1. Home
  2. Lainnya

International Professional Practices Framework

International Professional Practices Framework

The Institute of Internal Auditors (IIA) consolidates a large volume of standards and guidance for auditing in its International Professional Practices Framework (IPPF). This conceptual framework offers a point of reference for internal auditors about expectations and obligations for professionals engaged in auditing, includ- ing requirements for auditors certified by IIA or other individual members of the organization. (Nonmembers are not bound by the same obligation to follow the standards and code of ethics in the IPPF, but may choose to do so.) It also provides detailed guidance on conducting different kinds of audits and on the relationship

174 CHAPTER 9 Methodologies and Frameworks

Table 9.4 COSO Internal Control Components and Associated Principles [5] Component

Principles

Control 1. The organization demonstrates commitment to integrity and Environment

ethical values.

2. The Board of Directors demonstrates independence of management exercises oversight for the development and performance of internal control.

3. Management establishes, with board oversight, structure, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.

4. The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.

5. The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.

Risk 6. The organization specifies objectives with sufficient clarity to Assessment

enable the identification and assessment of risks relating to objectives.

7. The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.

8. The organization considers the potential for fraud in assessing risks to the achievement of its objectives. 9. The organization identifies and assesses changes that could significantly impact the system of internal control.

Control 10. The organization selects and develops control activities that Activities

contribute to the mitigation of risks to the achievement of objectives to acceptable levels.

11. The organization selects and develops general control activities over technology to support the achievement of objectives. 12. The organization deploys control activities as manifested in policies that establish what is expected and in relevant procedures to effect the policies.

Information and 13. The organization obtains or generates and uses relevant, quality Communication

information to support the functioning of other components of internal control.

14. The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of other components of internal control.

15. The organization communicates with external parties regarding matters affecting the functioning of other components of internal control.

Monitoring 16. The organization selects, develops, and performs ongoing and/ Activities

or separate evaluations to ascertain whether the components of internal control are present and functioning.

17. The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.

Audit-Specific Methodologies and Frameworks 175

between internal auditing practices and different governance and operations pro- cesses such as risk management and quality assurance. The IPPF includes some guidance designated as mandatory—the IIA definition of internal auditing, the code of ethics, and the international standards in the framework—and additional “strongly recommended” guidance including position papers, practice advisories, and practice guides. The guidance the IPPF comprises is summarized graphically in Figure 9.2 .

The IPPF mandates a set of International Standards for the Professional Practice of Internal Auditing, comprising attribute, performance, and implementation standards for both assurance and consulting services. Attribute standards specify characteristics or aspects of individual auditors and organizations that conduct internal audits, while performance standards describe audit activities and perfor- mance criteria used to measure quality (of the audit services performed, not the organization being audited). Many attribute and performance standards are further decomposed into implementation standards that specify requirements used in assur- ance or consulting audit services. According to the IIA, the purpose of the inter- national standards in the IPPF is to “delineate basic principles that represent the practice of internal auditing; provide a framework for performing and promoting

a broad range of value-added internal auditing; establish the basis for the evalu- ation of internal audit performance; and foster improved organizational processes

dat an ory guidanc e M

International standards

Definition

Code of

c tro e Practice

ng

advisories

an

ly r id

ecommended gu

FIGURE 9.2

The International Professional Practices Framework comprises both mandatory standards and practice expectations and strongly recommended guidance in the form of several types of documentation [6] .

Source: IPPF, Institute of Internal Auditors ©2013. All rights reserved. Used by permission.

176 CHAPTER 9 Methodologies and Frameworks

and operations” [7] . With 18 attribute standards, 33 performance standards, and

53 implementation standards (32 assurance and 21 consulting), listing all of them here is impractical due to space constraints; Table 9.5 lists the major categories of attribute and performance standards in the IPPF, with the subordinate standards and implementation standards designations associated with each.

Individual auditors and organizations seeking to conduct audits following the IPPF may be primarily interested in the international standards prescribed in

Table 9.5 IPPF International Standards [7] Primary Standards

Implementation 1000—Purpose, Authority,

Subordinate

1000.A1, 1000.C1 and Responsibility

1100—Independence

1110.A1 and Objectivity

1130.A1, 1130.A2, Independence or Objectivity

1130—Impairment to

None

1130.C1, 1130.C2 1200—Proficiency and Due

1210.A1, 1210.A2, Professional Care

1210.A3, 1210.C1, 1220.A1, 1220.A2, 1220.A3, 1220.C1

1300—Quality Assurance and

None Improvement Program

2010.A1, 2010.A2, Audit Activity

2000—Managing the Internal

2010.C1 2100—Nature of Work

2110.A1, 2110.A2, 2120.A1, 2120.A2, 2120.C1, 2120.C2, 2120.C3, 2130.A1, 2130.C1

2200—Engagement Planning

2201.A1, 2201.C1,

2210.A1, 2210.A2, 2210.A3, 2210.C1, 2210.C2, 2220.A1, 2220.A2, 2220.C1, 2220.C2, 2240.A1, 2240.C1

2330.A1, 2330.A2, Engagement

2300—Performing the

2330.C1, 2400—Communicating Results

2410.A1, 2410.A2,

2410.A3, 2410.C1, 2440.A1, 2440.A2, 2440.C1, 2440.C2

2500—Monitoring Progress

2500.A1, 2500.C1 2600—Communicating

None

None the Acceptance of Risks

None

Audit-Specific Methodologies and Frameworks 177

the framework and the available practice guides. The position papers in the IPPF describe the role and importance of internal auditing in the broader context of risk management and governance. Practice advisories directly correlate to many of the international standards mandated under the IPPF, providing clarification and offering instruction on the proper use of those standards. Practice advisories are identified using the same numbering scheme as the International Standards for the Professional Practice of Internal Auditing. Practice guides offer detailed guid- ance to help auditors correctly perform audit activities, with explicit procedures, recommended tools and techniques, and sample outputs. In addition to 16 Global Technology Audit Guides (GTAG) intended to address IT management, controls, and information security, the IPPF includes some two dozen additional practice guides covering a wide range of auditing and risk management topics.

Dokumen yang terkait

Food and Nutritional Toxicology

0 1 308

POTENSI EKSTRAK DAUN PINUS (Pinus merkusii Jungh. et de Vriese) SEBAGAI BIOHERBISIDA PENGHAMBAT PERKECAMBAHAN Echinochloa colonum L. DAN Amaranthus viridis. ( Potencies of Pine leaf Extract (Pinus merkusii Jungh. et de Vriese) as Bioherbicides for Geminat

0 0 9

Chapter 4 The Study of Chemical Reactions

0 0 44

TUGAS 9 MATA KULIAH PENGEMBANGAN MEDIA PEMBELAJARAN FISIKA BERBASIS IT “CARA PENYUSUNAN INSTRUMEN EVALUASI MEDIA DAN CONTOH ANGKET MEDIA PEMBELAJARAN” OLEH VEFRA YULIANI (14175036) KELAS A DOSEN PEMBIMBING: PROF. DR. FESTIYED, MS DR. USMELDI, M.PD PENDIDI

0 0 14

TUGAS 3 MATA KULIAH PENGEMBANGAN MEDIA PEMBELAJARAN FISIKA BERBASIS IT “TEORI PEMBUATAN MEDIA PRESENTASI YANG KREATIF, EFEKTIF, EFISIEN, MENARIK SERTA INTERAKTIF UNTUK PEMBELAJARAN” OLEH KELOMPOK 5 VEFRA YULIANI (14175036) DOSEN PEMBIMBING: PROF. DR. FEST

0 1 25

TUGAS 2 MATA KULIAH PENGEMBANGAN MEDIA PEMBELAJARAN FISIKA BERBASIS ICT “PERKEMBANGAN PEMBELAJARAN BERBASIS IT TERKINI” OLEH KELOMPOK 4 VEFRA YULIANI (14175036) DOSEN PEMBIMBING: Prof. Dr. Festiyed, MS Dr. Usmeldi, M.Pd PENDIDIKAN FISIKA PROGRAM PASCA SAR

0 0 26

PUSAT PENELITIAN OSEANOGRAFI LIPI CORAL REEF REHABILITATION AND MANAGEMENT PROGRAM (COREMAP) Phase II Coral Reef Information and Training Centers (CRITC)

0 0 79

OPTIMALISASI JUMLAH PEMBERIAN KONSENTRAT PADA PROGRAM PENGGEMUKAN SAPI PERANAKAN ONGOLE (PO) The optimum amounts of concentrate applied on the feedlot program of the male Ongole Cattle (MOC) Hybrid

0 0 7

LOGICAL Type and Variables

0 0 48

The elements and principles of graphic design used in desktop publishing

0 0 65