Fundamental Principles of Internal Auditors
In their work, internal auditors must adhere to the following fundamental principles:
- Integrity;
- Objectivity;
- Confidentiality;
- Professional competence.
Integrity
Internal auditors are required to:
Perform their functions honestly, thoroughly, and responsibly;
Comply with legal requirements and disclose information in accordance with regulatory and professional standards;
Refrain from engaging in illegal activities or conduct that could damage the reputation of the internal audit profession or the organization itself;
Respect the legitimate and ethical objectives of the organization and contribute to their achievement and strengthening.
Objectivity
Internal auditors must:
Avoid any actions, relationships, or circumstances that could affect the impartiality of their assessments or be perceived as a threat to objectivity, including conflicts of interest;
Not accepting any remuneration, gifts, or other benefits that could adversely affect their professional judgment;
Disclosing all material facts known to the auditor, the concealment of which could result in a misrepresentation of the financial statements or audit results.
Confidentiality
Internal auditors are required to:
Exercise due diligence in the use, storage, and protection of information obtained during audit activities;
Not using proprietary information for personal gain or for other purposes that are contrary to law or detrimental to the legitimate and ethical interests of the organization.
Competence
Internal auditors must:
Accept only those engagements for which they have the necessary knowledge, skills, and experience;
Perform internal audit services in strict accordance with professional standards;
Continuously improve their professional skills, improving the quality and effectiveness of the services provided.
Purpose of Internal Audit Standards
Internal audit standards are intended to:
Establish key principles governing good internal audit practice;
Form a methodological basis for conducting and developing internal audit;
Provide criteria for evaluating the effectiveness of internal audit activities;
Facilitate improvements in the organization’s management processes and operational activities.
Purpose, Authority, and Responsibilities of the Internal Audit Function
The purpose, authority, and responsibilities of the internal audit function should be formally set out in a charter developed in accordance with the Standards and approved by the board of directors.
Competence and Professional Care
- An internal auditor must possess the knowledge, skills, and qualifications sufficient to perform their assigned responsibilities. The internal audit function as a whole must also meet these requirements;
- Internal auditors must act with the level of care and professionalism expected of a competent professional. However, professional care does not imply absolute infallibility;
- The head of internal audit is required to engage external experts or consultants when staff lack the necessary competencies;
- Auditors must continually develop their knowledge and skills through continuing professional development.
Professional diligence requires consideration of:
- the scope of work required to achieve the engagement objectives;
- the complexity, significance, and materiality of the matters being considered;
- the effectiveness of risk management, control, and governance systems;
- the likelihood of material errors, irregularities, or deviations;
- the balance between audit costs and expected benefits.
Quality Assurance and Improvement Program
- The head of internal audit is required to develop, implement, and maintain a quality assurance and improvement program covering all areas of the service;
- The program should enhance the organization’s value and improve its performance, and ensure compliance with the Standards and the Code of Ethics;
- The program should include both internal and external assessments;
- The phrase «Conducted in accordance with the Standards» is permitted if the established requirements are met;
- If material nonconformities are identified, information is communicated to senior management and the board of directors.
Audit engagement standards include:
- Managing the Internal Audit Function (2000);
- Nature of Activities (2100);
- Planning (2200);
- Performing Engagements (2300);
- Presenting Results (2400);
- Follow-up (2500);
- Residual Risk Management (2600).
Managing the Internal Audit Function
Planning
The head of internal audit is responsible for developing work plans that take into account the organization’s risks and strategic objectives to prioritize the function’s activities.
Communication and Approval of Plans
Plans and resource requirements, including significant changes, are subject to review and approval by senior management and the board of directors. Current resource constraints must also be communicated.
Resource Management
The head of internal audit must ensure the adequacy, effectiveness, and efficient use of resources to implement approved plans.
Policies and Procedures
The head of internal audit defines and implements internal policies and procedures governing the function’s activities.
Coordination
Communication and communication with internal and external audit and consulting service providers is essential to ensure full coverage of work and avoid duplication.
Reporting
The head of internal audit regularly communicates to the board of directors and senior management about the function’s objectives, responsibilities, performance, significant risks, control systems, and corporate governance matters.
Internal Audit Function Activities
Risk Management
The Internal Audit function contributes to the identification, assessment, and mitigation of significant risks, as well as to the improvement of the internal control system, including the assessment of:
– the reliability of financial and management information;
– operational efficiency;
– asset safety;
– compliance with laws and contractual obligations.
Corporate Governance
The Internal Audit function participates in the assessment and improvement of the governance system, ensuring:
the development and communication of the organization’s values and goals;
monitoring the achievement of objectives;
management accountability;
preservation of corporate values.
Planning and Executing Audit Engagements
Internal auditors are required to develop and document a plan for each engagement, taking into account project objectives, risks, control systems, resources, and opportunities for improvement.
Engagement work includes collecting, analyzing, evaluating, and documenting sufficient information, as well as ongoing monitoring of the progress of the work.
Dissemination of Results and Follow-up
Audit results must be communicated to stakeholders in a timely manner and be accurate, objective, understandable, and complete. If nonconformities with standards are identified, the causes and impact of these nonconformities are identified.
The head of internal audit ensures oversight of the implementation of recommendations and assesses the acceptability of residual risk.
Acceptable Risk Level
If the head of internal audit believes that management has accepted a level of residual risk that is unacceptable for the organization, this issue is discussed with senior management. If no resolution is reached, the issue is referred to the board of directors.