
AS/IAU
vi. Compiling, evaluating, reporting and
documenting results.
Chapter II
Purpose,
Types of Sampling Authority and Fu1. of
the IStrategic to audit. Planning - is the
Sampling - a scientific method of selecting the transactions
to be subjected
process of identifying
Statistical Sampling -
involves determining the
the key
Non-statistical Sampling
- relies solely on the
auditor’s professional
audit strategic
sample size objectively,
selecting the samples direction
judgment, andof the the
auditor uses his or her Part II
from the population
IAS/IAU
randomly and for a three-year
evaluating the sample
own experience period.
and
knowledge to determine Practices
the sample size and the
AS/IAU
results mathematically
to draw conclusion
method for selecting the Chapter II
samples from the
about the population.
population.

Audit Execution

involves
performing the
audit techniques
and procedures
enumerated in the

audit engagement
plan to gather
data and pieces of Part II
IAS/IAU for a three-year period.
evidence to
achieve the stated Practices
audit objective/s.
AS/IAU Chapter II
Purpose,
Audit Reporting Authority and Fu1. of
the IStrategic
represents the
culmination of the Planning - is the
audit execution
process
and the
associated
of identifying the key
analysis and
considerations
Part II
made during the
IAS/IAU
audit. for a three-year period. Practices
AS/IAU Chapter II

Audit Follow-up

a monitoring and
feedback activity
undertaken to
ensure the extent
and adequacy of
preventive/correctiv
e actions taken by
the management to Part II
IAS/IAU for a three-year period.
address the
inadequacies
identified during
Practices
AS/IAU
the audit.
Chapter II
Compliance Audit of the SALN, DBIFC, and

Identification and Disclosure of Relatives (IDR) in
Government Service of Public Officials and
Employees
process
• the IAS/IAUofmayidentifying
conduct compliance the audit ofkey
the
submission of the SALN, DBIFC, and IDR in
audit strategic
government direction
service of public of theto
officials and employees
Part II
determine whether or not such documents have been
IAS/IAU for a pursuant
properly accomplished three-yearto RA No. 6713period.
and its
Practices
IRR, as amended, RA No. 3019, and other related laws
AS/IAU
and jurisprudence. Chapter II
Audit Process (cont.)
3. Use of Work of Other Experts

Experts – persons who acquired special knowledge, skill, experience or
training in a particular field other than auditing.
Expert task in auditing is expertise gained in the course of the audit

activities, it must performed in a way that does not endanger the impartiality of
audit activities.
Part II
The Auditor may use the work of an expert as evidence but the full
responsibility retains to the Auditor for the contents of the audit report Chapter I
3. Use of Work of Other Experts

Steps Auditors should consider
A. Obtain information on the qualifications, competence or specialization of
the experts;
B. Consider the nature, complexity and materiality of the matter,
assumptions used and corroborative evidence available
C. Consider the objectivity of the expert; and
D. Advise the expert on what the work is being used for and the purpose Part II
Chapter I
4. Integration and Preparation of the Highlights of Audit Findings
a. The IAS/IAU must be able to establish not only the facts and
circumstances but also the why’s, the what’s and the how’s of the non-
compliance. (Albert v. Gangan G.R. 126557, 6 March 2001)
A finding of probable cause for non-compliance needs only to rest on evidence

showing more likely than not the act/s or omission/s of the person responsible Part II
had caused the noncompliance with laws, rules and regulations and managerial
policies and operating procedures in the agency including compliance with Chapter I
accountability measures, ethical standards and contractual obligations, which
may warrant the conduct of proceedings (Tupaz v. Office of the Ombudsman
G.R. No. 212491-92, March 6, 2019
4. Integration and Preparation of the Highlights of Audit Findings
B. “Prima facie requires a degree of quantum of proof greater than probable cause. It
denotes evidence, if unexplainable or uncontrollable, is sufficient to sustain a
prosecution or establish the facts as to counterbalance the presumption of innocence
and warrant conviction” (Cometa v. Court of Appeals, G.R. No. 126005, 21 January
1999, De Lima v. Guerrero, et.al. G.R. 229781, 10 October 2019)
The audit findings supported by substantial evidence are deemed admitted by the
Part II
auditee if not converted by any evidence to overcome the same, the burden of proof is
the duty of a party to present evidence on the facts in issue necessary by law, burden of
Chapter I
proof never shifts (Supreme Court A.M. No. 19-08-15-SC Proposed Amendment of
the Revised Rules of Evidence” 8 October 2019)
Internal Audit Performance Monitoring and Evaluation
1. Performance Monitoring Evaluation
Assessing the performance and addressing opportunities for improvements of

the Internal Audit functions periodically can help maximize its efficiency and
effectiveness whereby the internal audit’s own performance is judged and held
accountable for its functions and use of resources. It demonstrate the saying
“practices what is preaches.” The Head of Agency/Department Secretary is
responsible for periodically reviewing the performance of the internal audit and Part II
approved the performance indicators used.
Chapter III
2. Steps in Performance Evaluation
21. Determination of KPIs

KPIs include measurements of the IAS/IAU accomplishment per Audit
engagement, such as:
A. Timely completion of each audit engagement
B. Benefits exceed the cost of audit
C. Cost of Audit is within the approved budget Part II
D. Number of audit findings approved by the DS/HoA
E. Number of Recommendations implemented by the auditee Chapter III
2.1. Determination of KPIs (cont.)

f. Number of audit support activities undertaken;
g. Internal audit staff satisfaction; and
h. Overall contribution made by the IAS/IAU
2.2. Design of the Performance Monitoring Reports Part II

The report forms should provide for the relevant information regarding the
IAS/IAU performance outputs on a per engagement basis summarized on a Chapter III
periodic basis. It must be aligned with the KPIs
Performance Monitoring Evaluation
Sample of DENR Individual Performance and Commitment Review
Part II
Chapter III
2.3. Preparation of Evaluation Report

It is good for the IAS/IAU to prepare an evaluation report on its
performance after an audit engagement for the information and advice of the
DS/HoA
(insert IPCR) as sample
Part II
Chapter III
3. Performance Monitoring by the IAS/IAU Head
3.1. Review of Progress Assessment Report

The Progress Assessment Report focuses whether or not:
● Audit objectives are met as reflected in the audit findings and
recommendations;
● Findings and recommendations are based on facts and substantial
evidence and in compliance with relevant laws, rules and regulations; Part II
● Internal auditing standards (NGICS, PGIAM and other relevant
standards) pursuant to DBM rules and regulations are applied; Chapter III
3.1. Review of Progress Assessment Report

The Progress Assessment Report focuses whether or not:
● Findings and recommendations promote the adequacy of internal control
pursuant to DBM rules and regulations;
● High standards of ethics and efficiency of public officials and employees
are observed pursuant to CSC rules and regulations Part II
● Note: Audit Team leader shall ensure that audit engagements are assessed Chapter III
at the stage before the exit conference
3.2. Review of Completion Assessment Report

The Completion Assessment Report focuses on the :
● Overall effectiveness and efficiency of the IAS/IAU in accordance with
DBM rules and regulations;
● Findings and recommendations which are based on facts and substantial
evidence and in compliance with relevant laws, rules and regulation; Part II
● Application of internal auditing standards (NGICS, PGIAM and other
relevant standards) pursuant to DBM rules and regulations; Chapter III
3.2. Review of Completion Assessment Report

The Completion Assessment Report focuses on the :
● Findings and recommendations which promote the adequacy of internal
control pursuant to DBM rules and regulations; and
● High standards of ethics and efficiency of public officials and employees
are observe pursuant to CSC rules and regulations. Part II
Note: Audit Team leader shall ensure that audit engagements are assessed at the Chapter III
stage before the exit conference
4. Performance Evaluation by the DS/HoA or GB/AuditCom
Monitor and evaluate the Performance of IAS/IAU through:

4.1. Review of the Internal Audit Report
● The hierarchy of applicable internal auditing standards and practices as
discussed in Chapter 1 of PGIAM-Part 1 are adhered to;
● All audit findings are formulated and synthesized based on the 4cs
(criteria, condition, conclusion, probable cause); Part II
● Findings are supported by sufficient audit evidence and the quantum of
evidence required to support an audit finding is substantial evidence Chapter III

● The recommendations are feasible, cost-effective, and cost-efficient, find
sufficient basis in law, evidence-based and classified as: i. Preventive
actions and ii. Corrective actions
● At any point, when significant risks/issues arise, the IAS/IAU will Part II
prepare an Interim Report to the DS/HoA to communicate findings,
issues, and problems that may affect the conduct of the audit and may Chapter III
expose the organization to considerable risks

The Interim Report contains the following:
I. Gaps or control deficiencies/breakdown noted during the documentation
of the components of the internal control system and the key processes in Part II
the operating and support systems;
II. Gaps or control deficiencies/breakdown found out after the conduct of Chapter III
the review and evaluation of the flowchart and narrative notes or conduct
of walkthrough; and
III. 3. Gaps or control deficiencies/breakdown after the conduct of the test of
controls

4.2. Preview of the IAS/IAU Performance Report
At the close of every year, the DS shall review the performance of the
IAS/IAU through the various reports/outputs that are submitted to their office
such as baseline assessment report, assessment of internal audit risk report,
annual audit plan, audit engagement report, audit follow-up report and Part II
performance monitoring evaluation report. The DS shall review the adequacy
of the internal audit as part of the internal control system Chapter III
5. Oversight Function of the DBM over IAS/IAU
The DBM is responsible for the efficient and sound utilization of funds and
revenues. Pursuant to this mandate, it “shall assist the President in the preparation of a
national resources and expenditures budget, preparation, execution and control of the
National Budget, preparation and maintenance of accounting systems essential to the
budgetary process, achievement of more economy and efficiency in the management
of government operations, administration of compensation and position classification
systems, assessment of organizational effectiveness and review and evaluation of
Part II
legislative proposals having budgetary or organizational implications.
The Administrative Code of 1987, ad amended, also empowers the DBM to
Chapter III
evaluate agency performance and to monitor budget performance and assess the
effectiveness of the agencies’ operations, including IAS/IAU, to wit:
5. Oversight Function of the DBM over IAS/IAU
Administrative Code of 1987, as amended states:

Section 51. Evaluation of Agency Performance
Section 52. Budget Monitoring and Information System
The DBM review the performance of IAS/IAU by focusing on the evaluation of
its effectiveness and efficiency as part of internal control system. Relevant
documents maybe requested that will aid in the DBM review: Part II
I. Internal Audit Memorandum
II. Baseline Asseement Report Chapter III
III. Annual Internal Audit Report
IV. Internal Audit Follow-up Report
V. Performance Monitoring Evaluation Report
6. Rule-Making Power of the DBM
a. DBM shall be responsible for the efficient and sound utilization of

government funds and revenues to effectively achieve our country’s Administrative Code of 1987
development objectives. Assist the President in the preparation, execution and (Executive Order 292)
Chapter 1 , Section 2
control of the National Budget and the achievement of more economy and Chapter 2, Section 3
efficiency in the management of government operations. OP AO No. 119 dated 29 March
1989
DBM Circular No. 2004-04
b. DBM issues rules and regulations through circulars and other issuances on dated March 22, 2004, DBM
budget management matters Circular Letter No. 2008-5
dated 14 April 2008 & DBM
Circular Letter No. 2011-05
dated 19 May 2011
7. Request for DBM Opinions/Ruling/Interpretations
In the conduct of compliance audit, the IAS/IAU may find some violations
by the auditee of compliance with rules and regulations and/or DBM Circulars
Administrative Code
and management matters, the same may be elevated to the BDM having vested
of 1987 (Executive
with the power to promulgate their own rules and regulations, if a violation of
Order 292)
their rules has been committed by an agency.
The Congress has endowed administrative agencies like DBM with the Chapter 2, Section 6
power to make rules and regulations to implement a given legislation and Authority and
effectuate its policies (G.R. No. 153266 dated March 18, 2010 Gutierrez v. Responsibility of the
DBM) Secretary
Sample of the Evaluation and Review of the Implementation

of DENR R2 Citizen’s Charter on certain frontline services
Part II
Chapter III
Sample of the Evaluation and Review of the Implementation

of DENR R2 Citizen’s Charter on certain frontline services
Part II
Chapter III
Part II
Chapter III
Part II
Chapter III
Part II
Chapter III
Part II
Chapter III
Part II
Chapter III
International Accounting
Standards (IAS)
International Accounting Standards (IAS)
INTERNAL AUDIT SERVICE MISSION
To continuously assist management in improving policies, processes and

operations on the basis of independent and objective appraisal of Internal
Controls in all DENR Offices and attached agencies
SUBTEXT
-
INTERNAL AUDIT SERVICE VISION
DENR Audit Service recognized as key agent of change and valued for its
independence, professional competence and commitment towards sustained
governance
Note: Pursuant to DBM Circular Letter No. 2011-05, Philippine Government

Internal Audit Manual Sec. 3.2, Functions of IAS/IAU, page 8.
DENR Internal Audit Service Functions
1. Advise the Department Secretary/Head of Agency on all matters
relating to management control and operations audits
2. Conduct management and operations audits of
Department/Agency functions, programs, projects, activities
with outputs and determine the degree of compliance with
mandate, policies, government regulations, established
objectives, systems and procedures/processes and contractual International
Accounting Standards
obligations.
(IAS)
3. Review and appraise systems and procedures, organizational
structures, asset management practices, financial and
management and management records, reports and performance
standards of the department proper, bureaus and regional offices.
DENR Internal Audit Service Functions (cont.)
4.Analyze and evaluate management control

deficiencies and assist top management by
recommending realistic sources of action
5.Perform such other related duties and responsibilities
as may be assigned or delegated by the Secretary or
International
as may be required by law. Accounting Standards
(IAS)
INTERNAL AUDIT SERVICE
Legal Bases:
1. Presidential Decree No. 1
Abolished the IAS created under RA 3456,as amended by RA
4177, and transferred the function to the Mangement Division
● Republic Act 3455 (Internal Auditing Act of 1962 –An act
providing for creation, organization and operation of
internal audit services in all departments, bureaus and International
offices of the national government
(IAS)
● Republic Act 4177 – Amendment of RA 3456, particularly
Section 2, 3, & 4
Legal Bases: (cont.)
2. Administrative Code of 1987 or EO 292
● Provided that the “responsibility to take care that such policy is
faithfully adhered to rests directly with the chief or head of the
government agency concerned
● Created an IAS in the DPWH to conduct comprehensive audit
of various Department activities International
(IAS)
3. AO 278 & AO 70
● Provided authority for the creation of an IAS and its functions,
duties and activities.
4. DBM Budget Circular 2004-4

● Highlighted the policy guidelines in the organization, staffing,
positions and salary grades of the IAS
Legal Bases: (cont)
5. DBM-CS Joint Resolution No. 1, s. 2006
● Rationalization Program’s Organization and Staffing Standards and
Guidelines
● Provided for the creation of an IAS/IAU with its functions in line with
Executive Order No. 366
6. DBM Circular Letter No. 2008-5 International

● Provided the guidelines in the organization and staffing of an Internal Accounting Standards
(IAS)
Audit Service/Unit and Management Division/Unit in
Departments/Agencies/GOCCs/GFIs concerned.
7. Issuance of National Guidelines on Internal Control Systems (NGICS) to

promulgate the necessary rules, regulations or circulars for strengthening of the
internal control system of government agencies
Legal Bases: (cont)DBM-CS Joint Resolution No. 1, s. 2006
8. DBM Circular Letter No. 2011-5
● Philippine Government Internal Audit Manual (PGIAM)
● Used as Generic Manual for Government Internal Auditors
● Governs IA work in government providing the standars, policies,
institutional arrangements, protocol and processes
International
9. COA Resolution No. 2018-007 Accounting Standards
● Adopting of the Internal Auditing Standards for the Philippine (IAS)
Public Sector (IASPPS) and Internal Control Standards for the
Philippine Public Sector (ICSPPS) in all government agencies
IAS
International
(IAS)
Prepared by Group 2
George Erfe
Sherry Mae Esteleydes
Nerissa Evasco
Richelyn Guiriba Thank You!
Myreen L. Guzman
Lovely Grace P. Ibus
Raymond Vicente M. Juan
Mary Grace V. Jucutan
Rose Jane Ladaran
Maria Leonora Laurente

Final Draft MPA 626 Group 2 Presentation

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Final Draft MPA 626 Group 2 Presentation

Uploaded by

Copyright:

Available Formats

INTERNAL CONTROL

The Mission of Internal Audit

“To enhance and protect

2. Demonstrates competence and due professional care;

3. Is objective and free from undue influence (independent)

4. Aligns with the strategies, objectives, and risks of the

5. Is appropriately positioned and adequately resourced;

6. Demonstrates quality and continuous improvement;

8. Provides risk-based assurance;

9. Is insightful, proactive, and future-focused; and

10. Promotes improvement of government operations.

Internal Auditing is an independent,

1. Philippine Application Guidelines (PAG)

Republic Act No. 6713 - Code of Conduct

Code of Ethics of the Institute of Internal

- May vary in each agency, may

The internal audit service (IAS) must be independent, and

DUAL REPORTING (avoid bias) - head of Internal Audit - direct

The head of internal audit must communicate and interact

Internal auditors must have an impartial, unbiased attitude and avoid

Impairment to organizational independence and individual objectivity may

● If independence or objectivity is impaired in fact or appearance, the details of

● If internal auditors have potential impairments to independence or objectivity relating to

Engagements must be performed with proficiency and due

Internal auditors and IAS as a whole, must possess the knowledge,

Internal auditors must apply the care and skill expected of a

● Includes: conformity with the Code of Ethics, Code of Conduct, and

● Obtaining appropriate education, experience, certifications, and

Internal auditors must enhance their knowledge, skills, and other

Includes participating in conferences, seminars, training programs, online courses

The head of internal audit must develop and maintain a Quality

The quality assurance and improvement program (QAIP) must

Internal assessments must include:

Sufficient knowledge of internal audit practices requires at least an understanding of all

External assessments must be conducted at least once every five years by a

Nonconformance with the Code of Ethics or the IASPPS impacts the

● Disclosures - discussion (meeting, private sessions, one-on-one, or other appropriate

1. An internal auditor was assigned to an audit engagement, but did not

The head of internal audit must effectively manage the internal

The IAS is effectively managed when it meets the following requisites:

1. Inherent risks - absence of any actions management may take to alter

The head of internal audit must communicate the Internal Audit

The head of internal audit must establish policies and procedures to

Topics generally included in the Internal Audit Manual:

The head of internal audit should share information, coordinate

The head of internal audit must report periodically to the head of

The combination of processes and structures implemented by the head of

Role of Internal Auditing - responsibility to evaluate and improve governance processes as

Planning Memo - important document to communicate engagement objectives, scope,

Objectives must be established for each engagement.

The established scope must be sufficient to achieve the objectives of the

ENGAGEMENT ALLOCATION RESOURCE

Internal auditors must determine appropriate and sufficient resources

ENGAGEMENT PLAN AND WORK PROGRAM

PERFORMING THE ENGAGEMENT

Internal auditors must identify, analyze, evaluate, and document

IDENTIFYING THE INFORMATION

Internal auditors must identify sufficient, reliable, relevant, and useful

ANALYSIS AND EVALUATION

Engagements must be properly supervised to ensure objectives are achieved,

Internal auditors must communicate the results of engagements.

CRITERIA FOR COMMUNICATING

Communications must include the engagement’s objectives, scope, and results.