Page 27 - IIA MAGAZINE_March 2017_English
P. 27
TO COMMENT on the article, Internal Audit Quality
EMAIL the author at rajiv.thakur@massarsolutions.ae
“The demands on internal audit are with management and the board instead
evolving rapidly, and The IIA is working of working with the management and / or
diligently to make sure the Standards board in developing appropriate evaluation
criteria as per previous standards. Thus,
and IPPF reflect that evolution” internal auditors are supposed to use their
consulting skills and identify appropriate
IIA President and CEO Richard Chambers1 evaluation criteria by due discussion with
management and / or the board rather
It mentions that where engagement • Conformance with the Code of Ethics than working with management / board to
activities require coordination from and the Standards and action plans to develop suitable criteria rather.
other assurance and consulting service address any significant conformance A new Interpretation is added stating there
providers, the CAE can do so, provided issues, are three types of criteria being 1) Internal,
a consistent approach for reliance 2) External and 3) Leading Practices.
is followed and the competencies, • Management’s response to risk that, 2410 – Criteria for Communicating:
objectivity and due professional care of in the CAE’s judgment, may be The amended standard states that
these service providers are considered. unacceptable to the organization. communication must include engagement’s
The CAE is expected to have clear objectives, scope and results.
understanding of the scope, objectives 2100 – Nature of Work: The Internal 2410.A1: The amendment done is the final
and results of work performed by Audit Department is entrusted with communication of engagement results
such providers. The CAE still remains the responsibility of evaluating and should mandatorily include applicable
accountable and responsible even if contributing to the improvement of conclusions, applicable recommendations
the reliance is placed on work of others the organization’s governance, risk and / or action plans. Internal auditor’s
for ensuring adequate support for management and control processes using opinion should be provided only where
conclusions and opinions reached by the a systematic, disciplined and risk based appropriate. Previously, internal auditor’s
internal audit activity. approach. The value and creditability of opinion and / or conclusions must be
2060 – Reporting to Senior Management the department enhances when the team provided only where appropriate. Further,
and the Board: The CAE is assigned with is proactive and the evaluation offers only opinion (and not conclusion as in
additional responsibilities on periodically gives better insight and forecasts future previous standards) must take account of
reporting to the Senior Management impact. Thus, Internal Audit Department expectations of senior management, board
and Board on the Internal Audit is made more responsible in providing and other stakeholders.
Department’s conformance with the Code value adding insights to the entity and 2430 – Use of “Conducted in Conformance
of Ethics and the Standards in addition improving organization’s governance, risk with the International Standards for
to the department’s purpose, authority, management and control processes. the Professional Practice of Internal
responsibility and performance relative 2110 – Governance: The Internal Auditing”: The internal auditors can
to its plan. Audit Department is entrusted with indicate that engagements are conducted
The Interpretation is amended and states additional responsibilities on improving in conformance with the International
that the frequency of the reporting to the organizations’ governance process Standards for the Professional Practice
the Senior Management and the Board by assessing and making appropriate of Internal Auditing if the results of the
is determined in collaboration and recommendations on the strategic and quality assurance and improvement
not just mere discussion by the Senior operational decisions and overseeing the program support this. Thus, the emphasis
Management, Board and the CAE. Thus, risk management and controls. is on indication rather than on reporting
the CAE is empowered to collaborate 2200 – Engagement Planning: The standard on the conformance.
with Senior Management and Board is revised to include that the internal 2450 – Overall Opinions: The internal
for deciding the frequency and content auditors have to be well aware of the auditors have an added responsibility of
of the reporting. The CAE is entrusted organizations’ strategies, objectives and taking into consideration the organization’s
with the responsibility of reporting and relevant risks and must consider the same strategies, objectives and also risks when
communication to Senior Management while planning any engagement. framing an overall opinion. Further, the
and the Board which must include 2201 – Planning Considerations: In Interpretation states that a summary of
information about: planning an engagement, internal auditors relevant information supporting such
• The audit charter, must consider organization’s strategies and opinion must be included in addition to
• Independence of the internal audit significant risk to activity’s objectives under the earlier requirements.
review. 1 https://na.theiia.org/news/press-
activity, 2210.A3 – This is a sub-standard under releases/Pages/Proposed-Internal-Audit-
• The audit plan and progress against Standard 2210 (Engagement Objectives) Standards-Changes-Unveiled.aspx
and the amendment is that where criteria
the plan, to evaluate governance, risk management RAJIV THAKUR
• Resource requirements, and controls is inadequate, internal CA, CIA, is an internal audit team leader at a
• Results of audit activities, auditors must identify appropriate leading automotive company in Abu Dhabi.
evaluation criteria through discussion
27 INTERNAL AUDITOR - MIDDLE EAST MARCH 2017
