The standards pertaining specifcally to engagement process are internationally general in nature. They are designed to accommodate the varying nature of internal audit engagement. Internal auditors must document a plan for each engagement! including the engagement"s ob#ectives! scope! timing! and resource allocations.
The standards pertaining specifcally to engagement process are internationally general in nature. They are designed to accommodate the varying nature of internal audit engagement. Internal auditors must document a plan for each engagement! including the engagement"s ob#ectives! scope! timing! and resource allocations.
The standards pertaining specifcally to engagement process are internationally general in nature. They are designed to accommodate the varying nature of internal audit engagement. Internal auditors must document a plan for each engagement! including the engagement"s ob#ectives! scope! timing! and resource allocations.
the last two sections have been combined in the communicate phase of the
engagement process illustrated in exhibit 2-6. the standards pertaining specifcally
to engagement process are internationally general in nature to accommodate the varying nature of internal audit engagement. standard 2200 engagement planning states that internal auditors must develop and document a plan for each engagement! including the engagement"s ob#ectives! scope! timing! and resource allocations. in planning the engagement! the internal audit function must consider the ob#ectives of the activity being reviewed and the means by which the activity controls in performace$ the signifcant ris%s to the activity! its ob#ectives! resources! and operations and the means by which the potential impact of ris%s is %ept to an acceptable level$ the ade&uacy and e'ectiveness of the activity"s ris% management and control processes compared to a relevant control framewor% or model$ and the opportunities for ma%ing signifcant improvements to the activity"s ris% management and control processes (standard 220) planning considerations* the following standards apply when planning the internal audit engagement obe#ctives must be established for each engagement (standard 22)0 engagement obe#ectives*. the established scope must be su+cient to satisfy the ob#ectives of the engagement (standards 2220 engagement scope * internal auditors must determine appropriate and su+cient resources the to achieve engagement ob#ectives based on an evaluation of the nature and complexity of each engagement! time constraints! and available resources (standard 22,0 engagement resources allocation * internal auditors must develop and document wor% programs that achieve the engagement ob#ectives (standard 22-0 engagement wor% program* while performing the engagement! the internal audit function must identify su+cient! reliable! relevant! and useful information to achieve the engagement"s ob#ectives (standard 2,)0 identifying information* base conclusions and engagement results and appropriate analyses and evaluations ( standard 2,20 analysis and evaluation* document relevant information to support the conclusions and engagement results (standard 22,0 documenting information * ma%e sure that the engagement is properly supervised to ensure ob#ectives are achieved! &uality is assured! and sta' is developed ( stadard 2,-0 engagement supervision * for internal audit engagements to have value! their outcomes must be communicated timely to the appropriate users! it is not enough! however! for the users to receive a report. the communication must be in a form that minimi.es the ris% of misinterpretation. standard 2-)0 criteria for communicating states that communication must include the engagement"s ob#ectives and scope as well as applicable conclusions! recommendations! and action plans. standard 2-20 &uality of communications further states that communication must be accurate!ob#ectives! clear! concise! constructive complete! and timely. moreover! standard 2-2) errors and omissions states! if a fnal communication contains a signifcant error or omission! the chief audit executive must communicate corrected information! to all parties who received the origianal communication. internal audit function may report that their engagements are conducted in conformance with the international standard for the professional practice of internal auditing. only if the results of the &uality assurance and improvement program support the statement (standard 2-,0 use ofconducted in conformance with the international standards for the professional practice of internal auditing*. when nonconformance with the defnition of internal auditing! the code of etchics! or the standards impacts a specifc engagement! communication of the result must disclose the principle or rule of conduct of the code of ethics or standard with which full conformance was not archieved reasons for the nonconformance and impact of nonconformance on the engagement and the communicated engagement results ( standard 2-,) engagement disclosure of nonconformance * the /01 is responsible for the communicating internal audit engagement results to the appropriate parties ( standard 2--0 disseminating results * and for establishing and maintining a system to monitor the disposition of engagement results communicated ( standard 2200 monitoring progress *. for assurance engagement! this means that the /01 mus ascertain that management actions have been e'ectively implemented or that senior management has accepted the ris% of not ta%ing action (standard 2200.0)*. for consulting engagements! the internal audit function must monitor the disposition of results. . to the extent agreed upon with the customer* ( standard 2200.c) * the engagement process is covered extensively in chapter )2! introduction to the engagemenet process! chapter ),!conducting the assurance engagement!chapter )-!communicating assurance engagement outcomes and performing follow-up procedures! and chapter )2the consulting of engagement. resolution of senior management"s acceptance of ris%s. standard 2600 resolution of senior management"s acceptance of ris%s adresses the issue of accepting a level of residual ris% that may be unaceptable to the organi.ation.. the glossary to the standards defnies residual ris% as the ris% remaining after management ta%es action to reduce the impact and li%elihood of an adverse event! including control activities in responding to a ris%. the text boo% glosssary contains a slightly di'erent! but consistent defnition of residual ris% the portion of inherent ris% that remains after managements executes its ris% responses ( sometimes referred to as net ris%*. when a potentially unacceptable level of residual ris% is believed to exist! the chief audit executive must discuss the matter with senior management. if the decision regarding residual ris% is not resolved! the chief audit executive must report the matter to the board for resolution. 3trongly 4ecommended 5uidance the 660"s mandatory guidance ( defonition of internal auditing! code of ethics and standards 0 is relatively general in nature because it is applicable to all internal audit activities. internal audit assurance and consulting engagements are conducted in a wide variety of organi.ations! by in-house internal audit functions or outside service providers! in a centrali.ed or decentrali.ed organi.ational structure! and in diverse cultures and legal enviroments. strongly recommended guidance ( practice advisories! position papers! and practice gides * provide more specifc! nonmandatory guidance. in same cases! strongly recommanded guidance may not be applicable to all internal audit functions. in other cases! in may represent only one of many acceptable alternatives. however! this guidance is authoritative in the sense at the 660 has endorsed it trough a formal endorsements process! which includes review by the ethics committe and the internal audit standards board for consistency with the mandatory guidance. practices advisories. the practices advisories provide concise and timely guidance as to how standards might be implemented. they address approaches! methodologies! and factors for an internal audit function to consider! but are not intended to provide detailed processes and procedures for internal audit functions to follow. they may pertain to specifc types of engagements of clarify geographical or industry internal audit practices. each practices advisory is correlated by number to the standard to which it pertains and also refers to the code of ethics where applicable. the 660"s professional issues committee is responsible for developing practice advisories. the professional issues committee may! however! wor% with other 660 committees such as ethics committee or the advanced technology committee to develop advisories for which speciali.ed expertise is needed. as of 2007! more than 20 practice advisories have been issued. the practice advisories are available in the published edition of the 6889! which is usually updated every three years! and the accompanying /:! which is updated annually. all issued practice advisories are available to 660 members on the 660"s website exhibit 2-; present an example of a practice advisory. practice advisory )000-) internal audit charter provides advice pertinent to standard )000 purpose! authority! adn responsibility. in addition to the advisory text! the practice advisory contains the related standard and if applicable! the interpretation. in this case! the practice advisory augments the standard by providing supplemental guidance regarding the internal audit charter. position papers. postion papers provide guidance on issues that extend beyong the specifcs of how the /01! internal audit function! and individual internal auditors should conduct their wor%. they are written not only for internal auditors but for other interested parties outside the profession. such parties include management! board and audit committee members! and external sta%eholders such as legislator! regulators! ang other professionals with whom internal auditors wor% ( for example! independent outside auditors or other service providers involved in organi.ation"s ethics and compliance programs or ris% management initiatives*. position papers currently address the role of internal auditing in the organi.ation"s enterprise ris% management system and how the organi.ation sources the internal audit function. future position papers may address signifcant governence! ris% management! and control issues with the intent of clarifying the issues and enhancing internal auditors and sta%eholders understanding of the issues. the 660"s professional issues commitee usually initiates position papers! but any international committee or local 660 institute may do so. position papers drafted by local 660 institutes must be submitted for review by and feedbac% from! the 660"s international technical committees to ensure that the guidance is consistent with the 6889. position papers also may be developed and issues in partnership with other professional organi.ation. managing the development and writing of the position papers rests with the professional issues committee. unli%e other types of strongly recommended guidance! position papers re&uire a one-month exposure period to local 660 institutes and other international technical committees before they are issued. 8ractice 5uides. practice guides provide detailed guidance on internal audit tools and techni&ues. practice guides are currently composed of the global technology audit guides ( 5<05 * and the guide to the assessment of 6< ris% ( 506< * series! both of which were developed bye the 660"s 0dvanced technology committee. =oth the 5<05 series and 506< series are available to 660 members on the 660"s website. /hapter ;! information technology ris%s and controls! provides more information about this 6<-related guidance. any of the 660"s technical committees may purpose the concept for a practice guide! but the professional practice advisory council ( composed of the chairs ofthe 660"s international technical committees * oversees their development and issuance. the professional practice advisory council approves the concept and assigns it to one of the committees develop. the committees most li%ely to be as%ed to develop practice guides are the professional issues committee! the advanced technology committee! and the committee on &uality. >?@ <>1 6A<14A0<6?A0B 84?91336?A0B 840/<6/13 940C1@?4D 63 D18< /E441A<. the 6889 is not intended to be a static body of guidance. it will continue to evolve as the profession respond to a continuously changing enviroment. the professional practices advisory council is responsible for coordinating in initiation! development! issuance! and maintenance of the authoritative guidance that ma%es up the 6889. the council comprises the 660"s vice president of professional practices and the chairs of the 660"s six international technical committees. these committees are the ethics committee! the internal audit standards board! the professional issues commitee! the advanced technology committe! the committe on &uality! and the board of regents. the frst three committees have direct responsibility for maintaining specifc portions of the 6889. each year! the professional practices advisory council develops a wor% plan for the next year as well as a tentative plan for the following two years that lays out the wor%s for ethics committee! the internal audit standards board! and the professional issues committee. the council also coordinates the review of all exisiting guidance on three years cycle. the ethics committee. the ethics committee"s mission is to serve the global profession of the internal auditing by maintaining the 660"s code of ethics $ promoting an understanding of and compliance with the 660"s code of ethics$ assesing$ investigating! ang sanctioning complaints concerning noncompliane with the 660"s code of ethics$ and advocating ethics as part of the governence process. the committe is re&uired to complete a formal review of the existing code of ethics every three years. any changes in the code of ethics!such as adding additional rules! must be initiated by this committee. adoption of new rules re&uires a 70-day exposure period for public comment. fnal approval of changes to the code of ethics rests with the 660"s board of directors. the ethics commitee also evaluates the conduct of 660 members and candidates for! or holders of! 660 professional certifcations! when necessary. the international audit standards board. the international audit standards board"s mission to promulgate! monitor! and the promote the standards on a worldwide basis. the board is re&uired to complete of a review of the existing standards every three years. new standards or modifcations to existing standards are initiated with this committe and re&uire a 70-day exposure period for public comment. exposure includes translation into spanish and french! and the often into other ma#or member languages ( for example! chinese! italian! german! #apanese! and potentially others*. after due considerations of responses to the exposure draft! a ma#ority vote of the committee is re&uired for fnal issuance. professional issues committee. the professional issues commite"s mission is to provide thought leadership and timely professional guidance to the members and sta%eholders of the internal audit profession on methodologies! techni&ues! and authoritative positions include in the 6889 and to comment on or support other matters that impact the internal audit profession. this committee initiates! develops! and maintains the practice advisories and reviews existing practice advisories on a three years cycle. the professional issues committee also is a primary initiator and developer of position papers and practices guides. drafts of proposed practice advisories! position papers! and practices guides are circulated to the ethics committee and the internal audit standards board for a review of consistency with existing mandatory guidance before they are issued. position papers also re&uire a ,0-day exposure period to local 660 institutes. the process for developing the mandatory and strongly recommended guidance included in the 6889 is summari.ed in exhibit 2-F to improve transparancy and enhance the trust that legislators! regulators! and other users of internal audit services have in the profession"s authoritativegidance. the 660"s 2006 vision for the future tas% force recommended the establishment of an independent guidance oversight