Transcription
QUALITY ASSURANCE AND IMPROVEMENTPROGRAMStandards 1300 – 1322Presentation by SBA’s Office of Internal Audit
Topics1.Introduction2.Quality Assurance & Improvement Program3.Internal Assessments-Ongoing Monitoring4.Internal Assessments-Periodic Self-Assessments5.External Assessments6.New IPPF2
SBA Functional Org Chart3
SBA Functional Org Chart4
Office of Internal Audit5
Office of Internal Audit6
Office of Internal AuditStandard of Practice:The Institute of Internal Auditors' (The IIA)International Professional Practices Framework(IPPF).IPPF mandatory elements consisting of:Core Principles,Definition of Internal Auditing,Code of Ethics, and theInternational Standards for the Professional Practice ofInternal Auditing (Standards)7
State AgenciesSection 20.055(6)(a), Florida Statutes .the director of auditing shall perform the functions listed inthis subsection.(a) Such audits shall be conducted in accordance with thecurrent International Standards for the Professional Practiceof Internal Auditing as published by the Institute of InternalAuditors, Inc., or, where appropriate, in accordance withgenerally accepted governmental auditing standards. All auditreports issued by internal audit staff shall include a statementthat the audit was conducted pursuant to the appropriatestandards.8
Primary Objective of QAIPThe primary objective of QAIP is topromote continuous improvement.QAIP presumes that quality is built intothe structure of the internal auditactivity.9
Conformance Built Into the Structure OIA Manual10
Conformance Built Into the Structure OIA Manual Table of Contents11
Conformance Built Into the Structure OIA Manual12
Conformance Built Into the Structure13
Conformance Built Into the Structure14
Conformance Built Into the Structure15
Conformance Built Into the Structure16
Conformance Built Into the Structure17
Conformance Built Into the Structure18
Conformance Built Into the Structure19
IIA Standards 1300 to 13221300: Quality Assurance and Improvement Program 1310: Requirements of the Quality Assurance and Improvement Program1311: Internal Assessments1312: External Assessments1320: Reporting on the Quality Assurance and ImprovementProgram1321: Use of “Conforms with the International Standards forthe Professional Practice of Internal Auditing”1322: Disclosure of Nonconformance20
Responsible for QAIPStandard1300: Quality Assurance andImprovement ProgramThe chief audit executive mustdevelop and maintain a qualityassurance and improvement programthat covers all aspects of the internalaudit activity.21
Requirements of the QAIP1. Internal assessments - comprised of two interrelatedparts:a. ongoing monitoring andb. periodic self-assessments2. External assessments – can be in the form of:a. A full external assessment, orb. A self-assessment with independent externalvalidation22
Key Challenges Faced by Small Audit Shops Adequacy of Resources Retention of Qualified Staff or SubjectMatter Experts Independence23
Key Challenges Impact on Conformance withthe Standards24
INTERNAL ASSESSMENT ONGOING MONITORINGInternal Assessments must include ongoing monitoring of theperformance of the internal audit activity
Internal Assessment – Ongoing MonitoringPractice Advisory 1311-1 interpretation of ongoing monitoring: Day-to-day supervision, review, and measurement of the internalaudit activity Routine policies and practices used to manage the internal auditactivity Processes, tools, and information considered necessary toevaluate conformance with the Definition of Internal Auditing,the Code of Ethics, and the Standards26
Internal Assessment – Ongoing MonitoringPer Practice Advisory ongoingmonitoring achieved by:Standard working practicesEngagement planningSupervisionAssessing the audit engagementaction plan prior to fieldwork Using checklists or automationtools to provide assurance oncompliance with establishedpractices and procedures Working paper procedures andsignoff by engagement supervisors Review of reports and supportingdocumentation for comments Examples of SBA OIAongoing monitoring: Assess the progress of the OIAAnnual Audit Plan Maintain an updated OIAprocedure manual Perform engagement-specificquality assurance assessments andrelated verifications Review working papers and auditreports Maintain a database ofrecommendations/action plans andrelated status Complete required continuingprofessional education27
Engagement-Specific QA Assessment Example28
Engagement-Specific QA Assessment Example (Continued)29
Engagement-Specific QA Assessment Example (Continued)30
Engagement-Specific QA Assessment Verification31
INTERNAL ASSESSMENT PERIODIC MONITORINGInternal Assessments must include periodic self-assessments orassessments by other persons within the organization withsufficient knowledge of internal audit practices
Internal Assessment – Periodic MonitoringAssess conformance with: The Standards Definition of InternalAuditing Code of Ethics Internal audit’s charter,plans, policies,procedures, practices,and ment may: Be a self-assessment, or anassessment by a CIA (orother competentprofessional) from adifferent department Encompass a combinationof self-assessments Include interviews andsurveys Serve to facilitate & reducethe cost for an externalassessment33
How does the OIA perform periodicmonitoring? Annually review the OIA Charter. Annually perform a self-assessment of theinternal audit activity.34
Rating Methodology Generally Conforms (GC) Partially Conforms (PC) Does Not Conform (DNC)Conformance vs. Compliance35
Conformance vs. Compliance Conformance with standards is a technical termborrowed from the quality management discipline. It is not about complying with the letter of the standard. Someone who is in conformance with a standard is expectedto achieve the spirit of the standard. This is consistent with a principles-based approach ofthe IPPF36
Annual Self-Assessment Example37
Annual Self-Assessment Example38
Annual Self-Assessment Example39
Quality Initiatives Opportunities for improvement identified during the self-assessment Does not indicate nonconformance40
EXTERNAL ASSESSMENTExternal assessments must be conducted at least once every fiveyears by a qualified, independent assessor or assessment teamfrom outside the organization
External AssessmentsFrequency, Scope &Form per Standard: Once every 5 years All aspects of internalaudit activity Form-full externalassessment, or-self-assessment withindependent externalvalidationOIA’s Frequency,Scope & Form Once every 5 years All aspects of internalaudit activity, i.e., auditand consulting work asprescribed in the OIAcharter Self-assessment withindependent externalvalidation42
Qualifications of External Validator No Conflict of interestIntegrityObjectivityCompetenceTechnical expertise43
OIA Self-assessment with External ValidationCAE oversees work of the selfassessment team that: Completes planningdocumentation Performs work programs Evaluates conformancewith The IIA’s Definitionof Internal Auditing, Codeof Ethics, and Standards Produces report assessingthe conformanceconclusionExternal AssessorValidates through: Review of assessmentplanning documentation Re-perform assessmentwork program steps for asample of reports/wpsselected, analyze surveyresults, and conductinterviews with keystakeholders Assess the conformanceconclusion reported by theself-assessment team44
OIA self-assessment with external validation45
OIA Self- Assessment with External Validation46
Example of Internal Audit Process Planning Guide– A447
Example of Internal Audit Process Planning Guide– A448
Example of Internal Audit Process EvaluationGuide – D449
OIA Self-Assessment with Independent ExternalValidation Quality Assurance Report Expressed opinion on the internal audit activity’sconformance Recommendations for improvement, as appropriate CAE response to recommendations to include actionplan and implementation date50
OIA Self-Assessment with Independent ExternalValidation Quality Assurance Report51
Changes to the International Professional PracticesFramework (IPPF)Old IPPF FrameworkNew IPPF Framework52
Internal Audit Mission Statement:To enhance and protect organizational value by providing riskbased and objective assurance, advice, and insight.10 Core Principles:1.Demonstrates integrity.2.Demonstrates competence and due professional care.3.Is objective and free from undue influence (independent).4.Aligns with the strategies, objectives, and risks of the organization.5.Is appropriately positioned and adequately resourced.6.Demonstrates quality and continuous improvement.7.Communicates effectively.8.Provides risk-based assurance.9.Is insightful, proactive, and future-focused.10. Promotes organizational improvement.53
New IPPF Resources Webinar Playback – What to ExpectInternal Auditor ArticleNew GuidanceVideoFAQsPress ork.aspx54
ANY QUESTIONS OR COMMENTS?
Standard1300: Quality Assurance and Improvement Program The chief audit executive must develop and maintain a quality assurance and improvement program that covers all File Size: 2MBPage Count: 55
