IIA IIA-CIA-Part1 - Internal Audit Fundamentals

The internal auditor’s objectivity is best protected in the scenario where a former human resources manager conducts an effectiveness review of the appointment and termination process six months after transferring to the internal audit activity. This duration allows for a cooling-off period, which helps to mitigate potential conflicts of interest or biases related to the auditor's former role and responsibilities.

IIA Standards regarding objectivity and conflicts of interest.

An internal auditor exercises due professional care by enhancing knowledge, skills, and other competencies through ongoing professional development. This action is essential to maintain the necessary proficiency and competency in performing audit tasks, thereby ensuring the quality and effectiveness of the audit work aligns with professional standards and meets the evolving needs of the organization.

Institute of Internal Auditors (IIA) - International Professional Practices Framework (IPPF)

According to IIA guidance, the standard risk treatments outlined in the process element approach of the framework for risk management include the following steps:

Risk Identification: Identifying potential risks that could affect the achievement of objectives.

Risk Assessment: Evaluating the identified risks in terms of their likelihood and impact.

Application of Controls: Implementing measures to mitigate or manage the identified risks.

Risk Acceptance: Deciding to accept the risk when it falls within the organization's risk appetite or tolerance levels.

These steps are part of a structured approach to managing risks, ensuring that risks are systematically identified, assessed, and managed through appropriate controls and that acceptance of residual risks is aligned with the organization's strategic objectives and risk appetite.

IIA Practice Guide: Assessing the Adequacy of Risk Management Using ISO 31000

COSO Enterprise Risk Management Framework

The primary responsibility for the internal audit activity in helping management maintain effective controls is promoting continuous monitoring. Continuous monitoring involves regularly reviewing control processes and performance to ensure they are effective and making adjustments as necessary. This proactive approach enables the internal audit activity to assist management in maintaining a robust control environment that can adapt to changes in the organization or its external environment.

The IIA's International Standards for the Professional Practice of Internal Auditing regarding monitoring and control.

The IIA's mission for internal audit emphasizes the role of internal audit in enhancing and protecting organizational value by providing risk-based and objective assurance, advice, and insight. Assessing the effectiveness of internal controls over organizational assets directly aligns with this mission as it focuses on providing assurance on the control environment and operational effectiveness, which are crucial for protecting assets and ensuring reliable financial reporting and compliance.

The Institute of Internal Auditors (IIA) - Mission of Internal Audit

According to IIA guidance, the internal audit activity can consult on CSR program design and implementation, serve as an advisor on CSR governance and risk management, and identify and mitigate risks to help meet the CSR program objectives. These roles enable the internal audit to add value through both advisory and assurance services regarding CSR, aligning with their expertise in governance, risk management, and control.

IIA guidance on the role of internal auditing in corporate social responsibility; Standards on advisory services.

It is true that risks may relate to failing to achieve positive outcomes. This statement recognizes that risks are not only about preventing losses or avoiding negative consequences but also about failing to capitalize on opportunities that could lead to positive outcomes. This perspective aligns with a broader, more holistic view of risk management.

IIA Position Paper on Risk Management

The internal audit charter should include the Definition of Internal Auditing, along with the Core Principles, Code of Ethics, and Standards. This definition provides clarity on the purpose, authority, and responsibility of the internal audit function within the organization. References:

IIA's International Professional Practices Framework (IPPF) - Internal Audit Charter requirements.

The best example of a computer forensic audit activity among the options provided is when an internal auditor recovers emails of an employee who was suspected of fraudulent activities. Computer forensics involves the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. Recovering emails for the purpose of investigating suspected fraud aligns well with these practices.

Computer forensic audit techniques are commonly discussed in IIA publications and training related to forensic auditing and fraud examination.

When an internal auditor discovers fraud-related red flags during an audit engagement, the action that best demonstrates due professional care is to perform further testing to verify the existence of fraud. This approach ensures that any findings of fraud are based on thorough investigation and sufficient evidence, rather than premature conclusions. This procedure aligns with the IIA's guidance on due diligence and the thorough investigation of anomalies.

IIA International Standards for the Professional Practice of Internal Auditing.

According to the standards and practices of internal auditing, the internal audit function is primarily responsible for providing an independent and objective assurance and consulting service aimed at adding value and improving an organization’s operations. If internal auditors were tasked with developing controls in business procedures, it could compromise their objectivity. Objectivity is crucial as it allows auditors to carry out audits impartially and without bias. Involvement in control creation could lead internal auditors to later audit their own work, which is a conflict of interest and undermines the principle of independence and objectivity as set by the Institute of Internal Auditors (IIA).

The Institute of Internal Auditors (IIA) - International Standards for the Professional Practice of Internal Auditing

IIA standards highlight that organizational independence is compromised when senior management can alter the internal audit scope. Independence ensures that internal auditors operate without influence or pressure from those they audit, critical for impartiality​​.

The principle of objectivity in the IIA Code of Ethics specifically requires internal auditors to disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review (Option D). This principle ensures that internal auditors remain unbiased and do not withhold information that could affect the conclusions of their audit reports, thus maintaining the integrity and transparency of the audit process.

IIA Code of Ethics: Objectivity

IIA Standards, Standard 1120: Individual Objectivity

The practice of supervisors providing feedback to internal auditors after reviewing workpapers demonstrates the exercise of due professional care within the internal audit activity. This feedback mechanism helps ensure the quality of audit work and adherence to professional standards, and it promotes continuous improvement and development of audit staff. This aligns with the IIA’s definition of due professional care, which includes diligence, attention to detail, and continuous professional development.

IIA Standard 1300: Quality Assurance and Improvement Program, which outlines the requirements for due professional care.

The primary purpose of The IIA's Code of Ethics is to establish principles and expectations governing the behavior of individuals and organizations in the conduct of internal auditing. The Code of Ethics sets out the ethical principles that guide the professional and personal conduct of internal auditors, promoting an ethical culture within the profession. References: Institute of Internal Auditors (IIA) - Code of Ethics