INTERNAL AUDIT CHARTER
Standards for the Professional Practice of Internal Auditing
THE INSTITUTE OF INTERNAL AUDITORS
247 Maitland Avenue
Altamonte Springs, Florida 32701-4201
Copyright © 2001 by The Institute of Internal Auditors, 247 Maitland Avenue, Altamonte Springs, Florida 32701-4201. All rights rerved. Printed in the United States of America. Under copyright laws and agreements, no part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form by any means — electronic, mechanical, photocopying, recording, or otherwi — without prior written permission of the publisher. To obtain permission to translate, adapt, or reproduce any part of this document, contact: Administrator, Practices Center
The Institute of Internal Auditors
247 Maitland Avenue
Altamonte Springs, Florida 32701-4201
Phone: +1 (407) 830-7600, Ext. 256
Fax: +1 (407) 831-5171
ISBN 0-89413-454-X
October 18, 2001
Introduction
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance process.
Internal audit activities are performed in diver legal and cultural environments; within organizations that vary in purpo, size, and structure; and by persons within or outside the organization. The differences may affect the practice of internal auditing in each environment. However, compliance wit
h the Standards for the Professional Practice of Internal Auditing(Standards) is esntial if the responsibilities of internal auditors are to be met.
The purpo of the Standards is to:
1.Delineate basic principles that reprent the practice of internal auditing as it should
be.
2.Provide a framework for performing and promoting a broad range of value-added
internal audit activities.
3.Establish the basis for the measurement of internal audit performance.
4.Foster improved organizational process and operations.
The Standards consist of Attribute Standards (the 1000 Series), Performance Standards (the 2000 Series), and Implementation Standards (nnnn.Xn). The Attribute Standards address the characteristics of organizations and individuals performing internal audit activities. The Performance
Standards describe the nature of internal audit activities and provide quality criteria against which the performance of the rvices can be measured. The Attribute and Performance Standards apply to internal audit rvices in general. The Implementation Standards apply the Attribute and Performance Standards to specific types of engagements (for example, a compliance audit, a fraud investigation, or a control lf-asssment project). There is one t of Attribute and Performance Standards, however there may be multiple ts of Implementation Standards: a t for each of the major types of internal audit activity. Initially, the Implementation Standards are being established for assurance activities (noted by an "A" following the Standard number, e.g., 1130.A1) and consulting activities (noted by a "C" following the Standard number, e.g., nnnn.C1).
The Standards are part of the Professional Practices Framework. This framework was propod by the Guidance Task Force and approved by The IIA's Board of Directors in June 1999. This framework includes the Definition of Internal Auditing, the Code of Ethics, the Standards, and other guidance. The Standards incorporate the guidance previously contained in the "The Red Book," recasting it into the new format propod by the Guidance Task Force and updating it as recommended in the Task Force’s report, A Vision for the Future.
The Standards employ terms that have been given specific meanings that are included in the Glossaphenom
ry.
The Internal Auditing Standards Board is committed to extensive consultation in the preparation of the Standards. Prior to issuing any document, the Standards Board issues exposure drafts internationally for public comment. The Standards Board also eks tho with special experti or interests for consultation where necessary. The development of standards is an ongoing process. The Standards Board welcomes input from IIA members and other interested parties to identify emerging issues requiring new standards or revision to current standards. Suggestions should be nt to:
The Institute of Internal Auditors
Senior Manager Technical Services
巴拉松flaxed oil247 Maitland Ave.
Altamonte Springs, Florida 32701
考研机构费用USA
E-mail: standards@theiia
Additional guidance regarding how the Standards might be put into practice can be found in Practice Advisories that are issued by the Professional Issues Committee.
ATTRIBUTE STANDARDS
1000 – Purpo, Authority, and Responsibility
The purpo, authority, and responsibility of the internal audit activity should be formally defined in a charter, consistent with the Standards, and approved by the board.
1000.A1- The nature of assurance rvices provided to the organization should
be defined in the audit charter. If assurances are to be provided to parties
outside the organization, the nature of the assurances should also be defined in
the charter
1000.C1 - The nature of consulting rvices should be defined in the audit
charter.
1100 – Independence and Objectivity
The internal audit activity should be independent, and internal auditors should be objective in performing their work.
1110 – Organizational Independence
The chief audit executive should report to a level within the organization that
allows the internal audit activity to fulfil its responsibilities.heartbeats
1110.A1- The internal audit activity should be free from
interference in determining the scope of internal auditing,
performing work, and communicating results.
1120 – Individual Objectivity
Internal auditors should have an impartial, unbiad attitude and avoid conflicts
of interest.
1130 – Impairments to Independence or Objectivity
If independence or objectivity is impaired in fact or appearance, the details of
the impairment should be disclod to appropriate parties. The nature of the
disclosure will depend upon the impairment.
1130.A1 – Internal auditors should refrain from asssing国家线2012
specific operations for which they were previously responsible.
Objectivity is presumed to be impaired if an auditor provides
boat的音标assurance rvices for an activity for which the auditor had
responsibility within the previous year.
1130.A2 – Assurance engagements for functions over which the
chief audit executive has responsibility should be overen by a
party outside the internal audit activity.
1130.C1 - Internal auditors may provide consulting rvices
relating to operations for which they had previous
responsibilities.
1130.C2 - If internal auditors have potential impairments to
i will always be with you
independence or objectivity relating to propod consulting
rvices, disclosure should be made to the engagement client
prior to accepting the engagement.
1200 – Proficiency and Due Professional Care
Engagements should be performed with proficiency and due professional care.
1210 – Proficiency
Internal auditors should posss the knowledge, skills, and other competencies
needed to perform their individual responsibilities. The internal audit activity
collectively should posss or obtain the knowledge, skills, and other
competencies needed to perform its responsibilities.
1210.A1 - The chief audit executive should obtain competent
advice and assistance if the internal audit staff lacks the
knowledge, skills, or other competencies needed to perform all or
part of the engagement.
1210.A2 – The internal auditor should have sufficient
knowledge to identify the indicators of fraud but is not expected
to have the experti of a person who primary responsibility is
detecting and investigating fraud.
1210.C1 - The chief audit executive should decline the
consulting engagement or obtain competent advice and assistance
if the internal audit staff lacks the knowledge, skills, or other
competencies needed to perform all or part of the engagement. 1220 - Due Professional Care
Internal auditors should apply the care and skill expected of a reasonably prudent and competent internal auditor. Due professional care does not imply infallibility.
1220.A1 - The internal auditor should exerci due professional
care by considering the:
Extent of work needed to achieve the engagement's
objectives.
Relative complexity, materiality, or significance of
matters to which assurance procedures are
applied.
Adequacy and effectiveness of risk management, control,
and governance process.
Probability of significant errors, irregularities, or non-
compliance.
Cost of assurance in relation to potential benefits.
1220.A2– The internal auditor should be alert to the significant
risks that might affect objectives, operations, or resources.
However, assurance procedures alone, even when performed with
due professional care, do not guarantee that all significant risks
will be identified.
1220.C1- The internal auditor should exerci due professional
care during a consulting engagement by considering the:
Needs and expectations of clients, including the nature,
timing, and communication of engagement results.
Relative complexity and extent of work needed to achieve
the engagement’s objectives.
Cost of the consulting engagement in relation to potential
benefits.
1230 – Continuing Professional Development
Internal auditors should enhance their knowledge, skills, and other competencies through continuing professional development.
1300 – Quality Assurance and Improvement Program
The chief audit executive should develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity and continuously monitors its effectiveness. The program should be designed to help the internal auditing activity add value and improve the organization’s operations and to provide assurance that the internal audit activity is in conformity with the Standards and the Code of Ethics.
1310 – Quality Program Asssments
The internal audit activity should adopt a process to monitor and asss the
overall effectiveness of the quality program. The process should include both
internal and external asssments.
1311 – Internal Asssments
Internal asssments should include:
o Ongoing reviews of the performance of the
internal audit activity; and
o Periodic reviews performed through lf-
asssment or by other persons within the
organization, with knowledge of internal auditing
practices and the Standards.
1312 – External Asssments
External asssments, such as quality assurance reviews, should
be conducted at least once every five years by a qualified,
independent reviewer or review team from outside the
organization.
1320 – Reporting on the Quality Program
The chief audit executive should communicate the results of external
asssments to the board.
1330 – U of "Conducted in Accordance with the Standards"
Internal auditors are encouraged to report that their activities are "conducted in
accordance with the Standards for the Professional Practice of Internal
Auditing."However, internal auditors may u the statement only if asssments
of the quality improvement program demonstrate that the internal audit activity
is in compliance with the Standards.
1340 – Disclosure of Non-compliance
Although the internal audit activity should achieve full compliance with
the Standards and internal auditors with the Code of Ethics, there may be
instances in which full compliance is not achieved. When non-compliance
impacts the overall scope or operation of the internal audit activity, disclosure
should be made to nior management and the board.
PERFORMANCE STANDARDS
2000 – Managing the Internal Audit Activity
The chief audit executive should effectively manage the internal audit activity to ensure it adds value to the organization.
2010 – Planning
The chief audit executive should establish risk-bad plans to determine the
priorities of the internal audit activity, consistent with the organization's goals.
2010.A1 - The internal audit activity’s plan of engagements
should be bad on a risk asssment, undertaken at least
annually. The input of nior management and the board should
be considered in this process.
2010.C1 - The chief audit executive should consider accepting
propod consulting engagements bad on the engagement’s
potential to improve management of risks, add value, and
improve the organization’s operations. Tho engagements that
have been accepted should be included in the plan.
2020 – Communication and Approval
The chief audit executive should communicate the internal audit activity’s plans
and resource requirements, including significant interim changes, to nior
management and to the board for review and approval. The chief audit executive
should also communicate the impact of resource limitations.
2030 – Resource Management
The chief audit executive should ensure that internal audit resources are
appropriate, sufficient, and effectively deployed to achieve the approved plan.
2040 – Policies and Procedures
The chief audit executive should establish policies and procedures to guide the
internal audit activity.
2050 – Coordination
The chief audit executive should share information and coordinate activities
高中宾语从句讲解with other internal and external providers of relevant assurance and consulting
rvices to ensure proper coverage and minimize duplication of efforts.
2060 – Reporting to the Board and Senior Management
The chief audit executive should report periodically to the board and nior
management on the internal audit activity’s purpo, authority, responsibility,
and performance relative to its plan. Reporting should also include significant
risk exposures and control issues, corporate governance issues, and other
matters needed or requested by the board and nior management.
2100 – Nature of Work
The internal audit activity evaluates and contributes to the improvement of risk management, control and governance systems.
2110 – Risk Management
The internal audit activity should assist the organization by identifying and
evaluating significant exposures to risk and contributing to the improvement of
risk management and control systems.
2110.A1 - The internal audit activity should monitor and
evaluate the effectiveness of the organization's risk management
container alsystem.
