quality assurance and improvement programme guideline for
TRANSCRIPT
Ministry of FinanceDecember 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Ministry of FinanceDecember 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit
Services of RGoB
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
@CCA, Ministry of Finance, December 2019 Page i
Post Box No 117. Tel # PABX: 00975-2- 322271/322285/322223/322514/327763. Fax: 323154. www.mof.gov.bt
“Public
he stakeholders’
s’ (IIA) International
Quality Assurance and Improvement Guideline for RGoB Internal Audit Service
@CCA, Ministry of Finance, December 2019 Page i
Post Box No 117. Tel # PABX: 00975-2- 322271/322285/322223/322514/327763. Fax: 323154. www.mof.gov.bt
“Public
he stakeholders’
s’ (IIA) International
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
@CCA, Ministry of Finance, December 2019 Page iii
Table of ContentsPreface .................................................................................................................................................... v
Abbreviations .....................................................................................................................................vii
Chapter 1: About the guideline ...................................................................................................... 11.1. Background .............................................................................................................................21.2. Quality in Internal Audit ....................................................................................................31.3. Requirements and Characteristics of QAIP ...............................................................4
Chapter 2: Establishment of Quality Assurance and Improvement Programme .......... 72.1. Considerations in Developing a QAIP ..........................................................................82.2. Responsibility of QAIP ........................................................................................................92.3. Objective of the QAIP...........................................................................................................92.4. QAIP Framework ................................................................................................................ 102.5. Some International Best Practices on QAIP ........................................................... 102.6. International Standards on QAIP ................................................................................ 132.7. Components of QAIP ........................................................................................................ 14
Chapter 3: Internal Assessment ...................................................................................................173.1. Implementation of Internal Assessment ................................................................. 183.2. Benefits of Internal Assessment .................................................................................. 183.3. Ongoing Monitoring ........................................................................................................ 193.4. Periodic Self-Assessment ............................................................................................... 223.5. Considerations for Demonstrating Conformance ................................................ 27
Chapter 4: External Assessment ..................................................................................................294.1. External Assessment ........................................................................................................ 304.2. Implementation of External Assessment ................................................................ 314.3. Full External Assessment ............................................................................................... 324.4. Self-Assessment with Independent Validation ..................................................... 38
Chapter 5: Reporting and Follow-up of QAIP ...........................................................................435.1. Overview of QAIP reporting ......................................................................................... 455.2. Activities of Quality Assurance and Improvement Programme Reporting
Timelines ................................................................................................................................ 455.3. Consideration for reporting QAIP ............................................................................... 465.4. Periodic Internal Assessment Report Contents .................................................... 495.5. External Assessment Report Contents ..................................................................... 495.6. Review of the QAIP ............................................................................................................ 50
Chapter 6: Measuring Internal Audit Effectiveness and Efficiency ..................................516.1. Internal Audit Stakeholders .......................................................................................... 526.2. Measuring Internal Audit Effectiveness and Efficiency..................................... 536.3. Performance Measures / Key Performance Indicators ..................................... 536.4. Characteristics of Performance Measures: Quantitative vs. Qualitative .... 536.5. Types of Performance Measures ................................................................................. 546.6. Monitoring and Reporting of Internal Audit Effectiveness and Efficiency 596.7. Internal Audit Capability Model (IA-CM) .............................................................. 60
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
@CCA, Ministry of Finance, December 2019Page iv
Chapter 7: Measuring Internal Audit Effectiveness and Efficiency ..................................63Appendix 1: QAIP Components ...................................................................................................................... 64Appendix 2: Checklist on Ongoing Monitoring ....................................................................................... 66Appendix 3: Example of Stakeholder Survey sent after Internal Audit is completed ............ 70Appendix 4: Checklist on Periodic Self-Assessment ............................................................................. 72Appendix 5: Self-Assessment QAIP Report ............................................................................................... 78Appendix 6: Full External Assessment Reporting Template ............................................................. 79Appendix 7: Self-Assessment with Independent Validation QAIP Report .................................. 84Appendix 8: Examples of Internal Audit Effectiveness and Efficiency Metrics ......................... 86Appendix 9: Example of Reporting Internal Audit Effectiveness and Efficiency Dashboard .......................................................................................................................................................................................... 88Appendix 10: Guidance on Internal Audit Self-Assessment Methodology.................................. 89Appendix 11: Internal Audit Capability Model Matrix ......................................................................... 91Appendix 12: Internal Audit Capability Model Levels ......................................................................... 93Appendix 13: Internal Audit Maturity Assessment ............................................................................... 95Appendix 14: Standard Conformance Evaluation Summary (Table) Template ..................... 100Appendix 15: Standard Conformance Evaluation Summary Template ..................................... 101Appendix 16: Standard Rating Criteria ................................................................................................... 103Appendix 17: Checklist on External Quality Assessment ................................................................ 104Reference Material ........................................................................................................................ 153
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
@CCA, Ministry of Finance, December 2019 Page v
Preface
The RGoB has recognised the strengthening of quality assurance system of the public sector internal audit activity as a priority area. It also specified development of quality assurance guidelines as a part of “Strengthening the Effectiveness and Capacity of Internal Audit in the Royal Government of Bhutan”. The project is supported by Multi Donor Grant Funds - “Public Financial Management Multi Donor Fund (PFM-MDF) and administered by World Bank.
A critical asset for an internal audit activity is its credibility with stakeholders. As a coordinating agency for Internal Audit Service under the RGoB, the Central Coordinating Agency under Ministry of Finance must develop and maintain a Quality Assurance and Improvement Programme that covers all aspects of the internal audit activity. Chief Internal Auditor of CCA needs assurance that their internal audit activity and each internal auditor conforms to all mandatory elements of the IIA’s International Professional Practices Framework (IPPF), and they need to demonstrate this conformance to their stakeholders.
The only way to meet these expectations is with a comprehensive QAIP that comprises of conducting internal assessment for internal audit units under the RGoB including ongoing monitoring of performance, periodic internal assessments, along with external assessment conducted in IAUs every five years by a qualified and independent assessor/team from outside the organization.
The QAIP guideline is developed based on IIA’s International Professional Practices Framework (IPPF). It explains various components of QAIP such as Internal Assessment, External Assessment, Performance Monitoring of Internal Auditors, etc and how to apply these components without compromising conformance with the Standards. Particularly, it presents and discusses the 1300 series of the Standards that deal specifically with quality assurance.
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
@CCA, Ministry of Finance, December 2019Page vi
The guideline comprises 7 chapters which set out the entire requirement of implementing the effective Quality Assurance and Improvement Programme. It includes templates, a set of forms, practical examples and checklists. The structure of the Quality Assurance and Improvement Programme guideline is as follows: -
This guideline will fulfil the objectives and demonstrates the commitment of RGoB to improve the Internal Audit services in the country. The RGoB hopes that users will find it valuable for establishing and / or improving the quality assurance and improvement programme for internal auditing in the public sector.
This guideline will bring out a uniform procedure for quality assurance in the Internal Audit which will help in achieving the objectives of Internal Audit. Users of this guideline are expected to have a comprehensive understanding of the International standards on Internal Audit and guidelines, policies & procedures, regulations and rules as issued by the Internal Audit Services of RGoB.
The guideline is designed to be flexible and unrestrictive. The Internal Auditors are encouraged to exercise professional judgment where they face any difficulty in understanding or complying with the guideline, and then seek appropriate clarifications or assistance from CCA.
The Central Coordinating Agency for Internal Audit Services is expected to keep updating this guideline regularly and incorporate any suggestions or modify the contents of the guideline as and when required.
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
@CCA, Ministry of Finance, December 2019 Page vii
AbbreviationsAbbreviations Full FormACC Anti-Corruption Commission AMS Audit Management SystemAuditCom Audit CommitteeBGIAS Bhutan Government Internal Audit StandardCAAT Computer Assisted Audit TechniquesCCA Central Coordinating AgencyCGA Controller General of IndiaCIA Chief Internal AuditorCOA Commission on AuditCPE Continuing Professional EducationCSA Control Self-AssessmentDBM Department of Budget and ManagementDNC Does not ConformDS Department SecretaryEU European UnionGAIT Guides to the Assessment of IT RiskGB Governing BoardGC Generally ConformsGG Good GovernanceGTAG Global Technology Audit GuidesHoA Head of AgencyHoIA Head of Internal AuditIA Internal Audit / Internal AuditorIA-CM Internal Audit Capability ModelIAS Internal Audit ServiceIAU Internal Audit UnitIAW Internal Audit WingIIA Institute of Internal AuditorIPPF International Professional Practices FrameworkISPPIA International Standards for the Professional Practice of Internal AuditingIT Information TechnologyKPI Key Performance IndicatorMoF Ministry of FinanceNICF National Internal Control FrameworkPC Partially ConformsQAIP Quality Assurance and Improvement ProgrammeRAA Royal Audit AuthorityRGoB Royal Government of Bhutan
CH
AP
TE
R 1
Page viii @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
CH
AP
TE
R 1
Page 1 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
1 About the guideline
CH
AP
TE
R 1
Page 2 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Chapter 1: About the guideline
1.1 Background
The Internal Audit Service was first instituted in the Royal Government of Bhutan with seventeen internal auditors spread across seven ministries in the year 2000 ensuing the Good Governance initiatives undertaken by the Government. The IA service was further reinforced and the 86th session of National Assembly, June 2007, passed a resolution to have internal auditors in all Dzongkhags. The Public Finance Act came into force in the year 2007. With the enactment of the Public Finance Act 2007, the responsibility of administering the Internal Audit service was vested to the Ministry of Finance. Accordingly, MoF established the Central Coordinating Agency (CCA) in the year 2010.
The Ministry of Finance in keeping with the principle of transparency, accountability, efficiency and professionalism enunciated in the GG Plus (2005), published the National Internal Control Framework (NICF) in December 2013. As part of paradigm shift in the internal audit approach based on the NICF document, theme-based audit approach was also initiated from the fiscal year 2015-16. In order to ensure that the internal audit services are provided in a professional manner and in accordance with best international practices, the Ministry of Finance adopted the International Professional Practices Framework (IPPF), issued by the Institute of Internal Auditors to regulate the work of the IAS. Accordingly, they issued Internal Audit guidelines and Standards in line with the IPPF framework.
The expansion of scope and reach of internal auditing requires that Internal Auditors demonstrate high level of credibility to the stakeholders. The Chief Internal Auditor (CIA) needs assurance that their internal audit activity and each member of their staff conforms to all mandatory elements of the IPPF, and they need to demonstrate this conformance to their stakeholders. Further, the IPPF was recently updated in the year 2017 and it states that evaluating risk management and governance processes is much more challenging and meaningful than control alone. It requires internal audit to operate at a higher, more strategic level. To operate at this level, internal auditors need a higher level of credibility with their stakeholders.
The requirements and characteristics of quality in an internal audit activity are defined by the IPPF, which includes mandatory and recommended guidance, all provided within the context of the Mission of Internal Audit as defined in the IPPF. Further, the Internal Auditing Standards and the Manual of RGoB require the implementation of a Quality Assurance and Improvement Programme (QAIP) to ensure conformance with the Definition of Internal Audit, the Code of Ethics for Internal Auditors and the Auditing Standards. The only way to meet these is with a comprehensive quality assurance and improvement programme (QAIP) that includes ongoing monitoring of performance, periodic internal assessments, external assessments conducted by a qualified, independent assessor or assessment team from outside the organization, and communication of the results.
CH
AP
TE
R 1
Page 3 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
1.2 Quality in Internal Audit
Quality in internal audit is guided by both an obligation to meet stakeholder expectations as well as professional responsibilities inherent in conforming to the Standards. Quality in internal audit begins with the structure and organization of the audit activity. The QAIP should measure whether internal audit is meeting its own objectives, as well as those of the broader organization.
Internal Auditing Standards 1300 through 1312 on Internal Audit issued by IIA specifically require the Chief Internal Auditor to develop a QAIP, incorporating both internal (self) assessments and external assessments. However, beyond these specific standards, internal audit as a profession should maintain a formal and structured approach to quality. This includes operating with proficiency and due professional care, undertaking continuing professional development, and conforming to a set of recognized standards.
Under the QAIP, an internal audit activity need not assess whether each individual engagement conforms to the Standards or not. Rather, engagements should be undertaken in accordance with an established methodology that promotes quality and, by default, conformance with the Standards.
Building an effective QAIP is similar to establishing a total quality management programme where products and services are analyzed to verify that they meet stakeholder expectations, operations are evaluated to determine their efficiency and effectiveness, and practices are assessed to confirm their conformance to the standards. Maintaining an effective QAIP also requires leaders who are responsible for setting the proper tone in support of quality and continuous improvement.
The internal audit activity should consider all mandatory and recommended guidance elements of the IPPF to ensure that:
It is understood that through conformance with the Standards and the Code of Ethics, the internal audit activity also achieves alignment with other mandatory elements of the IPPF.
Stakeholder satisfaction defined by expected and preferred internal audit deliverables that produce value for the organization.
Operational effectiveness achieved by building quality “into” internal audit processes. Preventing mistakes is generally less costly than correcting mistakes.
Continuous improvement of internal audit activities accomplished through quality initiatives identified during the quality assessment process.
Management commitment to provide resources and tools necessary for a QAIP to succeed. Participation is expected by all members of the internal audit activity.
Key Tips:For the internal audit profession, it is important to ensure that internal audit activities maintain the highest possible standards of service delivery to the organizations they support. The IIA established the IPPF to guide the internal audit profession, and the mandatory elements of the IPPF—supported by recommended guidance—are the foundation for developing an internal audit activity’s QAIP.
CH
AP
TE
R 1
Page 4 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
1.3 Requirements and Characteristics of QAIP
The requirements and characteristics of quality in an internal audit activity are defined by the IPPF, which consists of mandatory and recommended guidance, all provided within the context of the Mission of Internal Audit as defined in the IPPF. The Ministry of Finance has developed and issued Bhutan Government Internal Audit Standards contextualizing both Attributes and Performance Standards to the local requirements without undermining the integrity of the mandatory elements of the International Professional Practices Framework (IPPF).
Figure 1: IIA, International Professional Practices Framework
1.3.1 Mandatory Guidance
Mandatory guidance is considered essential for the professional practice of internal auditing. It consists of four elements:
Core Principles: The Core Principles for the Professional Practice of Internal Auditing are the foundation of the IPPF and support internal audit effectiveness.
Definition of Internal Auditing: The Internal Audit in Bhutan adopted the definition of Internal Audit as issued by IIA and accordingly developed their guidelines and policies. “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
Code of Ethics: The Principles and Rules of Conduct of the Code of Ethics define ethical behavior for a professional internal auditor. The Internal Audit Charter and Internal Audit Code of Ethics issued by the Ministry of Finance are in line with the IPPF framework.
CH
AP
TE
R 1
Page 5 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Standards: The Standards are the central criteria that define the attributes and characteristics of performance for an internal audit activity, including the requirements for a QAIP. The Ministry of Finance has issued Bhutan Government Internal Audit Standards contextualizing both Attributes and Performance Standards to the local requirements without undermining the integrity of the mandatory elements of the International Professional Practices Framework (IPPF). The objectives of the BGIAS are to:● Establish a framework for providing internal audit service under the Royal
Government of Bhutan.● Establish basis for evaluation of internal audit performance.
1.3.2 Recommended Guidance
Recommended guidance describes practices for the effective implementation of the Core Principles, the Definition of Internal Audit, the Code of Ethics, and the Standards. It helps internal auditors to understand and apply the Standards, may provide insights into going beyond conformance to a higher level of value addition or may help in addressing issues of concern not related to a specific standard. It consists of two elements:
Implementation Guidance: Implementation Guides exist for each standard. They are intended to provide guidance to internal audit practitioners with regard to conformance with the Standards.
Supplemental Guidance: Supplemental guidance provides detailed guidance for conducting internal audit activities. Supplemental guidance includes topical areas, sector-specific issues, as well as processes and procedures, tools and techniques, programs, step-by-step approaches, and examples of deliverables. Examples of supplemental guidance currently include Practice Guides, Global Technology Audit Guides (GTAGs), and Guides to the Assessment of IT Risk (GAIT).
CH
AP
TE
R 2
@CCA, Ministry of Finance, December 2019Page 6
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
CH
AP
TE
R 2
@CCA, Ministry of Finance, December 2019 Page 7
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
2Establishment of Quality Assurance and Improvement Programme
CH
AP
TE
R 2
@CCA, Ministry of Finance, December 2019Page 8
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Chapter 2: Establishment of Quality Assurance and Improvement Programme
ISPPIA 1300 - Quality Assurance and Improvement Programme
The chief audit executive must develop and maintain a quality assurance and improvement programme that covers all aspects of the internal audit activity.
Interpretation:
A quality assurance and improvement programme is designed to enable an evaluation of the internal audit activity’s conformance with the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The programme also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement. The chief audit executive should encourage board oversight in the quality assurance and improvement programme.
ISPPIA 1310 - Requirements of the Quality Assurance and Improvement Programme
The quality assurance and improvement programme must include both internal and external assessments.
The QAIP should encompass all aspects of operating and managing the internal audit activity—including consulting engagements—as found in the mandatory elements of the IPPF. Through conformance with the Standards and the Code of Ethics, the internal audit activity also achieves alignment with the Definition of Internal Audit and the Core Principles.
The CIA must develop and maintain QAIP that covers all aspects of the internal audit activity.
Elements of QAIP includes: A scope that includes all aspect of the IA activity, An evaluation of conformance with Standards & Code of Ethics, An assessment of the efficiency and effectiveness of Internal Audit activity, The identification of opportunities for continuous improvement. Involvement by the senior management (in case of Bhutan - Secretary of Finance) in
oversight of QAIP.
2.1 Considerations in Developing a QAIP
There are numerous ways to develop a QAIP, and the design should be appropriate to the size, structure, and nature of the internal audit activity. A key aspect to developing a QAIP is to determine:
The role of internal audit management and staff in the quality process.
The activities that are covered through ongoing monitoring, periodic self-assessment, or external assessments.
The frequency of self-assessments and external assessments.
The level of quality, or maturity, desired by the internal audit activity and expected by its stakeholders.
CH
AP
TE
R 2
@CCA, Ministry of Finance, December 2019 Page 9
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
2.2 Responsibility of QAIP
According to auditing standards, the CIA is responsible for developing and maintaining a quality assurance improvement programme (QAIP) so as to provide reasonable assurance to the stakeholders that the internal audit activity:
Performs in accordance with the Internal Audit Charter, which is consistent with the Definition of Internal Auditing, the Code of Ethics, and the Standards.
Operates in an effective and efficient manner. Is perceived by the stakeholders as adding value and improving the organization’s
operations.
Internal auditors, as professionals, should be committed to delivering quality services. Allocating specific responsibilities for developing, delivering, and monitoring the QAIP will vary for each internal audit activity. Regardless, these accountabilities should be articulated in audit planning documentation to allow for the allocation of appropriate resources, as well as within the documented QAIP. Responsibility for specific QAIP activities should take into account the qualifications and experience of staff. It is important that all staff members are fully acquainted with the QAIP, and that specific staff members responsible for activities, such as periodic self-assessments, have appropriate credibility and authority within the internal audit activity.
2.3 Objective of the QAIP
The objective of the QAIP is to assess the internal audit activity, identify weaknesses and opportunities and make recommendations for the improvement of its effectiveness and efficiency. The assessments are focused on determining the internal audit activities:
It enables an evaluation of: Conformance with the Definition of Internal Auditing, the Code of Ethics, and
Standards. Adequacy of the charter, goals, objectives, policies, and procedures. Integration into the governance, risk management and control environment of the
entity. Compliance with applicable laws, regulations, and government or industry
standards. Contribution to the organization’s governance, risk management, and control
processes. Meeting the expectations of the Chief Executive, senior management and other
stakeholders, particularly in adding value and improving the organizations operations.
Efficiency and effectiveness in performing its mandate and has processes to facilitate continuous improvement, including adoption of best practices.
Effectiveness in staff development and the adoption of new audit methodologies and techniques.
CH
AP
TE
R 2
@CCA, Ministry of Finance, December 2019Page 10
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
2.4 QAIP Framework
The framework for embedding quality assurance and continuous improvement into an internal audit activity considers three separate activities or sections within an internal audit activity: governance, professional practice, and communication. These activities are discussed further in Appendix 1: QAIP Components.
The QAIP framework assumes that quality is built in to (and not on to) the structure of the internal audit activity and that quality assessments are undertaken over the entire activity. As per the Standards, quality assessments take the form of ongoing monitoring, periodic self-assessment, and external assessment.
In order to assess that the internal audit activity has quality assurance and continuous improvement program embedded into the system, the QAIP Framework should cover at least the mandatory common elements, which are:
Coverage of the entire audit universe; Evaluation of conformance with the Definition of Internal Auditing, the Code of
Ethics, and the Standards; Assessment of the efficiency and effectiveness of the internal audit activity; and Identifying opportunities for improvement and involving senior management in
oversight of QAIP.
Figure 2: Quality Assurance and Continuous Improvement Program (QAIP) Framework
2.5 Some International Best Practices on QAIP
A quality assurance and improvement programme supports the conduct of internal audits that effectively and consistently result in value-addition to the internal audit functions. Some of the international best practices on QAIP followed by other countries
CH
AP
TE
R 2
@CCA, Ministry of Finance, December 2019 Page 11
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
2.5.1 India: Public Sector Internal Audit function in Central Civil Ministries / Departments
The quality assurance function followed in in Central Civil Ministries / Departments is summarized below:
S. No.
Control Element Control Objective SourceAssurance
Level1 Professionalism
(Due Care)Individual Auditor’s Work
Individual Individual Auditor
2 Supervisory Review
Engagement Supervisor within Line of responsibility
Audit Function Management
3 Internal Review Aggregate of Engagements or divisional Offices or Autonomous Audit Units
Supervisor/Peer Outside Line of Responsibility
Chief Audit Executive
4 External Review Audit Function as a whole
Qualified persons from Outside the Ministry/Department
Audit Committee
The primary quality assurance activities in public sector Internal Audit function in India includes training workshops and seminars, feedback from users of audit services, peer review and external reviews. The main objective of self-assessment, peer review and external reviews is to improve audit quality as a whole. While self-assessment is the responsibility of the Chief Audit Executive, peer reviews is conducted by members of IAWs of Ministries/Departments. External reviews are done by O/o CGA or outsourced reviewers from the IIA and comprise an examination of the audit plan, working papers, related audit report and follow-up activities and may be performed either prior to reports being finalized or at any time after they have been finalized. The deficiencies noted are rectified timely manner.
2.5.2 Philippines: Public Sector Internal Audit function
The Philippines government internal audit function has Internal chapter on Internal Audit Performance Monitoring and Evaluation as a part of their internal audit manual which covers the quality assurance mechanisms in public sector internal audit function. The public sector IA function of Philippines government is periodically assessed for performance and addressing opportunities for improvement which can help maximize the efficiency and effectiveness of the internal audit function. Following is the key activities of Philippines government IA function under Internal Audit Performance Monitoring and Evaluation:
The DS/HoA or GB/AuditCom is responsible for periodically reviewing the performance of the internal audit. They also approve the performance indicators used for Internal Audit Performance Monitoring and Evaluation.
Performance Monitoring by the Head of Internal Audit: The Head of IA have the responsibility over the performance and discipline of the IA staff. Head of IA directs the conduct of audit progress assessment based on a monitoring plan utilizing KPIs and conduct two types of performance monitoring, as follows: ● Review of Progress Assessment Report: It focuses on whether or not,
Audit objectives are met, Findings and recommendations are based on facts
CH
AP
TE
R 2
@CCA, Ministry of Finance, December 2019Page 12
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
and substantial evidence, auditing standards are followed properly, Findings and recommendations promote the adequacy of internal control pursuant to applicable rules and regulations and High standards of ethics and efficiency of public officials and employees are observed pursuant to applicable rules and regulations. The Report is subject to the approval of the HoIA and audit team leaders ensures that audit engagements are assessed at the stage before exit conference.
● Review of Completion Assessment Report: It focuses on the Overall effectiveness and efficiency of the IAS/IAU in accordance with applicable rules and regulations, Findings and recommendations should be based on facts and substantial evidence, application of auditing standards, Findings and recommendations promote the adequacy of internal control pursuant to applicable rules and regulations and High standards of ethics and efficiency of public officials and employees are observed pursuant to applicable rules and regulations. The Report is subject to the approval of the HoIA and audit team leaders ensures that audit engagements are assessed at the conclusion of the activity.
Performance Evaluation by the DS/HoA or GB/AuditCom: The Secretary has the power for supervision and control of the Department. The IAS/IAU is an integral part of the Department which provides assistance to the DS/HoA or GB/AuditCom and performs functions delegated by the DS/HoA or GB/AuditCom. Work performance of the IAS/IAU is evaluated by the DS/HoA or GB/AuditCom as part of supervision and control. They monitor and evaluate the performance of the IAS/IAU either through: ● Review of the Internal Audit Report: During the review of the Internal
Audit Report submitted by IAU/IAS, the DS/HoA or GB/AuditCom ensures the following:- The internal auditing standards are adhered while performing IA
engagement.- All audit findings are formulated based on the 4Cs (criteria, condition,
conclusion, cause).- Findings are supported by sufficient audit evidence and the quantum of
evidence required to support an audit finding is substantial evidence. - Its recommendations are feasible, cost-effective and cost-efficient, find
sufficient basis in law, evidence-based and classified.- The audit risk and limitations are properly highlighted in the audit report
that may affect the conduct of the audit and may expose the organization to considerable risks.
● Review of the IAS/IAU Performance Report: At the close of every fiscal year, the DS/HoA or GB/AuditCom shall review the performance of the IAS/IAU through the various reports/outputs (i.e., baseline assessment report, assessment of control significance and materiality and control risk report, assessment of internal audit risk report, annual audit plan, audit engagement report, audit follow-up report and performance monitoring evaluation report) that are submitted to their office.
Oversight over IAS/IAU: In addition to the performance monitoring and evaluation conducted by the HoIA and the DS/HoA or GB/AuditCom, oversight functions over the IAS/IAU are also performed by the COA and the DBM.
CH
AP
TE
R 2
@CCA, Ministry of Finance, December 2019 Page 13
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
2.5.3 European Countries: Public Sector Internal Audit function
In accordance with Discussion paper no. 3 on Public Internal Control Systems in the European Union on Quality Assurance for Internal Audit (Ref. 2014-3), most of the members countries public sector Internal Audit function bases itself on the standards for the Professional Practice of Internal Auditing (part of the IIA’s International Professional Practices Framework – IPPF). In some countries, these internationally recognized standards are directly applicable in national legislation, while others have incorporated them into their national standards. Consequently, the basic IA standards referred to in this paper are these IPPF Standards. The IIA Standards on QAIP stress on the importance of quality assurance and improving IA, but which of the various approaches is actually taken depends on the level of maturity of the IA function.
In most of the countries, the Standards on Quality Assurance and Improvement issued by the Institute of Internal Auditors (IIA) is the starting point for development of QAIP framework for internal audit function. The QAIP practice followed by Internal Audit functions of Civil Ministries / Departments and most of EU countries are in line with IIA standards on QAIP. The process of monitoring and evaluation of Internal Audit functions of Philippines government is also based on the IPPF framework which requires to development of KPI by adopting appropriate indicators, implementing a rigorous performance measurement regime and acting on the results, can thus encourage acceptance of IA role within the organization. Further, the QAIP process in the above countries internal audit function is given in a chapter forming part of Internal Audit Manual issued by respective authority.
2.6 International Standards on QAIP
The Ministry of Finance has developed and issued Bhutan Government Internal Audit Standards contextualizing both Attributes and Performance Standards to the local requirements without undermining the integrity of the mandatory elements of the International Professional Practices Framework (IPPF). The standards are discussed in detail in subsequent chapters. The following International Standards for the Professional Practice of Internal Auditing (Standards) are relevant to the development of a QAIP:
CH
AP
TE
R 2
@CCA, Ministry of Finance, December 2019Page 14
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Figure 3: International Standards for the Professional Practice of Internal Auditing issued by IIA
2.7 Components of QAIP
A comprehensive QAIP normally includes three components as follows: Ongoing supervision and monitoring of quality assurance by the CIA and senior
auditors. Periodic internal assessments of the internal audit activities. Periodic external assessments of the internal audit activities and validation of
conformance with the Standards.
Figure 4: Component of QAIP
CH
AP
TE
R 2
@CCA, Ministry of Finance, December 2019 Page 15
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
To achieve comprehensive coverage of all aspects of the internal audit activity, a QAIP must effectively be applied at three fundamental levels (or perspectives):
2.7.1 Internal Audit Engagement Level (self-assessment at the audit, engagement, or operational level):
The engagement supervisor (either a Senior Internal Auditor or the CIA) is responsible for providing assurance that:
Appropriate processes have been used to translate audit plans into specific, appropriately resourced audit engagements.
Planning, fieldwork conduct, and reporting/communicating results conform to the Definition of Internal Auditing, the Code of Ethics, and the Standards.
Appropriate mechanisms are established and used to follow-up management actions in response to audit recommendations.
Post-engagement client surveys, lessons learned, self-assessments, and other mechanisms to support continuous improvement are completed.
2.7.2 Internal Audit Activity Level (self-assessment at the internal audit activity or organizational level):
The CIA is responsible for providing assurance that: Written policies and procedures, covering both technical and administrative
matters, are formally documented to guide audit staff in consistent conformance with the Definition of Internal Auditing, the Code of Ethics, and the Standards.
Audit work conforms to written policies and procedures. Audit work achieves the general purposes and responsibilities described in the
internal audit charter. Audit work conforms to the Definition of Internal Auditing, the Code of Ethics, and
the Standards. Internal audit work meets stakeholder expectation. The internal audit activity adds value and improves the organization’s operations. Resources for the internal audit activity are efficiently and effectively utilized.
2.7.3 External Perspective (independent external assessment of the entire internal audit activity including individual engagements):
The CIA must ensure that the internal audit activity undergoes an external assessment (either an independent external assessment or a self-assessment with independent validation), at least once every five years by an independent assessor or assessment team from outside the organization that is qualified in the practice of internal auditing as well as quality assessment process.
External assessors express an opinion on the entire spectrum of assurance and consulting work performed (or that should have been performed) by the internal audit activity, including its conformance with the Definition of Internal Auditing, the Code of Ethics, and the Standards. Assessors also conclude on the efficiency and effectiveness of the internal audit activity in following its charter and meeting the expectations of stakeholders.
CH
AP
TE
R 3
Page 16 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
CH
AP
TE
R 3
Page 17@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
3 Internal Assessment
CH
AP
TE
R 3
Page 18 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Chapter 3: Internal Assessment
ISPPIA 1311 – Internal assessments
Internal assessments must include: Ongoing monitoring of the performance of the internal audit activity; and Periodic self-assessments or assessments by other persons within the organization
with sufficient knowledge of internal audit practices.
Interpretation:
Ongoing monitoring is an integral part of the day-to-day supervision, review, and measurement of the internal audit activity by the Internal Auditors of IAUs. The Internal Auditors of IAUs should incorporate ongoing monitoring into the routine policies and practices used to manage the internal audit activity and uses processes, tools, and information considered necessary to evaluate conformance with the Code of Ethics and the Standards.
Periodic self-assessments are conducted to evaluate conformance with the Code of Ethics and the Standards. The Chief Internal Auditor of IAU/CCA and senior Internal Auditor of IAUs should have sufficient knowledge of internal audit practices which requires at least an understanding of all elements of the International Professional Practices Framework to conduct an effective periodic self-assessment.
As Standard 1311 indicates, the Chief Internal Auditor is responsible for ensuring that the internal audit activity conducts an internal assessment that includes both ongoing monitoring and periodic self-assessments. Internal assessments validate that the internal audit activity continues to conform with the International Standards for the Professional Practice of Internal Auditing (Standards) and the Code of Ethics. The Chief Internal Auditor understands that the internal assessments focus on continuous improvement of the internal audit activity and involve monitoring its efficiency and effectiveness.
3.1 Implementation of Internal Assessment
The two parts of internal assessments, ongoing monitoring and periodic self-assessments, provide an effective structure for the internal audit activity to continuously assess its conformance with the Standards and check whether internal auditors of IAU apply the Code of Ethics or not. Additionally, the Internal Auditors of IAU may allow for identification of opportunities for improvement.
3.2 Benefits of Internal Assessment
Following are the key benefits of an internal assessment: Continuous Improvement; Becoming more forward-looking in approach and experiencing greater alignment
with Internal Audit activity’s strategies and objectives; Enhanced Internal Audit productivity by eliminating non-value-added activities; Improved Internal Audit staff morale due to the focus on process improvement; Greater adaptability in implementing incremental changes resulting in greater
responsiveness to stakeholders’ expectations.
CH
AP
TE
R 3
Page 19@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
3.3 Ongoing Monitoring
The most important method for continuously assessing quality is management oversight of internal audit work. Adequate monitoring from the beginning to the end of the engagements is a fundamental element of a QAIP. The objective of ongoing monitoring is to be achieved by CIA or Internal Auditors of IAUs through continuous activities such as proper engagement planning and supervision, standardized work practices, workpaper procedures and signoffs, report reviews, as well as identification of any weaknesses or areas in need of improvement and action plans to address them. Ongoing monitoring helps the Internal Auditors/Chief Internal Auditor of IAUs to determine whether internal audit processes are delivering quality on an engagement-by-engagement basis.
Ongoing monitoring provides assurance that the processes in place are working effectively to ensure quality is delivered on an audit-by-audit basis. It is primarily achieved through continuous monitoring activities. The ongoing monitoring element of the QAIP would primarily address conformance with the following Standards since they are intended to address quality on an audit-by-audit basis and relate primarily to engagement activities:
ISPPIA 2200- Engagement Planning ISPPIA 2300- Performing the Engagement ISPPIA 2400- Communicating Results ISPPIA 2500- Monitoring Progress
3.3.1 Some Important facts about Ongoing Monitoring
In addition to validating conformance with the Standards, ongoing monitoring may identify opportunities to improve the internal audit activity. In such cases, the CIA typically addresses these opportunities and may develop an action plan. Results of ongoing monitoring should be reported to the Chief Internal Auditor at least annually, as required by Standard 1320 – Reporting on the Quality Assurance and Improvement Programme.
Figure 5: Ongoing Monitoring Reporting Aspects
CH
AP
TE
R 3
Page 20 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
The Deming Cycle (or Plan-Do-Check-Act cycle) provides a possible structure in establishing the QAIP. An internal auditor needs to apply the Deming Cycle to the ongoing monitoring portion of the QAIP. The steps in the Deming Cycle are as follows:
Plan means establishing expectations for operating a process to meet specific objectives, goals, or deliverables.
Do means executing the process and collecting data for analysis and follow-up in the Check and Act steps of the cycle.
Check is the step where actual results are compared to expected outcomes and differences are analyzed.
Act is where feedback is provided to the operators of the process to reinforce expectations established in the previous Plan step. It is in this step that improvements to the process are identified and implemented.
Figure 6: Example of Deming Cycle to the ongoing monitoring
Note: The above examples are for illustrative purpose and reference only and are not intended as a comprehensive or complete list of activities. The actual deeming cycle at respective Internal Audit unit may vary.
Key Tips:
Generally, ongoing monitoring occurs routinely throughout the year via the implementation of standard work practices. To facilitate this, the CIA of CCA may develop templates for internal auditors to use throughout engagements, ensuring consistency in the application of the Standards.
Adequate supervision is a fundamental element of any quality assurance and improvement programme (QAIP). Supervision begins with planning and continues throughout the performance and communication phases of the engagement. Adequate supervision is ensured through expectation-setting, ongoing communications among internal auditors throughout the engagement, and workpaper review procedures, including timely sign-off by the individual responsible for supervising engagements.
CH
AP
TE
R 3
Page 21@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
ISPPIA 2340 – Engagement Supervision provides further guidance on internal audit supervision
The ongoing monitoring applies to all assurance and consulting assignments and should achieve the objectives described in Standard 2340 – Engagement Supervision which states,
“Engagements must be properly supervised to ensure objectives are achieved, quality is assured, and staff is developed.”
This standard also requires that appropriate evidence of supervision is documented and retained. This documentation provides assurance that ongoing monitoring is incorporated into the routine policies and practices that are used to manage the internal audit activity. In other words, a quality review must be performed for each engagement. This review provides an opportunity for ongoing evaluation, coaching, and feedback for each auditor assigned to the engagement.
3.3.2 Mechanisms of Ongoing Monitoring
The mechanisms commonly used for ongoing monitoring include: Checklists or automation tools to provide assurance on internal auditors’
compliance with established practices and procedures and to ensure consistency in the application of performance standards. Refer Appendix 2 for checklist on Ongoing Monitoring for details.
Feedback from internal audit clients and other stakeholders regarding the efficiency and effectiveness of the internal audit team. Feedback may be solicited immediately following the engagement or on a periodic basis (e.g., semi-annually or annually) via survey tools or conversations between the CIA and management. Refer Appendix 3 for example of Stakeholder Survey sent after Internal Audit is completed for details.
Staff and engagement key performance indicators (KPIs), such as the number of certified internal auditors on staff, their years of experience in internal auditing, the number of continuing professional development hours they earned during the year, timeliness of engagements, and stakeholder satisfaction.
Other measurements that may be valuable in determining the efficiency and effectiveness of the internal audit activity. Measures of project budgets, timekeeping systems, and audit plan completion may help to determine whether the appropriate amount of time is spent on all aspects of the audit engagement. Budget-to-actual variance can also be a valuable measurement to determine the efficiency and effectiveness of the internal audit activity.
The IT application such as Audit Management System can also support Internal Auditors of IAU or CIA to perform ongoing monitoring of Internal Audit activity. The AMS is a work flow which contains the entire life cycle of the Internal Audit starting from planning, execution, and reporting to monitoring. Hence, IA of IAU can perform the Ongoing Monitoring with the use of AMS. Following are the activities of ongoing monitoring that can be monitored in AMS:
Engagement Planning (ISPPIA 2200): The AMS has functionality of setting the risk parameters for whole of the audit universe of a government agency. The risk parameters can be ranked in terms of high, medium or low. The audit units can
CH
AP
TE
R 3
Page 22 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
be selected based on audit-risk ranking. This activity is considered as risk-based selection of audit units. It can be monitored through AMS, whether Internal Auditor has given due consideration while identifying the risk parameters by assigning suitable weights whether Internal Auditor has selected the audit unit based on results of AMS risk ranking , and whether the annual plan prepared are through the risk ranking shown by AMS or based on deviations, if any..
The Audit Engagement letter can be prepared and sent through AMS to respective audit units. It can be monitored whether all the engagement letters are sent through AMS. The progress of audit planning can also be monitored in AMS (for example, status on which of the planned audits have been initiated and engagement letter sent to audit units). Further, it can be used to identify whether the engagement letter contains audit objective, audit scope, tentative work programme, etc. as required by the ISPPIA 2210 – Engagement Objectives, ISPPIA Engagement Scope, ISPPIA 2240 – Engagement Work Programme.
Performing Engagement (ISPPIA 2300): The IA can perform the audit, maintain a daily diary, issue audit memos and fill checklist (i.e. documenting audit unit response) through AMS. The audit unit can view the number of audit memos issued and provide responses to the auditor with documentary evidence. The ongoing monitoring includes review of the process of reporting the audit memo and the basis of dropping the audit observation. The AMS contains a log on number of audit memos issued along with the number of audit memos converted to audit paras. This trail will help auditors in monitoring whether sufficient and appropriate response has been obtained, which let the auditor to believe that the observations should or should not be reported.
Communicating Results (ISPPIA 2400): The proposed AMS system has functionality of preparing audit reports from the AMS itself. This will help in achieving standardization. The report should be based on 5 Cs. i.e. Criteria (what should be), Condition (the current state), Cause (the reason for the difference), Consequence (effect) and Corrective action plans/recommendations. During ongoing monitoring, the auditor can review whether the reporting has been done on the basis of 5 Cs or not. The auditor can also monitor from AMS if all the observations from audit memos for which sufficient and appropriate evidence was not provided has been reported as audit para in the audit report. This can be done by comparing the number of audit paras with the number of audit memos not rejected and selected as “reported as audit para” in the system.
Monitoring Progress (ISPPIA 2500): Through AMS the CIA/IA of IAU can monitor the progress of audit, determine the current stage of audit, status of audit para compliance and identify the audits due in next month / quarter. Through the dashboard the auditor can monitor the number of audit recommendations implemented, identify which has most of the observations, and which amongst them are the repetitive observations. All these shall help in monitoring the audit and develop an action plan for an efficient and effective internal audit.
3.4 Periodic Self-Assessment
Periodic self-assessments have a different focus than ongoing monitoring in the sense that they generally provide a more holistic, comprehensive review of the Standards and the internal audit activity. In contrast, ongoing monitoring is generally focused on reviews conducted at the engagement level. Additionally, periodic self-assessments address
CH
AP
TE
R 3
Page 23@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
conformance with every standard, whereas frequent ongoing monitoring is more focused on the performance standards at the engagement level.
Periodic self-assessments should be conducted by Chief Internal Auditor or Senior Internal Auditor of the IAU/CCA. A dedicated quality assurance team or individual within the internal audit activity who has extensive experience with the International Professional Practices Framework (IPPF), Certified Internal Auditors, or other competent internal audit professionals may be assigned.
Key Tips:
Periodic self-assessments may be conducted by a Senior Internal Auditor/CIA of IAU / Chief Internal Auditor or by other persons within the organization with sufficient knowledge of internal audit practices, specifically the Standards and Code of Ethics.
3.4.1 Some Important facts about Periodic Self-Assessment
Figure 7: Periodic Self-Assessment Reporting Aspects
3.4.2 Focus of Periodic Self-Assessment
The internal audit activity conducts periodic self-assessments to validate its continued conformance with the Standards and Code of Ethics and to evaluate:
Conformance with the internal audit charter and the IIA’s Definition of Internal Auditing;
The quality of the audit work, including adherence to the internal audit methodology for selected engagements;
The quality of supervision; The adequacy and appropriateness of internal audit policies and procedures; The way the internal audit function adds value; The achievement of key performance standards/indicators; The degree to which stakeholder expectations are met.
CH
AP
TE
R 3
Page 24 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
The periodic self-assessment elements of QAIP address conformance with the following Standards:
Figure 8: Periodic Self-Assessment element of QAIP
Refer Appendix 4 checklist on Periodic Self-Assessment to assess each of the above standards.
Refer Appendix 10 Guidance on Internal Audit Self-Assessment Methodology.
The periodic self-assessment should also assess results of ongoing monitoring. Applying the Deming Cycle to these additional elements of the QAIP might look like:
Figure 9: Example of Deming Cycle to the Periodic Self-Assessment
Note: The above examples are for illustrative purposes and reference only and are not intended as a comprehensive or complete list of activities. The actual deeming cycle at respective Internal Audit unit may vary.
CH
AP
TE
R 3
Page 25@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Following a periodic self-assessment, where appropriate, the CIA of CCA may develop an action plan to address opportunities for improvement. This plan should include proposed timelines for actions. Results of periodic self-assessments, which indicate the internal audit activity’s level of conformance with the Standards and Code of Ethics, must be communicated to the board upon completion, as required by Standard 1320.
Example
Case Study 1While performing periodic-self assessment of one of the IAUs at Ministry, CIA comes across a situation where he/she finds that the Internal Audit staff member is not aware of due professional care standards (e.g. extent of work needed to achieve the engagement’s objectives, use of technology-based audit and data analysis techniques, cost of assurance in relation to potential benefits as required by Standard 1220). What would you Recommend in this case?
Recommendation: Perform a competency assessment to identify competency gaps and develop a formal Internal Audit training programme by level and competency for the Internal Audit Staff.
Case Study 2Internal Audit plan of a government agency historically has covered mostly financial and compliance risks and had limited coverage of operation or strategic risks. What would be the corrective action plan in this scenario?
Recommendation: The scope of the future IA plans should cover key risks across the agency (strategic, operations, compliance and financial). In addition, IA should consider including “strategic” as an audit category so that there is a clear linkage between audit-risk categories.
Further, there should be a clear linkage of top tier risks to audit plan and those risks not covered by IA. Also, there should be a provision to identify who is providing assurance related to those risks.
Case Study 3What if
a) Internal Audit function is heavily reliant on a few key people.b) A formal IA training programme does not exist. Additionally, there is no formal
competency assessment performed on a periodic basis to identify resource or knowledge gaps.
Recommendations: Implement one of the following models to bridge the competency gap:
Implement a formal people-rotational model in which resources rotate between IA and other entities (Ministry, Dzongkhag etc.) for an extended period of time.
Utilize a guest auditor programme that allows subject matter resources to supplement core team for specific audits that require a certain expertise that the government agency has in-house.
CH
AP
TE
R 3
Page 26 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Develop a competency assessment model to identify gaps in skill sets of IA and determine appropriate way to obtain that skill set to effectively audit key risks of the entity.
Develop a formal IA training programme by level (e.g., management/business acumen skills for auditors in supervisory roles) and competency.
Case Study 4The audit plan of IAU at an autonomous body is consistent with the IA Charter and department goals, and is developed using a risk-based approach, and the risk assessment is updated annually. The Audit plan is approved by the head of government agency and consists of matters needed or requested by the management. Also, the Chief Internal Auditor /Senior Internal Auditor of IAU regularly communicates the results of Internal Audit activities to the head of government agency. However, the observation during periodic self- assessment are as follows:
Complex risk assessment process, causing difficulty to align audits to the risks that matter.
Internal Audit policies and procedures are not adequately documented. Efforts with respect to follow-up, analysis of deviations from budget and corrective
actions is inadequate. Internal Audit reports are not issued timely. Internal Audit group is not actively involved in new system implementations and
significant change initiatives.
What will you recommend in this scenario?
Recommendations: Review policies and procedures for missing components and details to expand
Internal Audit function. Include procedures to update the audit plan based on re-evaluation of key risks. Update to include full coordination and integration of risk assessment / audit
planning in internal audit activities. Consider placing more emphasis on performing follow-ups, analysis of deviations
from budget and corrective actions. Change model to be an annual risk assessment versus a project risk assessment. Change risk assessment process. Reduce the length of time needed to perform the risk assessment. While the
Internal Audit risk assessment process covers a broad array of the enterprise risks, the process could be further reduced to focus on linking potential audits to enterprise risks, rather than taking time to plan, scope and validate audits to be performed.
Revisit risk universe not just annually, but as and when needed throughout the year.
Internal audit risk assessment should be linked to the organization’s risk management framework and the identified risks.
CH
AP
TE
R 3
Page 27@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
3.5 Considerations for Demonstrating Conformance
Multiple items may indicate conformance with Standard 1311, including any evidence that ongoing monitoring activities were completed according to the internal audit activity’s QAIP. Examples may include completed checklists that support workpaper reviews, survey results, and KPIs related to the efficiency and effectiveness of the internal audit activity, such as an analysis of budget-to-actual engagement hours. In addition, conformance may be demonstrated by documentation of completed periodic assessments, which include the scope of the review and approach plan, workpapers, and communication reports. Finally, presentations to the Secretary of Finance, meeting minutes, and the results of both ongoing monitoring and periodic self-assessment — including corrective action plans and corrective actions taken to improve conformance, efficiency, and effectiveness — may indicate conformance.
CH
AP
TE
R 4
Page 28 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
CH
AP
TE
R 4
Page 29@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
4 External Assessment
CH
AP
TE
R 4
Page 30 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Chapter 4: External Assessment
ISPPIA 1312– External Assessments
External assessments must be conducted at least once every five years by a qualified, in-dependent assessor or assessment team from outside the organization. The chief Internal Auditor must discuss with the Finance Secretary:
The form and frequency of external assessment. The qualifications and independence of the external assessor or assessment team,
including any potential conflict of interest.
Interpretation: External assessments can be accomplished through a full external assessment, or a self-assessment with independent external validation. The external assessor must conclude as to conformance with the Code of Ethics and the Standards; the external assessment may also include operational or strategic comments.
A qualified assessor or assessment team demonstrates competence in two areas: the professional practice of internal auditing and the external assessment process. Competence can be demonstrated through a mixture of experience and theoretical learning. Experience gained in organizations of similar size, complexity, sector or industry, and technical issues is more valuable than less relevant experience. In the case of an assessment team, not all members of the team need to have all the competencies; it is the team as a whole that is qualified. The Chief Internal Auditor uses professional judgment when assessing whether an assessor or assessment team demonstrates sufficient competence to be qualified.
An independent assessor or assessment team means, not having either an actual or a perceived conflict of interest and not being a part of, or under the control of, the organization to which the internal audit activity belongs. The Chief Internal Auditor should encourage Finance Secretary’s oversight in the external assessment to reduce perceived or potential conflicts of interest.
4.1 External Assessment
External quality assessments evaluate conformance of the internal audit function with the Internal Audit Charter, guidelines and directives issued by the MoF, definition of Internal Auditing, the Code of Ethics, the Standards and additionally with internal auditing best practices.
As a coordinating agency for Internal Audit Service under the Royal Government of Bhutan, the Central Coordinating Agency under Ministry of Finance must develop and maintain a quality assurance and improvement programme that covers all aspects of the internal audit activity. Along with conducting internal assessment for internal audit units under the Royal Government of Bhutan, CCA must also make arrangements to conduct external assessment in IAUs every five years by a qualified and independent reviewer from outside the organization.
The provision of an effective internal audit service is a government objective, provided for in the Public Finance Act. It would be more useful, effective and cost-efficient if a unified External Assessment of the overall function of the IAS within RGoB, and encompassing all
CH
AP
TE
R 4
Page 31@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
the IAUs within the service, were conducted as a whole. The CCA should coordinate with all IAUs and arrange for a unified External Assessment at least once every five years.
The CIA of CCA must discuss with the top management of the line agency on scope, form and also qualification and independence of the external assessor including possible conflict of interest.
The CCA and all the IAUs should cooperate with and facilitate the work of the reviewers appointed to conduct the external assessment so that the exercise will be useful in helping further strengthening the Internal Audit Services as an effective organ of the RGoB.
Key Tips:
1. For a QAIP to be deemed effective, CIA of CCA should expect external assessors to affirm what the CIA of CCA is measuring in regard to conformance with the Standards and the Code of Ethics through the periodic self-assessment process and reporting of results to key stakeholders. The CIA’s report of the periodic self-assessment may be used as a basis for assessment by an external assessor.
2. Proper documentation should be maintained by the CIA of CCA as evidence of an effective QAIP in the established Internal Audit activity. This includes charters, policies, procedures, metrics, audit reports, annual audit plans, engagement workpapers, staff training records, etc. External assessors would want to examine relevant documentation that describes key elements of the QAIP.
4.2 Implementation of External Assessment
The decision to schedule an external assessment often results from the CIA’s requirement to perform an external assessment every five years. The CIA of CCA might consider other factors when determining specific timing and scope for this review:
Does the CIA believe that the internal audit activity generally conforms with the Standards and the Code of Ethics?
Is the documentation describing the QAIP comprehensive and complete? Have feedbacks from key stakeholders been incorporated into the QAIP? Have discussions with the Finance Secretary established additional expectations
related to operational or strategic goals?
As noted in Standard 1312 – External Assessments, CIAs can choose from two methodologies for external assessments.
A full external assessment, or An independent, external validation of the CIA’s self-assessment of the internal
audit activity.
Both the methodologies require that they can be conducted by a qualified, independent assessor or assessment team from outside the organization. The qualified, independent assessor or assessment team must demonstrate competence in two areas:
The professional practice of internal auditing and; The external assessment processes.
CH
AP
TE
R 4
Page 32 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Several factors may influence the CIA’s decision in selecting an appropriate external assessment method to review the internal audit activity’s QAIP. This is an area where the Finance Secretary might take an active role in oversight of the QAIP as suggested in the Standards.
Some Important facts about External Assessment
Figure 10: External Assessment Reporting Aspects
4.3 Full External Assessment
The external assessment process, including planning, fieldwork, and reporting activities, are described to facilitate the execution of a full external assessment. Where appropriate, references are made to Appendices used to document the assessment. These appendices are found in the last chapter of this guideline.
Figure 11: Approach to the full external assessment process
CH
AP
TE
R 4
Page 33@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
4.3.1 Planning
The five points of the planning process, if followed by the external assessment team leader, enhance the customer’s involvement in and satisfaction with a value-added experience:
Set scope and objectives: Agree on the scope, objectives, and timing of the full external assessment.
Select and prepare the team: Select and train (as needed) the full external assessment team.
Request planning documents: Request and review the planning guides completed by the internal audit activity and clarify any questions or concerns.
Arrange preliminary visit: Conduct a preliminary visit or teleconference to gather further information, finalize the work plan, select and schedule interviews with the internal audit activity’s key stakeholders and internal audit management and staff, and prepare for the on-site visit.
Distribute surveys: Distribute the executive leadership and operating management and Internal Audit staff surveys to participants.
4.3.1.1 Set Scope and Objectives
The scope includes key elements: The internal audit activity charter that documents the purpose, authority, and
responsibility of the internal audit activity and is approved by the board. The expectations of the internal audit activity expressed by the oversight group,
executive management, and any other stakeholders. The entity’s control environment and the CIA’s audit practice environment. The focus on evaluating governance processes, risk, and assessing organizational
controls in audit plans. The integration of internal audit into the organization’s governance processes,
including the combined assurance relationships and communications between the key governance groups and assurance providers involved in that process, and the alignment of audit objectives and plans with the objectives of the entity as a whole.
The IPPF and any other legal requirements laid down for the internal audit activity within Bhutan.
The objectives achieved in a full external assessment: Provide an opinion on the internal audit activity’s conformance with the Standards
and the Code of Ethics. Assess the efficiency and effectiveness of the internal audit activity in light of its
charter; its processes and infrastructure, including the QAIP; the mix of knowledge, experience, and expertise, and the expectations of the Finance Secretary, management, other stakeholders & assurance providers, and the CIA.
Consider the internal audit activity’s current needs and objectives, as well as the future direction and goals of the organization. Appraise the risk to the organization if the results indicate that the internal audit activity is performing at a less than effective level or is not in conformance with one or more of the Standards.
If applicable, identify opportunities and offer ideas to the CIA and staff for improving the effectiveness of the internal audit activity, thereby raising the value added to the management and the audit committee.
CH
AP
TE
R 4
Page 34 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
The objectives listed can be modified and others can be added based on the scope and terms of reference as agreed between Chief Internal Auditor of CCA and External Assessor.
4.3.1.2 Select and Prepare the Team
As noted in the Interpretation to Standard 1312 – External Assessments, “A qualified assessor or assessment team demonstrates competence in two areas:
the professional practice of internal auditing and ; the external assessment processes. Competence can be demonstrated through a
mixture of experience and theoretical learning.
Key Tips:
Qualified individuals are persons with the technical proficiency, internal audit experience, business experience, and educational background appropriate for the audit activities to be assessed. This could include internal auditors from outside the organization, independent consultants, or independent external auditors, but preferably not the external audit firm that audits the organization’s financial statements, or consultants providing any co-sourcing for the entity. “From outside the organization” means not a part of, or under the control of, the corporate entity.
The chief audit executive uses professional judgment when assessing whether an assessor or assessment team demonstrates sufficient competence to be qualified.
Standard 1312 – External Assessments specifies that the full external assessment must be conducted by a qualified, independent assessor or assessment team from outside the organization.
Example:
Following is a list of the possible qualifications and criteria by which the CIA can assess the competence of a full external assessment team. Specific engagements may require additional unique qualifications.
Experience ● The full external assessment team should comprise personnel of at least
managerial level. ● The team leader should have experience that is comparable to that of the CIA
of the internal audit activity being assessed. ● The team leader should be a competent, and certified Internal Audit
professional. ● Each team member should have a thorough understanding of current internal
audit practices, the IPPF and its application, sound judgment, and good communication and analytical skills.
● The full external assessment team should possess or have ready access to all of the necessary technical expertise (e.g., governance, IT, risk management, internal audit attributes, management consulting, and internal audit management).
● Knowledge of the organization’s industry, service, or internal audit activity by at least one team member is an important consideration to be evaluated by the customer.
CH
AP
TE
R 4
Page 35@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Objectivity● The full external assessment team should objectively consider the
expectations of the Finance Secretary, and the CIA; the audit structure, the policies & procedures of the organization and the internal audit activity.
● To ensure freedom from bias in the full external assessment, there should not be any relationship, either directly or indirectly, between the organization and the full external assessment team that is, or appears to be, a conflict of interest. Such relationships could significantly negate the benefits of the full external assessment.
4.3.1.3 Request the Planning Documents Completed by the Internal Audit Activity
The full external assessment process becomes easier when planning documentation is completed by the internal audit activity before the on-site visit by the team. The team leader requests relevant documentation from the CIA of CCA to enable work to begin on the full external assessment prior to the on-site visit. A comprehensive list of planning documentation necessary for the full external assessment is provided to the CIA for completion, as well as survey invitations to be responded to by executive leadership, operating management, and internal audit staff.
4.3.1.4 Arrange a Preliminary Visit (or Teleconference)
The full external assessment team leader should arrange a preliminary visit or teleconference with the CIA to:
Meet the CIA and other staff that may be assisting the team during the on-site visit. Clarify any misunderstandings regarding the planning documentation. Ensure that all documents requested per the checklist can be provided. Ensure that there are no misunderstandings regarding the time, venue, scope, and
objectives of the full external assessment. Identify the executive leadership, operating management, internal audit activity
staff, and other key stakeholders with whom meetings will be arranged. Agree on the list of participants for the surveys: executive leadership, operating
management, and internal audit activity staff.
The full external assessment team leader should keep minutes (or a summary) of the meeting for later attention and impressions of the organization.
4.3.1.5 Distribute Surveys
Distribute the Executive Leadership, Operating Management and Internal Audit Staff surveys to participants.
CH
AP
TE
R 4
Page 36 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
4.3.2 Off-Site Work (To be completed prior to On-site Visit)
The full external assessment team leader should review the planning documentation and all planning guides and documents noted on the document request list provided by the CIA before visiting the organization. This will help to plan the work outlined in the programmes that will be performed on-site.
The CIA should complete the two surveys and provide his or her best assessment of how executive leadership, operating management, and the internal audit activity staff will respond to each statement. Comparing the CIA’s responses with survey results from the executives, operating managers, and internal audit staff, will provide the full external assessment team with possible opportunities for improvement and would help identify areas of strength for the internal audit activity.
Summarize the survey results for feedback to the CIA. Areas of significant divergence between CIA responses and those of survey participants should be investigated by the full external assessment team during their interviews.
The full external assessment team (with input from the CIA during the on-site visit) will need to interpret whether survey information has identified positive or negative ratings or trends. The CIA should be encouraged to use this information during training sessions with internal audit activity staff to emphasize positive results and highlight areas that need improvement.
4.3.3 On-Site Work
On-site work is the most comprehensive element of a quality assessment and includes the following:
Interview selected members of the management, operating managers, and internal audit units and staff, and focus on organizational risks, objectives, and the internal audit activity’s effectiveness for staying current and adding value, with respect thereto is one of the most valuable on-site activities. Interviews allow for in-depth exploration of issues raised by survey results, and the perceptions gathered from interviews should be investigated further and corroborated whenever possible, complete with hard evidence. It is best to conduct these interviews at the beginning of the on-site visit, but they may continue throughout the visit to accommodate the busy schedules of executive management.
Consider the work of other monitoring and assurance functions. Determine if any reliance is placed on the work of other assurance functions and the mechanisms in place to support this reliance. ● Determine if the CIA is responsible for other areas beyond internal auditing;
and if so, the mechanisms in place to actively manage the actual or perceived impairments to independence or objectivity this might cause.
● Review the internal audit activity’s audits and consulting engagements, reports, and supporting documentation and its administrative and operating policies, practices, procedures, and records.
Determine if the staffing knowledge and skills, especially in IT, risk assessment, controls monitoring, interaction with governance participants, successful practices, and other areas, will pinpoint evidence of continuous improvement.● Review reports and communicate with management and the board (audit
committee) to assess the extent that the internal audit activity meets objectives and adds value.
CH
AP
TE
R 4
Page 37@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
● Review and assess the coordination of the internal audit activity with the work of the independent auditors.
● Evaluate the internal audit activity’s conformance with the Standards and Code of Ethics and other relevant policies and procedures,
● Review the quality/process improvement actions currently underway and planned for the near term. Also consider successful practices appropriate to the organization’s environment.
The on-site process is a cumulative experience for the team. Therefore, frequent discussions are held, and information is assessed to offer practical suggestions reflecting the current thinking of the profession.
The time spent for on-site work should be determined by such factors as the size of the internal audit activity, workpaper reviews, and interview schedules. On-site work typically lasts for one to two weeks, depending on the scope of work, objectives of the full external assessment, the size & geographic dispersion, and structure of the internal audit activity.
4.3.4 Evaluate and Report
4.3.4.1 Evaluate Against the IPPF
The most important aspect of the full external assessment is the team’s evaluation of the internal audit activity’s conformity with the Standards and the Code of Ethics, its adherence to its charter, the extent of its adoption of successful practices, and its programme of continuous improvement. These evaluations may also identify additional opportunities for continuous improvement. This process is the culmination of the full external assessment team’s analysis of surveys, interviews, and documentation.
As appropriate, the full external assessment team will provide the CIA with recommendations for the internal audit activity to enhance conformance with the Standards & the Code of Ethics, add value for clients, and be a catalyst for positive change in the organization. Finally, the full external assessment team will exercise its professional judgment to render an opinion as to the level of conformance with the Standards and the Code of Ethics by the internal audit activity.
4.3.4.2 Summary of Issues, Recommendations, and Closing Conference
Issues should be brought to the attention of the CIA and discussed as appropriate as they come up throughout the full external assessment. The closing conference should be regarded as an opportunity to summarize and formalize the views of the full external assessment team and the CIA.
The full external assessment team’s evaluation process emphasizes successful practices and the issues that require attention. It is desirable to prepare a written summary of the successful practices, observations, and recommendations for those attending the closing conference. This written summary provides the team leader and team members with a framework for the closing conference.
The CIA, with advice from the full external assessment team leader, will decide who will attend the closing conference. Since the individual observations should have been discussed with internal audit management throughout the full external assessment, the closing conference should hold no surprises. It should be an orderly discussion of the significant issues, conclusions, and recommendations. It also provides the CIA with an opportunity to comment on the observations and recommendations.
CH
AP
TE
R 4
Page 38 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
4.3.4.3 Reporting
A draft report is prepared either before or after the closing conference. When the full external assessment team leader completes the draft, copies are sent to the team for comment within a specific time frame. Comments are considered and, as appropriate, incorporated into the draft report before it is sent to the CIA. The CIA is asked to respond to the recommendations and provide an action plan.
The final report, in conjunction with the CIA’s response or action plan, will typically be addressed to the CIA with the expectation that copies will be distributed to representatives of the internal audit oversight body and the executives to whom the CIA reports (i.e. Finance Secretary). Copies of the full external assessment report should also be addressed to the individuals or groups initiating the full external assessment.
4.4 Self-Assessment with Independent Validation
As noted in Standard 1312 – External Assessments, “External assessments may be accomplished through a full external assessment, or a self-assessment with independent validation.”
A self-assessment with independent validation includes a comprehensive and fully documented self-assessment process that requires the CIA to complete the self-assessment work, and normally provides limited attention to benchmarking, review, and consultation related to successful internal audit practice. Essentially, the CIA oversees the efforts of an internal assessment team that completes planning documentation, performs assessment work programmes, evaluates conformance with the Standards and Code of Ethics, and produces a report summarizing assessment results.
The same work needs to be performed and documented for a self-assessment with inde-pendent validation as for a full external assessment (see section 4.3 Full External Assess-ment). The self-assessment should be performed with the same level of due professional care found in performing other internal audit engagements and should be structured in a manner that fully documents and supports planning, fieldwork, and reporting activities.
The independent external assessor or assessment team validates the work of the internal assessment team through review of assessment planning documentation, re-performing a sample of assessment work programme steps, conducting interviews with key stakeholders (Finance Secretary, executive leadership, operating management, internal audit management and staff), and assessing the conformance conclusions reported by the internal assessment team.
The internal assessment team should expect to submit all of its documentation related to assessment planning, assessment work programmes, and its final assessment report to the independent external assessor or assessment team well in advance of any on-site visit by the external assessor to perform the validation activities.
4.4.1 Defining the Scope of Assessment
The primary objective is to assess conformance with the Standards and Code of Ethics. Through consultation with the senior management, the CIA should define the scope of the self-assessment with independent validation, which may include feedback on potential leading practices or identification of opportunities for enhancing existing internal audit activity processes.
CH
AP
TE
R 4
Page 39@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
4.4.2 Planning
A well-established QAIP provides a solid framework for achieving a successful self-assessment with independent validation. The documentation, assessments, metrics, and reporting that comprises of internal audit activity’s QAIP should be useful in preparing much of the material required to perform the assessment.
Planning, scheduling, and staffing the self-assessment should follow the same process the internal audit activity uses to execute and control any assurance or consulting engagement. Assigning resources necessary to complete the self-assessment should be part of the annual plan for the internal audit activity for the year in which the self-assessment with independent validation is to be performed. Progress updates regarding the self-assessment should be included with status reporting for all other engagements in the process as a component of periodic reporting to senior management and the board.
Key considerations for determining resource requirements and preparing a schedule of activities for self-assessment with independent validation include:
An evaluation of additional documentation and analysis required by the planning tools beyond what is readily available from the internal audit activity’s existing QAIP documentation.
An estimate of time required for distributing, collecting, and analysing survey tools. This activity should be coordinated with the external independent assessor as discussed below.
A proposal from the independent external assessor regarding the number of interviews they wish to conduct with the senior executives, operating management, internal audit activity management and staff. This activity should be coordinated with the external independent assessor.
An estimate of the time required for the internal assessment team to complete the assessment programmes. A critical assumption for this estimate is the number of engagement files to be reviewed as part of the internal audit process programme.
A discussion with the independent external assessor regarding how much time they need for their on-site work, and how far in advance of the on-site work they want to receive documentation prepared by the internal audit activity’s internal assessment team.
Upon completion of the on-site work by the independent external assessor, the self-assessment with independent validation’s schedule should allow time for the external assessor to complete the Independent Validation Statement.
4.4.3 Selecting the Independent External Assessor for A Self-Assessment with Independent Validation
The chief audit executive uses professional judgment when assessing whether an assessor or assessment team demonstrates sufficient competence to be qualified.
The CAE should consult with the Finance Secretary and senior leadership regarding selection of the external assessor or assessment team based on a thorough review of their qualifications and experience. The CIA should also obtain a signed statement from the external assessor or assessment team confirming their independence as defined in the Standards. This is typically done during the contracting process.
CH
AP
TE
R 4
Page 40 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
4.4.4 Communication and Coordination with the External Validation Assessor
Most of the work in performing a self-assessment with independent validation is completed by the internal audit activity’s internal assessment team. However, the external assessor will perform some work during the on-site visit, and coordination with the internal assessment team will facilitate completion of the external assessor’s work.
Coordination in the completion of surveys. The internal assessment team (or CIA) and the external assessor should agree on who will be asked to participate in the surveys and on the schedule for completing the surveys. The internal assessment team would be responsible for sending out the surveys. Survey participants shall normally send their responses directly to the external assessor for collation and evaluation of results. The external assessor will review results of the surveys with the CIA and the internal assessment team during the on-site visit. The external assessor will also use information gained from the surveys in completing interviews with key stakeholders.
Coordination in scheduling and conducting interviews with key stakeholders. The internal assessment team (or CIA) and the external assessor should agree on who will be interviewed and on the schedule for completing the interviews. Interviews are normally conducted by the external assessor during the on-site visit.
At a minimum, the external assessor or assessment team will interview the Finance Secretary, the CIA, the person to whom the internal audit activity reports to administratively within the organization, and the external audit partner. Other interviews of key stakeholders are specifically coordinated with the CIA.
During the on-site visit, the external assessor will review tests of audit engagement files prepared by the internal assessment team. The external assessor may also want to review other audit engagement files not reviewed by the internal assessment team. To enable the external assessor to complete this review, the internal assessment team should provide the external assessor with appropriate access to any relevant application.
4.4.5 Work to be completed before the On-Site Visit
The CIA should oversee completion of the self-assessment of internal audit activity. Key elements of the self-assessment to be performed and documented by the internal audit activity’s internal assessment team include:
Completing the planning which includes an analysis of the internal audit activity’s operations and answers to a series of questions that provide insight into the CIA’s views regarding specific conformance criteria related to the Standards or the Code of Ethics.
Conducting surveys that collect information from senior leadership, operating management, internal audit management and staff regarding various aspects of the internal audit activity. Use of the surveys should be coordinated with the external assessor or assessment team as described above.
Executing the assessment programmes that are intended to collect, evaluate, and document evidence of conformance with the Standards and the Code of Ethics.
Summarizing results of the evaluation. Preparing a report of the results of the self-assessment to be validated by the
external assessor and eventually distributed to the board and other appropriate stakeholders.
CH
AP
TE
R 4
Page 41@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
All of the above materials should be made available to the external assessor for use in completing the review and validation of the self-assessment. The internal audit activity should coordinate with the external assessor or assessment team as to which documents will be supplied to the external assessor before the on-site visit. The external assessor will also schedule interviews to be conducted during the on-site visit.
4.4.6 Work Completed during the On-Site Visit
During the on-site visit, the external assessor will review documentation prepared by the internal assessment team and perform sufficient tests of the self-assessment to validate results and express an opinion regarding conformance with the Standards and the Code of Ethics to include:
Exercising professional judgment in determining the extent of testing of the self-assessment based on the size and complexity of the internal audit activity.
Conducting interviews with key stakeholders to follow up on any issues or opportunities identified from the surveys—all within the agreed-upon scope of the self-assessment with independent validation.
As nearly all of the work performed during a self-assessment with independent validation is completed by the internal audit activity’s internal assessment team, the amount of time required on site by the external assessor is normally much less than that required by an external assessment team performing a full external assessment.
4.4.7 Reporting and Follow-up
Upon completion of fieldwork, the independent external assessor will provide an opinion confirming the results, or expressing disagreement with the self-assessment, as appropriate. If the external assessor is not in agreement with the self-assessment report, the external assessor can add dissenting wording to the report, specifying the points of disagreement.
The final report of the self-assessment with independent validation should be signed by the internal audit activity’s internal assessment team and the independent external assessor and should be issued by the CIA to Finance Secretary.
Refer Appendix 14 on Standard Conformance Evaluation Summary (Table) Template
Refer Appendix 15 on Standard Conformance Evaluation Summary Template
Refer Appendix 16 on Standard Rating Criteria
Refer Appendix 17 on Checklist on External Quality Assessment
CH
AP
TE
R 5
Page 42 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
CH
AP
TE
R 5
Page 43@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
5 Reporting and Follow-up of QAIP
CH
AP
TE
R 5
Page 44 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Chapter 5: Reporting and Follow-up of QAIP
ISPPIA 1320 – Reporting on the Quality Assurance and Improvement Programme
The Chief Internal Auditor must communicate the results of the quality assurance and improvement programme to senior management and the Finance Secretary. Disclosure should include:
The scope and frequency of both the internal and external assessments. The qualifications and independence of the assessor(s) or assessment team,
including potential conflicts of interest. Conclusions of assessors. Corrective action plans.
Interpretation: The form, content, and frequency of communicating the results of the quality assurance and improvement programme is established through discussions with senior management and considers the responsibilities of the internal audit activity and Chief Internal Auditor as contained in the internal audit charter. To demonstrate conformance with the Code of Ethics and the Standards, the results of external and periodic internal assessments are communicated upon completion of such assessments, and the results of ongoing monitoring are communicated at least annually. The results include the assessor’s or assessment team’s evaluation with respect to the degree of conformance.
ISPPIA 1321: Use of Conformance with the International Standards for the Professional Practice of Internal Auditing
Indicating that the internal audit activity conforms with the International Standards for the Professional Practice of Internal Auditing is appropriate only if supported by the results of the quality assurance and improvement programme.
Interpretation: The internal audit activity conforms with the Code of Ethics and the Standards when it achieves the outcomes described therein. The results of the quality assurance and improvement programme include the results of both internal and external assessments. All internal audit activities will have the results of internal assessments. Internal audit activities in existence for at least five years will also have the results of external assessments.
ISPPIA 1322: Disclosure of Nonconformance
When non-conformance with the Code of Ethics or the Standards impacts the overall scope or operation of the internal audit activity, the chief audit executive must disclose the non-conformance and the impact to senior management and the board.
CH
AP
TE
R 5
Page 45@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
2500 - Monitoring Progress
The Chief Internal Auditor must establish and maintain a system to monitor the disposition of results communicated to management.
2500.A1 - The chief audit executive must establish a follow-up process to monitor and ensure that management actions have been effectively implemented or that senior management has accepted the risk of not taking action.
2500.C1 - The internal audit activity must monitor the disposition of results of consulting engagements to the extent agreed upon with the client.
’5.1 Overview of QAIP reporting
Standard 1320 communicates the minimum criteria that the Chief Internal Auditor must communicate to senior management related to the QAIP. Reviewing the requirements related to each element in the standard may help the CIA prepare to implement this standard.
As this standard indicates, the CIA of CCA is responsible for communicating the results of the entire QAIP. To do this, the CIA must understand the requirements of the QAIP. Generally, CIA meets regularly with senior management to understand and agree upon the expectations for communications surrounding the internal audit activity, including those regarding the QAIP. The CIA also considers the responsibilities related to the QAIP that are outlined in the Internal Audit Charter.
The CIA should be aware of any internal assessments, including periodic assessments and ongoing monitoring, as well as completed external assessments. As such, the CIA should have an understanding of the internal audit activity’s degree of conformance with the International Standards for the Professional Practice of Internal Auditing (Standards) and The IIA’s Code of Ethics.
5.2 Activities of Quality Assurance and Improvement Programme Reporting Timelines
Quality Assurance & Improvement Programme
Ongoing Monitoring of Performance
Activity Frequency Responsibility Reporting
Review of the audit universe
Annual Chief Internal Auditor of CCA (i.e. Head of Internal Audit Services)
N/A
Identification of risks affecting the operation of the Internal Audit Service
Quarterly Chief Internal Auditor of CCA (i.e. Head of Internal Audit Services)
N/A
Review of audit engagements
Each engagement
Chief Internal Auditor/Senior Internal Auditor of IAU
N/A
Progress against the audit plan
Monthly Chief Internal Auditor/Senior Internal Auditor of IAU
Quarterly report to Chief Internal Auditor of CCA (i.e. Head of Internal Audit Services)
CH
AP
TE
R 5
Page 46 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Progress against Key Performance Indicators
Quarterly Chief Internal Auditor/Senior Internal Auditor of IAU
Quarterly report to Chief Internal Auditor of CCA (i.e. Head of Internal Audit Services)
Discuss performance of internal audit activity
Monthly Chief Internal Auditor/Senior Internal Auditor of IAU
Annual report to Chief Internal Auditor of CCA (i.e. Head of Internal Audit Services)
Customer survey / questionnaire
Each engagement
Chief Internal Auditor/Senior Internal Auditor of IAU
Quarterly report to Chief Internal Auditor of CCA (i.e. Head of Internal Audit Services)
Review of Internal Audit Charter, policies & procedures
Annual Chief Internal Auditor of CCA (i.e. Head of Internal Audit Services)
Annual report to Secretary Finance
Personal Development Review
Annual Secretary of respective government agency
Documentation to RCSC
Continuous improvement activity and adoption of best practice
Continuous Chief Internal Auditor/Senior Internal Auditor of IAU
Quarterly report to Chief Internal Auditor of CCA (i.e. Head of Internal Audit Services)
Identification of value added to the Internal Audit Services operations
Continuous Chief Internal Auditor/Senior Internal Auditor of IAUOr Chief Internal Auditor of CCA (i.e. Head of Internal Audit Services)
Annual report to Chief Internal Auditor of CCA (i.e. Head of Internal Audit Services)Or Annual Report to Secretary Finance
Periodic Self-Assessments
Self-assessment against the Public Bhutan Government Internal Audit Standards (BGIAS)
Annual Chief Internal Auditor of CCA (i.e. Head of Internal Audit Services)
Annual Report to Secretary Finance
Benchmarking review of Internal Audit Services
Every 3 years
Chief Internal Auditor of CCA (i.e. Head of Internal Audit Services)
Report to Finance Secretary
External Assessments Assessment against the BGIAS
Every 5 years
Chief Internal Auditor of CCA (i.e. Head of Internal Audit Services)
Report to the Secretary Finance
5.3 Consideration for reporting QAIP
The detailed Quality Assurance and Improvement Programme are documented in the policies and procedures for the internal audit activity (ISPPIA 2040 – Policies and Procedures) and the Internal Audit Charter (ISPPIA 1010 – Recognizing Mandatory Guidance in the Internal Audit Charter). The CIA may begin by reviewing this information to understand
CH
AP
TE
R 5
Page 47@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
the communication requirements related to reporting on the QAIP, which includes four core elements:
Scope and frequency of internal and external assessments. Qualifications and independence of the assessors. Conclusions of assessors. Corrective action plans.
5.3.1 Scope and Frequency of Internal and External Assessments
The scope and frequency of both internal and external assessments must be discussed with the senior management (i.e. Finance Secretary) (ISPPIA 1311 – Internal Assessments and Standard 1312 – External Assessments). The scope should consider the responsibilities of the internal audit activity and the CIA, as contained in the Internal Audit Charter.
The scope may include senior management’s expectations of the internal audit activity, as well as expectations expressed by other stakeholders. It may also include internal audit practices assessed against the Standards, as well as any other regulatory requirements that may impact the internal audit activity.
5.3.1.1 Internal Assessments
The CIA must establish a means for communicating the results of internal assessments to enhance credibility and objectivity of the internal audit activity at least annually. The Interpretation of Standard 1320 states that the results of periodic internal assessment should be communicated upon completion of such assessments, and the results of ongoing monitoring should be completed at least annually.
Ongoing monitoring includes reporting on internal audit’s key performance indicators. The CIA of CCA provide an annual report to senior management (i.e. Finance Secretary) regarding the results of ongoing monitoring and include any recommendations for improvement.
The results of internal assessments include, where appropriate, corrective action plans and progress against completion. The CIA of CCA may distribute internal assessment reports to various stakeholders, including senior management (i.e. Finance Secretary), government agency and external auditors.
Auditing Standards require the CIA to report to the Chief Executive of the entity, the results of all the periodic assessments, including internal and external assessments, together with a plan of action for the implementation of all recommendations arising from the assessments. The actions resulting from the recommendations could include modification of resources, technology, processes, and procedures.
5.3.1.2 External Assessments
The CIA must discuss the frequency of external assessments with senior management (i.e. Finance Secretary). The Standards require the internal audit activity to undergo an external assessment at least once every five years. However, upon discussing these requirements with the senior management, the CIA may determine if it is appropriate to conduct an external assessment more frequently. There are several reasons to consider a more frequent review, including changes in leadership (e.g., senior management or the CIA), significant changes in internal audit policies or procedures, the merger of two or more audit organizations into one internal audit activity, or significant staff turnover.
CH
AP
TE
R 5
Page 48 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
The CCA must submit the Report resulting from the External Assessment on the IAS as a whole to the Secretary of the MoF, other central agencies of the RGoB, and the Chief Executives of all RGoB entities where there is an IAU. The CCA should prepare an action plan to implement the recommendations of the External Assessment report. After the approvals of the Secretary, MoF, the action plan should be communicated to the Chief Executives of all RGoB entities where there are IAUs. The implementation of the action plan should be monitored and reported to the Secretary, MoF.
]5.3.2 Qualifications and Independence of the Assessors
When selecting an external assessor or assessment team, the CAE discusses with senior management (i.e. Finance Secretary) the qualifications of the potential assessor and several factors related to independence and objectivity, including actual, potential, or perceived conflicts of interest.
Afterward, when reporting the results of the external assessment, the CIA confirms the qualifications and independence of the external assessor or assessment team. Any actual, potential, or perceived conflicts of interest should be reported to senior management.
5.3.3 Conclusion of Assessors
External assessment reports include the expression of an opinion or conclusion on the results of the external assessment. In addition to concluding the internal audit activity’s overall degree of conformance with the Standards, the report includes an assessment of each standard and/or standard series. The CIA should explain the rating conclusions to senior management (i.e. Finance Secretary), as well as the impact of the results. An example of a rating scale that may be used to show the degree of conformance is:
Generally Conforms: This is the top rating, which means that an internal audit activity has a charter, policies, and processes, and the execution & results of these are judged to be in conformance with the Standards.
Partially Conforms: Deficiencies in practice are judged to deviate from the Standards, but these deficiencies do not preclude the internal audit activity from performing its responsibilities.
Does not Conform: Deficiencies in practice are judged to be so significant, that they seriously impair or preclude the internal audit activity from performing adequately in all or in significant areas of its responsibilities.
5.3.4 Corrective Action Plans
In order to ensure better coordination and development of quality internal audit services across the RGoB, CIAs should submit the results of all assessments, both internal and external, to the Finance Secretary for review, so that, if necessary, action may be taken to modify policies issued by the MoF, advocate the allocation of additional resources for the IAUs at the level of central agencies and also formulate and develop more effective staff development and training programmes. The CIA should also submit a copy of the proposed plan of action with respect to the recommendations and proposed action plan.
The CIA should report periodically to the Senior Management on the progress made in the implementation of the action plan. The CCA should submit an annual report to the Finance Secretary containing a summary of significant findings and recommendations resulting from internal assessments completed during the year. The CCA should also identify if any
CH
AP
TE
R 5
Page 49@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
action is required either by the MoF or any other central agency and propose an action plan for their consideration, approval and implementation.
5.4 Periodic Internal Assessment Report Contents
Generally, the overall report on quality assurance and improvement programme shall be communicated by the Chief of CCA. However, it is the assessment teams from CCA or the respective IAUs who shall prepare individual Assessment Reports. The Report may broadly include the following:
Executive Summary; Objectives of the assessment task; Scope and Methodology; Data collections and reviews conducted; Key observations under legal considerations, human resource (against levels of
Internal Audit Capability Model) consideration, financial consideration (budgetary implications), risk Management considerations (IA policies, procedures and methodologies), and ethical considerations;
Incorporation of IAU Chief/Internal Auditor’s feedback on the observations; Action Plan from the IAU Chief/Internal Auditors; Conclusions and recommendations for improvements; and Appendices.
A suggestive format of reporting details of Self-Assessment Findings is provided in Appendix 5.
5.5 External Assessment Report Contents
5.5.1 Full External Assessment Report Content
Following is the Full External Assessment Report content: Executive Summary● Overview of Internal Audit Activities● Objectives● Data Collection and Review● Sample Selection● Assessment● Reporting● Overall Opinion as to conformance to the standards● Internal Audit Capability Model● Key Observations● Key Recommendations● Way Forward
Detailed Report ● Detail report on each Standards on Internal Audit ● Code of Ethics
Annexures
A suggestive format of reporting details for an Independent Validation Team is provided in Appendix 6.
CH
AP
TE
R 5
Page 50 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
5.5.2 Self-Assessment with Independent Validation
The report content of periodic Internal Assessment may be adopted by the independent validation team to prepare the QAIP report. However, the report from Independent Validation team may be prepared in the form of a Memorandum or Memo, covering the following contents:
Background; Scope and methodology; Key observations under successful audit practices, gaps to conformance, and
opportunities for improvements; Conclusions and recommendations for improvement; and Appendices.
A suggestive format of reporting details for an Independent Validation Team is provided in Appendix 7.
5.6 Review of the QAIP
The QAIP also should be reviewed at least annually and individual sections of the programme should be updated throughout the year as required. The inputs of the review include, but shall not be limited to:
Results from quality assessments Customer (user) feedback; Status of resulting action plans; Follow-up actions from previous assessments and/or reviews; Other changes that could impact the quality management system; Recommendations for improvement; New and revised standards, policies, and procedures.
CH
AP
TE
R 6
Page 51@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
6 Measuring Internal Audit Effectiveness and Efficiency
CH
AP
TE
R 6
Page 52 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Chapter 6: Measuring Internal Audit Effectiveness and Efficiency
A general description of effectiveness and efficiency is “the degree (including quality) to which established objectives are achieved.” The same description can be used for internal audit effectiveness and efficiency. Internal audit should establish performance metrics and related measurement criteria appropriate to its environment/organization to measure the degree (including quality) of achievement of objectives for which the internal audit activity is established. Internal audit effectiveness and efficiency should be monitored and assessed periodically as part of the internal audit process.
6.1 Internal Audit Stakeholders
Generally, the key stakeholders for the internal audit activity are divided into internal and external.
Internal stakeholders may include: A committee such as the audit committee; Senior management; Operations and support management; Internal auditors.
External stakeholders may include: Regulatory bodies; External auditors; Third-party vendors; Citizens.
The internal audit activity should identify all relevant stakeholders and their respective interests in the work or support from the internal audit activity and should solicit feedback from each of these stakeholders as appropriate. Specific feedback will provide insight into:
The purpose and responsibility of internal auditing and whether that is understood by different levels within the organization.
Adequacy of internal audit independence and objectivity. Target deliverables and expectations of the internal audit activity. Current or planned business priorities and correlation of those with the activity’s
scope, as appropriate. Current shortcomings, if any, of the internal audit activity. Quality and sufficiency of communication from the activity. Current level of satisfaction, or lack thereof, with the frequency and nature of
engagements planned and performed. Current level of satisfaction, or lack thereof, with the internal audit activity’s
resources. Changing needs of business, related risks, and ability of internal auditing to provide
assurance and consulting services.
CH
AP
TE
R 6
Page 53@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Considerations in identifying relevant stakeholders and their satisfaction include:
The extent of regulation of the organization and internal audit activity. Internal auditing’s relationship with key internal and external stakeholders and
establishment of functional expectations and objectives with these groups. Consideration of the authority and relevance of the stakeholder to the internal audit
activity. The activity’s internal feedback from key individuals, groups, or standard setters
that will help further optimize the activity’s quality, scope, and effectiveness. The nature of the organization (e.g., public or privately held and levels of
management/management hierarchies). Types of engagements performed by the internal audit activity. Specific stakeholders identified within the internal audit activity’s charter. Applicable content of the board’s charter.
6.2 Measuring Internal Audit Effectiveness and Efficiency
Internal auditing must effectively demonstrate its value as a key component of the organization’s governance framework. The audit activity can lead by example with strong, relevant, and reliable performance measures. The internal audit activity may perform additional steps to support the periodic self-assessment, such as analyzing key performance indicators (KPIs). IPPF – Practice Guide for Measuring Internal Audit Effectiveness and Efficiency provides that the Chief Internal Auditor (CIA) needs to establish a certain process to create effective performance measures. Such process shall entail the following: Identifying critical performance categories such as stakeholder satisfaction, internal
audit processes, and innovation and capabilities; Identifying performance category strategies and measurements. Strategies should be
pursued in compliance with IIA Standards, other applicable professional standards, applicable laws & regulations, and should ensure stakeholder satisfaction; and
Routinely monitoring, analyzing, and reporting performance measures.
6.3 Performance Measures / Key Performance Indicators
The internal audit activity may also monitor and analyze KPIs related to the efficiency of standard internal audit work practices (e.g., budget-to-actual engagement hours, percentage of the audit plan completed, number of days between fieldwork completion and report issuance, percentage of audit observations implemented, and timeliness of corrections related to audit observations). Other commonly used metrics include the number of certified internal auditors in an IAU, their years of experience in internal auditing, and the number of continuing professional development hours they earned during the year.
6.4 Characteristics of Performance Measures: Quantitative vs. Qualitative
Both quantitative and qualitative metrics are important in demonstrating an internal audit activity’s performance to key stakeholders, and both can be benchmarked against accepted standards, prior performance, and/or agreed upon expectations.
Quantitative performance metrics are often based on existing or obtainable data and are easily understood (e.g., percentage of completed vs. planned audits). They
CH
AP
TE
R 6
Page 54 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
often require less effort to collect and are readily comparable to the same metrics in other organizations.
Qualitative performance metrics are often based on the collection of unique information through more time intensive methods such as survey research or interviews. They offer a broad view of performance on a range of topics that can provide depth to quantitative metrics.
6.5 Types of Performance Measures
Following are the broad key performance indicators: Strategy and Planning Indicators; Areas of Responsibility Indicators; Policy and Procedure Indicators; Resourcing Indicators Agency-wise (Budget and Staffing/Human Resource); Engagement Planning Indicators; Engagement Performance Indicators; Communication Indicators; and Awareness Indicators.
These processes would be executed through assessing the following Internal Audit Key Performance Indicators.
6.5.1 Strategy and Planning Indicators
Annual review of the internal audit strategy by CCA and Heads of IAUs; Endorsement of the strategy by Chief of CCA; Internal audit risk assessments conducted annually by CCA and Heads of IAUs; and Capability and resource planning undertaken annually by CCA and Heads of IAUs.
Sl. No. Review Steps
Assessment Outcomes
Yes No Partial
I Is there an Internal Audit Strategy for the Internal Audit Service?
Ii Is Strategy reviewed annually by CCA/IAU Chiefs?iii Do IAUs have their own respective Internal Audit Strategy? iv Has CCA reviewed IAUs’ internal audit strategy?v Are risk assessments conducted by IAUs prior to
preparation of their annual internal audit plan? vi Has CCA consolidated the overall risk assessments of IAUs
prior to preparation of the overall Internal Audit Annual Plan?
vii Do the CCA and IAUs possess necessary capability and skills to prepare annual plans and strategies?
CH
AP
TE
R 6
Page 55@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
6.5.2 Areas of Responsibility Indicators
Total number of engagements completed by the Internal Audit Service (include target);
Time spent on normal internal audit engagements, i.e., assurance provider role, and other engagements such as theme-based performance auditing, collaboration with Anti-Corruption Commission and other oversight bodies, i.e., consulting/advisory roles (include target);
Number of normal internal audit engagements completed by the internal audit service (include target);
Number of normal internal audit engagements performed by the internal audit service as a proportion of overall plan (include target); and
Time spent on follow-up audits (include target).
Sl. No. Indicators
Assessment Outcomes
Target Actual Variance
i Total number of annual audit engagements during the yearii Total number of normal internal audit completed
(Assurance providing activity) during the yeariii Total number of theme-based (performance audit)
completed (Assurance providing activity) during the yeariv Total number of other engagements (Consulting activity
for ACC and other oversight bodies) during the yearv Total number of other engagements completed (Consulting
activity for ACC and other oversight bodies) during the year
vi Total number of follow-up audits during the yearvii Time spent on follow-up audits during the year
6.5.3 Policy and Procedure Indicators
The number of times the Chief of CCA meets with the Heads of agencies and other senior management (include target);
The number of times the Chief of CCA meets with the Finance Secretary and the respective Chiefs of IAUs (include target); and
Compliance with Internal Audit Charter, Internal Audit Manual, Bhutan Government Internal Audit Standards and other relevant government orders and directives.
Sl. No. Indicators
Assessment OutcomesTarget Actual Variance
I Number of times the CCA Chief meets with the Finance Secretary during the year
ii Number of times the CCA Chief meets with the Chiefs of IAUs during the year
iii Compliance with relevant Sections of the Charter, Manual and Standards
CH
AP
TE
R 6
Page 56 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
6.5.4 Resourcing Indicators Auditee Agency-wise
i. Budget Delivery of operations in accordance with approved budget; Levels of expenditure (budget versus actual, costs per auditor day, ratio of
payroll to other costs, comparison between IAUs, comparison with previous periods);
Cost of audit as a proportion of total Internal Audit Services operating costs (include target);
Comparison of audit budget to actual audit costs; Ratio of audit payroll costs to other audit costs (include target); and Ratio of outputs (Audit Reports and other services, if any) to inputs
(resources utilized).
Sl. No. Indicators
Assessment OutcomesBudget Actual Variance
I Total expenditure for overall annual audit engagements during the year
ii Total expenditure on specific audit assignments (Assurance providing activity) during the year
iii Total expenditure on overall theme-based Performance audit assignments during the year
iv Total expenditure on specific theme-based Performance audit assignments during the year
iii Total expenditure on overall other engagements (Consulting activity for ACC and other oversight bodies) during the year
iv Total expenditure on specific other engagements completed (Consulting activity for ACC and other oversight bodies) during the year
v Total expenditure of CCA/IAUs during the year
ii. Staffing
Capability plan reviewed on an annual basis; Number of auditors as a percentage of total manpower strength of the
agency (include target); Average years of audit staff experience (include target); Number of years in the present audit agency (include target); Number of internal auditors by qualifications (include target); Number of professional certifications/percentage of staff certified (include
target); Absenteeism rates (include target); Level of internal audit staff turnover (include target); Number of new recruits versus total number of internal auditors (include
target); Levels of internal audit staff satisfaction and grievances (include targets, if
practical); and Number of internal auditors seconded to other organizations.
CH
AP
TE
R 6
Page 57@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Sl. No. Indicators
Assessment OutcomesTarget/Plan Actual Variance
i Total number of auditors as a percentage of total staff strength of the agency
ii Average number of years of audit staff experience in CCA/IAUs
iii Average number of years of in the present agency (CCA/IAUs)
iv Number of internal auditors by different qualifications
v Total number of working days of leave availed by staff
vi Total number of staff who left the agency for different reasons
vii Total number of new recruits during the yearviii Total number of internal auditors seconded to
other organizations
6.5.5 Engagement Planning Indicators
Engagement client consulted prior to the engagement commencing; Risk assessments conducted of the auditable areas as part of engagement planning; Analytical procedures and CAATs are used in a minimum number of engagements; Total hours used in planning versus scheduled hours used (include target); and Total hours planning versus total engagement hours (include target)
Sl. No. Indicators
Assessment OutcomesTarget Actual Variance
I Total number of annual audit engagements during the year
Ii Total number of internal audit (Assurance providing activity) during the year with prior risk-assessments conducted
iii Total number of internal audit assignments where analytical procedures and CAATs/AMS are used
iv Total number of hours used for planning a specific audit engagement (by audit assignments)
6.5.6 Engagement Performance Indicators
The cause and effect of all findings and observations documented within working papers;
Audit Exit Meetings held for all audit engagements; Chiefs of IAUs attending all Exit Meetings; Working papers completed and appropriately reviewed for all engagements;
CH
AP
TE
R 6
Page 58 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Timeliness of fieldwork; Percentage of audit plan completed (include target); Number of audits completed (include target); Number of audits completed within prescribed time frames (include target); Number of audits completed within the approved budget (include target); Level of engagement client satisfaction (include target); and Actual audit time spent versus budget time (include target)
Sl. No. Indicators
Assessment OutcomesTarget Actual Variance
I Total number of audit exit meetings against total number of audit engagements
Ii Total number of audit exit meetings against total number of audit engagements attended by Chief
iii Total number of audits completediv Total number of audits completed within prescribed
time framesv Total number of audits completed within the approved
budgets
6.5.7 Communication Indicators
Number of times the Chief of CCA meets with the agency heads and other senior management (include target, if practical);
Number of times the CCA meets with IAU Chiefs and internal auditors (include target, practical);
Number of times the CCA and IAUs meet with stakeholders; Elapsed time for issue of reports (i.e., from completion of engagement fieldwork to
issue of draft report (include target); Elapsed time for finalization of report (i.e., from issue of draft report to issue of final
report (include target); and Percentage of recommendations accepted by the auditee.
Sl. No. Indicators
Assessment OutcomesTarget Actual Variance
I Total number of times the Chief of CCA meets with the agency heads and other senior management for annual audit engagements during the year
Ii Total number of times the Chief of CCA meets with the IAU Chiefs and internal auditors during the year
iii Total number of times the CCA and IAUs meet with stakeholders during the year
iv Total number of reports issued within the prescribed timeframe
v Percentage of recommendations accepted by the auditee
CH
AP
TE
R 6
Page 59@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
6.5.8 Awareness Indicators
Level of awareness of internal audit across the organization; and Proportion of internal audit time devoted to advocacy and awareness programme
activities (include target).
Sl. No. Indicators
Assessment OutcomesTarget Actual Variance
I Total number of awareness programmes conducted by CCA and IAU Chief during the year
Ii Total number of working days devoted by CCA and IAU Chief in awareness programmes during the year
6.6 Monitoring and Reporting of Internal Audit Effectiveness and Efficiency
Internal auditing’s effectiveness and efficiency should be reported to its stakeholders periodically. The CIA should obtain feedback from key stakeholders on internal auditing’s effectiveness and efficiency in reporting (e.g., format, timing, metrics) and make efforts to align reporting to their needs.
6.6.1 Contents
What should be reported varies based on stakeholder requirements and the organization’s specific needs. A good practice is to survey key stakeholders to determine their needs and expectations, which then helps define the criteria upon which internal auditing should be measured (Refer Appendix 3, Survey Example). Appendix 8 provides examples of effectiveness and efficiency measurement criteria.
6.6.2 Type of reporting
The CIA should evaluate stakeholders to whom reporting is required and customize the reporting package to their individual needs.
6.6.3 Frequency
The frequency of reporting should be based on stakeholder needs. Quarterly reporting on internal audit effectiveness and efficiency could be a good starting point.
6.6.4 Format
Standards for reporting internal audit effectiveness and efficiency should be similar to standards followed for reporting other audit-related information. There are many formats for reporting, including Word, PowerPoint, dashboards based on automated tools, and e-mail. The chosen format should be tailored to meet stakeholders’ specific needs. For example, reporting to the Finance Secretary might be less frequent and, in less detail, to meet its needs in overseeing the activities of internal auditing. Reporting to management would likely be much more detailed. Refer to Appendix 9 for a dashboard reporting example.
CH
AP
TE
R 6
Page 60 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
6.7 Internal Audit Capability Model (IA-CM)
The IA-CM is a framework for strengthening or enhancing internal auditing through many small evolutionary steps. These steps have been organized into five progressive capability levels illustrating the stages through which an Internal Audit activity can evolve as it defines, implements, measures, controls, and improves its processes and practices.
Improvements in processes and practices at each stage provide the foundation to progress to the next capability level. Hence, it is a “building block” approach to establish effective internal auditing in an organization. A fundamental premise underlying the IA-CM is that a process or practice cannot be improved if it cannot be repeated.
Therefore, IA-CM shows the steps in progressing from a level of internal auditing typical of a less established organization to the strong, effective, internal audit capabilities generally associated with a more mature and complex organization.
The five progressive capability levels are:
Level 1. Initial
This level is relevant in small organizations where there is no infrastructure and institutional capability is not developed. With no professional practices established, audits and reviews are conducted on isolated cases and outputs are dependent on the skills of individual auditors involved in the assignment. Hence, there is no sustainable repeatable capabilities and the function is dependent on individual efforts.
Level 2. Infrastructure
There is some degree of establishment of management and administrative infrastructures, professional practices and processes. For instance, internal audit guidance, processes and procedures are present where audit planning is done based on management priorities. However, execution of auditing task continues to rely on the skills and competence of specific auditors. Therefore, the key challenge for this level is to establish and maintain repeatability of internal audit practice, procedures and capability. In all practicality, this level is relevant to most of the IAUs in different agencies.
Level 3. Integrated
At this level, the conduct of internal audit activity would indicate general conformance with the Standards where the Internal Audit policies, processes and procedures are defined, documented and integrated with each other and with organization’s infrastructure. Internal audit management and professional practices are uniformly applied across the IA activity and the IA aligns with the organization’s business and the risks it faces. As a result, there will be more focus on team building to enhance capacity of IA activity leveraging on its independence and objectivity.
Level 4. Managed
By this Level, IA functions are acknowledged as an integral part of the organization’s governance and risk management. Some notable capabilities are:
- IA and stakeholders’ expectations are in alignment;- IA is recognised as adding value to the organization;- As a well-managed business unit in the IA, risks are measured and managed quan-
CH
AP
TE
R 6
Page 61@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
titatively; - Requisite skills and competencies are in place with a capacity for renewal and
knowledge sharing.
Level 5. Optimizing
Internal audit function is learning from inside and outside the organization for continuous improvement. With top-level professional and specialised skills of internal auditors, IA is considered a critical part of the organization’s governance structure and they are fully integrated with overall organizational performance measures.
These five capability levels are expressed as below:
63 | P a g e
www.theiia.org/research
8
LEVEL 5 Optimizing
LEVEL 4 Managed
LEVEL 3 Integrated
LEVEL 2 Infrastructure
LEVEL 1 Initial
No sustainable, repeatable
capabilities – dependent upon
individual efforts
Sustainable and repeatable IA practices and procedures
IA management and professional practices uniformly applied
IA learning from inside and outside the organization for continuous improvement
IA integrates information from across the organization to improve governance and risk management
IA Capability Model Levels
IA-CM
Refer Appendix 11 for details on Internal Audit Capability Model Matrix and Appendix 12 for details on Internal Audit Capability Model Levels
The IA-CM provides a tool that a public sector organization can use to: Determine its internal audit requirements according to the nature, complexity, and
associated risks of its operations. Assess its existing internal audit capabilities against the requirements it has
determined. Identify significant gaps between those requirements and its existing internal audit
capabilities and work towards developing the appropriate level of internal audit capability.
CH
AP
TE
R 6
Page 62 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
The Assessment Report may indicate the Internal Audit Capability Maturity level depending on the overall assessment outcome of the quality assurance and improvement programme.
Refer Appendix 13 for details on Internal Audit Maturity Assessment.
CH
AP
TE
R 7
Page 63@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
7 Measuring Internal Audit Effectiveness and Efficiency
CH
AP
TE
R 7
Page 64 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Chapter 7: Checklists and Appendices
Appendix 1: QAIP Components
Section I: Governance
The main elements, along with some of the key objectives, to be assessed in the Governance section include: Internal Audit Charter:● Internal audit’s purpose, authority, and responsibility are formally defined in a
charter, consistent with the Definition of Internal Auditing, Code of Ethics, and the Standards.
● The internal audit strategy is aligned with the organizational strategy.● The internal audit activity’s charter provides assurance that the internal audit
activity will add value and improve the organization’s operations.● The internal audit activity’s charter, mission statement, goals, and similar documents
are implemented in an effective manner. International Professional Practices Framework (IPPF):● The internal audit activity is in conformance with the Definition of Internal Auditing,
Code of Ethics, and the Standards. Legislation:● The internal audit activity is in compliance with other applicable laws, regulations,
or policies. Independence and Objectivity:● The internal audit activity’s structure, objectivity, roles and responsibilities, and
key governance processes are appropriate for managing the function.● The internal audit activity is independent and objective in the performance of its
work.● The organizational status of the internal audit activity is sufficient to permit
accomplishment of the objectives. ● Broader organizational governance arrangements provide assurance regarding
auditor independence and objectivity. Risk Impacting the Internal Audit Activity:● Risks impacting the internal audit activity have been identified and managed.
Resourcing:● The appropriate level of financial and IT resources is available to the internal audit
activity to enable it to achieve its objectives in an efficient and effective manner.
Section II: Professional Practice
The main elements, along with some of the key objectives, to be assessed in the Professional Practice section include: Roles and Responsibilities:● Roles and responsibilities of staff within the internal audit activity are formally
documented.● The internal audit activity has fulfilled its responsibilities in regard to governance,
risk management, and control.
CH
AP
TE
R 7
Page 65@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Risk-based Audit Planning:● The audit planning process is aligned with the organization’s strategic objectives.● The perspectives of senior management and the board are considered in audit
planning.● The process of audit planning ensures that all activities of the organization are
considered for audit, subjected to a risk assessment, ranked in order of priority, and that appropriate audit objectives for each audit selected have been established. This may include documentation of an audit universe.
● An effective annual planning process exists including appropriate processes for the reporting of progress toward achieving the established plan.
Coordination with Other Assurance Providers:● Internal audit activities are coordinated with those of other assurance providers.
Audit Engagement Planning:● Risks relevant to the activity under review are assessed. The engagement objectives
reflect the results of the assessment. ● Appropriate resources are allocated for audit work to identify significant issues. ● Work programmes to achieve the engagement objectives are developed.
Performing the Engagement:● Engagement processes, including identifying information, analysis, and evaluation,
ensure that the steps in the audit programme developed at the end of the planning phase are completed in an effective and efficient manner.
● Audit techniques, including the use of internal audit automation and computer assisted auditing techniques (CAAT), are used as appropriate to provide assurance that work is performed efficiently and effectively.
● The evidence gathered substantiates the audit findings and establishes the cause and effect of issues identified as needing improvement.
● Information acquired when the audit is conducted is described and retained in working papers to clearly document the audit process and identify findings.
● Audit records are appropriately maintained. ● Audits are appropriately supervised for professional development and to provide
assurance that due professional care is applied. Proficiency and Due Professional Care:● The internal audit activity collectively possesses or sources the knowledge, skills,
and other competencies to perform its responsibilities.● Internal auditors display due professional care in the performance of their
responsibilities.● Continuing professional development is provided to allow internal auditors to
enhance their knowledge, skills, and other competencies. ● Management and leadership development are embedded within the internal audit
activity. Quality Assurance: ● A QAIP is in place that covers all aspects of the internal audit activity and the QAIP
effectiveness is continuously monitored.● Internal audit has processes in place to track and record progress toward established
objectives, plans, and budgeted resources.
CH
AP
TE
R 7
Page 66 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Section III: Communication
The main elements, along with some of the key objectives, to be assessed in the Communication section include: Audit Engagement Reports:● The final report presents the purpose, scope, and significant findings, including
the causes and effects, conclusions, recommendations, and the engagement client’s action plans to address the issues outlined.
● An effective process is in place to ensure that the audit results are presented to the appropriate level of management timely for discussion and response.
● Reports are provided to and/or are reviewed by senior management and the board. ● The form and content of audit communications meet stakeholder expectations.● The phrase “conducted in accordance with the Standards” is utilized only under
appropriate circumstances. Follow-up Phase:● An appropriate follow-up process to ensure that management actions have been
effectively implemented has been established and is being maintained. Stakeholder Communications:● The internal audit activity’s communication practices inform the board and
appropriate stakeholders of work undertaken.● A performance management and measurement process are in place to ensure that
the effectiveness of the internal audit activity is optimized and recognized.● Engagement client satisfaction with the audit process is measured by the internal
audit activity, including the level of professionalism demonstrated by the internal auditors and opportunities for improvement.
● The extent of satisfaction of other stakeholders with the internal audit process and products is measured (this may include a self-assessment questionnaire and a satisfaction survey for engagement clients).
● The role and services offered by internal audit are understood by stakeholders and considered to be value-added.
Appendix 2: Checklist on Ongoing Monitoring
Note: This checklist is for guidance purpose only. The Internal Auditor of IAU or CIA may take reference from this checklist to develop a detailed checklist specific to Internal Audit activity performed.
Sl. No. Standards Tools and/or processes in
place
A 2200: Engagement Planning 2201: Planning Considerations 2210: Engagement Objectives 2220: Engagement Scope 2230: Engagement Resource Allocation 2240: Engagement Work Programme
Internal Audit Department implements the standard through preparation of the Opening Letter, Planning Memorandum, & Audit Programme
Standard 2200 series shall generally require the QAIP to assess if the internal auditors have followed the internal auditing guidelines, manuals and frameworks. The standard also requires the programme to assess if the guidelines, manuals and frameworks are exhaustive and updated regularly. For this, the following sample areas may be assessed to fulfill the requirements of the above Standard 2200 series:
CH
AP
TE
R 7
Page 67@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
S.No. Questions to Consider Response
1 Are individual internal audit engagements adequately resourced and properly monitored?
2 Whether planning is done following the risk-based approach?3 Does the plan align with organizational risk?4 Are the internal auditors familiar with the processes under
review?5 Will the audit objectives allow auditors to provide assurance?6 Is the scope sufficient to satisfy the audit objectives?7 Will the audit programme allow internal auditors to achieve
the audit objectives and reach a conclusion?8 Have auditees been informed about the planned audit?9 Were the objectives clearly explained to auditees during the
kick-off meeting?10 Are planning approved by head of agency?
S.No. Standards Tools and/or processes in place
B 2300: Performing the Engagement 2310: Identifying Information 2320: Analysis and Evaluation 2330: Documenting Information 2340: Engagement Supervision
Internal Audit Department implements the standards through performing information request, data analysis, risk and control assessment, execution of audit programme, working papers, signoffs, and saving engagement records.
Standard 2300 series require that Internal auditors identify, analyze, evaluate, and document sufficient information during the audit engagement. For this, the programme shall assess the following sample questions.S.No. Questions to Consider Response
1 Are all executed steps properly documented?2 Is the prescribed methodology being applied and are
appropriate audit techniques being used?3 Have the internal auditors properly assessed auditees’
procedures with regard to the processes under review?4 In the absence of auditees’ procedures, have the internal
auditors discussed with the auditees the assessment criteria that should be used?
5 Is the obtained evidence sufficient to express an opinion?6 Do internal auditors differentiate between critical and less
critical findings?7 Were findings immediately communicated and discussed with
the auditees?8 Has the work programme been carried out as intended?9 Are changes to audit objectives, scope and work programme
justified and properly approved?
CH
AP
TE
R 7
Page 68 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
S.No. Standards Tools and/or processes in place
C 2400: Communicating Results 2410: Criteria for Communicating 2420: Quality of Communications 2421: Errors and Omissions 2430: Use of “Conducted in conformance with the IIA
standards” 2431: Engagement Disclosure of Non- Conformance 2440: Disseminating Results 2450: Overall Opinion
Results of Audit Engagement are communicated to the audit client during both fieldwork and reporting stages. Internal audit departments report, and communication processes are designed to conform with standards.
Standard 2400 series require the internal auditors to communicate the results of engagements with certain criteria that ensures requisite quality and without errors and omissions. For this, the following sample questions shall be assessed.S.No. Questions to Consider Response
1 Were the findings and final conclusion presented to the auditees at a closing meeting?
2 Do the recommendations address the root cause of the findings?
3 Are the recommendations practical?4 Does the audit achieve its objectives of being able to issue
negative or positive assurance?5 Has a draft report been sent to auditees, allowing them to
review and comment on the findings and recommendations?6 Have the internal auditors incorporated the auditees’
comments?7 Do internal auditors agree on the action plan?8 Is the audit report accurate, objective, clear, concise,
constructive and timely?9 Has the audit report been signed according to the relevant
policies?10 Have audit objectives been achieved within allocated resource
budgets and by agreed target dates, as much as possible?
S.No. Standards Tools and/or processes in place
D 2500: Monitoring Progress CIA must maintain a system to monitor disposition of results communicated to Management. This can be achieved by the “Quarterly Reports” as a follow-up process to monitor and ensure that management actions have been implemented.
Standard 2500 requires the chief audit executive to establish and maintain a system to monitor the disposition of results communicated to management so that the audit recommendations are effectively implemented by the auditee agency. For this, the QAIP shall assess the following sample questions.
CH
AP
TE
R 7
Page 69@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
S.No. Questions to Consider Response
1 Have the internal auditors monitored whether the deadlines of the action plan were respected?
2 Have the internal auditors assessed whether a follow-up audit may be needed?
3 Have follow-up activities been duly executed by the internal auditors?
CH
AP
TE
R 7
Page 70 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Appendix 3: Example of Stakeholder Survey sent after Internal Audit is completed
Sample questions on quality criteria for an audited entity survey
Note: This checklist is for guidance purpose only. The Internal Auditor of IAU or CIA may take reference from this checklist to develop a detailed checklist specific to Internal activity performed.
Please provide feedback on your recent experience with the internal audit unit by choosing one of the following four ratings to answer the questions:
Re: Internal Audit Feedback Survey
Dear XXXXX:
We recently performed an internal audit in your area. To continue to improve the level of service we provide our customers, we would appreciate your candid feedback on the attached Internal Audit Feedback Survey.
We value the opinions of our clients and stakeholders and will use your feedback to continually evaluate the quality of our audit services. Please send the completed survey back to me by (date).
If you have any questions, please do not hesitate to call me at (phone number).
Sincerely,
CIA / Internal Auditor of IAU
Internal Audit Feedback Survey
AUDIT REPORT TITLE: __________________________________________
Audit Unit / Manager: _____________________________________________
The rating scale provided below is from 4 (Very Satisfied), 3 (Satisfied), 2 (Dissatisfied) and 1 (very Dissatisfied).
S. No. Questions
4Very
Satisfied
3Satisfied
2Dissatisfied
1Very
Dissatisfied
1 How satisfied are you that adequate notice was given of the timing and duration of the audit?
2 To what extent are you satisfied that the auditors had sufficient knowledge of the organization activity/process?
3 How satisfied are you that the draft report was received within an acceptable timeframe?
CH
AP
TE
R 7
Page 71@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
4 How satisfied are you that the recommendations provided practical and constructive solutions to the issues identified?
5 How satisfied are you that implementation of recommendations will contribute to improvements in your unit’s risk management, control and governance processes?
6 If you used the consultancy services provided by the internal audit unit, were you satisfied with the input provided?
CH
AP
TE
R 7
Page 72 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Appendix 4: Checklist on Periodic Self-Assessment
Note: This checklist is for guidance purpose only. The Internal Auditor of IAU or CIA may take reference from this checklist to develop a detailed checklist specific to Internal activity performed.
S. No. Standards Tools and/or processes in place
A 1000: Purpose, Authority and Responsibility
1010: Definition of internal Auditing 1020: Code of Ethics
The internal audit service charter should state clearly the purpose, mission, vision, authority, responsibility, etc. of the internal audit department.
The internal audit services charter should state clearly the Institute of Internal Auditors (IIA) definition.
The internal audit services charter should state clearly the Institute of Internal Auditors (IIA) Code of Ethics which highlights major principles such as Integrity, Objectivity, Confidentiality and Competency.
Standard 1000 outlines the purpose, mission, vision, authority, responsibility, etc. of the internal audit department. It recognizes Mandatory Guidance in the IA Charter.
S. No. Questions to Consider Response
1 Is the role of internal audit clearly defined in a document (a law, an act or a charter)?
2 Does this document also explain that internal auditors should not be responsible for any operational activities?
3 Does this document provide internal auditors with unlimited access to information, assets and people?
4 Does this document describe internal auditors’ reporting line(s)?
5 Do auditees know about this document?6 Does this document cover the delivery of both
assurance and consulting services by internal auditors?
7 Does this document refer to national or international internal auditing standards?
8 Does this document refer to a code of conduct for internal auditors?
S. No. Standards Tools and/or processes in place
B 1100: Independence and Objectivity 1110: Organizational Independence 1111: Direct Interaction with the
Board 1120: Individual Objectivity
IA reports to head of agency
CH
AP
TE
R 7
Page 73@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Standard 1100 stresses on independence and objectivity of the Internal Auditor. The aspects of qualification and competence of the internal audit is discussed in the above standard.
S. No. Questions to Consider Response
1 Does the document grant independence to internal auditors?
2 What measures are in place to guarantee internal auditors’ objectivity?
3 Are internal auditors independent on paper and in reality?
4 Do internal auditors experience difficulties getting their audit plans, budget and headcount approved?
5 Is the head of internal audit (HIA) appointed solely on experience, skills and competence?
6 What is the process for dismissal of the HIA, including who has authority to remove him/her?
7 Is there an escalation process in case internal auditors feel their independence is threatened?
8 Are internal auditors allowed to report on actual findings, that is, can they tell things as they are?
9 Can the CIA help internal auditors in cases where they feel threatened by senior management?
10 Are internal auditors invited to participate (as observers) in senior management meetings?
11 Is there a process in place to deal with conflicts of interest?
12 Are internal auditors responsible for any operational activities that in principle should not be part of internal audit’s responsibilities?
13 Do internal auditors regularly design procedures for the auditees?
14 Is there a process in place to disclose any potential impairment to independence and objectivity?
15 Do internal auditors experience any significant scope limitation(s)?
16 Is there a process in place to deal with gifts received from auditees or others?
17 Do internal auditors respect a cooling-off period for internal auditors who transfer from operational units?
18 Do internal auditors respect a cooling-off period for internal auditors who transfer to operational units?
19 In situations where, internal auditors are responsible for operational activities, does a third party oversee these activities?
CH
AP
TE
R 7
Page 74 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
S. No. Standards Tools and/or processes in place
C 1200: Proficiency and Due Professional Care
1210: Proficiency 1220: Due Professional Care 1230: Continuing Professional
Development
IA collectively possess the skills, knowledge and competence needed to perform responsibilities.
Auditors should apply due professional care.
IA should constantly encourage auditors to maintain technical competencies through continuous education.
Standard 1200 describes the Proficiency and Due Professional Care required to be taken care by the Internal Auditor while conducting Internal Audit.
S. No. Questions to Consider Response
1 Do internal auditors collectively possess the necessary knowledge and skills to fulfill the role of internal auditing within their organization?
2 Are internal auditors capable of applying the prescribed audit methodology?
3 Are internal auditors attentive to fraud indicators (red flags)?
4 Do internal auditors have sufficient skills to audit the information technology environment?
5 Do internal auditors use IT tools and techniques to perform internal audit engagements?
6 Do internal auditors have the skills to deal with (difficult) people?
7 Do internal auditors possess the necessary soft skills?
8 Do internal auditors possess a professional certification and do they have access to continuous professional development programmes for internal auditors?
9 Does the internal audit unit have the authority to hire external experts when internal auditors lack the appropriate knowledge and skills for certain internal audit engagements?
10 Are audit objectives focused on the main risk(s) to the organization?
S. No. Standards Tools and/or processes in place
D 1300: Quality Assurance and Improvement Programme (QAIP)
1310: Requirements of QAIP 1311: Internal Assessment 1312: External Assessment 1320: Reporting on QAIP
The internal audit service ensures quality of the audit activity through conducting internal ongoing assessments, which is imbedded into the daily internal audit activities/procedures, and periodic assessments of conformance with internal audit definition, code of ethics and standards. Moreover, the department undertakes external assessments once every five years.
CH
AP
TE
R 7
Page 75@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Standard 1300 outlines that the CIA must develop and maintain QAIP that covers all aspects of the internal audit activity.
S. No.
Questions to Consider Response
1 Is there a quality assurance and improvement programme in place?
2 Is the programme established in the audit policies and procedures?
3 Does the programme include ongoing monitoring, periodic internal quality self-assessments and periodic external quality assessments?
4 Are all aspects of the internal audit unit (role, risk assessment, planning, execution of engagements, reporting and training) covered in the programme?
5 Do meaningful key performance indicators exist in order to measure the performance of the internal audit activity?
6 Are the results of the quality assurance and improvement programme communicated regularly to senior management?
7 Is feedback periodically solicited from auditees and senior management?
8 Does the internal audit unit periodically benchmark itself against peers?
9 Is there evidence that shows that the internal audit function adds value to the organization?
10 Is it stated that internal auditing activities conform to international standards? If yes, is this statement supported by internal and external quality assessments?
11 Are instances of non-conformance with international standards disclosed?
S. No. Standards Tools and/or processes in place
E 2000: Managing the Internal Audit Activity 2010: Planning 2020: Communication and Approval 2030: Resource Management 2040: Policies and Procedures 2050: Coordination &
Reliance 2060: Reporting to Senior
Management and the Board 2070: External Service Provider and
Organizational Responsibility for Internal Auditing
IA establish a Risk Based IA plan and communicate it to the CCA for information and approval for Secretary
IA of IAU ensure IA resources are appropriate, sufficient, and effectively deployed to achieve the approved plan. (IA annual plan – team allocation)
P&P are in place to conduct the audit IA periodically reports to CIA. Internal Audit Department clearly
states the relation with External Auditors.
Standard 2000 outlines managing the internal audit activity. It details the task required to be done before the start of internal audit.
CH
AP
TE
R 7
Page 76 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
S. No. Questions to Consider Response
1 Is the audit universe known and documented by the internal audit unit? Is the document updated periodically to reflect changes in the audit universe?
2 Is a risk-based plan established for internal audit activities?
3 Does the risk-based plan take into consideration any risk management framework that exists within the organization?
4 Does the internal audit unit solicit input from senior management during the development of the internal audit plan?
5 Are adequate risk factors used for risk assessments?
6 Does the internal audit unit identify the key controls in the organization?
7 Are all areas of the organization given appropriate audit coverage?
8 Is the impact of resource limitations communicated to senior management by the internal audit unit?
9 Is the audit plan periodically reviewed?10 Does the internal audit unit have appropriate
and sufficient audit resources to conduct its activities?
11 Does the internal audit unit make use of ‘guest’ auditors from other parts of the organization?
12 Are adequate audit policies and procedures in place, and are they updated on a regular basis?
13 Does the internal audit unit coordinate its audit activities with other internal assurance providers?
14 Does the internal audit unit coordinate its audit activities with the Supreme Audit Institution (SAI)?
15 Do the external auditors rely on the work of internal auditors?
16 Are internal auditors involved in the development and maintenance of a risk register or assurance map?
17 Do internal auditors also audit the “second lines of defense” within the organization?
18 Does the internal audit function periodically report to senior management on its activities?
19 Do internal auditors rely on the work of other assurance providers?
CH
AP
TE
R 7
Page 77@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
S. No. Standards Tools and/or processes in place
F 2100: Nature of Work 2110: Governance 2120: Risk Management 2130: Control
The internal audit activity continuously: Assesses and make recommendations
to improve governance in the organization.
Assists in identifying, evaluating, and implementing risk management methodologies and controls to address risks.
Evaluates the effectiveness and efficiency of controls.
Standard 2100 outlines the nature of work which includes governance, risk management and control required to be complied during the conduct of internal audit.
S. No. Questions to Consider Response
1 Does the internal audit unit assess the design and effectiveness of ethics programmes within the organization?
2 Does the internal audit unit assess how risk ownership and accountability are established within the organization?
3 Does the internal audit unit provide assurance on the risk management process?
4 Do internal auditors assess the potential for fraud?
5 Does the internal audit unit assess the effectiveness and the efficiency of the internal control system?
6 Do internal auditors provide an opinion on the adequacy and the effectiveness of the internal control system?
7 Do internal auditors assess the reliability and the integrity of information?
8 Does the internal audit unit assess the respect for privacy of information?
S. No. Standards Tools and/or processes in place
G 2600: Communicating the Acceptance of Risk
When the CIA become in disagreement with the auditee regarding certain issues, the CIA will escalate the matter through the audit report to the audit committee.
Standard 2600 outlines the provision of communicating the risk to the higher management.S.
No. Questions to Consider Response
1 Is there an escalation process in case management is accepting a risk level, which is above the risk appetite of the organization?
CH
AP
TE
R 7
Page 78 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Appendix 5: Self-Assessment QAIP Report
Table of Contents
xxxx
Executive Summary
Xxxxx
Objectives/Purpose
Xxxx
Scope and methodology
Xxx
Data Collection and reviews
Xxx
Assessment Opinion
Main observations
i. Legal consideration (conforming legislations and professional Standards);ii. Human resource consideration (capability of Internal Auditors);iii. Financial considerations (budgetary implications);iv. Risk management considerations (Internal Audit policies, procedures and meth-
odologies); andv. Ethical considerations (Internal Audit Charter, Code of Ethics).
Successful Internal Audit Attributes
xxx
Conformance
i. IIA’s/BGIAS’ Attribute Standards Conformity;ii. IIA’s/BGIAS’ Performance Standards Conformity; andiii. IIA’s/BGIAS’ Code of Ethics.
Incorporation of IAU Chief/Internal Auditor’s feedback on the observations
xxxx
Action Plan from the IAU Chief/Internal Auditors
xxx
Conclusions and recommendations for improvements
xxx
Appendices
xxxx
CH
AP
TE
R 7
Page 79@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Appendix 6: Full External Assessment Reporting Template
External Quality Assessment report
Internal Audit Services
Central Coordinating Agency
Ministry of Finance
Royal Government of Bhutan
(“RGoB”)
Month/Year
1. EXECUTIVE SUMMARY
XXXX
2. OVERVIEW OF INTERNAL AUDIT ACTIVITIES
xxxxx
3. OBJECTIVES
xxx
4. DATA COLLECTION AND REVIEW
Details of Survey conducted Details of Interviews conducted Policy and practices review Audit work paper review
5. SAMPLES SELECTION
Sample selection method and number of sample selected including basis of selection.
CH
AP
TE
R 7
Page 80 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
6. ASSESSMENT
IPPF – we compared RGoB’s present practices for conformance with the IPPF Standards and framework as well as its Bhutan Government Internal Audit Standards, the Internal Audit Manual, Internal Audit Charter and Code of Ethics.
7. REPORTING
Final report – we have summarised the results of our assessment, including detailed observations and recommendations.
8. OVERALL OPINION AS TO CONFORMANCE TO THE STANDARDS
The overall assessment is that the CCA “Conforms” to the Standards. Please refer to Attachment XX and XX for the Standard Conformance Evaluation Summary (Table), Standard Conformance Evaluation Summary and Attachment XX for the Standard Ratings Definition. The individual assessment is provided as follow:
StandardsGenerallyConforms
PartiallyConforms
Does Not Conform
Attribute Standards
Performance Standards
Code of Ethics
9. INTERNAL AUDIT CAPABILITY MODEL
Report on IA capability.
10. KEY OBSERVATIONS
10.1. Resource Management
xxxx
Quality Assurance and Improvement Programme
xxx
Annual Audit Planning
xxxx
Performance of Audit Engagements
xxx
11. KEY RECOMMENDATIONS
11.1. Resource Management
xxxx
11.2. Quality Assurance and Improvement Programme
xxxx
CH
AP
TE
R 7
Page 81@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
11.3. Annual Audit Planning
xxxx
11.4. Enhancing the Performance of Audit Engagements
xxxx
12. WAY FORWARD
Some key next steps for consideration are in the following sequence:
xxx
13. Quality Assessment Team Members:
(i) xxx(ii) xxx
14. DETAIL REPORT
xxxx
Standard Standard Requirement Observation
Opportunities for
Continuous Improvement
Chief Internal Auditor
Response
Standard 1000: Purpose, Authority and Responsibility Standard 1010: Recognizing Mandatory Guidance in the Internal Audit Charter Standard 1100: Independence and ObjectivityStandard 1110: Organizational IndependenceStandard 1111: Direct Interaction with the Board Standard 1112: Chief Audit Executive Roles Beyond Internal AuditingStandard 1120: Individual ObjectivityStandard 1130: Impairment to Independence or Objectivity Standard 1200: Proficiency and Due Professional Care Standard 1210: ProficiencyStandard 1220: Due Professional CareStandard 1230: Continuing Professional Development Standard 1300: Quality Assurance and Improvement Programme (“QAIP”) Standard 1310: Requirements of the Quality Assurance and Improvement Programme
CH
AP
TE
R 7
Page 82 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Standard 1311: Internal AssessmentsStandard 1312: External AssessmentsStandard 1320: Reporting on the Quality Assurance and Improvement ProgrammeStandard 1321: Use of “Conforms with the International Standards for the Professional Practice of Internal Auditing”Standard 1322: Disclosure of Non-conformanceStandard 2000: Managing the Internal Audit Activity Standard 2010: Planning Standard 2020: Communication and ApprovalStandard 2030: Resource ManagementStandard 2040: Policies and ProceduresStandard 2050: Coordination and RelianceStandard 2060: Reporting to Senior Management and the BoardStandard 2070: External Service Provider and Organizational Responsibility for Internal AuditingStandard 2100: Nature of WorkStandard 2110: GovernanceStandard 2120: Risk ManagementStandard 2200: Engagement PlanningStandard 2201: Planning ConsiderationsStandard 2210: Engagement ObjectivesStandard 2220: Engagement ScopeStandard 2230: Engagement Resource AllocationStandard 2240: Engagement Work ProgrammeStandard 2300: Performing the Engagement Standard 2310: Identifying InformationStandard 2320: Analysis and EvaluationStandard 2330: Documenting Information
CH
AP
TE
R 7
Page 83@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Standard 2340: Engagement SupervisionStandard 2400: Communicating Results Standard 2410: Criteria for CommunicatingStandard 2420: Quality CommunicationsStandard 2421: Errors and OmissionsStandard 2430: Use of “Conducted in Conformance with the International Standards for the Professional Practice of Internal Auditing”Standard 2431: Engagement Disclosure of Non-conformanceStandard 2440: Disseminating ResultsStandard 2450: Overall OpinionsStandard 2500: Monitoring ProgressStandard 2600: Communicating the Acceptance of RisksCode of Ethics
15. Annexure
Annexure XX:
Annexure XX:
CH
AP
TE
R 7
Page 84 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Appendix 7: Self-Assessment with Independent Validation QAIP Report
Table of Contents
xxx
Background;
xxx
Scope and methodology;
Xxxx
Key observations:
I. Successful Audit Practices;II. Gaps to Conformance; and III. Opportunities for improvements;
Conclusions and recommendations for improvement
xxx
Appendices.
xxxx
IIA’s/BGIAS’ Attribute Standards Conformity
Standards Observation ConformityOpportunities
for Improvement
IAU’s Response
IAU’s Action
Plan
1000 – Purpose. Authority, and Responsibility1100 – Independence and Objectivity1200 – Proficiency and Due Professional Care1300 – Quality Assurance and Improvement Programme
IIA’s/BGIAS’ Performance Standards Conformity
Standards Observation ConformityOpportunities
for Improvement
IAU’s Response
IAU’s Action
Plan
2000 – Managing the Internal Audit Activity2100 – Nature of Work2200 – Engagement Planning2300 – Performing the Engagement2400 – Communicating Results2500 – Monitoring Progress2600 – Communicating the Acceptance of Risks
CH
AP
TE
R 7
Page 85@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Code of Ethics Conformity
The purpose of the Code of Ethics for Internal Auditors, Royal Government of Bhutan, is to promote an ethical culture in the profession of internal auditing. A code of ethics is necessary and appropriate for the profession of internal auditing, as it is founded on the trust placed in its objective assurance about risk management, control and governance. The Code of Ethics extends beyond the Definition of Internal Auditing to include two essential components:
Principles that are relevant to the profession and practice of internal auditing. Rules of Conduct that describe behavior norms expected of internal auditors. These
rules are an aid in interpreting the Principles into practical applications and are intended to guide the ethical conduct of internal auditors. Internal Auditors are ex-pected to apply and uphold the principles.
Principles:
1. Integrity
The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment.
2. Objectivity
Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments.
3. Confidentiality
Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.
4. Competency
Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services.
Rules of Conduct:
Rules of Conduct describes above principles in greater detail with the behavioral norms expected of internal auditors. The Rules of Conduct are an aid to interpreting the principles into practical applications and are intended to guide the ethical conduct of internal auditors.
The Internal Audit Unit, Ministry of …… .. generally conforms to the Code of Ethics which includes the two essential components – Principles and Rules of Conduct.
CH
AP
TE
R 7
Page 86 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Appendix 8: Examples of Internal Audit Effectiveness and Efficiency Metrics
Examples of Internal Audit Effectiveness and Efficiency Metrics
Performance management
categoryMeasures of efficiency Measures of
effectiveness
Measures of efficiency and effectiveness
Basic Measures
Number of audits scheduled. Number of audits completed Timeliness of performance feedback. Staff utilization – direct vs. indirect time. Completed audits per auditor. Actual hours vs budgeted hours. Audit report cycle time: elapsed time from opening conference to fieldwork completion and elapse time from fieldwork completion to final report. Number of internal audit reports issued vs. planned internal audits.
Client satisfaction ratings. Staff satisfaction ratings. Number of significant audit findings. Percent of recommendations implemented. Number of repeat findings. Number of open audits findings past planned corrective action date. Number of unsatisfactory internal audit opinions.
Training / CPE hours. Staff turnover / retention.
Service to Stakeholders
Responsiveness to special requests. Average response time to management request. Number of control self-assessment (CSA) sessions conducted. Number of auditors per 1,000 employees. Number of auditors per $1 million of revenue/$1 million of assets. Completed vs. planned audits. Cost savings as a percentage of department budget.
Delivery of high-quality service. Management of auditee expectations. Building strong relationships. Number of management requests. Number of committees and task forces audit is involved in. Amount of identified cost savings and percent of recoveries
Client survey scores (see example survey letter in Appendix 3). Senior management survey scores. Audit committee survey scores. Number of positive and negative feedback about audits/ auditors.
Knowledge of business
Applying that knowledge to help solve complex client issues Development of deep industry knowledge Developing and contributing best practices, emerging issues, and industry trends Best practices benchmarked
CH
AP
TE
R 7
Page 87@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Technical Development
Development of relevant technical knowledge Internal auditing Accounting Regulator Business Compliance with audit methodology set.
Innovation Use of technology in audits. Creativity and efficiency. Number of internal audit improvement teams and time spent (by team).
Enhanced audit process. Number of Best practices identified and communicated within an organization or internal audit activity. Number of hours spent in industry or other specialized training. Involvement in professional organizations (e.g. IIA, auditor roundtables). Thought leadership.
People Development
Number of coaching sessions in a year. Tracking of development plan (plan vs. actual). Achievement of minimum training hours required.
Average months in position. Number of staff rotations in and out of the internal audit activity. Average years of audit experience. Percent of auditors with professional certifications. Percent of auditors with advanced degrees. Training hours per auditor. Auditor turnover. Number/percent of auditors transferred promoted to other functions in the organization vs. the number that left the company.
Assistance in recruiting by team members (participation in review of resume, interview etc.).
CH
AP
TE
R 7
Page 88 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Appendix 9: Example of Reporting Internal Audit Effectiveness and Efficiency Dashboard
Quantitative Measures
Area Measure Target Actual
Q1 Q2 Q3 Q4
Budget management. Budget vs. actualDelivering the annual audit plan
Percent of audit plan delivered during the year
Customer Services
Area Measure Target Actual
Q1 Q2 Q3 Q4
Number/types of ad-hoc requests received for non-routine work.
Record to be kept of ad-hoc non-routine requests by the management
Staff Satisfaction and Development
Area Measure Target Actual
Q1 Q2 Q3 Q4
Staff training hours / year. Actual training hours vs. budgetStaffing plan (hiring).
Plan vs. actual hired
Audit Delivery / Efficiency
Area Measure Target Actual
Q1 Q2 Q3 Q4
Audit reviews completed within budget and to agreed target date.
Budget vs. actual
Revise the audit methodology.
Plan vs. actual revision
Relation with Third Party
Area Measure Target Actual
Q1 Q2 Q3 Q4
Use of Subject Matter Experts
Use of Subject Matter Experts for Specialized work
CH
AP
TE
R 7
Page 89@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Appendix 10: Guidance on Internal Audit Self-Assessment Methodology
Element: Risk-Based Audit Planning
Objective: An effective annual planning process exists including appropriate processes for the reporting of progress toward the established plan.
Draft Criteria Preliminary Methodology IIA Standard
A process is in place and is used to develop the annual internal audit plan to verify that: All organizational components, programmes, and activities were considered. Senior management was involved in the process. The plan was prepared timely and distributed to the appropriate levels of management.
In consultation with internal audit, determine the audit plan development process used (obtain any process documentation available).
Review any minutes or follow-up correspondence/confirmations of planning process meetings and verify: Attendance by all parties to the process. Input was requested from all stakeholders The plan from the previous fiscal year was reviewed to identify any engagements not yet completed for consideration for the current year’s plan. A formal risk analysis and assessment of all suggested projects was performed and documented. Organizational components, programmes, and activities were considered. A draft annual plan was presented to senior management and the board and subsequently approved. The distribution list for the draft annual plan as well as the approved audit plan.
2010
A process for selection of engagements to be conducted is documented and includes criteria such as: Past audit coverage and results. Materiality Significance to management. Risk (based on a standardized methodology) Auditability Engagements not completed from the previous year’s plan Organizational priorities Opportunities for improvement Legislative or other mandated obligations
Review last year’s plan and results. Review annual report on progress made from previous fiscal year. Review documented risk analysis and assessment to determine criteria applied. Confirm that justification was documented for engagements cancelled or deferred that were either brought forward from last year’s plan or were proposed in the current year process. Review approved annual plan to determine engagements to be conducted. Review the process used to ensure that a formal risk Analysis and assessment of all suggested projects was performed and documented.
2010
2050
For each audit selected for the plan, the plan provides: A clear indication of the objective and scope. An estimate of resource requirements, in terms of direct time, to conduct the engagements. The number of auditors and the skills required.
Review the annual plan to confirm that all required details have been incorporated. Compare the details approved to the relevant details on a sample of audit planning memorandums and document any variances. Determine that variances were accounted for and approved.
2030
CH
AP
TE
R 7
Page 90 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
The process for tracking the progress made in support of the annual plan results in reports that: Provide an objective statement describing each engagement, and indicate the status by showing key deliverable dates, designated contacts, as well as relevant narrative comments. Are timely, accurate, and disseminated to the appropriate levels of management.
Through interviews, determine and document the process for reporting on progress against the annual plan. Compare monthly status reports to the annual plan. Review documentation on presentations made to senior management and the board. Assess effectiveness of the process in achieving the criteria addressed.
2020
2060
Reports prepared on the results achieved in support of the annual plan are appropriately used for decision making, and resources are appropriately utilized.
Interview members of senior management and the board to determine the utilization of monthly status reports content. Review minutes or emails regarding any pertinent meetings.
2020
2060
CH
AP
TE
R 7
Page 91@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Ap
pen
dix
11
: In
tern
al A
ud
it C
apab
ilit
y M
odel
Mat
rix
Mat
rix
Leve
lSe
rvic
es a
nd
Rol
e of
IA
Peo
ple
M
anag
emen
t P
rofe
ssio
nal
P
ract
ices
Per
form
ance
M
anag
emen
t an
d
Acc
oun
tab
ilit
y
Org
aniz
atio
nal
R
elat
ion
ship
s an
d
Cult
ure
Gov
ern
ance
St
ruct
ure
s
Leve
l 5 –
Op
tim
izin
gIA
Rec
ogni
zed
as K
ey
Agen
t of C
hang
e Le
ader
ship
In
volv
emen
t with
Pr
ofes
sion
al
Bodi
es
Wor
kfor
ce
Proj
ectio
nTa
lent
M
anag
emen
tRo
bust
Suc
cess
ion
Plan
ning
Cont
inuo
us
Impr
ovem
ent
in P
rofe
ssio
nal
Prac
tices
St
rate
gic I
A Pl
anni
ngTe
chno
logy
Ad
vanc
es
Repo
rtin
g of
IA
Effe
ctiv
enes
sEf
fect
ive
and
Ongo
ing
Rela
tions
hips
Tru
sted
Adv
isor
Inde
pend
ence
, Pow
er
and
Auth
ority
of t
he IA
Ac
tivity
Leve
l 4 –
Man
aged
Over
all
Assu
ranc
e on
Go
vern
ance
, Ri
sk M
anag
emen
t an
d Co
ntro
l
IA C
ontr
ibut
es to
M
anag
emen
t De
velo
pmen
t IA
Act
ivity
Su
ppor
ts
Prof
essi
onal
Bo
dies
W
orkf
orce
Pl
anni
ng
Audi
t Str
ateg
y Le
vera
ges
Orga
niza
tion’
s M
anag
emen
t of
Risk
Inte
grat
ion
of
Qual
itativ
e an
d Qu
antit
ativ
e Pe
rfor
man
ce
Mea
sure
s
CIA
Advi
ses a
nd
Influ
ence
s Top
-le
vel M
anag
emen
t
Inde
pend
ent O
vers
ight
of
the
IA A
ctiv
ity
CIA
Repo
rts t
o To
p-le
vel A
utho
rity
Leve
l 3 -
Inte
grat
edAd
viso
ry S
ervi
ces
Perf
orm
ance
/ Va
lue-
for-
Mon
ey A
udits
Team
Bui
ldin
g an
d Co
mpe
tenc
y
Prof
essi
onal
ly
Qual
ified
Sta
ff
Wor
kfor
ce
Coor
dina
tion
Qual
ity
Man
agem
ent
Fram
ewor
k
Risk
-Bas
ed
Audi
t Pla
ns
Perf
orm
ance
M
easu
res
Cost
Info
rmat
ion
IA M
anag
emen
t Re
port
s
Coor
dina
tion
with
Ot
her R
evie
w
Grou
ps
Inte
gral
Co
mpo
nent
of
Man
agem
ent
Team
CIA
Repo
rts t
o To
p-Le
vel A
utho
rity
Man
agem
ent O
vers
ight
an
d Su
ppor
t of t
he IA
Ac
tivity
Fund
ing
Mec
hani
sms
CH
AP
TE
R 7
Page 92 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Mat
rix
Leve
lSe
rvic
es
and
Rol
e of
IA
Peo
ple
M
anag
emen
t P
rofe
ssio
nal
P
ract
ices
Per
form
ance
M
anag
emen
t an
d
Acc
oun
tab
ilit
y
Org
aniz
atio
nal
R
elat
ion
ship
s an
d
Cult
ure
Gov
ern
ance
St
ruct
ure
s
Leve
l 2 -
Infr
astr
uct
ure
Leve
l 1 –
Init
ial
Com
plia
nce
Audi
ting
Indi
vidu
al
Prof
essi
onal
De
velo
pmen
t
Skill
ed P
eopl
e Id
entif
ied
and
Recr
uite
d
Prof
essi
onal
Pr
actic
es a
nd
Proc
esse
s Fr
amew
ork
Audi
t Pla
n Ba
sed
on M
anag
emen
t/
Stak
ehol
der
Prio
ritie
s
IA O
pera
ting
Budg
et
IA B
usin
ess P
lan
Man
agin
g w
ithin
th
e IA
Act
ivity
Full
Acce
ss to
the
Orga
nisa
tion’
s In
form
atio
n, A
sset
s, an
d Pe
ople
Repo
rtin
g Re
latio
nshi
ps
Esta
blis
hed
Ad h
oc a
nd u
nstr
uctu
red;
isol
ated
sin
gle
audi
ts o
r re
view
s of
doc
umen
ts a
nd tr
ansa
ctio
ns fo
r ac
cura
cy a
nd c
ompl
ianc
e;
outp
uts d
epen
dent
upo
n th
e ski
lls o
f spe
cific
indi
vidu
als h
oldi
ng th
e pos
ition
; no
spec
ific p
rofe
ssio
nal p
ract
ices
esta
blis
hed
othe
r th
an t
hose
pro
vide
d by
pro
fess
iona
l as
soci
atio
ns;
fund
ing
appr
oved
by
man
agem
ent,
as n
eede
d; a
bsen
ce o
f in
fras
truc
ture
; aud
itors
like
ly p
art o
f a la
rger
org
anis
atio
nal u
nit;
no e
stab
lishe
d ca
pabi
litie
s; th
eref
ore,
no
spec
ific
key
proc
ess a
reas
.
CH
AP
TE
R 7
Page 93@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Ap
pen
dix
12
: In
tern
al A
ud
it C
apab
ilit
y M
odel
Lev
els
Leve
lD
escr
ipti
on o
f Cap
abil
itie
s
5 –
Optim
isin
g
•IA
is a
trus
ted
advi
sor.
•IA
is a
lear
ning
org
anis
atio
n w
ith co
ntin
uous
pro
cess
impr
ovem
ents
and
inno
vatio
n.•
IA u
ses i
nfor
mat
ion
from
insi
de a
nd o
utsi
de th
e or
gani
satio
n to
cont
ribu
te to
ach
ievi
ng st
rate
gic o
bjec
tives
.•
Wor
ld-c
lass
/rec
omm
ende
d/be
st p
ract
ice
perf
orm
ance
.•
IA is
a cr
itica
l par
t of t
he o
rgan
isat
ion’
s gov
erna
nce
stru
ctur
e.•
Top-
leve
l pro
fess
iona
l and
spec
ialis
ed sk
ills.
•In
divi
dual
, uni
t, an
d or
gani
satio
nal p
erfo
rman
ce m
easu
res a
re fu
lly in
tegr
ated
to d
rive
per
form
ance
impr
ovem
ents
.
4 –
Man
aged
•IA
and
key
stak
ehol
ders
’ exp
ecta
tions
are
in a
lignm
ent.
•Pe
rfor
man
ce m
etri
cs a
re in
pla
ce to
mea
sure
and
mon
itor I
A pr
oces
ses a
nd re
sults
. •
IA is
reco
gnis
ed a
s del
iver
ing
sign
ifica
nt co
ntri
butio
ns th
roug
h va
lue-
adde
d se
rvic
es to
the
orga
nisa
tion.
•IA
has
dev
elop
ed a
fram
ewor
k br
oad
enou
gh to
enc
ompa
ss ri
sk a
nd co
ntro
l con
side
ratio
ns a
t all
leve
ls o
f the
org
anis
atio
n’s g
over
nanc
e,
risk
man
agem
ent,
and
cont
rol p
roce
sses
.•
IA fu
nctio
ns a
s an
inte
gral
par
t of t
he o
rgan
isat
ion’
s gov
erna
nce
and
risk
man
agem
ent.
•IA
is a
wel
l-man
aged
bus
ines
s uni
t.•
Risk
s are
mea
sure
d an
d m
anag
ed q
uant
itativ
ely.
•Re
quis
ite sk
ills a
nd co
mpe
tenc
ies a
re in
pla
ce w
ith a
capa
city
for r
enew
al an
d kn
owle
dge s
hari
ng (w
ithin
IA an
d ac
ross
the o
rgan
isat
ion)
.
3 –
Inte
grat
ed
•IA
pol
icie
s, pr
oces
ses,
and
proc
edur
es a
re d
efin
ed, d
ocum
ente
d, a
nd in
tegr
ated
into
eac
h ot
her a
nd th
e or
gani
satio
n’s i
nfra
stru
ctur
e.•
IA m
anag
emen
t and
pro
fess
iona
l pra
ctic
es a
re w
ell e
stab
lishe
d an
d un
iform
ly a
pplie
d ac
ross
the
IA a
ctiv
ity.
•IA
is st
artin
g to
alig
n w
ith th
e or
gani
satio
n’s b
usin
ess a
nd th
e ri
sks i
t fac
es.
•IA
evo
lves
from
con
duct
ing
only
trad
ition
al IA
to in
tegr
atin
g as
a te
am p
laye
r, co
nduc
ting
perf
orm
ance
or p
roce
ss-b
ased
aud
iting
, and
pr
ovid
ing
advi
ce o
n pe
rfor
man
ce a
nd m
anag
emen
t of r
isks
.•
Focu
s is o
n te
am b
uild
ing
and
capa
city
of t
he IA
act
ivity
and
its i
ndep
ende
nce
and
obje
ctiv
ity.
•IA
supp
orts
the
impl
emen
tatio
n an
d co
ordi
natio
n of
an
effe
ctiv
e Th
ree
Line
s of D
efen
se m
odel
.•
Gene
rally
conf
orm
s with
the
Stan
dard
s.
2 –
Infr
astr
uc-
ture
•Ke
y qu
estio
n or
chal
leng
e fo
r Lev
el 2
is h
ow to
est
ablis
h an
d m
aint
ain
repe
atab
ility
of p
roce
sses
and
thus
a re
peat
able
capa
bilit
y.•
IA r
epor
ting
rela
tions
hips
, m
anag
emen
t an
d ad
min
istr
ativ
e in
fras
truc
ture
s an
d pr
ofes
sion
al p
ract
ices
and
pro
cess
es a
re b
eing
es
tabl
ishe
d (I
A gu
idan
ce, p
roce
sses
and
pro
cedu
res)
.•
Audi
t pla
nnin
g is
bas
ed p
rinc
ipal
ly o
n m
anag
emen
t pri
oriti
es.
•Co
ntin
ued
relia
nce
esse
ntia
lly o
n th
e sk
ills a
nd co
mpe
tenc
ies o
f spe
cific
per
sons
.•
Cond
ucts
pri
ncip
ally
com
plia
nce
or co
ntro
ls-b
ased
aud
iting
.•
Part
ial c
onfo
rman
ce w
ith th
e St
anda
rds.
CH
AP
TE
R 7
Page 94 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Leve
lD
escr
ipti
on o
f Cap
abil
itie
s
1 - I
nitia
l
•Ad
hoc
or u
nstr
uctu
red.
•Is
olat
ed si
ngle
aud
its o
r rev
iew
s of d
ocum
ents
and
tran
sact
ions
for a
ccur
acy
and
com
plia
nce.
•Ou
tput
dep
ende
nt u
pon
the
skill
s of t
he sp
ecifi
c per
son
hold
ing
the
posi
tion.
•N
o pr
ofes
sion
al p
ract
ices
est
ablis
hed
othe
r tha
n th
ose
prov
ided
by
prof
essi
onal
ass
ocia
tions
.•
Fund
ing
appr
oval
by
man
agem
ent,
as n
eede
d.•
Abse
nce
of in
fras
truc
ture
.•
Audi
tors
like
ly p
art o
f a la
ger o
rgan
isat
iona
l uni
t.•
Inst
itutio
nal c
apab
ility
is n
ot d
evel
oped
.
CH
AP
TE
R 7
Page 95@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Ap
pen
dix
13
: In
tern
al A
ud
it M
atu
rity
Ass
essm
ent
Inte
rnal
Au
dit
M
atu
rity
R
atin
g
Stan
dar
d
10
00
Pu
rpos
e,
Au
thor
ity,
an
d
Res
pon
sib
ilit
y
Stan
dar
ds
11
00
,11
30
Ind
epen
den
ce a
nd
O
bje
ctiv
ity
Stan
dar
d 1
20
0
Pro
fici
ency
an
d D
ue
Pro
fess
ion
al C
are
Stan
dar
d 1
30
0
Qu
alit
y A
ssu
ran
ce
and
Imp
rove
men
t P
rogr
amm
e
Stan
dar
d 2
00
0
Man
agin
g th
e In
tern
al A
ud
it
Act
ivit
y
Stan
dar
d 2
10
0
Nat
ure
of W
ork
Op
tim
ized
Inte
rnal
Aud
it Ch
arte
r in
plac
e,
revi
ewed
and
ap
prov
ed b
y Au
dit C
omm
ittee
on
ann
ual b
asis
, cl
early
link
ed
to co
rpor
ate
gove
rnan
ce
obje
ctiv
es,
spec
ifies
goo
d pr
actic
e In
tern
al
Audi
t rep
ortin
g ar
rang
emen
ts.
Inte
rnal
Aud
it re
port
ing
arra
ngem
ents
def
ined
in
Inte
rnal
Aud
it Ch
arte
r, sp
ecifi
es g
ood
prac
tice
repo
rtin
g ar
rang
emen
ts,
inde
pend
ence
an
d ob
ject
ivity
re
quir
emen
ts d
efin
ed
by In
tern
al A
udit
polic
y in
clud
ing
the
requ
irem
ent f
or co
nflic
t of
inte
rest
dis
clos
ure,
an
nual
att
esta
tion
requ
ired
by
Inte
rnal
Au
dit s
taff.
Inte
rnal
Aud
it re
sour
ces a
re
cred
entia
led,
sp
ecia
list r
esou
rces
ar
e av
aila
ble
whe
n re
quir
ed, a
nnua
l Ri
sk A
sses
smen
t co
nduc
ted,
ong
oing
an
d pe
riod
ic
Qual
ity A
ssur
ance
pr
oces
ses i
n pl
ace,
tr
aini
ng p
rogr
amm
es
rein
forc
e In
tern
al
Audi
t cre
dent
ials
and
su
ppor
t exe
cutio
n of
In
tern
al A
udit
Wor
k.
Docu
men
ted
ongo
ing
and
peri
odic
Qu
ality
Ass
uran
ce
Prog
ram
me
in p
lace
, Qu
ality
Ass
uran
ce
activ
ities
occ
ur
for i
nter
nal a
udit
enga
gem
ents
, In
tern
al A
sses
smen
t co
nduc
ted
annu
ally
, Ex
tern
al A
sses
smen
t co
nduc
ted
at le
ast
ever
y 5
year
s.
Inte
rnal
Aud
it po
licie
s and
pr
oced
ures
in p
lace
, In
tern
al A
udit
plan
s lin
ked
to co
rpor
ate
obje
ctiv
es,
effe
ctiv
e In
tern
al
Audi
t rep
ortin
g ar
rang
emen
ts,
audi
t clie
nt
feed
back
soug
ht,
perf
orm
ance
m
easu
res i
n pl
ace
and
used
to
driv
e co
ntin
uous
im
prov
emen
t.
Inte
rnal
Aud
it fo
cuse
s on
cont
rols
, ris
k,
and
gove
rnan
ce,
Inte
rnal
Aud
it pl
ans a
re
clea
rly li
nked
to
ent
erpr
ise-
wid
e vi
ew o
f ri
sk a
nd p
lans
ar
e pe
riod
ical
ly
adju
sted
, Int
erna
l Au
dit u
ses
reco
gniz
ed co
ntro
l fr
amew
orks
in it
s w
ork.
Man
aged
Inte
rnal
Aud
it Ch
arte
r in
plac
e,
revi
ewed
and
ap
prov
ed b
y Au
dit C
omm
ittee
on
ann
ual b
asis
, cl
early
link
ed
to co
rpor
ate
gove
rnan
ce
obje
ctiv
es.
Inte
rnal
Aud
it re
port
ing
arra
ngem
ents
def
ined
in
Inte
rnal
Aud
it Ch
arte
r, sp
ecifi
es g
ood
prac
tice
repo
rtin
g ar
rang
emen
ts,
inde
pend
ence
an
d ob
ject
ivity
re
quir
emen
ts d
efin
ed
by In
tern
al A
udit
polic
y in
clud
ing
the
requ
irem
ent f
or co
nflic
t of
inte
rest
dis
clos
ure.
Inte
rnal
Aud
it re
sour
ces a
re
cred
entia
led,
som
e sp
ecia
list r
esou
rces
ar
e av
aila
ble,
ann
ual
Risk
Ass
essm
ent
cond
ucte
d, o
ngoi
ng
and
peri
odic
Qua
lity
Assu
ranc
e pr
oces
ses
in p
lace
.
Docu
men
ted
ongo
ing
and
peri
odic
Qu
ality
Ass
uran
ce
Prog
ram
me
in p
lace
, Qu
ality
Ass
uran
ce
activ
ities
occ
ur
for i
nter
nal a
udit
enga
gem
ents
, In
tern
al A
sses
smen
t co
nduc
ted
annu
ally
.
Inte
rnal
Aud
it po
licie
s and
pr
oced
ures
in p
lace
, In
tern
al A
udit
plan
s lin
ked
to co
rpor
ate
obje
ctiv
es,
effe
ctiv
e In
tern
al
Audi
t rep
ortin
g ar
rang
emen
ts, a
udit
clie
nt fe
edba
ck
soug
ht.
Inte
rnal
Aud
it fo
cuse
s on
cont
rols
, ris
k,
and
gove
rnan
ce,
Inte
rnal
Aud
it pl
ans a
re
clea
rly li
nked
to
ent
erpr
ise-
wid
e vi
ew o
f ri
sk a
nd p
lans
ar
e pe
riod
ical
ly
adju
sted
.
CH
AP
TE
R 7
Page 96 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Inte
rnal
Au
dit
M
atu
rity
R
atin
g
Stan
dar
d
10
00
Pu
rpos
e,
Au
thor
ity,
an
d
Res
pon
sib
ilit
y
Stan
dar
ds
11
00
,11
30
Ind
epen
den
ce a
nd
O
bje
ctiv
ity
Stan
dar
d 1
20
0
Pro
fici
ency
an
d D
ue
Pro
fess
ion
al C
are
Stan
dar
d 1
30
0
Qu
alit
y A
ssu
ran
ce
and
Imp
rove
men
t P
rogr
amm
e
Stan
dar
d 2
00
0
Man
agin
g th
e In
tern
al A
ud
it
Act
ivit
y
Stan
dar
d 2
10
0
Nat
ure
of W
ork
Imp
lem
ente
d
Inte
rnal
Aud
it Ch
arte
r in
plac
e,
revi
ewed
and
ap
prov
ed b
y Au
dit
Com
mitt
ee o
n a
peri
odic
bas
is.
Inte
rnal
Aud
it re
port
ing
arra
ngem
ents
def
ined
in
Inte
rnal
Aud
it Ch
arte
r spe
cifie
s goo
d pr
actic
e re
port
ing
arra
ngem
ents
.
Som
e In
tern
al
Audi
t res
ourc
es a
re
cred
entia
led,
som
e sp
ecia
list r
esou
rces
ar
e av
aila
ble,
ann
ual
Risk
Ass
essm
ent
cond
ucte
d, o
ngoi
ng
Qual
ity A
ssur
ance
pr
oces
ses i
n pl
ace.
Ongo
ing
and
peri
odic
Qu
ality
Ass
uran
ce
Prog
ram
me
elem
ents
in
pla
ce, Q
ualit
y As
sura
nce
activ
ities
oc
cur f
or in
tern
al
audi
t eng
agem
ents
.
Inte
rnal
Aud
it po
licie
s and
pr
oced
ures
in p
lace
, In
tern
al A
udit
plan
s lin
ked
to co
rpor
ate
obje
ctiv
es,
effe
ctiv
e In
tern
al
Audi
t rep
ortin
g ar
rang
emen
ts.
Inte
rnal
Aud
it fo
cuse
s on
cont
rols
, ris
k, a
nd
gove
rnan
ce.
Inte
rnal
Au
dit
M
atu
rity
R
atin
g
Stan
dar
d
10
00
Pu
rpos
e,
Au
thor
ity,
an
d
Res
pon
sib
ilit
y
Stan
dar
ds
11
00
,11
30
In
dep
end
ence
an
d
Ob
ject
ivit
y
Stan
dar
d 1
20
0
Pro
fici
ency
an
d
Du
e P
rofe
ssio
nal
Ca
re
Stan
dar
d 1
30
0
Qu
alit
y A
ssu
ran
ce
and
Imp
rove
men
t P
rogr
amm
e
Stan
dar
d 2
00
0
Man
agin
g th
e In
tern
al A
ud
it
Act
ivit
y
Stan
dar
d 2
10
0
Nat
ure
of W
ork
Def
ined
Inte
rnal
Aud
it Ch
arte
r in
plac
e an
d ap
prov
ed b
y Au
dit C
omm
ittee
.
Inte
rnal
Aud
it re
port
ing
arra
ngem
ents
def
ined
in
Inte
rnal
Aud
it Ch
arte
r, bu
t not
goo
d pr
actic
e re
port
ing
arra
ngem
ents
.
Inte
rnal
Aud
it re
sour
ces
are
part
ially
cr
eden
tiale
d,
spec
ialis
t re
sour
ces m
ay b
e av
aila
ble,
ann
ual
Risk
Ass
essm
ent
cond
ucte
d, so
me
ongo
ing
Qual
ity
Assu
ranc
e pr
oces
ses
in p
lace
.
Som
e on
goin
g Qu
ality
Ass
uran
ce
Prog
ram
me
elem
ents
in
pla
ce, s
ome
Qual
ity A
ssur
ance
ac
tiviti
es o
ccur
fo
r int
erna
l aud
it en
gage
men
ts.
Inte
rnal
Aud
it po
licie
s and
pr
oced
ures
in
plac
e, In
tern
al
Audi
t pla
ns li
nked
to
corp
orat
e ob
ject
ives
.
Inte
rnal
Aud
it fo
cuse
s on
cont
rols
and
risk
.
CH
AP
TE
R 7
Page 97@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Inte
rnal
Au
dit
M
atu
rity
R
atin
g
Stan
dar
d
10
00
Pu
rpos
e,
Au
thor
ity,
an
d
Res
pon
sib
ilit
y
Stan
dar
ds
11
00
,11
30
In
dep
end
ence
an
d
Ob
ject
ivit
y
Stan
dar
d 1
20
0
Pro
fici
ency
an
d
Du
e P
rofe
ssio
nal
Ca
re
Stan
dar
d 1
30
0
Qu
alit
y A
ssu
ran
ce
and
Imp
rove
men
t P
rogr
amm
e
Stan
dar
d 2
00
0
Man
agin
g th
e In
tern
al A
ud
it
Act
ivit
y
Stan
dar
d 2
10
0
Nat
ure
of W
ork
Init
ial
No
Inte
rnal
Aud
it Ch
arte
r or i
n dr
aft
or n
ot a
ppro
ved
by
Audi
t Com
mitt
ee.
Inte
rnal
Aud
it re
port
ing
arra
ngem
ents
not
de
fined
in In
tern
al
Audi
t Cha
rter
or
repo
rtin
g ar
rang
emen
ts
not i
n lin
e w
ith g
ood
prac
tice.
Inte
rnal
Aud
it re
sour
ces n
ot
cred
entia
led,
no
spec
ialis
t res
ourc
es,
no a
nnua
l Ris
k As
sess
men
t, lim
ited
ongo
ing
Qual
ity
Assu
ranc
e pr
oces
ses
in p
lace
.
No
form
al Q
ualit
y As
sura
nce
Prog
ram
me
in
plac
e, so
me
Qual
ity
Assu
ranc
e ac
tiviti
es
may
occ
ur fo
r in
tern
al a
udit
enga
gem
ents
.
No
Inte
rnal
Aud
it po
licie
s and
pr
oced
ures
in
plac
e, In
tern
al
Audi
t pla
ns n
ot
linke
d to
corp
orat
e ob
ject
ives
.
Inte
rnal
Aud
it fo
cuse
s on
com
plia
nce/
co
ntro
l.
Inte
rnal
Au
dit
M
atu
rity
R
atin
g
Stan
dar
d 2
20
0
Enga
gem
ent
Pla
nn
ing
Stan
dar
d 2
30
0
Per
form
ing
the
Enga
gem
ent
Stan
dar
d 2
40
0
Com
mu
nic
atin
g R
esu
lts
Stan
dar
d 2
50
0
Mon
itor
ing
Pro
gres
s
Stan
dar
d 2
60
0
Com
mu
nic
atin
g th
e A
ccep
tan
ce o
f R
isk
s
Cod
e of
Eth
ics
Op
tim
ized
Plan
ning
pe
rfor
med
in
colla
bora
tion
with
st
akeh
olde
rs,
plan
ning
adj
uste
d fo
r diff
erin
g ci
rcum
stan
ces,
plan
ning
do
cum
ente
d,
the
cons
iste
nt
met
hodo
logy
ap
plie
d to
in
tern
al a
udit
enga
gem
ents
, su
perv
isor
y re
view
, and
sign
– of
f occ
urs.
Inte
rnal
Aud
it po
licie
s and
pr
oced
ures
clea
rly
defin
e in
tern
al a
udit
enga
gem
ent p
roce
ss,
Audi
t Wor
k Pl
ans
are
tailo
red
for
each
eng
agem
ent,
supe
rvis
ory
revi
ew
and
sign
–off
occu
rs,
auto
mat
ed a
udit
wor
king
pap
er
syst
em in
pla
ce,
CAAT
s and
oth
er
audi
t tec
hniq
ues
activ
ely
used
.
Repo
rtin
g pr
otoc
ol
esta
blis
hed
for
com
mun
icat
ing
resu
lts, r
epor
ting
done
co
nsis
tent
ly fr
om co
nten
t an
d fo
rmat
per
spec
tive,
CA
E re
view
s and
sign
s–of
f aud
it re
port
s bef
ore
issu
e, m
anag
emen
t inp
ut
to re
port
ing
is a
ctiv
ely
soug
ht, r
epor
ts co
ntai
n m
anag
emen
t com
men
ts
and
agre
ed a
ctio
ns,
Inte
rnal
Aud
it pr
epar
es
repo
rts t
hat s
how
sy
stem
ic is
sues
foun
d th
roug
h its
wor
k.
Follo
w–u
p pr
otoc
ol
esta
blis
hed,
follo
w–u
p on
impl
emen
tatio
n of
aud
it re
com
men
datio
ns
perf
orm
ed
cons
iste
ntly
, rep
ortin
g to
Aud
it Co
mm
ittee
on
the
stat
us o
f aud
it re
com
men
datio
ns,
auto
mat
ed sy
stem
fo
r rec
eivi
ng
prog
ress
upd
ates
fr
om m
anag
emen
t, hi
gh ra
te o
f aud
it re
com
men
datio
n cl
eara
nce.
Esca
latio
n pr
otoc
ol
defin
ed, t
he
proc
ess c
lear
ly
unde
rsto
od b
y In
tern
al A
udit
and
man
agem
ent,
colla
bora
tive
appr
oach
to
reso
lutio
n, cl
ear
defin
ition
of t
he
leve
l of r
isk
that
ca
n be
ass
umed
by
Man
agem
ent
that
pre
clud
es th
e ne
ed fo
r esc
alat
ion
prot
ocol
.
Orga
niza
tion
Code
of C
ondu
ct
esta
blis
hed,
IIA
Code
of E
thic
s is
em
bedd
ed
in In
tern
al
Audi
t pol
icie
s, et
hics
trai
ning
is
cond
ucte
d,
Inte
rnal
Aud
it st
aff c
ompl
ete
annu
al C
ode
of E
thic
s de
clar
atio
n.
CH
AP
TE
R 7
Page 98 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Inte
rnal
Au
dit
M
atu
rity
R
atin
g
Stan
dar
d 2
20
0
Enga
gem
ent
Pla
nn
ing
Stan
dar
d 2
30
0
Per
form
ing
the
Enga
gem
ent
Stan
dar
d 2
40
0
Com
mu
nic
atin
g R
esu
lts
Stan
dar
d 2
50
0
Mon
itor
ing
Pro
gres
s
Stan
dar
d 2
60
0
Com
mu
nic
atin
g th
e A
ccep
tan
ce o
f R
isk
s
Cod
e of
Eth
ics
Man
aged
Plan
ning
pe
rfor
med
in
colla
bora
tion
with
st
akeh
olde
rs,
plan
ning
do
cum
ente
d,
the
cons
iste
nt
met
hodo
logy
ap
plie
d to
in
tern
al a
udit
enga
gem
ents
, su
perv
isor
y re
view
, and
sign
– of
f occ
urs.
Inte
rnal
Aud
it po
licie
s and
pr
oced
ures
clea
rly
defin
e in
tern
al a
udit
enga
gem
ent p
roce
ss,
Audi
t Wor
k Pl
ans
are
tailo
red
for
each
eng
agem
ent,
supe
rvis
ory
revi
ew
and
sign
–off
occu
rs,
may
hav
e au
tom
ated
au
dit w
orki
ng p
aper
sy
stem
in p
lace
.
Repo
rtin
g pr
otoc
ol
esta
blis
hed
for
com
mun
icat
ing
resu
lts, r
epor
ting
done
co
nsis
tent
ly fr
om co
nten
t an
d fo
rmat
per
spec
tive,
CA
E re
view
s and
sign
s–of
f aud
it re
port
s bef
ore
issu
e, re
port
s con
tain
m
anag
emen
t com
men
ts
and
actio
ns to
impl
emen
tRe
com
men
datio
ns.
Follo
w–u
p pr
otoc
ol
esta
blis
hed,
follo
w–u
p on
impl
emen
tatio
n of
aud
it re
com
men
datio
ns
perf
orm
ed
cons
iste
ntly
, rep
ortin
g to
Aud
it Co
mm
ittee
on
the
stat
us o
f aud
it re
com
men
datio
ns.
Esca
latio
n pr
otoc
ol
defin
ed, p
roce
ss
clea
rly u
nder
stoo
d by
Inte
rnal
Aud
it an
d M
anag
emen
t, co
llabo
rativ
e ap
proa
ch to
re
solu
tion.
Orga
niza
tion
Code
of C
ondu
ct
esta
blis
hed,
IIA
Code
of E
thic
s is
em
bedd
ed in
In
tern
al A
udit
polic
ies,
ethi
cs
trai
ning
is
cond
ucte
d.
Imp
lem
ente
d
Plan
ning
pe
rfor
med
and
do
cum
ente
d,
the
cons
iste
nt
met
hodo
logy
ap
plie
d to
in
tern
al a
udit
enga
gem
ents
, su
perv
isor
y re
view
, and
sign
– of
f occ
urs.
Inte
rnal
Aud
it po
licie
s and
pr
oced
ures
clea
rly
defin
e in
tern
al a
udit
enga
gem
ent p
roce
ss,
Audi
t Wor
k Pl
ans
are
tailo
red
for
each
eng
agem
ent,
supe
rvis
ory
revi
ew
and
sign
–off
occu
rs.
Repo
rtin
g pr
otoc
ol
esta
blis
hed
for
com
mun
icat
ing
resu
lts, r
epor
ting
done
co
nsis
tent
ly fr
om co
nten
t an
d fo
rmat
per
spec
tive,
CA
E re
view
s and
sign
s–of
f au
dit r
epor
ts b
efor
e th
e is
sue.
Follo
w–u
p pr
otoc
ol
esta
blis
hed,
follo
w–u
p on
impl
emen
tatio
n of
aud
it re
com
men
datio
ns
perf
orm
ed
cons
iste
ntly
.
Esca
latio
n pr
otoc
ol
defin
ed, t
he
proc
ess c
lear
ly
unde
rsto
od b
y In
tern
al A
udit
and
Man
agem
ent.
Orga
niza
tion
Code
of C
ondu
ct
esta
blis
hed,
IIA
Code
of E
thic
s is
em
bedd
ed in
In
tern
al A
udit
polic
ies.
CH
AP
TE
R 7
Page 99@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Inte
rnal
Au
dit
M
atu
rity
R
atin
g
Stan
dar
d 2
20
0En
gage
men
t P
lan
nin
g
Stan
dar
d 2
30
0P
erfo
rmin
g th
e En
gage
men
t
Stan
dar
d 2
40
0Co
mm
un
icat
ing
Res
ult
s
Stan
dar
d 2
50
0M
onit
orin
g P
rogr
ess
Stan
dar
d 2
60
0Co
mm
un
icat
ing
the
Acc
epta
nce
of
Ris
ks
Cod
e of
Eth
ics
Def
ined
Plan
ning
pe
rfor
med
and
do
cum
ente
d;
cons
iste
nt
met
hodo
logy
ap
plie
d to
in
tern
al a
udit
enga
gem
ents
.
Som
e el
emen
ts
of In
tern
al a
udit
enga
gem
ent p
roce
ss
defin
ed, s
tand
ard
Audi
t Wor
k Pl
ans
used
.
Repo
rtin
g pr
otoc
ol
esta
blis
hed
for
com
mun
icat
ing
resu
lts, r
epor
ting
done
in
cons
iste
ntly
from
co
nten
t and
form
at
pers
pect
ive.
Follo
w–u
p pr
otoc
ol
esta
blis
hed,
follo
w–u
p on
impl
emen
tatio
n of
aud
it re
com
men
datio
ns
occu
rs b
ut n
ot
perf
orm
ed
cons
iste
ntly
.
Esca
latio
n pr
otoc
ol
esta
blis
hed;
M
anag
emen
t m
ay a
ssum
e in
appr
opri
ate
leve
l of
risk
.
Orga
niza
tion
Code
of C
ondu
ct
esta
blis
hed,
IIA
Code
of E
thic
s re
ceiv
es so
me
atte
ntio
n.
Init
ial
Plan
ning
not
pe
rfor
med
or
docu
men
ted,
no
cons
iste
nt
met
hodo
logy
ap
plie
d to
in
tern
al a
udit
enga
gem
ents
.
Inte
rnal
aud
it en
gage
men
t pro
cess
no
t cle
arly
def
ined
or
Aud
it W
ork
Plan
s not
pre
pare
d fo
r int
erna
l aud
it en
gage
men
ts.
Repo
rtin
g pr
otoc
ol
not e
stab
lishe
d fo
r co
mm
unic
atin
g re
sults
, re
port
ing
is a
d ho
c.
No
follo
w–u
p pr
otoc
ol
esta
blis
hed,
follo
w–u
p on
impl
emen
tatio
n of
aud
it re
com
men
datio
ns
not p
erfo
rmed
co
nsis
tent
ly o
r not
pe
rfor
med
.
No
esca
latio
n pr
otoc
ol
esta
blis
hed.
Orga
niza
tion
Code
of C
ondu
ct
not e
stab
lishe
d,
IIA C
ode
of E
thic
s do
es n
ot re
ceiv
e fo
rmal
att
entio
n.
CH
AP
TE
R 7
Page 100 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Appendix 14: Standard Conformance Evaluation Summary (Table) Template
Conformance Standards Generally Conforms
Partially Conforms
Does Not Conform
Not Applicable Total
Definition of IA and Code of Ethics
Rule of Conduct
Purpose 1000-1130People 1200-1230Performance 1300-1322Planning 2000-2130Process 2200-2600Total
CH
AP
TE
R 7
Page 101@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Appendix 15: Standard Conformance Evaluation Summary Template
Quality Assessment Evaluation Summary - Major/ Supporting StandardsEvaluation
GC PC DNC
A. ATTRIBUTE STANDARDS
1000 Purpose, Authority, and Responsibility1010 Recognizing Mandatory Guidance in the Internal Audit Charter1100 Independence and Objectivity1110 Organizational Independence1111 Direct Interaction with the Board1112 Chief Audit Executive Roles Beyond Internal Auditing1120 Individual Objectivity1130 Impairment to Independence or Objectivity1200 Proficiency and Due Professional Care1210 Proficiency1220 Due Professional Care1230 Continuing Professional Development1300 Quality Assurance and Improvement Programme1310 Requirements of the Quality Assurance and Improvement Programme1311 Internal Assessments1312 External Assessments1320 Reporting on the Quality Assurance and Improvement Programme
1321 Use of “Conforms with the International Standards for the Professional Practice of Internal Auditing”
1322 Disclosure of NonconformanceB PERFORMANCE STANDARDS
2000 Managing the Internal Audit Activity2010 Planning2020 Communication and Approval2030 Resource Management2040 Policies and Procedures2050 Coordination and Reliance2060 Reporting to Senior Management and the Board
2070 External Service Provider and Organizational Responsibility for Internal Auditing
2100 Nature of Work2110 Governance2120 Risk Management2130 Control2200 Engagement Planning2201 Planning Considerations2210 Engagement Objectives
CH
AP
TE
R 7
Page 102 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
2220 Engagement Scope2230 Engagement Resource Allocation2240 Engagement Work Programme2300 Performing the Engagement2310 Identifying Information2320 Analysis and Evaluation2330 Documenting Information2340 Engagement Supervision2400 Communicating Results2410 Criteria for Communicating2420 Quality of Communications2421 Errors and Omissions
2430 Use of “Conducted in Conformance with the International Standards for the Professional Practice of Internal Auditing”
2431 Engagement Disclosure of Nonconformance2440 Disseminating Results2450 Overall Opinions2500 Monitoring Progress2600 Communicating the Acceptance of Risks
The IIA’s Code of Ethics
CH
AP
TE
R 7
Page 103@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Appendix 16: Standard Rating Criteria
Following are the Standards rating criteria:
Rating Definition
Generally Conforms
GC – “Generally Conforms” means the assessor has concluded the following: For individual standards, the internal audit activity conforms to the requirements of the standard (e.g., 1000, 1010, 2000, 2010, etc.) or elements of the IIA Code of Ethics (both Principles and Rules of Conduct) in all material respects. For the sections (Attribute and Performance) and major categories (e.g., 1000, 1100, 2000, 2100, etc.), the internal audit activity achieves general conformity to a majority of the individual standards and/or elements of the IIA Code of Ethics, and at least partial conformity to others, within the section/category. For the internal audit activity overall, there may be opportunities for improvement, but these should not represent situations where the internal audit activity has not implemented the Standards or the IIA Code of Ethics, has not applied them effectively, or has not achieved their stated objectives.
Partially Conforms
PC – “Partially Conforms” means the assessor has concluded the following: For individual standards, the internal audit activity is making good faith efforts to conform to the requirements of the standard (e.g., 1000, 1010, 2000, 2010, etc.) or element of the IIA Code of Ethics (both Principles and Rules of Conduct) but falls short of achieving some major objectives. For the sections (Attribute and Performance) and major categories (e.g., 1000, 1100, 2000, 2100, etc.), the internal audit activity partially achieves conformance with a majority of the individual standards within the section/category and/or elements of the IIA Code of Ethics. For the internal audit activity overall, there will be significant opportunities for improvement in effectively applying the Standards or IIA Code of Ethics and/or achieving their objectives. Some deficiencies may be beyond the control of the internal audit activity and may result in recommendations to senior management or the board of the organization.
Does Not Conform
DNC – “Does Not Conform” means the assessor has concluded the following: For individual standards, the internal audit activity is not aware of, is not making good faith efforts to conform to, or is failing to achieve many/all of the objectives of the standard (e.g., 1000, 1010, 2000, 2010, etc.) and/or elements of the IIA Code of Ethics (both Principles and Rules of Conduct). For the sections (Attribute and Performance) and major categories (e.g., 1000, 1100, 2000, 2100, etc.), the internal audit activity does not achieve conformance with a majority of the individual standards within the section/category and/or elements of the IIA Code of Ethics. For the internal audit activity overall, there will be deficiencies that will usually have a significant negative impact on the internal audit activity’s effectiveness and its potential to add value to the organization. These may also represent significant opportunities for improvement, including actions by senior management or the board.
CH
AP
TE
R 7
Page 104 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Ap
pen
dix
17
: Ch
eck
list
on
Ext
ern
al Q
ual
ity
Ass
essm
ent
Not
e: T
his
chec
klis
t is
for
guid
ance
pur
pose
onl
y. Th
e In
tern
al A
udito
r of
IAU
or C
IA m
ay ta
ke r
efer
ence
from
this
che
cklis
t to
deve
lop
a de
taile
d ch
eckl
ist s
peci
fic to
Inte
rnal
act
ivity
per
form
ed.
17
.1.
ISP
PIA
13
00
– Q
ual
ity
Ass
ura
nce
an
d Im
pro
vem
ent
Pro
gram
me
Esse
ntia
lly, S
tand
ard
1300
seri
es sh
all r
equi
re th
e CC
A an
d th
e IA
Us to
ens
ure
the
follo
win
g as
sess
men
ts:
17
.1.1
Th
e in
tern
al a
ud
it a
ctiv
ity
has
an
ad
equ
ate
qu
alit
y as
sura
nce
an
d im
pro
vem
ent
pro
gram
me
in p
lace
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er
the
CIA
mai
ntai
ns
an
esta
blis
hed
Qual
ity A
ssur
ance
and
Impr
ovem
ent P
rogr
amm
e.
Ch
eck
whe
ther
all
audi
tors
are
acq
uain
ted
with
the
co
ncep
t and
com
pone
nts o
f the
QAI
P;
Ch
eck
whe
ther
the
QAIP
is fu
lly o
pera
tiona
l.
The
inte
rnal
aud
it ac
tivity
has
a Q
AIP
in p
lace
. All
inte
rnal
au
dito
rs a
re fa
mili
ar w
ith th
e pr
ogra
mm
e.
Inte
rnal
aud
it do
es n
ot h
ave
a QA
IP in
pla
ce.
QAIP
pro
gram
me
exis
ts b
ut th
e in
tern
al a
udito
rs a
re n
ot
fam
iliar
with
it.
17
.1.2
Th
e q
ual
ity
assu
ran
ce a
nd
imp
rove
men
t p
rogr
amm
e is
em
bed
ded
in a
ll in
tern
al a
ud
it p
olic
ies
and
pro
ced
ure
s.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er t
he Q
AIP
is s
peci
fied
in a
ny l
egal
or
othe
r rel
evan
t doc
umen
t.
Ch
eck
whe
ther
the
con
cept
of
QAIP
is
embe
dded
th
roug
hout
all
step
s of t
he in
tern
al a
udit
met
hodo
logy
.
The
QAIP
is e
mbe
dded
in a
ll st
eps
of t
he in
tern
al a
udit
met
hodo
logy
.
The
QAIP
is n
ot e
mbe
dded
in th
e m
ost i
mpo
rtan
t ste
ps o
f th
e in
tern
al a
udit
met
hodo
logy
.
CH
AP
TE
R 7
Page 105@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.1.3
T
he
qu
alit
y as
sura
nce
an
d i
mp
rove
men
t p
rogr
amm
e in
clu
de
on
goin
g m
on
ito
rin
g, p
erio
dic
in
tern
al s
elf-
asse
ssm
ents
an
d
ind
epen
den
t ex
tern
al q
ual
ity
asse
ssm
ents
.
Rev
iew
ste
ps
Ass
essm
ent
ou
tco
me
Gen
eral
ly
Co
nfo
rm
– G
C
Par
tial
ly
Co
nfo
rm
- PC
Do
es N
ot
Co
nfo
rm
- DN
C
Chec
k th
e co
nten
t and
met
hodo
logy
of t
he Q
AIP.
Chec
k w
heth
er o
ngoi
ng m
onito
ring
is d
efin
ed a
s an
impo
rtan
t com
pone
nt
of th
e da
ily in
tern
al a
udit
activ
ities
.
As
sess
resp
onsi
bilit
ies
for o
ngoi
ng m
onito
ring
.
As
sess
the
tem
plat
es a
nd to
ols
that
are
use
d fo
r ong
oing
mon
itori
ng.
Asse
ss t
he q
ualit
y of
ong
oing
mon
itori
ng a
nd w
heth
er a
con
sist
ent
appr
oach
is a
pplie
d.
Ch
eck
whe
ther
per
iodi
c se
lf-as
sess
men
t is
wel
l def
ined
as
part
of t
he Q
AIP.
Chec
k w
heth
er th
e pe
riod
ic s
elf-a
sses
smen
t is
incl
uded
in th
e an
nual
aud
it pl
an.
Asse
ss w
heth
er t
he i
nter
nal
audi
tors
who
are
res
pons
ible
for
per
iodi
c in
tern
al s
elf-a
sses
smen
ts a
re i
ndep
ende
nt,
obje
ctiv
e an
d ex
erci
se d
ue
prof
essi
onal
car
e.
As
sess
the
tem
plat
es a
nd t
ools
tha
t ar
e us
ed f
or p
erio
dic
inte
rnal
sel
f-as
sess
men
ts.
Asse
ss th
e ov
eral
l qua
lity
of th
e pe
riod
ic in
tern
al s
elf-a
sses
smen
ts.
Chec
k w
heth
er t
he r
esul
ts o
f th
e pe
riod
ic i
nter
nal
self-
asse
ssm
ents
are
pr
oper
ly re
port
ed.
Chec
k w
heth
er d
ue c
onsi
dera
tion
has
been
giv
en to
the
reco
mm
enda
tions
th
at re
sult
from
the
peri
odic
inte
rnal
sel
f-ass
essm
ents
.
Ch
eck
whe
ther
pe
riod
ic
exte
rnal
qu
ality
as
sess
men
ts
cond
ucte
d by
in
depe
nden
t rev
iew
ers
are
a w
ell-d
efin
ed c
ompo
nent
of t
he Q
AIP.
Chec
k w
heth
er th
e pr
ogra
mm
e en
visa
ges
that
ext
erna
l ass
essm
ents
cou
ld
be p
erfo
rmed
as
com
plet
ely
inde
pend
ent e
xter
nal a
sses
smen
ts o
r as
sel
f-as
sess
men
ts w
ith in
depe
nden
t ext
erna
l val
idat
ion.
Chec
k w
heth
er th
e ex
tern
al a
sses
smen
t has
bee
n in
clud
ed in
the
budg
et.
Chec
k w
heth
er t
he p
rogr
amm
e in
clud
es i
ndep
ende
nce
and
com
pete
ncy
crite
ria
for t
he p
erso
ns w
ho w
ill p
erfo
rm th
e ex
tern
al a
sses
smen
t.
Ch
eck
whe
ther
the
resu
lts o
f the
exte
rnal
ass
essm
ent a
re p
rope
rly
repo
rted
.
Ch
eck
whe
ther
due
con
side
ratio
n ha
s be
en g
iven
to th
e re
com
men
datio
ns
that
resu
lt fr
om th
e ex
tern
al a
sses
smen
t.
The
QAIP
in
clud
es
ongo
ing
mon
itori
ng,
peri
odic
in
tern
al
self-
asse
ssm
ents
an
d in
depe
nden
t ex
tern
al q
ualit
y as
sess
men
ts. I
nter
nal
audi
t co
nsis
tent
ly p
erfo
rms
all
thes
e co
mpo
nent
s.
The Q
AIP
incl
udes
ong
oing
mon
itori
ng,
peri
odic
inte
rnal
self-
asse
ssm
ents
and
in
depe
nden
t ex
tern
al
asse
ssm
ents
. In
tern
al a
udit
cons
iste
ntly
per
form
s on
goin
g m
onito
ring
an
d se
lf-as
sess
men
ts.
How
ever
, ex
tern
al
asse
ssm
ents
are
not
per
form
ed.
The
QAIP
do
es
not
incl
ude
all
com
pone
nts
(ong
oing
m
onito
ring
, pe
riod
ic in
tern
al se
lf-as
sess
men
ts a
nd
inde
pend
ent
exte
rnal
as
sess
men
ts).
Inte
rnal
aud
it co
nsis
tent
ly p
erfo
rms
ongo
ing
mon
itori
ng, b
ut in
tern
al s
elf-
asse
ssm
ents
and
ext
erna
l ass
essm
ents
ha
ve n
ot b
een
perf
orm
ed.
The
QAIP
do
es
not
incl
ude
all
com
pone
nts
(ong
oing
m
onito
ring
, pe
riod
ic in
tern
al se
lf-as
sess
men
ts a
nd
inde
pend
ent
exte
rnal
as
sess
men
ts).
Inte
rnal
aud
it do
es n
ot c
onsi
sten
tly
perf
orm
on
goin
g m
onito
ring
, an
d ne
ither
in
tern
al
self-
asse
ssm
ents
no
r ex
tern
al a
sses
smen
ts h
ave
been
pe
rfor
med
.
CH
AP
TE
R 7
Page 106 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.1.4
Th
e q
ual
ity
assu
ran
ce a
nd
imp
rove
men
t p
rogr
amm
e co
ver
all a
spec
ts o
f th
e in
tern
al a
ud
it fu
nct
ion
(ro
le, r
isk
ass
essm
ent,
p
lan
nin
g an
d e
xecu
tion
of e
nga
gem
ents
, rep
orti
ng
and
tra
inin
g).
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Asse
ss th
e co
nten
t and
met
hodo
logy
of t
he Q
AIP.
Asse
ss w
heth
er a
ctua
l pe
rfor
man
ce o
f th
e QA
IP i
s co
nsis
tent
with
the
pres
crib
ed m
etho
dolo
gy.
Asse
ss t
he t
rain
ing
and
prof
essi
onal
dev
elop
men
t pr
ogra
mm
e.
The
met
hodo
logy
of t
he Q
AIP
is a
dequ
ate
and
cons
iste
ntly
ap
plie
d.
The
met
hodo
logy
of t
he Q
AIP
is n
ot a
dequ
ate.
The
met
hodo
logy
is
adeq
uate
, but
it
is n
ot c
onsi
sten
tly
appl
ied.
17
.1.5
Th
e in
tern
al a
ud
it fu
nct
ion
has
mea
nin
gfu
l key
per
form
ance
ind
icat
ors
to m
easu
re it
s p
erfo
rman
ce.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er k
ey p
erfo
rman
ce in
dica
tors
are
de
fined
in th
e in
tern
al a
udit
met
hodo
logy
and
pr
oced
ures
.
As
sess
the
crite
ria
of th
e in
dica
tors
esp
ecia
lly
with
rega
rd to
thei
r use
fuln
ess.
Chec
k w
heth
er re
gula
r rep
ortin
g on
key
pe
rfor
man
ce in
dica
tors
occ
urs.
Mea
ning
ful
key
perf
orm
ance
ind
icat
ors
are
wel
l de
fined
. The
y ar
e co
nsis
tent
ly m
easu
red
and
repo
rted
.
Perf
orm
ance
indi
cato
rs d
o no
t exi
st o
r are
poo
rly d
efin
ed.
CH
AP
TE
R 7
Page 107@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.1.6
Th
e re
sult
s of
th
e q
ual
ity
assu
ran
ce a
nd
imp
rove
men
t p
rogr
amm
e ar
e re
gula
rly
com
mu
nic
ated
to s
enio
r m
anag
emen
t.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Asse
ss w
heth
er s
enio
r man
agem
ent i
s aw
are
of
the
exis
tenc
e of
a Q
AIP.
Chec
k w
heth
er re
gula
r rep
ortin
g oc
curs
.
Ch
eck
whe
ther
the
CIA
regu
larly
repo
rts
on th
e im
plem
enta
tion
of t
he r
ecom
men
datio
ns t
hat
aris
e fr
om th
e va
riou
s ass
essm
ents
.
The
resu
lts o
f th
e QA
IP a
re c
onsi
sten
tly c
omm
unic
ated
to
seni
or m
anag
emen
t. M
anag
emen
t is
als
o in
form
ed a
bout
the
im
plem
enta
tion
of re
com
men
ded
actio
ns.
The
resu
lts o
f th
e QA
IP a
re n
ot c
onsi
sten
tly c
omm
unic
ated
to
seni
or m
anag
emen
t.
17
.1.7
Th
at in
tern
al a
ud
it p
erio
dic
ally
sol
icit
s fe
edb
ack
from
au
dit
ees
and
sen
ior
man
agem
ent.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er a
n au
dite
e su
rvey
is c
ondu
cted
af
ter
com
plet
ion
of
each
in
tern
al
audi
t en
gage
men
t.
Ch
eck
whe
ther
an
au
dit
surv
ey
is
sent
pe
riod
ical
ly to
seni
or m
anag
emen
t.
Ch
eck
whe
ther
the
res
ults
of t
he a
udit
surv
eys
are
prop
erly
ana
lyze
d an
d gi
ven
due
atte
ntio
n by
th
e CI
A.
Ch
eck
whe
ther
th
e re
sults
of
th
e su
rvey
s ar
e pe
riod
ical
ly
com
mun
icat
ed
to
seni
or
man
agem
ent.
Inte
rnal
au
dit
regu
larly
so
licits
fe
edba
ck
from
se
nior
m
anag
emen
t and
from
aud
itees
. The
resu
lts o
f the
feed
back
are
co
mm
unic
ated
to se
nior
man
agem
ent.
Inte
rnal
audi
t doe
s not
solic
it fe
edba
ck fr
om se
nior
man
agem
ent
and
audi
tees
on
a re
gula
r bas
is.
CH
AP
TE
R 7
Page 108 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.1.8
Eac
h in
tern
al a
ud
it u
nit
per
iod
ical
ly b
ench
mar
ks
itse
lf a
gain
st c
omp
arab
le u
nit
s (n
atio
nal
ly a
nd
inte
rnat
ion
ally
).
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er th
e in
tern
al a
udit
unit
part
icip
ates
in
nat
iona
l an
d in
tern
atio
nal
even
ts w
here
bes
t pr
actic
es a
re p
rese
nted
and
dis
cuss
ed.
Chec
k w
heth
er in
tern
al a
udito
rs m
aint
ain
regu
lar
cont
act w
ith p
eers
.
Ch
eck
whe
ther
th
e in
tern
al
audi
t fu
nctio
n be
nchm
arks
its
elf
peri
odic
ally
ag
ains
t be
st
prac
tices
.
Inte
rnal
aud
it ke
eps a
brea
st o
f cur
rent
tren
ds a
nd a
ppro
ache
s in
inte
rnal
aud
iting
. Int
erna
l aud
it be
nchm
arks
itse
lf ag
ains
t be
st p
ract
ices
and
inf
orm
s se
nior
man
agem
ent
abou
t th
e re
sults
of s
uch
benc
hmar
king
exe
rcis
es.
Inte
rnal
aud
it do
es n
ot k
eep
abre
ast
of r
ecen
t tr
ends
in
inte
rnal
aud
iting
.
17
.1.9
Th
e in
tern
al a
ud
it b
rin
gs r
eal v
alu
e to
th
e in
stit
uti
on.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Asse
ss
whe
ther
in
tern
al
audi
t car
es a
bout
the
valu
e it
prov
ides
, for
exa
mpl
e th
roug
h co
llect
ing
feed
back
with
in th
e or
gani
zatio
n.
As
sess
ho
w
inte
rnal
au
dit
mea
sure
s its
val
ue.
Inte
rvie
w
user
s of
in
tern
al
audi
t se
rvic
es (
agen
cy h
eads
, se
nior
m
anag
emen
t, an
d op
erat
iona
l m
anag
emen
t) o
n th
e va
lue
they
rec
eive
fro
m
inte
rnal
aud
it.
Inte
rnal
aud
it ca
res
abou
t the
val
ue it
pro
vide
s an
d ho
w s
take
hold
ers
perc
eive
the
bene
fits a
nd th
e va
lue
adde
d by
inte
rnal
aud
iting
. It m
easu
res i
ts v
alue
via
feed
back
ob
tain
ed fr
om v
ario
us s
take
hold
ers.
All s
take
hold
ers
conf
irm
the
valu
e of
inte
rnal
au
dit.
Inte
rnal
aud
it ca
res
abou
t the
val
ue it
pro
vide
s an
d ho
w s
take
hold
ers
perc
eive
the
bene
fits a
nd th
e val
ue ad
ded
by in
tern
al au
ditin
g. T
he st
akeh
olde
rs p
erce
ive t
hat t
he
perf
orm
ance
of i
nter
nal a
udit
is a
vera
ge a
nd th
ere
is m
uch
room
for i
mpr
ovem
ent.
Inte
rnal
aud
it ca
res
abou
t th
e va
lue
it pr
ovid
es b
ut d
oes
not
take
int
o ac
coun
t st
akeh
olde
rs’ p
erce
ptio
n of
its v
alue
s. St
akeh
olde
rs d
o no
t see
any
val
ue in
inte
rnal
au
ditin
g and
are n
ot in
tere
sted
in th
e ser
vice
s pro
vide
d by
the i
nter
nal a
udit
activ
ity.
Inte
rnal
aud
it do
es n
ot c
are
abou
t whe
ther
it d
eliv
ers
valu
e to
its
stak
ehol
ders
. It
has a
cont
rolli
ng/i
nspe
ctio
n ap
proa
ch a
nd th
eref
ore
the
valu
e of
its p
erfo
rman
ce is
no
t rel
evan
t. St
akeh
olde
rs co
nfir
m th
is a
ttitu
de.
CH
AP
TE
R 7
Page 109@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.1.1
0 A
ny s
tate
men
t on
com
pli
ance
wit
h I
nte
rnat
ion
al S
tan
dar
ds
for
the
Pro
fess
ion
al P
ract
ice
of I
nte
rnal
Au
dit
ing
is s
up
por
ted
by
th
e re
sult
s of
inte
rnal
an
d e
xter
nal
qu
alit
y as
sura
nce
ass
essm
ents
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er th
e us
age
of th
e st
atem
ent
“con
duct
ed
in
acco
rdan
ce
with
th
e In
tern
atio
nal S
tand
ard
for t
he P
rofe
ssio
nal
Prac
tice
of In
tern
al A
uditi
ng”
is d
efin
ed in
th
e m
etho
dolo
gy.
Asse
ss
whe
ther
in
tern
al
audi
tors
ar
e fa
mili
ar w
ith th
e us
e of
this
term
.
Ch
eck
a fe
w in
tern
al a
udit
repo
rts
for
the
pres
ence
of t
his s
tate
men
t.
Ch
eck
whe
ther
this
stat
emen
t is s
uppo
rted
by
the
res
ults
of
inte
rnal
and
ext
erna
l qu
ality
ass
uran
ce a
sses
smen
ts.
Inte
rnal
aud
it do
es n
ot u
se th
e st
atem
ent “
cond
ucte
d in
acc
orda
nce
with
the
Int
erna
tiona
l St
anda
rds
for
the
Prof
essi
onal
Pra
ctic
e of
In
tern
al A
uditi
ng”,
unle
ss th
e us
e of
this
stat
emen
t is s
uppo
rted
by
the
resu
lts o
f bot
h in
tern
al a
nd e
xter
nal q
ualit
y as
sura
nce
asse
ssm
ents
.
Inte
rnal
aud
it us
es t
he s
tate
men
t “c
ondu
cted
in
acco
rdan
ce w
ith
the
Inte
rnat
iona
l Sta
ndar
ds fo
r th
e Pr
ofes
sion
al P
ract
ice
of I
nter
nal
Audi
ting”
in it
s rep
orts
alth
ough
use
of t
he st
atem
ent i
s not
supp
orte
d by
the
resu
lts o
f int
erna
l and
ext
erna
l qua
lity
assu
ranc
e as
sess
men
ts.
17
.1.1
1 A
ny n
onco
mp
lian
ce w
ith
In
tern
atio
nal
Sta
nd
ard
s fo
r th
e P
rofe
ssio
nal
Pra
ctic
e of
In
tern
al A
ud
itin
g (I
SPP
IA)
is p
rop
erly
d
iscl
osed
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er d
iscl
osur
e of
non
com
plia
nce
with
IS
PPIA
is d
efin
ed in
the
met
hodo
logy
.
Ch
eck
a fe
w in
tern
al a
udit
repo
rts f
or th
e pr
esen
ce o
f su
ch d
iscl
osur
es.
Chec
k w
heth
er t
he r
easo
n fo
r no
ncom
plia
nce
has
been
clea
rly e
xpla
ined
.
Ch
eck
whe
ther
th
e im
pact
of
no
ncom
plia
nce
is
desc
ribe
d.
Inte
rnal
au
dit
prop
erly
di
sclo
ses
nonc
ompl
ianc
e w
ith
ISPP
IA a
s nec
essa
ry.
Inte
rnal
aud
it do
es n
ot d
iscl
ose
nonc
ompl
ianc
e w
ith IS
PPIA
as
nec
essa
ry.
CH
AP
TE
R 7
Page 110 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.2.
ISP
PIA
22
00
– E
nga
gem
ent
Pla
nn
ing
Chec
klis
ts to
ass
ess c
ompl
ianc
e of
eng
agem
ent p
lann
ing
requ
irem
ents
are
as u
nder
:
17
.2.1
En
sure
th
at in
tern
al a
ud
it d
evel
ops
a d
etai
led
pla
n fo
r ev
ery
aud
it e
nga
gem
ent.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k fo
r the
exi
sten
ce o
f det
aile
d pl
ans f
or a
few
rand
om o
f in
tern
al a
udit
enga
gem
ents
;
Ch
eck
whe
ther
the
tea
m l
eade
r ha
d si
gned
off
on t
hose
en
gage
men
t pla
ns;
Chec
k w
heth
er t
he C
hief
of
IAU
had
sign
ed o
ff on
tho
se
enga
gem
ent p
lans
;
Ch
eck
whe
ther
tho
se r
ando
mly
sel
ecte
d en
gage
men
t pl
ans
incl
ude
the
requ
ired
info
rmat
ion
to co
nduc
t the
aud
it.
Inte
rnal
aud
it de
velo
ps d
etai
led
plan
s fo
r al
l aud
it en
gage
men
ts. T
hese
pla
ns a
re p
rope
rly a
utho
rize
d.
Inte
rnal
aud
it do
es n
ot d
evel
op d
etai
led
plan
s fo
r al
l au
dit
enga
gem
ents
or
plan
s ar
e no
t pr
oper
ly
auth
oriz
ed.
17
.2.2
To
ensu
re t
hat
a p
reli
min
ary
surv
ey is
con
du
cted
bef
ore
dev
elop
ing
the
aud
it o
bje
ctiv
es.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er t
he m
etho
dolo
gy p
resc
ribe
s a
stan
dard
ap
proa
ch fo
r con
duct
ing
a pr
elim
inar
y su
rvey
;
Ch
eck
whe
ther
app
ropr
iate
que
stio
nnai
res
exis
t fo
r th
e pr
elim
inar
y su
rvey
;
Ch
eck
a sa
mpl
e of
file
s to
det
erm
ine
whe
ther
pre
limin
ary
surv
eys w
ere
cond
ucte
d.
Inte
rnal
aud
it pe
rfor
ms a
pre
limin
ary
surv
ey b
efor
e th
e de
velo
pmen
t of t
he a
udit
obje
ctiv
es.
Inte
rnal
aud
it do
es n
ot s
yste
mat
ical
ly p
erfo
rm a
pr
elim
inar
y su
rvey
bef
ore
the
deve
lopm
ent
of t
he
audi
t obj
ectiv
es.
CH
AP
TE
R 7
Page 111@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.2.3
To
ensu
re th
at in
tern
al a
ud
it c
onsi
der
s th
e p
rob
abil
ity
of s
ign
ific
ant e
rror
s an
d fr
aud
bef
ore
dev
elop
ing
the
aud
it o
bje
ctiv
es.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er
inte
rnal
au
dit
asse
sses
th
e pr
obab
ility
of
sign
ifica
nt e
rror
s an
d fr
aud
whe
n co
nduc
ting
its o
wn
risk
ass
essm
ent
prio
r to
the
de
velo
pmen
t of t
he a
udit
enga
gem
ent p
lan.
Inte
rnal
aud
it as
sess
es th
e pr
obab
ility
of s
igni
fican
t err
ors a
nd
frau
d pr
ior t
o th
e de
velo
pmen
t of t
he a
udit
obje
ctiv
es.
Inte
rnal
aud
it do
es n
ot s
yste
mat
ical
ly a
sses
s th
e pr
obab
ility
of
sign
ifica
nt e
rror
s and
frau
d pr
ior t
o th
e de
velo
pmen
t of t
he
audi
t obj
ectiv
es.
17
.2.4
To
ensu
re th
at th
e in
tern
al a
ud
it e
nga
gem
ent p
lan
incl
ud
es c
lear
au
dit
ob
ject
ives
an
d a
n a
pp
rop
riat
e d
efin
itio
n o
f th
e au
dit
sc
ope.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Asse
ss w
heth
er t
he a
udit
obje
ctiv
es a
re a
ligne
d w
ith
the
risk
(s)
iden
tifie
d du
ring
th
e ri
sk
asse
ssm
ent p
roce
ss;
Chec
k w
heth
er a
pro
per
prel
imin
ary
surv
ey t
ook
plac
e;
As
sess
whe
ther
the r
isk(
s) id
entif
ied
duri
ng th
e ris
k as
sess
men
t pr
oces
s is
upd
ated
with
inf
orm
atio
n ac
quir
ed d
urin
g th
e pr
elim
inar
y su
rvey
;
As
sess
whe
ther
all
stru
ctur
al u
nits
, do
cum
ents
an
d as
sets
tha
t w
ill b
e su
bjec
t to
the
aud
it ha
ve
been
def
ined
, in
clud
ing
the
peop
le w
ho w
ill b
e in
terv
iew
ed;
Asse
ss w
heth
er th
e du
ratio
n an
d sc
ope
of th
e au
dit
have
bee
n de
fined
;
Ch
eck
whe
ther
th
e im
pact
of
po
ssib
le
scop
e lim
itatio
ns h
as b
een
asse
ssed
Inte
rnal
aud
it de
fines
cle
ar a
udit
obje
ctiv
es i
n lin
e w
ith
the
resu
lts o
f th
e an
nual
ris
k as
sess
men
t pr
oces
s an
d th
e pr
elim
inar
y su
rvey
. The
sco
pe is
suf
ficie
nt to
sat
isfy
the
audi
t ob
ject
ives
.
Inte
rnal
aud
it de
fines
cle
ar a
udit
obje
ctiv
es in
line
with
the
re
sults
of t
he a
nnua
l ris
k as
sess
men
t pro
cess
but
not
with
the
resu
lts o
f th
e pr
elim
inar
y su
rvey
. The
sco
pe i
s su
ffici
ent
to
satis
fy th
e au
dit o
bjec
tives
.
Inte
rnal
aud
it de
fines
aud
it ob
ject
ives
, whi
ch a
re n
ot in
line
w
ith th
e re
sults
of t
he a
nnua
l ris
k as
sess
men
t pro
cess
and
the
prel
imin
ary
surv
ey. T
he s
cope
is s
uffic
ient
to s
atis
fy th
e au
dit
obje
ctiv
es.
Inte
rnal
aud
it do
es n
ot d
efin
e au
dit
obje
ctiv
es i
n lin
e w
ith
the
resu
lts o
f th
e an
nual
ris
k as
sess
men
t pr
oces
s an
d th
e pr
elim
inar
y su
rvey
. Th
e sc
ope
is i
nsuf
ficie
nt t
o sa
tisfy
the
au
dit o
bjec
tives
.
CH
AP
TE
R 7
Page 112 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.2.5
To
ensu
re t
hat
au
dit
ee m
anag
emen
t is
pro
per
ly in
form
ed a
bou
t th
e u
pco
min
g in
tern
al a
ud
it e
nga
gem
ent.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er a
pro
cedu
re is
in p
lace
to
info
rm m
anag
emen
t ab
out
the
upco
min
g in
tern
al a
udit
enga
gem
ent;
Asse
ss w
heth
er th
is p
roce
dure
is co
nsis
tent
ly a
nd fu
lly a
pplie
d;
Ch
eck
whe
ther
the o
bjec
tives
and
the s
cope
of t
he in
tern
al au
dit e
ngag
emen
t ar
e pr
esen
ted
to th
e m
anag
emen
t of t
he a
udite
d pr
oces
s/st
ruct
ure
as e
arly
as
pos
sibl
e;
Ch
eck
whe
ther
the
audi
t tea
m m
embe
rs a
nd th
e du
ratio
n of
the
audi
t hav
e be
en sp
ecifi
ed;
Chec
k w
heth
er a
kic
k-of
f mee
ting
was
hel
d to
dis
cuss
issu
es r
elat
ed to
the
inte
rnal
aud
it en
gage
men
t.
Inte
rnal
au
dit
prop
erly
in
form
s m
anag
emen
t ab
out
the
obje
ctiv
es,
scop
e an
d tim
ing
of u
pcom
ing
audi
t en
gage
men
ts.
Inte
rnal
aud
it do
es n
ot s
yste
mat
ical
ly
or
prop
erly
in
form
m
anag
emen
t ab
out t
he o
bjec
tives
, sco
pe a
nd ti
min
g of
upc
omin
g au
dit e
ngag
emen
ts.
17
.2.6
To
ensu
re th
at th
e au
dit
sco
pe
is s
uff
icie
nt a
nd
ap
pro
pri
ate
to a
chie
ve th
e au
dit
ob
ject
ives
an
d in
clu
des
sig
nif
ican
t sys
tem
s,
reco
rds,
ass
ets
and
peo
ple
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Revi
ew a
sam
ple
of a
udit
files
an
d ch
eck
whe
ther
si
gnifi
cant
sy
stem
s, re
cord
s, as
sets
an
d pe
rson
nel
are
incl
uded
in
th
e sc
ope.
The
audi
t sc
ope
is s
uffic
ient
and
app
ropr
iate
to
achi
eve
audi
t ob
ject
ives
and
in
clud
es a
revi
ew o
f sig
nific
ant s
yste
ms,
reco
rds,
asse
ts a
nd p
eopl
e.
The
audi
t sc
ope
is n
ot a
lway
s su
ffici
ent
and
appr
opri
ate
to a
chie
ve a
udit
obje
ctiv
es o
r do
es n
ot a
lway
s in
clud
e a
revi
ew o
f sig
nific
ant s
yste
ms,
reco
rds,
asse
ts a
nd p
eopl
e.
CH
AP
TE
R 7
Page 113@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.2.7
To
ensu
re t
hat
su
ffic
ien
t an
d a
pp
rop
riat
e re
sou
rces
are
all
ocat
ed to
per
form
inte
rnal
au
dit
en
gage
men
ts.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er
audi
tors
w
ith
appr
opri
ate
skill
s w
ere
sele
cted
for i
nter
nal a
udit
enga
gem
ents
;
Ch
eck
whe
ther
ext
erna
l ex
pert
s w
ith s
peci
fic s
kills
wer
e hi
red
whe
n th
e ne
ed a
rose
;
Ch
eck
whe
ther
the
ava
ilabl
e re
sour
ces
are
suffi
cien
t to
de
al w
ith t
he n
atur
e an
d co
mpl
exity
of
inte
rnal
aud
it en
gage
men
ts.
Appr
opri
ate
and
suffi
cien
t aud
it re
sour
ces
have
bee
n al
loca
ted
to p
erfo
rm in
tern
al a
udit
enga
gem
ents
.
The
audi
t re
sour
ces
allo
cate
d to
per
form
int
erna
l au
dit
enga
gem
ents
are
not
con
sist
ently
app
ropr
iate
or
suffi
cien
t.
17
.2.8
To
ensu
re t
hat
a d
etai
led
au
dit
pro
gram
me
is d
evel
oped
, wh
ich
iden
tifi
es a
ll s
tep
s n
eed
ed to
ach
ieve
th
e au
dit
ob
ject
ives
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er th
e au
dit p
rogr
amm
e in
clud
es m
etho
ds a
nd
tech
niqu
es th
at a
re to
be
used
dur
ing
the
audi
t eng
agem
ent;
Chec
k w
heth
er a
udit
step
s ar
e co
mpl
ete
and
suffi
cien
tly
deta
iled
to e
nabl
e ac
hiev
emen
t of t
he a
udit
obje
ctiv
es;
Chec
k w
heth
er t
he s
teps
in
the
audi
t pr
ogra
mm
e w
ere
allo
cate
d to
ind
ivid
ual
inte
rnal
aud
itors
on
the
team
for
ex
ecut
ion.
Deta
iled
audi
t pr
ogra
mm
es a
re d
evel
oped
for
ever
y in
tern
al a
udit
enga
gem
ent.
Audi
t pr
ogra
mm
es a
re n
ot d
evel
oped
or
are
not
spec
ific e
noug
h to
ena
ble
the
achi
evem
ent o
f the
aud
it ob
ject
ives
.
CH
AP
TE
R 7
Page 114 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.2.9
To
ensu
re t
hat
th
e au
dit
pro
gram
mes
are
pro
per
ly a
pp
rove
d.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er
the
CIA
appr
oves
th
e de
taile
d au
dit
prog
ram
mes
tha
t in
tern
al a
udito
rs p
repa
re f
or i
nter
nal
audi
t eng
agem
ents
;
Ch
eck
whe
ther
cha
nges
to a
ppro
ved
audi
t pro
gram
mes
are
au
thor
ized
.
The
CIA
appr
oves
all
audi
t pr
ogra
mm
es. C
hang
es t
o ex
istin
g pr
ogra
mm
es a
re p
rope
rly a
utho
rize
d.
Audi
t pro
gram
mes
or c
hang
es to
exis
ting
prog
ram
mes
ar
e no
t con
sist
ently
app
rove
d.
17
.3.
ISP
PIA
23
00
– P
erfo
rmin
g th
e En
gage
men
t
Chec
klis
t for
revi
ew st
eps a
nd a
sses
smen
t out
com
es n
eces
sary
to fu
lfill
requ
irem
ents
of S
tand
ard
2300
seri
es a
re a
s bel
ow.
This
can
be a
chie
ved
by co
nduc
ting
the
follo
win
g as
sess
men
ts.
17
.3.1
To
ensu
re t
hat
in
tern
al a
ud
it h
as a
pro
cess
in
pla
ce t
o id
enti
fy r
elev
ant,
su
ffic
ien
t, r
elia
ble
an
d u
sefu
l in
form
atio
n d
uri
ng
inte
rnal
au
dit
en
gage
men
ts.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er i
nter
nal
audi
tors
acq
uire
the
nec
essa
ry
info
rmat
ion
by h
oldi
ng in
terv
iew
s, m
akin
g us
eful
enq
uiri
es
from
rel
evan
t em
ploy
ees,
obse
rvin
g th
e cu
rren
t pro
cess
es,
and
by re
view
ing
rele
vant
doc
umen
ts (i
nter
nal p
roce
dure
s an
d re
port
s).
Inte
rnal
aud
it id
entif
ies
and
anal
yzes
all
rele
vant
in
form
atio
n du
ring
the
inte
rnal
aud
it en
gage
men
ts.
Inte
rnal
au
dit
som
etim
es
over
look
s re
leva
nt
info
rmat
ion
or
spen
ds
too
muc
h tim
e an
alyz
ing
irre
leva
nt in
form
atio
n.
CH
AP
TE
R 7
Page 115@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.3.2
To
ensu
re t
hat
inte
rnal
au
dit
ors
use
an
alyt
ical
pro
ced
ure
s w
hen
per
form
ing
thei
r en
gage
men
ts.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er t
he m
etho
dolo
gy d
escr
ibes
whi
ch
anal
ytic
al
proc
edur
es
can
be
used
in
sp
ecifi
c ci
rcum
stan
ces;
Asse
ss w
heth
er in
tern
al a
udito
rs u
nder
stan
d th
e us
e an
d va
lue
of a
naly
tical
pro
cedu
res.
Inte
rnal
audi
tors
use
anal
ytic
al p
roce
dure
s in
an ap
prop
riat
e w
ay.
Inte
rnal
aud
itors
do
not u
nder
stan
d ho
w a
nd w
hen
to u
se
anal
ytic
al p
roce
dure
s.
17
.3.3
To
ensu
re t
hat
inte
rnal
au
dit
ors
pre
par
e an
d u
se a
deq
uat
e w
ork
ing
pap
ers
to d
ocu
men
t th
eir
aud
it w
ork
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er th
e m
etho
dolo
gy c
lear
ly
defin
es
the
form
at
and
cont
ent
of
wor
king
pap
ers;
Revi
ew a
sam
ple
of a
udit
files
for
the
co
mpl
eten
ess
and
adeq
uacy
(p
rope
r cr
oss-
refe
renc
ing)
of
th
e w
orki
ng
pape
rs;
Revi
ew
a sa
mpl
e of
au
dit
files
fo
r ev
iden
ce o
f ade
quat
e su
perv
isio
n of
the
wor
king
pap
ers.
Inte
rnal
aud
it m
aint
ains
pro
per
wor
king
pap
ers
that
doc
umen
t th
e ex
ecut
ion
of th
e ap
prov
ed a
udit
prog
ram
me.
Pre
para
tion
of th
e w
orki
ng
pape
rs i
s m
onito
red
on a
reg
ular
bas
is a
nd t
hey
are
prop
erly
cro
ss-
refe
renc
ed.
Inte
rnal
aud
it m
aint
ains
wor
king
pap
ers
that
dev
iate
from
the
appr
oved
au
dit p
rogr
amm
e.
The
wor
king
pap
ers a
re cr
oss-
refe
renc
ed a
nd re
gula
rly su
perv
ised
.
Inte
rnal
aud
it m
aint
ains
wor
king
pap
ers
that
dev
iate
from
the
appr
oved
au
dit
prog
ram
me.
Pre
para
tion
of t
he w
orki
ng p
aper
s is
sup
ervi
sed
but
they
are
not
cros
s-re
fere
nced
.
Inte
rnal
aud
it do
es n
ot m
aint
ain
wor
king
pap
ers.
CH
AP
TE
R 7
Page 116 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.3.4
To
ensu
re t
hat
acc
ess
to t
he
wor
kin
g p
aper
s is
pro
per
ly c
ontr
olle
d.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er a
ppro
pria
te p
olic
ies
exis
t for
acc
ess
to in
tern
al
audi
tors
’ wor
king
pap
ers;
Chec
k w
heth
er m
anua
l wor
king
pap
ers a
re p
rope
rly se
cure
d;
Ch
eck
whe
ther
pro
per a
cces
s ri
ghts
con
trol
acc
ess
to e
lect
roni
c w
orki
ng p
aper
s;
As
sess
whe
ther
int
erna
l au
dito
rs a
re a
war
e of
the
sec
urity
re
quir
emen
ts a
nd a
rran
gem
ents
for w
orki
ng p
aper
s.
Acce
ss to
aud
it w
orki
ng p
aper
s is
wel
l org
aniz
ed
and
resp
ecte
d.
Acce
ss t
o au
dit
wor
king
pap
ers
is n
ot o
rgan
ized
or
resp
ecte
d.
17
.3.5
To
ensu
re t
hat
pro
per
ret
enti
on r
equ
irem
ents
exi
st fo
r au
dit
wor
kin
g p
aper
s.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er a
ppro
pria
te p
olic
ies
exis
t fo
r th
e re
tent
ion
of
wor
king
pap
ers (
FRR
2016
);
As
sess
whe
ther
the C
IA se
eks l
egal
advi
ce re
gard
ing t
he re
tent
ion
timef
ram
e fo
r wor
king
pap
ers w
here
unc
erta
intie
s exi
st;
Chec
k w
heth
er
the
inte
rnal
au
dito
rs
com
ply
with
th
e re
quir
emen
ts fo
r the
rete
ntio
n pr
oced
ure.
Rete
ntio
n of
au
dit
wor
king
pa
pers
is
w
ell
orga
nize
d an
d re
spec
ted.
Rete
ntio
n of
audi
t wor
king
pap
ers i
s not
org
aniz
ed
or re
spec
ted.
17
.3.6
To
ensu
re t
hat
au
dit
en
gage
men
ts a
re a
deq
uat
ely
sup
ervi
sed
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er t
he m
etho
dolo
gy p
resc
ribe
s th
at a
ll au
dit
enga
gem
ents
shou
ld b
e ad
equa
tely
supe
rvis
ed;
Inte
rvie
w st
aff a
bout
how
supe
rvis
ion
and
coac
hing
take
pla
ce.
Audi
t en
gage
men
ts a
re a
dequ
atel
y su
perv
ised
, an
d ap
prop
riat
e co
achi
ng o
f in
tern
al a
udito
rs
take
s pla
ce.
Audi
t eng
agem
ents
are
not
wel
l sup
ervi
sed
CH
AP
TE
R 7
Page 117@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.3.7
To
ensu
re t
hat
evi
den
ce o
f su
per
visi
on is
doc
um
ente
d.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Revi
ew a
sam
ple
of a
udit
files
and
che
ck fo
r ev
iden
ce o
f pro
per
supe
rvis
ion.
Evid
ence
of s
uper
visi
on is
pro
perly
doc
umen
ted.
Evid
ence
of s
uper
visi
on is
not
doc
umen
ted.
17
.4.
ISP
PIA
24
00
– C
omm
un
icat
ing
Res
ult
s
Sugg
estiv
e ch
eckl
ists
are
as u
nder
:
17
.4.1
To
ensu
re t
hat
inte
rnal
au
dit
cle
arly
com
mu
nic
ates
th
e im
pac
t of
its
fin
din
gs.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Asse
ss w
heth
er th
e aud
it fin
ding
s dis
tingu
ish
betw
een
sign
ifica
nt
and
less
sign
ifica
nt is
sues
;
As
sess
whe
ther
inte
rnal
aud
it cl
early
sta
tes
wha
t the
impa
ct o
n th
e in
stitu
tion
will
be
if th
e si
gnifi
cant
issu
es h
ighl
ight
ed b
y th
e fin
ding
s are
not
add
ress
ed;
Inte
rvie
w s
enio
r m
anag
emen
t ab
out
the
sign
ifica
nce
of a
udit
findi
ngs;
Asse
ss w
heth
er t
he a
udit
conc
lusi
on i
nclu
des
a cl
ear
and
subs
tant
iate
d m
essa
ge.
The
impa
ct o
f cr
itica
l au
dit
findi
ngs
is c
lear
ly
com
mun
icat
ed
to
the
audi
t cl
ient
or
se
nior
m
anag
emen
t.
Inte
rnal
aud
it do
es n
ot k
now
how
to d
iffer
entia
te
betw
een
sign
ifica
nt a
nd le
ss s
igni
fican
t fin
ding
s. Th
e im
pact
of cr
itica
l fin
ding
s is n
ot co
mm
unic
ated
to
aud
it cl
ient
s or s
enio
r man
agem
ent.
CH
AP
TE
R 7
Page 118 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.4.2
To
ensu
re t
hat
inte
rnal
au
dit
ack
now
led
ges
sati
sfac
tory
per
form
ance
of t
he
aud
itee
s.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Asse
ss w
heth
er in
tern
al a
udit
focu
ses
on b
oth
posi
tive
and
nega
tive
findi
ngs;
Asse
ss w
heth
er a
sat
isfa
ctor
y op
inio
n is
bas
ed o
n su
ffici
ent e
vide
nce;
Chec
k w
heth
er in
tern
al a
udit
clea
rly p
rovi
des p
ositi
ve o
r ne
gativ
e as
sura
nce.
The
audi
t rep
orts
pre
sent
s a b
alan
ced
view
.
Inte
rnal
aud
it fo
cuse
s onl
y on
neg
ativ
e as
pect
s.
17
.4.3
To
ensu
re t
hat
inte
rnal
au
dit
rep
orts
are
acc
ura
te, c
onst
ruct
ive,
ob
ject
ive,
cle
ar, c
onci
se, c
omp
lete
an
d t
imel
y.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Revi
ew
a sa
mpl
e of
au
dit
repo
rts
usin
g th
e de
fined
qu
ality
crite
ria.
The
audi
t rep
orts
mee
t all
the
desi
red
qual
ity cr
iteri
a an
d ar
e ac
cura
te, c
onst
ruct
ive,
ob
ject
ive,
clea
r, co
ncis
e an
d tim
ely.
One
or m
ore
of th
e de
sire
d qu
ality
crite
ria
is m
issi
ng in
the
inte
rnal
aud
it re
port
s.
17
.4.4
To
ensu
re t
hat
au
dit
rec
omm
end
atio
ns
are
pra
gmat
ic.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Asse
ss w
heth
er t
he r
ecom
men
datio
ns c
onta
in
cons
truc
tive
prop
osal
s on
how
to im
prov
e is
sues
id
entif
ied
in th
e au
dit f
indi
ngs;
Asse
ss
whe
ther
th
e re
com
men
datio
ns
can
cont
ribu
te t
o im
prov
emen
ts in
the
inst
itutio
n’s
activ
ities
.
The
audi
t re
com
men
datio
ns a
re p
ragm
atic
and
will
hel
p to
im
prov
e th
e co
ntro
ls w
ithou
t jeo
pard
izin
g th
e or
gani
zatio
n.
The
audi
t re
com
men
datio
ns a
re n
ot im
plem
enta
ble
in p
ract
ice
or th
ey d
o no
t add
ress
the
root
cau
se o
f the
pro
blem
s th
at a
re
iden
tifie
d.
CH
AP
TE
R 7
Page 119@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.4.5
To
ensu
re t
hat
man
agem
ent’
s re
spon
se is
incl
ud
ed in
th
e fi
nal
au
dit
rep
orts
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Asse
ss w
heth
er th
e au
dite
es a
re g
iven
the
oppo
rtun
ity
to
expr
ess
thei
r op
inio
ns
on
audi
t fin
ding
s an
d re
com
men
datio
ns;
Asse
ss w
heth
er d
isag
reem
ents
on
audi
t fin
ding
s an
d re
com
men
datio
ns th
at a
re n
ot re
solv
ed a
re in
clud
ed in
th
e fin
al a
udit
repo
rt.
Man
agem
ent’s
res
pons
es a
re a
lway
s in
clud
ed in
the
final
au
dit r
epor
ts.
Man
agem
ent’s
res
pons
es a
re n
ot s
yste
mat
ical
ly in
clud
ed
in th
e fin
al a
udit
repo
rts.
17
.5.
ISP
PIA
25
00
– M
onit
orin
g P
rogr
ess
Sugg
estiv
e ch
eckl
ists
to e
nsur
e ef
fect
ive
cond
uct o
f ass
essm
ent a
re a
s fol
low
s:
17
.5.1
To
ensu
re t
hat
inte
rnal
au
dit
has
a p
roce
ss in
pla
ce t
o m
onit
or m
anag
emen
t’s
acti
ons
wit
h r
egar
d t
o th
e au
dit
fin
din
gs a
nd
re
com
men
dat
ion
s.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er th
e m
etho
dolo
gy p
resc
ribe
s a sp
ecifi
c pro
cess
for
the
mon
itori
ng o
f man
agem
ent’s
follo
w-u
p on
aud
it fin
ding
s and
re
com
men
datio
ns;
Chec
k w
heth
er in
tern
al a
udit
has a
man
ual o
r aut
omat
ed sy
stem
in
pla
ce to
follo
w u
p on
aud
it fin
ding
s and
reco
mm
enda
tions
;
Ch
eck
whe
ther
int
erna
l au
dit
take
s pr
oper
act
ion
whe
n th
e im
plem
enta
tion
of re
com
men
datio
ns fr
om th
e au
dit i
s ove
rdue
;
Ch
eck
whe
ther
in
tern
al
audi
t re
view
s th
e ad
equa
cy
of
man
agem
ent’s
rem
edia
tion.
Inte
rnal
aud
it ha
s a
prop
er p
roce
ss in
pla
ce t
o fo
llow
up
on m
anag
emen
t’s a
ctio
ns w
ith r
egar
d to
aud
it fin
ding
s an
d re
com
men
datio
ns f
rom
as
sura
nce
enga
gem
ents
.
Inte
rnal
aud
it do
es n
ot h
ave
a pr
oces
s in
pla
ce
to m
onito
r m
anag
emen
t’s f
ollo
w-u
p on
aud
it fin
ding
s and
reco
mm
enda
tions
.
CH
AP
TE
R 7
Page 120 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.5.2
To
ensu
re t
hat
it
is m
ade
clea
r to
au
dit
ees
that
th
ey b
ear
the
risk
an
d r
esp
onsi
bil
ity
for
the
tim
ely
imp
lem
enta
tion
of
rem
edia
tin
g ac
tion
s.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er
this
re
spon
sibi
lity
is
clea
rly
defin
ed in
the
inte
rnal
aud
it ch
arte
r an
d ot
her
rele
vant
doc
umen
ts;
Inte
rvie
w s
ome
audi
tees
and
ass
ess
whe
ther
th
ey a
re a
war
e of
the
ir r
espo
nsib
ility
in
this
re
gard
.
The
audi
tees
are
fully
aw
are
of th
eir r
espo
nsib
ility
with
rega
rd to
th
e (n
on-)
impl
emen
tatio
n of
aud
it re
com
men
datio
ns.
The
audi
tees
bel
ieve
the
y m
ust
follo
w t
he r
ecom
men
datio
ns
mad
e by
int
erna
l au
dit
and
ther
efor
e th
ey a
re n
ot u
ltim
atel
y re
spon
sibl
e fo
r im
plem
enta
tion
risk
s.
17
.6.
ISP
PIA
10
00
– P
urp
ose,
Au
thor
ity
and
Res
pon
sib
ilit
y
The
follo
win
g ch
eckl
ists
are
pro
vide
d to
fulfi
l ISP
PIA
1000
.
17
.6.1
To
ensu
re t
hat
th
e ro
le o
f in
tern
al a
ud
it i
s cl
earl
y d
efin
ed i
n a
fou
nd
ing
doc
um
ent
(for
exa
mp
le,
a ch
arte
r or
in
tern
al
regu
lati
ons)
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er a
ll fo
undi
ng d
ocum
ents
tha
t de
scri
be t
he r
ole
of in
tern
al a
udit
are
prop
erly
al
igne
d an
d co
nsis
tent
;
As
sess
whe
ther
ther
e is
a d
ue p
roce
ss in
pla
ce to
up
date
the
se d
ocum
ents
whe
neve
r ch
ange
s to
st
anda
rds o
ccur
;
As
sess
whe
ther
man
agem
ent c
lear
ly u
nder
stan
ds
the
role
, aut
hori
ty a
nd r
espo
nsib
ility
of i
nter
nal
audi
t.
Prop
er d
ocum
ents
exi
st,
and
they
are
per
iodi
cally
rev
iew
ed.
Man
agem
ent f
ully
und
erst
ands
the
role
of i
nter
nal a
udit.
Prop
er d
ocum
ents
exi
st b
ut t
hey
are
not
revi
ewed
per
iodi
cally
an
d up
date
d w
here
nec
essa
ry. M
anag
emen
t fu
lly u
nder
stan
ds
the
role
of i
nter
nal a
udit.
Prop
er d
ocum
ents
exi
st b
ut m
anag
emen
t do
es n
ot u
nder
stan
d w
ell t
he ro
le o
f int
erna
l aud
it.
Prop
er d
ocum
ents
do
not e
xist
.
CH
AP
TE
R 7
Page 121@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.6.2
To
ensu
re t
hat
inte
rnal
au
dit
is n
ot r
esp
onsi
ble
for
any
oper
atio
nal
act
ivit
ies.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er t
he r
espo
nsib
ilitie
s of
int
erna
l au
dit
are
clea
rly
defin
ed in
the
foun
ding
doc
umen
ts;
Asse
ss w
heth
er th
e cu
rren
t res
pons
ibili
ties a
nd jo
b de
scri
ptio
ns o
f th
e in
tern
al a
udit
staf
f exc
lude
s ope
ratio
nal a
ctiv
ities
;
As
sess
whe
ther
inte
rnal
aud
itors
are
not
taki
ng p
art,
in fa
ct o
r in
ap
pear
ance
, in
any
deci
sion
-mak
ing
proc
ess;
Asse
ss w
heth
er in
tern
al a
udito
rs a
re r
equi
red
to r
egul
arly
sig
n a
decl
arat
ion
of in
depe
nden
ce;
Chec
k w
heth
er c
ases
exi
st i
n w
hich
int
erna
l au
dito
rs w
ere
held
re
spon
sibl
e fo
r ope
ratio
nal a
ctiv
ities
.
Inte
rnal
aud
itors
do
not
have
ope
ratio
nal
resp
onsi
bilit
ies.
Inte
rnal
au
dito
rs
have
pe
rman
ent
or
occa
sion
al o
pera
tiona
l res
pons
ibili
ties,
in fa
ct
or in
app
eara
nce.
1.1.
1 To
en
sure
th
at in
tern
al a
ud
it h
as u
nli
mit
ed a
cces
s to
info
rmat
ion
, ass
ets
and
peo
ple
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er t
he f
ound
ing
docu
men
ts g
rant
int
erna
l au
dito
rs
unlim
ited
acce
ss to
info
rmat
ion,
ass
ets a
nd p
eopl
e;
Ch
eck
whe
ther
the
ter
m ‘
unlim
ited’
acc
ess
has
been
pro
perly
de
fined
;
Ch
eck
whe
ther
the
acce
ss to
info
rmat
ion
is li
nked
to a
clas
sific
atio
n of
the
info
rmat
ion
(con
fiden
tial,
clas
sifie
d, e
tc.);
Chec
k w
heth
er i
nter
nal
audi
tors
hav
e th
e ri
ght
auth
oriz
atio
n to
ac
cess
conf
iden
tial i
nfor
mat
ion;
Chec
k w
heth
er t
here
hav
e be
en o
ccur
renc
es in
whi
ch a
cces
s ha
s be
en d
enie
d.
Ther
e ar
e no
res
tric
tions
for
inte
rnal
aud
itors
to
acc
ess i
nfor
mat
ion,
ass
ets a
nd p
eopl
e.
Acce
ss
exis
ts
in
prin
cipl
e,
but
spec
ific
auth
oriz
atio
n is
re
quir
ed
for
each
au
dit
enga
gem
ent.
Acce
ss e
xist
s but
not
to a
ll in
form
atio
n.
Acce
ss is
res
tric
ted,
and
the
scop
e of
inte
rnal
au
dit m
ay b
e lim
ited.
CH
AP
TE
R 7
Page 122 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.6.3
To
ensu
re t
hat
th
e re
por
tin
g li
nes
of i
nte
rnal
au
dit
are
cle
arly
def
ined
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er th
e fo
undi
ng d
ocum
ents
pro
vide
for a
repo
rtin
g lin
e to
the
top
offic
ial
in th
e or
gani
zatio
n (f
or e
xam
ple,
the
Min
iste
r) fo
r the
inte
rnal
aud
it fu
nctio
n;
Ch
eck
whe
ther
the
repo
rtin
g lin
e of
the
inte
rnal
aud
it fu
nctio
n to
the
CCA
has
been
cl
early
def
ined
;
As
sess
whe
ther
all
repo
rtin
g lin
es w
ork
in p
ract
ice;
Chec
k w
heth
er th
e fo
undi
ng d
ocum
ents
des
crib
e th
e co
mm
unic
atio
n be
twee
n in
tern
al
audi
t and
aud
itees
/ a
udit
clie
nts;
Chec
k w
heth
er th
e fo
undi
ng d
ocum
ents
des
crib
e th
e re
spon
sibi
litie
s of
the
audi
tees
(a
udit
obje
cts)
to re
spon
d to
aud
it fin
ding
s;
As
sess
whe
ther
int
erna
l au
dit
prod
uces
per
iodi
c ac
tivity
rep
orts
, whi
ch h
ighl
ight
ca
paci
ty co
nstr
aint
s, bu
dget
ary
chal
leng
es, a
nd o
ther
reso
urce
issu
es.
The
repo
rtin
g lin
es
of
inte
rnal
au
dit
are
wel
l de
fined
and
are
res
pect
ed
in p
ract
ice.
The
repo
rtin
g lin
es
of
inte
rnal
au
dit
are
not
wel
l de
fined
or
ar
e no
t ad
equa
tely
resp
ecte
d.
17
.6.4
To
ensu
re t
hat
all
em
plo
yees
are
aw
are
of t
he
role
an
d r
esp
onsi
bil
itie
s of
inte
rnal
au
dit
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Asse
ss w
heth
er a
ll em
ploy
ees
have
acc
ess
to,
and
are
know
ledg
eabl
e ab
out,
the
foun
ding
doc
umen
ts, w
hich
des
crib
e th
e ro
le a
nd re
spon
sibi
litie
s of i
nter
nal a
udit;
Asse
ss w
heth
er a
ll em
ploy
ees a
re m
ade
awar
e of
chan
ges t
o th
e fo
undi
ng d
ocum
ents
;
As
sess
whe
ther
the
rol
e of
inte
rnal
aud
it is
cle
arly
exp
lain
ed to
the
new
rec
ruits
of
inte
rnal
aud
itors
;
Ch
eck
whe
ther
inte
rnal
audi
t em
ploy
s a va
riet
y of
mec
hani
sms t
o ra
ise a
war
enes
s of i
ts
role
and
resp
onsi
bilit
ies i
n th
e or
gani
zatio
n. F
or e
xam
ple,
has
inte
rnal
aud
it de
velo
ped
a br
ochu
re o
r a
flyer
, whi
ch is
ava
ilabl
e on
the
intr
anet
(el
ectr
onic
ally
), an
d in
clud
es
freq
uent
ly a
sked
que
stio
ns th
at ex
plai
n in
pla
in w
ords
the
role
of i
nter
nal a
udit
and
the
righ
ts a
nd d
utie
s of t
he a
udite
es?
Asse
ss w
heth
er in
tern
al a
udit
rout
inel
y re
itera
tes i
ts ro
le d
urin
g th
e ki
ck-o
ff m
eetin
gs
with
aud
it cl
ient
s at t
he b
egin
ning
of e
ach
audi
t eng
agem
ent.
Inte
rnal
aud
it us
es m
any
mec
hani
sms
and
take
s ad
vant
age
of a
var
iety
of
oppo
rtun
ities
to e
xpla
in it
s ro
le. E
mpl
oyee
s thr
ough
out
the
orga
niza
tion
are
wel
l aw
are
of it
s rol
e.
No
effo
rts
exis
t to
exp
lain
th
e ro
le o
f int
erna
l aud
it or
em
ploy
ees a
re n
ot a
war
e of
it.
CH
AP
TE
R 7
Page 123@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.6.5
To
ensu
re t
hat
th
ere
is c
lear
un
der
stan
din
g of
th
e va
riou
s se
rvic
es t
hat
inte
rnal
au
dit
can
pro
vid
e.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er th
e fo
undi
ng d
ocum
ents
est
ablis
h th
e pr
ovis
ion
of b
oth
assu
ranc
e an
d co
nsul
ting
serv
ices
by
the
inte
rnal
aud
it un
it;
Ch
eck
whe
ther
the
fou
ndin
g do
cum
ents
cle
arly
sta
te t
hat
man
agem
ent i
s so
lely
res
pons
ible
for
any
actio
n th
at it
take
s ba
sed
on t
he a
dvic
e or
rec
omm
enda
tions
rec
eive
d fr
om
inte
rnal
aud
it;
As
sess
whe
ther
the
re i
s a
prop
er p
roce
dure
in
plac
e fo
r m
anag
emen
t to
req
uest
con
sulti
ng s
ervi
ces
from
int
erna
l au
dit;
Asse
ss w
heth
er th
e in
tern
al a
udit
plan
inco
rpor
ates
a p
rope
r ba
lanc
e be
twee
n as
sura
nce
and
cons
ultin
g se
rvic
es;
Asse
ss a
ctiv
ity re
port
s on
the
deliv
ery
of co
nsul
ting
serv
ices
.
Inte
rnal
au
dit
prov
ides
bo
th
assu
ranc
e an
d co
nsul
ting
serv
ices
. In
tern
al
audi
t be
ars
no
resp
onsi
bilit
y fo
r ac
tions
tak
en b
y m
anag
emen
t, in
fact
or
in a
ppea
ranc
e, a
s a
resu
lt of
con
sulti
ng
serv
ices
pro
vide
d.
Inte
rnal
aud
it do
es n
ot p
rovi
de co
nsul
ting
serv
ices
at
all,
or
if it
does
the
re e
xist
s a
perc
eptio
n of
re
spon
sibi
lity
for
actio
ns t
aken
by
man
agem
ent
follo
win
g in
tern
al a
udit
advi
ce.
17
.6.6
To
ensu
re t
hat
th
e fo
un
din
g d
ocu
men
ts r
efer
to n
atio
nal
or
inte
rnat
ion
al in
tern
al a
ud
itin
g st
and
ard
s.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er a
ll fo
undi
ng d
ocum
ents
that
des
crib
e th
e ro
le
of i
nter
nal
audi
t ar
e pr
oper
ly a
ligne
d w
ith n
atio
nal
and/
or
inte
rnat
iona
l int
erna
l aud
iting
stan
dard
s;
As
sess
whe
ther
nat
iona
l or
othe
r st
anda
rds,
if ap
plie
d, d
epar
t fr
om in
tern
atio
nal i
nter
nal a
uditi
ng st
anda
rds.
The
foun
ding
do
cum
ents
re
fer
to
gene
rally
ac
cept
ed in
tern
atio
nal i
nter
nal a
uditi
ng s
tand
ards
an
d th
ese
stan
dard
s are
app
lied.
The
foun
ding
doc
umen
ts d
o no
t ref
er to
gen
eral
ly
acce
pted
inte
rnat
iona
l int
erna
l aud
iting
stan
dard
s, or
if t
hey
are
refe
rred
to
they
are
not
app
lied
in
prac
tice.
CH
AP
TE
R 7
Page 124 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.6.7
To
ensu
re t
hat
th
e fo
un
din
g d
ocu
men
ts r
efer
to a
cod
e of
con
du
ct fo
r in
tern
al a
ud
itor
s.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k th
e fo
undi
ng d
ocum
ents
for
refe
renc
e to
a c
ode
of
cond
uct f
or in
tern
al a
udito
rs;
Chec
k w
heth
er t
his
code
of
cond
uct
is i
n lin
e w
ith t
he
Code
of E
thic
s fo
r In
tern
al A
udito
rs p
rom
ulga
ted
by th
e IIA
;
As
sess
w
heth
er
inte
rnal
au
dito
rs
mus
t co
nfir
m
peri
odic
ally
thei
r com
plia
nce
with
the
code
.
The
foun
ding
doc
umen
ts r
efer
to a
cod
e of
con
duct
for
inte
rnal
aud
it. T
his
code
is in
line
with
the
IIA
’s Co
de
of E
thic
s. In
tern
al a
udito
rs p
erio
dica
lly c
onfir
m t
heir
co
mpl
ianc
e w
ith th
e Co
de o
f Eth
ics.
The
foun
ding
doc
umen
ts d
o no
t re
fer
to a
cod
e of
co
nduc
t fo
r in
tern
al a
udito
rs a
nd in
tern
al a
udito
rs d
o no
t con
firm
any
kin
d of
com
plia
nce
with
eth
ical
val
ues.
17
.7.
ISP
PIA
11
00
– In
dep
end
ence
an
d O
bje
ctiv
ity
The
follo
win
g ch
eckl
ists
are
pro
vide
d to
ass
ess t
he in
depe
nden
ce a
nd o
bjec
tivity
of i
nter
nal a
udit
activ
ity.
17
.7.1
To
ensu
re t
hat
th
e in
dep
end
ence
of i
nte
rnal
au
dit
is g
ran
ted
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k th
e fo
undi
ng d
ocum
ents
for r
efer
ence
to
the
inde
pend
ence
of i
nter
nal a
udit;
Chec
k w
heth
er th
e Ch
ief o
f CCA
has
dir
ect a
nd
unre
stri
cted
acc
ess
to a
genc
y he
ads
and
othe
r se
nior
man
agem
ent p
erso
nnel
.
The f
ound
ing
docu
men
ts d
escr
ibe t
he im
port
ance
of i
ndep
ende
nce
of th
e in
tern
al a
udit
activ
ity a
nd in
tern
al a
udit
has a
cces
s to
seni
or
man
agem
ent.
The
foun
ding
doc
umen
ts d
o no
t cl
early
des
crib
e th
e ne
ed f
or
inde
pend
ence
of
the
inte
rnal
aud
it ac
tivity
, or
acce
ss t
o se
nior
m
anag
emen
t app
ears
to b
e a
chal
leng
e fo
r int
erna
l aud
it.
CH
AP
TE
R 7
Page 125@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.7.2
To
ensu
re t
hat
th
ere
are
mea
sure
s in
pla
ce to
gu
aran
tee
the
ind
epen
den
ce o
f in
tern
al a
ud
itor
s.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
C
Chec
k w
heth
er
the
exta
nt
regu
latio
ns
and
proc
edur
es
allo
w
inde
pend
ence
to
th
e in
tern
al
audi
t ac
tivity
. St
ate
the
rele
vant
re
gula
tion(
s) th
at g
rant
inde
pend
ence
to th
e in
tern
al a
udit
activ
ity;
Chec
k w
heth
er th
e ex
tant
reg
ulat
ions
and
pro
cedu
res
stat
e bo
th th
e or
gani
zatio
nal
and
func
tiona
l in
depe
nden
ce o
f th
e in
tern
al a
udit
activ
ity;
Asse
ss w
heth
er a
ny i
mpr
ovem
ent
is n
eede
d in
the
reg
ulat
ions
and
pr
oced
ures
.
The
foun
ding
doc
umen
ts d
escr
ibe
prop
er
mea
sure
s to
be
appl
ied
in s
ituat
ions
whe
re
the
inde
pend
ence
of i
nter
nal a
udit
is a
t ris
k.
The
foun
ding
doc
umen
ts d
o no
t re
fer
to
any
mea
sure
s or
esc
alat
ion
proc
ess
whe
n th
e in
depe
nden
ce
of
inte
rnal
au
dit
is
jeop
ardi
zed.
17
.7.3
To
ensu
re t
hat
th
e in
tern
al a
ud
it a
ctiv
ity
is in
dep
end
ent
in t
heo
ry a
nd
in p
ract
ice.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er in
tern
al a
udit
is o
rgan
izat
iona
lly p
ositi
oned
und
er
the
head
of t
he in
stitu
tion;
Asse
ss th
e fre
quen
cy o
f mee
tings
bet
wee
n th
e hea
d of
the i
nstit
utio
n an
d in
tern
al a
udit;
Chec
k w
heth
er i
nter
nal
audi
t ha
s re
ceiv
ed a
ny r
eque
st f
rom
m
anag
emen
t to
be in
volv
ed in
the
daily
act
iviti
es o
f the
inst
itutio
n;
As
sess
the f
requ
ency
of r
eque
sts i
ssue
d by
the h
ead
of th
e ins
titut
ion
for t
he p
erfo
rman
ce o
f ad
hoc a
udits
in th
e pe
riod
und
er re
view
;
As
sess
whe
ther
the
freq
uenc
y an
d du
ratio
n of
ad
hoc a
udits
hav
e an
im
pact
on
the
fulfi
llmen
t of t
he in
tern
al a
udit
plan
;
Id
entif
y an
y ob
stac
les
that
thr
eate
ned
the
inde
pend
ence
of
the
inte
rnal
aud
it ac
tivity
in th
e pe
riod
und
er re
view
;
As
sess
whe
ther
the
Chie
f of C
CA ca
n ne
gotia
te m
itiga
ting
mea
sure
s to
the
thre
ats
to in
depe
nden
ce o
f the
inte
rnal
aud
it ac
tivity
whe
n an
y de
ficie
ncie
s are
iden
tifie
d.
The
inte
rnal
au
dit
activ
ity
is
not
only
in
depe
nden
t in
theo
ry b
ut a
lso
in p
ract
ice.
The
inte
rnal
au
dit
activ
ity
seem
s to
be
in
depe
nden
t bu
t fin
ds i
t di
fficu
lt to
dis
agre
e w
ith th
e he
ad o
f the
inst
itutio
n.
The
inte
rnal
aud
it ac
tivity
is
inde
pend
ent
in
theo
ry, b
ut th
e he
ad o
f the
inst
itutio
n di
rect
s its
role
and
act
iviti
es.
Alth
ough
ind
epen
denc
e of
the
int
erna
l au
dit
activ
ity is
gra
nted
in th
e fo
undi
ng d
ocum
ents
in
rea
lity
this
is
not
the
case
. Th
e in
tern
al
audi
tors
of
IAU,
inc
ludi
ng t
he C
hief
, may
be
repl
aced
at
the
disc
retio
n of
the
hea
d of
the
in
stitu
tion.
CH
AP
TE
R 7
Page 126 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.7.4
To
ensu
re t
hat
au
dit
pla
ns,
bu
dge
t an
d h
ead
cou
nt
are
app
rove
d in
a t
imel
y m
ann
er.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Asse
ss w
heth
er a
udit
plan
s are
bas
ed o
n an
inde
pend
ent a
nd o
bjec
tive
risk
as
sess
men
t;
Ch
eck
whe
ther
the
audi
t pla
ns, b
udge
t and
hea
dcou
nt a
re a
ppro
ved
with
out
any
seri
ous d
elay
to th
e st
art o
f pla
nned
inte
rnal
aud
it ac
tiviti
es;
Iden
tify
the
mai
n ob
stac
les
to a
ppro
val
of t
he a
udit
plan
s, bu
dget
and
he
adco
unt;
Asse
ss w
heth
er in
tern
al a
udit
is fr
ee to
sele
ct a
udits
with
out i
nter
fere
nce;
Asse
ss w
heth
er i
nter
nal
audi
t pe
rcei
ves
that
the
re i
s pr
essu
re f
rom
m
anag
emen
t or t
he h
ead
of th
e ag
ency
to ch
ange
its a
udit
plan
s;
Ch
eck
whe
ther
the
re a
re c
ases
in w
hich
the
hea
d of
the
age
ncy
did
not
appr
ove
a pl
anne
d au
dit
that
was
incl
uded
in t
he a
udit
plan
bas
ed o
n a
risk
ass
essm
ent.
Stat
e th
e re
ason
(s) g
iven
for
not g
rant
ing
appr
oval
of t
he
plan
ned
audi
t.
Audi
t pl
ans,
incl
udin
g bu
dget
an
d he
adco
unts
, are
app
rove
d in
a t
imel
y m
anne
r whe
n ju
stifi
ed.
Audi
t pl
ans,
incl
udin
g bu
dget
an
d he
adco
unts
, are
not
alw
ays
appr
oved
w
hen
just
ified
, or
som
etim
es in
tern
al
audi
t is
pre
ssur
ed t
o ex
clud
e sp
ecifi
c au
dits
from
the
audi
t pla
n.
17
.7.5
To
ensu
re t
hat
th
e ap
poi
ntm
ent
of C
hie
f of C
CA a
nd
IAU
s is
bas
ed s
olel
y on
mer
it.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er p
roce
dure
s for
app
oint
ing
Chie
fs o
f CCA
an
d IA
Us a
re s
peci
fied
in a
ny b
indi
ng d
ocum
ent
(for
ex
ampl
e a
law
, rul
eboo
k or
char
ter)
;
Ch
eck
whe
ther
the
re a
re r
equi
rem
ents
tha
t sp
ecify
th
e co
mpe
tenc
ies
and
skill
s th
at C
hief
Aud
itors
sho
uld
poss
ess;
Chec
k w
heth
er th
e in
cum
bent
Chi
ef h
as b
een
appo
inte
d ac
cord
ing
to th
e st
ated
requ
irem
ents
.
Ther
e ar
e ad
equa
te s
kills
and
com
pete
ncie
s re
quir
emen
ts
for
the
appo
intm
ent
of C
CA C
hief
and
IAU
Chi
efs.
Thes
e re
quir
emen
ts a
re a
pplie
d w
ithou
t exc
eptio
n.
Ther
e ar
e no
ski
lls a
nd c
ompe
tenc
ies
requ
irem
ents
for
th
e ap
poin
tmen
t of
CCA
Chi
ef a
nd I
AU C
hief
s. O
r th
e re
quir
emen
ts a
re n
ot c
onsi
sten
tly a
dher
ed t
o w
hen
they
ex
ist.
CH
AP
TE
R 7
Page 127@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
7.7
.1
To e
nsu
re t
hat
th
e Ch
ief o
f CCA
an
d IA
U C
hie
fs c
ann
ot b
e tr
ansf
erre
d/c
han
ged
in a
ran
dom
man
ner
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er p
roce
dure
s fo
r th
e tr
ansf
er/c
hang
e of
CCA
Chi
ef a
nd IA
U Ch
iefs
are
in a
ccor
danc
e w
ith B
CSR;
Chec
k w
heth
er
any
Chie
f w
as
dism
isse
d or
tra
nsfe
rred
dur
ing
the
peri
od u
nder
revi
ew.
Adeq
uate
regu
latio
ns e
xist
whi
ch o
utlin
e th
e co
nditi
ons a
nd th
e pr
oces
s by
whi
ch C
hief
of C
CA an
d IA
Us m
ay b
e tra
nsfe
rred
/cha
nged
. The
se re
gula
tions
ar
e ap
plie
d w
ithou
t any
exc
eptio
ns.
No
regu
latio
ns e
xist
whi
ch o
utlin
e th
e co
nditi
ons
and
the
proc
ess
by w
hich
Ch
ief o
f CCA
and
IAUs
may
be
tran
sfer
red/
chan
ged.
Or e
xist
ing
regu
latio
ns
are
not c
ompl
ied
with
cons
iste
ntly
.
17
.7.6
To
ensu
re t
hat
a p
rop
er e
scal
atio
n p
roce
ss e
xist
s w
her
e in
tern
al a
ud
it p
erce
ives
th
at it
s in
dep
end
ence
is t
hre
aten
ed.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er t
here
are
pro
visi
ons
for
esca
latio
n in
IA
Char
ter,
Man
ual,
BGIA
S, a
nd B
CSR;
Chec
k w
heth
er t
here
wer
e ca
ses
of
esca
latio
n in
the
peri
od u
nder
revi
ew.
Asse
ss th
e re
sults
of t
hese
case
s.
A pr
oper
esc
alat
ion
proc
ess
exis
ts in
cas
es w
here
the
inde
pend
ence
of t
he
inte
rnal
aud
it ac
tivity
is
thre
aten
ed. T
his
proc
ess
is c
onsi
sten
tly a
pplie
d w
hen
nece
ssar
y in
acc
orda
nce
with
the
rele
vant
pro
visi
ons.
Ther
e is
no
prop
er e
scal
atio
n pr
oces
s in
cas
es w
here
the
inde
pend
ence
of
inte
rnal
aud
it ac
tivity
is th
reat
ened
. If a
n es
cala
tion
proc
ess
exis
ts, i
t is
not
carr
ied
out c
onsi
sten
tly.
CH
AP
TE
R 7
Page 128 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.7.7
To
ensu
re t
hat
inte
rnal
au
dit
is a
llow
ed to
rep
ort
on a
ctu
al fi
nd
ings
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er s
peci
fic r
ules
for
ind
epen
denc
e an
d ob
ject
ivity
are
stip
ulat
ed i
n th
e in
tern
al
audi
t cha
rter
and
ass
ess
whe
ther
thes
e ru
les
are
adeq
uate
;
Ch
eck
whe
ther
the
re a
re c
ases
in
whi
ch t
he
inte
rnal
aud
itors
hav
e re
port
ed t
hat
atte
mpt
s w
ere
mad
e to
inte
rfer
e w
ith th
eir w
ork.
The
inte
rnal
aud
it ch
arte
r co
ntai
ns s
peci
fic p
rovi
sion
s to
sa
fegu
ard
the
inde
pend
ence
and
obj
ectiv
ity o
f in
tern
al a
udit.
Th
e he
ad o
f th
e ag
ency
doe
s no
t in
terf
ere
with
the
wor
k of
in
tern
al a
udit.
Ther
e ar
e no
pro
per p
rovi
sion
s in
the
inte
rnal
aud
it ch
arte
r tha
t re
fer
to t
he in
depe
nden
ce a
nd o
bjec
tivity
of i
nter
nal a
udit.
Or
ther
e ha
ve b
een
case
s w
here
att
empt
s w
ere
mad
e to
inte
rfer
e w
ith th
e w
ork
of in
tern
al a
udit.
17
.7.8
To
ensu
re t
hat
th
e CC
A c
an a
ssis
t in
tern
al a
ud
it in
cas
es w
her
e it
s in
dep
end
ence
is t
hre
aten
ed b
y se
nio
r m
anag
emen
t.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Asse
ss t
he r
ight
s of
inte
rnal
aud
it an
d po
ssib
le
appr
oach
es f
or e
scal
atin
g ca
ses
to t
he C
CA i
n ac
cord
ance
with
app
licab
le le
gisl
atio
n.
As
sess
whe
ther
thr
eats
to
inde
pend
ence
are
re
view
ed
duri
ng
the
exte
rnal
as
sess
men
ts
perf
orm
ed b
y th
e CC
A;
As
sess
whe
ther
the
CCA
has
the
auth
ority
to g
ive
reco
mm
enda
tions
on
inde
pend
ence
to
the
head
of
the
agen
cy.
Ther
e is
an
appr
opri
ate
esca
latio
n pr
oces
s to
the
leve
l of C
CA
in c
ases
whe
re t
he in
depe
nden
ce o
f the
inte
rnal
aud
it ac
tivity
is
thr
eate
ned.
The
CCA
has
the
aut
hori
ty t
o ad
dres
s is
sues
of
inde
pend
ence
of
the
inte
rnal
aud
it ac
tivity
to
the
head
of
the
agen
cy.
Ther
e is
no
esca
latio
n pr
oces
s to
the
leve
l of t
he C
CA.
CH
AP
TE
R 7
Page 129@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.7.9
To
ensu
re t
hat
inte
rnal
au
dit
is in
form
ed a
bou
t im
por
tan
t d
ecis
ion
s th
at a
re b
ein
g m
ade
by a
n a
gen
cy in
a t
imel
y m
ann
er.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er t
he C
hief
of
IAU
take
s pa
rt i
n se
nior
m
anag
emen
t mee
tings
in th
e ag
ency
.
Ch
eck
whe
ther
th
e ro
le
of
the
IAU
Chie
f in
se
nior
m
anag
emen
t m
eetin
gs a
re d
escr
ibed
in
a re
gula
tion
or
othe
r int
erna
l pro
cedu
res d
ocum
ent (
man
ual);
Asse
ss w
heth
er th
e IA
U Ch
ief’s
role
in s
enio
r man
agem
ent
mee
tings
is li
mite
d to
obs
erve
r sta
tus o
nly.
Inte
rnal
aud
it is
syst
emat
ical
ly in
vite
d to
att
end
seni
or
man
agem
ent m
eetin
gs.
Inte
rnal
aud
it is
rar
ely
or n
ever
inv
ited
to s
enio
r m
anag
emen
t mee
tings
.
17
.7.1
0 T
o en
sure
th
at t
her
e is
a d
ue
pro
cess
in p
lace
to d
eal w
ith
inte
rnal
au
dit
ors’
pot
enti
al c
onfl
icts
of i
nte
rest
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er
ther
e ar
e re
gula
tions
re
gard
ing
the
impo
rtan
ce o
f obj
ectiv
ity o
f int
erna
l aud
itors
.
Ch
eck
whe
ther
int
erna
l au
dito
rs a
re r
equi
red
to s
ign
a de
clar
atio
n re
gard
ing
any
conf
licts
of
inte
rest
bef
ore
star
ting
each
aud
it en
gage
men
t.
Ch
eck
whe
ther
all
inte
rnal
aud
itors
in
prac
tice
sign
thi
s de
clar
atio
n pr
ior t
o th
e st
art o
f eac
h au
dit e
ngag
emen
t.
Ch
eck
whe
ther
ther
e w
ere
any
case
s of
con
flict
of i
nter
est.
If th
ere
wer
e co
nflic
t of
int
eres
t ca
ses,
asse
ss h
ow t
hey
wer
e ha
ndle
d.
The
prin
cipl
es o
f obj
ectiv
ity a
nd co
nflic
t of i
nter
est a
re
docu
men
ted
in r
egul
atio
ns. I
nter
nal a
udito
rs c
ompl
y w
ith th
ese
regu
latio
ns.
The
prin
cipl
es o
f obj
ectiv
ity a
nd co
nflic
t of i
nter
est a
re
not d
efin
ed in
regu
latio
ns. I
f the
y ar
e de
fined
, int
erna
l au
dito
rs d
o no
t com
ply
with
them
cons
iste
ntly
.
CH
AP
TE
R 7
Page 130 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.7.1
1 T
o en
sure
th
at in
tern
al a
ud
it is
not
res
pon
sib
le fo
r an
y op
erat
ion
al a
ctiv
itie
s.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er th
ere
is a
pro
hibi
tion
in th
e la
w o
r in
any
reg
ulat
ion
for
inte
rnal
aud
it to
be
assi
gned
fu
nctio
ns a
nd a
ctiv
ities
oth
er t
han
inte
rnal
aud
it ac
tiviti
es.
Chec
k w
heth
er i
nter
nal
audi
t ha
s be
en a
ssig
ned
func
tions
oth
er th
an in
tern
al a
udit
activ
ities
.
Ch
eck
if in
tern
al
audi
tors
w
ere
assi
gned
op
erat
iona
l wor
k an
d w
heth
er th
is w
as ta
ken
into
co
nsid
erat
ion
whe
n as
sign
ing
and
plan
ning
futu
re
audi
t en
gage
men
ts.
Asse
ss w
heth
er a
ltern
ativ
e ar
rang
emen
ts w
ere
mad
e in
suc
h in
stan
ces,
and
the
adeq
uacy
of t
hose
arr
ange
men
ts.
Inte
rnal
aud
it is
not
res
pons
ible
for
oper
atio
nal a
ctiv
ities
. In
spec
ific
situ
atio
ns i
n w
hich
int
erna
l au
dit
has
resp
onsi
bilit
y fo
r op
erat
iona
l act
iviti
es, t
he is
sues
con
cern
ing
obje
ctiv
ity a
re
reso
lved
dur
ing
the
plan
ning
pha
se.
Inte
rnal
aud
it is
resp
onsi
ble
for s
ome
oper
atio
nal a
ctiv
ities
. Or
in sp
ecifi
c situ
atio
ns w
here
inte
rnal
aud
it ha
s res
pons
ibili
ty fo
r op
erat
iona
l tas
ks, i
ssue
s re
late
d to
obj
ectiv
ity h
ave
not
been
re
solv
ed.
17
.7.1
2 T
o en
sure
th
at in
tern
al a
ud
it is
not
invo
lved
in t
he
regu
lar
des
ign
of p
roce
du
res
for
the
aud
itee
s.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er th
ere
is a
pro
hibi
tion
in th
e la
w o
r in
any
ot
her r
egul
atio
n fo
r int
erna
l aud
it to
be
assi
gned
func
tions
an
d ac
tiviti
es o
ther
than
inte
rnal
aud
it ac
tiviti
es.
Chec
k w
heth
er th
ere
are
mec
hani
sms i
n pl
ace
for a
udite
es
to t
ake
full
owne
rshi
p in
tho
se c
ircu
mst
ance
s w
here
in
tern
al a
udit
occa
sion
ally
des
igns
pro
cedu
res
for
the
audi
tees
.
Ch
eck
whe
ther
in s
ituat
ions
whe
re in
tern
al a
udito
rs h
ave
desi
gned
pro
cedu
res
for
audi
t clie
nts
this
was
con
side
red
whe
n pl
anni
ng f
utur
e au
dit
enga
gem
ents
. As
sess
the
al
tern
ativ
e ap
proa
ches
that
wer
e us
ed to
add
ress
pos
sibl
e im
pair
men
t of o
bjec
tivity
.
Inte
rnal
aud
it do
es n
ot ro
utin
ely
desi
gn p
roce
dure
s fo
r au
dit c
lient
s. W
here
inte
rnal
aud
it oc
casi
onal
ly d
esig
ns
proc
edur
es f
or t
he a
udit
clie
nt, t
he i
ssue
s re
late
d to
im
pair
men
t of o
bjec
tivity
are
add
ress
ed w
hen
plan
ning
au
dit a
ctiv
ities
.
Inte
rnal
aud
it fr
eque
ntly
des
igns
pro
cedu
res
for
audi
t cl
ient
s. Or
whe
re i
nter
nal
audi
t oc
casi
onal
ly d
esig
ns
proc
edur
es, p
ossi
ble
impa
irm
ents
to o
bjec
tivity
are
not
ad
dres
sed
whe
n pl
anni
ng a
udit
activ
ities
.
CH
AP
TE
R 7
Page 131@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.7.1
3 T
o en
sure
th
at t
her
e is
a p
roce
ss in
pla
ce to
dis
clos
e an
y p
oten
tial
imp
airm
ent
to in
dep
end
ence
or
obje
ctiv
ity.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er t
he l
aw,
the
char
ter
or a
ny o
ther
re
leva
nt r
egul
atio
n cl
early
def
ines
the
dis
clos
ure
proc
ess
for
impa
irm
ents
to
in
depe
nden
ce
or
obje
ctiv
ity.
Chec
k w
heth
er th
e dis
clos
ure p
olic
ies a
nd p
roce
dure
s in
clud
e th
e re
quir
emen
t to
re
port
m
atte
rs
of
impa
irm
ent t
o th
e CC
A.
As
sess
thro
ugh
inte
rvie
ws
with
the
inte
rnal
aud
itors
w
heth
er th
ey k
now
wha
t to
do w
hen
inde
pend
ence
or
obj
ectiv
ity is
impa
ired
.
An o
ffici
al d
iscl
osur
e pr
oces
s th
at c
over
s th
e im
pair
men
t of
inde
pend
ence
or
obje
ctiv
ity is
spe
cifie
d an
d in
clud
es th
e re
quir
emen
t to
rep
ort
all i
mpa
irm
ents
to t
he C
CA. I
nter
nal
audi
tors
are
fully
aw
are
of th
e di
sclo
sure
pro
cess
.
Ther
e is
no
offic
ial d
iscl
osur
e pr
oces
s to
repo
rt im
pair
men
ts
to in
depe
nden
ce o
r obj
ectiv
ity. I
f the
pro
cess
is e
stab
lishe
d it
does
not
incl
ude
the
requ
irem
ent t
o re
port
to th
e CC
A, o
r the
in
tern
al a
udito
rs a
re n
ot fu
lly a
war
e of
the
proc
ess.
17
.7.1
4 T
o en
sure
th
at n
o si
gnif
ican
t sc
ope
lim
itat
ion
(s)
exis
t.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er
sign
ifica
nt
scop
e lim
itatio
n(s)
oc
curr
ed in
the
peri
od u
nder
revi
ew.
Asse
ss w
heth
er t
he a
udite
es h
ave
been
pro
perly
in
form
ed a
bout
the
righ
ts o
f int
erna
l aud
itors
to h
ave
full
acce
ss to
info
rmat
ion,
ass
ets a
nd p
eopl
e.
Ch
eck
whe
ther
the
audi
tors
rout
inel
y in
form
the
IAU
Chie
f of
sco
pe l
imita
tions
tha
t ar
e im
pose
d du
ring
au
dit e
ngag
emen
ts.
Chec
k w
heth
er t
he I
AU C
hief
inf
orm
s th
e he
ad o
f th
e ag
ency
whe
n sc
ope
limita
tions
are
im
pose
d du
ring
inte
rnal
aud
it en
gage
men
ts. A
sses
s w
heth
er
appr
opri
ate
mea
sure
s wer
e ap
plie
d.
No
sign
ifica
nt sc
ope
limita
tions
occ
urre
d in
the
peri
od u
nder
re
view
. If
scop
e lim
itatio
ns o
ccur
red,
the
y w
ere
prop
erly
ad
dres
sed
thro
ugh
the
esca
latio
n pr
oces
s.
Sign
ifica
nt s
cope
lim
itatio
ns o
ccur
red,
and
the
y w
ere
not
prop
erly
add
ress
ed
CH
AP
TE
R 7
Page 132 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.7.1
5 T
o en
sure
th
at t
her
e is
a p
roce
ss in
pla
ce to
dea
l wit
h g
ifts
rec
eive
d fr
om a
ud
itee
s or
oth
ers.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er t
he o
rgan
izat
ion
has
esta
blis
hed
rule
s on
rece
ipt o
f gift
s by
empl
oyee
s as r
equi
red
by
the
ACC’
s Gift
Rul
es.
Chec
k w
heth
er t
he c
ode
of c
ondu
ct f
or i
nter
nal
audi
tors
stip
ulat
es t
he p
roce
dure
s th
at e
mpl
oyee
s sh
ould
fol
low
the
Gift
Rul
es i
ssue
d by
ACC
whe
n th
ey a
re o
ffere
d gi
fts.
Asse
ss w
heth
er th
ere
have
bee
n in
stan
ces
in w
hich
in
tern
al a
udito
rs w
ere
offe
red
gifts
dur
ing
the
peri
od u
nder
revi
ew. A
sses
s the
app
ropr
iate
ness
of
the
actio
ns th
at w
ere
take
n w
hen
inte
rnal
aud
itors
w
ere
offe
red
gifts
.
Ther
e ar
e cl
ear p
roce
dure
s in
plac
e th
at a
ddre
ss th
e re
ceip
t of
gifts
by
inte
rnal
audi
tors
. The
se p
roce
dure
s are
as st
ipul
ated
in
the
ACC’
s Gift
Rul
es a
nd ro
utin
ely
appl
ied
by in
tern
al a
udito
rs.
Ther
e ar
e no
cle
ar p
roce
dure
s tha
t add
ress
the
rece
ipt o
f gift
s by
int
erna
l au
dito
rs. A
CC’s
Gift
Rule
s ar
e no
t fo
llow
ed. O
r in
tern
al a
udito
rs a
re n
ot fu
lly a
war
e of
the
proc
edur
es th
at d
o ex
ist.
Or th
ere
have
bee
n si
tuat
ions
in w
hich
inte
rnal
aud
itors
ac
cept
ed g
ifts
and
ther
e w
ere
conc
erns
abo
ut t
he p
erce
ived
ob
ject
ivity
of t
he in
tern
al a
udito
r.
17
.7.1
6 T
o en
sure
th
at t
her
e is
a c
ooli
ng-
off
per
iod
for
in
tern
al a
ud
itor
s w
ho
are
tran
sfer
red
fro
m o
per
atio
nal
un
its
wit
hin
th
e or
gan
izat
ion
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er
a co
olin
g-of
f pe
riod
ha
s be
en e
stab
lishe
d fo
r au
dito
rs w
ho
are
tran
sfer
red
from
ope
ratio
nal
units
w
ithin
the
orga
niza
tion.
Chec
k w
heth
er th
is c
oolin
g-of
f per
iod
is
com
plie
d w
ith in
pra
ctic
e.
As
sess
whe
ther
pro
per d
iscl
osur
es w
ere
mad
e in
cas
es w
here
inte
rnal
aud
itors
co
uld
not
com
ply
with
the
coo
ling-
off
peri
od.
Ther
e ar
e cl
ear p
olic
ies a
nd p
roce
dure
s in
plac
e th
at a
ddre
ss a
man
dato
ry
cool
ing-
off
peri
od
for
inte
rnal
au
dito
rs
who
ar
e tr
ansf
erre
d fr
om
oper
atio
nal u
nits
with
in t
he o
rgan
izat
ion.
The
se p
roce
dure
s ar
e kn
own
and
com
plie
d w
ith b
y in
tern
al a
udito
rs.
Ther
e are
no
clea
r pro
cedu
res t
hat a
ddre
ss a
cool
ing-
off p
erio
d fo
r int
erna
l au
dito
rs u
pon
tran
sfer
from
ope
ratio
nal u
nits
with
in th
e or
gani
zatio
n. O
r in
tern
al a
udito
rs a
re n
ot fu
lly aw
are
of a
pplic
able
pol
icie
s and
pro
cedu
res.
Or in
tern
al a
udito
rs w
ho t
rans
ferr
ed fr
om o
pera
tiona
l uni
ts w
ithin
the
or
gani
zatio
n di
d no
t com
ply
with
the
requ
ired
coo
ling-
off p
erio
d an
d th
is
affe
cted
the
perc
eive
d ob
ject
ivity
of t
he in
tern
al a
udito
rs.
CH
AP
TE
R 7
Page 133@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.7.1
7 T
o en
sure
th
at t
her
e is
a c
ooli
ng-
off
per
iod
for
in
tern
al a
ud
itor
s w
ho
are
tran
sfer
red
to
oper
atio
nal
un
its
wit
hin
th
e or
gan
izat
ion
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er a
coo
ling-
off
peri
od h
as b
een
esta
blis
hed
for
audi
tors
who
are
tra
nsfe
rred
to
oper
atio
nal u
nits
with
in th
e or
gani
zatio
n.
Ch
eck
whe
ther
the
req
uire
d co
olin
g-of
f per
iod
is
com
plie
d w
ith in
pra
ctic
e.
Ther
e ar
e cl
ear p
olic
ies
and
proc
edur
es in
pla
ce th
at a
ddre
ss a
co
olin
g-of
f per
iod
for
inte
rnal
aud
itors
who
are
tran
sfer
red
to
oper
atio
nal u
nits
with
in th
e org
aniz
atio
n. T
hese
pro
cedu
res a
re
know
n an
d co
mpl
ied
with
by
inte
rnal
aud
itors
.
Ther
e ar
e no
cle
ar p
olic
ies
and
proc
edur
es t
hat
addr
ess
a co
olin
g-of
f per
iod
for
inte
rnal
aud
itors
who
are
tran
sfer
red
to
oper
atio
nal u
nits
with
in th
e or
gani
zatio
n. O
r in
tern
al a
udito
rs
are
not
fully
aw
are
of t
he a
pplic
able
pol
icie
s an
d pr
oced
ures
. Or
inte
rnal
aud
itors
tran
sfer
red
to o
pera
tiona
l uni
ts w
ithin
the
orga
niza
tion
and
did
not c
ompl
y w
ith th
e re
quir
ed c
oolin
g-of
f pe
riod
and
this
affe
cted
the
perc
eive
d ob
ject
ivity
of t
he in
tern
al
audi
tors
.
CH
AP
TE
R 7
Page 134 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.8.
ISP
PIA
12
00
– P
rofi
cien
cy a
nd
Du
e P
rofe
ssio
nal
Car
e
The
follo
win
g as
sess
men
ts a
re su
gges
ted
to e
nsur
e th
at in
tern
al a
udito
rs’ e
ngag
emen
ts a
re b
acke
d w
ith p
rofic
ienc
y an
d pr
ofes
sion
al ca
re.
17
.8.1
To
ensu
re t
hat
inte
rnal
au
dit
ors
coll
ecti
vely
pos
sess
th
e n
eces
sary
kn
owle
dge
an
d s
kil
ls to
fulf
ill t
hei
r ro
le.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er a
com
pete
ncy
mod
el h
as b
een
deve
lope
d w
hich
cove
rs a
ll th
e ne
cess
ary
skill
s and
kn
owle
dge t
hat a
re cr
itica
l for
the p
rope
r exe
cutio
n of
aud
it en
gage
men
ts. C
heck
whe
ther
the
mod
el is
up
date
d re
gula
rly;
Chec
k w
heth
er p
rope
r jo
b de
scri
ptio
ns e
xist
for
in
tern
al a
udito
rs;
Asse
ss w
heth
er in
tern
al au
dito
rs ar
e kno
wle
dgea
ble
abou
t the
ir ro
le a
nd re
spon
sibi
litie
s;
As
sess
whe
ther
inte
rnal
audi
tors
have
the n
eces
sary
ex
peri
ence
and
pro
fess
iona
l cer
tific
atio
n;
As
sess
w
heth
er
inte
rnal
au
dito
rs
poss
ess
the
nece
ssar
y kn
owle
dge
to p
erfo
rm th
eir j
ob;
Chec
k w
heth
er r
equi
red
know
ledg
e is
ass
esse
d pr
ior t
o th
e in
tern
al a
udit
enga
gem
ent;
Asse
ss w
heth
er th
ere
is o
n-th
e-jo
b tr
aini
ng fo
r les
s ex
peri
ence
d in
tern
al a
udito
rs.
Inte
rnal
aud
it ha
s de
velo
ped
a co
mpe
tenc
y m
odel
of
all
requ
ired
skill
s and
exp
erie
nce
for t
he co
nduc
t of i
nter
nal a
udit
enga
gem
ents
. Thi
s m
odel
is r
egul
arly
upd
ated
and
com
pare
d w
ith
the
avai
labl
e re
sour
ces.
Solu
tions
ar
e fo
und
to
fill
iden
tifie
d sk
ills g
ap o
n a
timel
y ba
sis.
Inte
rnal
aud
it ha
s no
t de
velo
ped
a su
stai
nabl
e co
mpe
tenc
y m
odel
but
fin
ds a
ccep
tabl
e so
lutio
ns t
o de
al w
ith i
dent
ified
sk
ills g
ap.
Inte
rnal
aud
itors
do
not
colle
ctiv
ely
poss
ess
the
nece
ssar
y kn
owle
dge
and
skill
s to
per
form
pla
nned
aud
it en
gage
men
ts.
The
scop
e of
aud
it en
gage
men
ts is
adj
uste
d to
mat
ch th
e sk
ills
of th
e in
tern
al a
udito
rs.
Inte
rnal
aud
itors
do
not
colle
ctiv
ely
poss
ess
the
nece
ssar
y kn
owle
dge
and
skill
s to
fulfi
ll th
eir
role
, and
aud
itors
who
do
not
poss
ess
the
requ
ired
kno
wle
dge
and
skill
s pe
rfor
m a
udit
enga
gem
ents
.
CH
AP
TE
R 7
Page 135@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.8.2
To
ensu
re t
hat
inte
rnal
au
dit
ors
are
cap
able
of a
pp
lyin
g th
e p
resc
rib
ed in
tern
al a
ud
it m
eth
odol
ogy.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er th
e In
tern
al A
udit
Man
ual a
nd B
huta
n Go
vern
men
t In
tern
al A
uditi
ng S
tand
ards
hav
e be
en
adap
ted
to th
e sp
ecifi
c env
iron
men
t of t
he a
genc
y;
As
sess
whe
ther
inte
rnal
aud
itors
fully
und
erst
and
the
pres
crib
ed in
tern
al a
udit
met
hodo
logy
;
Ch
eck
whe
ther
app
ropr
iate
trai
ning
is p
rovi
ded
on th
e pr
escr
ibed
audi
t met
hodo
logy
and
subs
eque
nt u
pdat
es;
Chec
k w
heth
er a
ppro
pria
te in
tern
al a
udit
proc
edur
es
and
tem
plat
es e
xist
;
As
sess
whe
ther
int
erna
l au
dito
rs a
re a
war
e of
the
se
proc
edur
es a
nd te
mpl
ates
.
An
inte
rnal
au
dit
man
ual
and
gove
rnm
ent
inte
rnal
au
ditin
g st
anda
rds
exis
t w
ith a
ppro
pria
te p
roce
dure
s an
d te
mpl
ates
ada
pted
to th
e en
viro
nmen
t of t
he a
genc
y. In
tern
al a
udito
rs a
re w
ell t
rain
ed to
app
ly th
e pr
escr
ibed
m
etho
dolo
gy.
Ther
e is
no
in
tern
al
audi
t m
anua
l ad
apte
d to
th
e en
viro
nmen
t of
the
age
ncy.
Or t
here
is
an a
ppro
pria
te
inte
rnal
aud
it m
anua
l but
inte
rnal
aud
itors
do
not
know
ho
w to
app
ly th
e pr
escr
ibed
met
hodo
logy
.
17
.8.3
To
ensu
re t
hat
inte
rnal
au
dit
ors
are
atte
nti
ve to
frau
d in
dic
ator
s (r
ed fl
ags)
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Asse
ss w
heth
er in
tern
al a
udito
rs a
re a
war
e th
at fr
aud
is a
n im
port
ant r
isk
to co
nsid
er w
hen
perf
orm
ing
audi
t en
gage
men
ts.
Asse
ss w
heth
er in
tern
al a
udito
rs k
now
how
to id
entif
y fr
aud
risk
s and
the
way
s in
whi
ch it
may
occ
ur.
Asse
ss w
heth
er in
tern
al a
udito
rs k
now
how
to re
spon
d to
frau
d in
dica
tors
.
Inte
rnal
aud
itors
are
wel
l aw
are
of fr
aud
mec
hani
sms
and
indi
cato
rs. T
hey
cons
iste
ntly
con
side
r th
e ri
sk o
f fra
ud in
in
tern
al a
udit
enga
gem
ents
.
The
risk
of f
raud
is n
ot c
onsi
sten
tly c
onsi
dere
d in
inte
rnal
au
dit e
ngag
emen
ts.
CH
AP
TE
R 7
Page 136 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.8.4
To
ensu
re t
hat
inte
rnal
au
dit
ors
pos
sess
th
e n
eces
sary
sk
ills
an
d c
omp
eten
cies
to a
ud
it t
he
IT e
nvir
onm
ent.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Asse
ss
whe
ther
in
tern
al
audi
tors
po
sses
s ap
prop
riat
e kn
owle
dge
of th
e IT
env
iron
men
t.
Ch
eck
whe
ther
the
int
erna
l au
dit
unit
has
a ce
rtifi
ed IT
spec
ialis
t.
As
sess
whe
ther
an
appr
opri
ate
fram
ewor
k, s
uch
as,
Cont
rol
Obje
ctiv
es f
or I
nfor
mat
ion
Rela
ted
Tech
nolo
gy (C
OBIT
) is b
eing
app
lied.
Chec
k w
heth
er IT
aud
its a
re o
utso
urce
d.
Ch
eck
whe
ther
pro
per
trai
ning
on
IT a
udit
is
prov
ided
to in
tern
al a
udito
rs.
Chec
k w
heth
er
the
pres
crib
ed
met
hodo
logy
co
ntai
ns a
dequ
ate
guid
ance
on
IT a
udit.
Inte
rnal
aud
itors
pos
sess
gen
eral
kno
wle
dge
of I
T ri
sks
and
proc
esse
s. Th
e in
tern
al a
udit
unit
has
at le
ast
one
spec
ializ
ed
IT a
udito
r or a
ltern
ativ
ely
has a
cces
s to
co-s
ourc
ing
solu
tions
.
Inte
rnal
aud
itors
do
not
poss
ess
a ge
nera
l kn
owle
dge
of I
T ri
sks
and
proc
esse
s. Th
e in
tern
al a
udit
unit
has
at l
east
one
sp
ecia
lized
IT a
udito
r or a
ltern
ativ
ely
has a
cces
s to
co-s
ourc
ing
solu
tions
.
Inte
rnal
aud
itors
do
not p
osse
ss a
gen
eral
kno
wle
dge
of IT
risk
s an
d pr
oces
ses.
The i
nter
nal a
udit
unit
does
not
hav
e a sp
ecia
lized
IT
aud
itor.
The
unit
has a
cces
s to
co-s
ourc
ing
solu
tions
.
17
.8.5
To
ensu
re t
hat
inte
rnal
au
dit
ors
use
ap
pro
pri
ate
IT to
ols
and
tech
niq
ues
wh
en p
erfo
rmin
g in
tern
al a
ud
it e
nga
gem
ents
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er t
he u
se o
f IT
too
ls a
nd t
echn
ique
s is
pr
oper
ly d
escr
ibed
in th
e in
tern
al a
udit
man
ual.
Chec
k th
at IT
tool
s an
d te
chni
ques
are
cur
rent
ly u
sed
by
inte
rnal
aud
itors
to co
nduc
t int
erna
l aud
it en
gage
men
ts.
Asse
ss w
heth
er in
tern
al a
udito
rs a
re fu
lly a
war
e of
the
ad
vant
ages
of u
sing
pro
per I
T to
ols a
nd te
chni
ques
.
Ch
eck
whe
ther
pro
per t
rain
ing o
n IT
tool
s and
tech
niqu
es
is i
nclu
ded
in t
he t
rain
ing
plan
for
the
per
iod
unde
r re
view
.
IT t
ools
and
tec
hniq
ues
are
avai
labl
e an
d ar
e cu
rren
tly
used
by
inte
rnal
aud
itors
for i
nter
nal a
udit
enga
gem
ents
.
IT to
ols a
nd te
chni
ques
are
not
ava
ilabl
e. O
r the
ava
ilabl
e IT
tool
s an
d te
chni
ques
are
eith
er n
ot u
sefu
l or
used
by
inte
rnal
aud
itors
.
CH
AP
TE
R 7
Page 137@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.8.6
To
ensu
re t
hat
inte
rnal
au
dit
ors
kn
ow h
ow to
inte
ract
ap
pro
pri
atel
y w
ith
au
dit
cli
ents
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er tr
aini
ng o
n pr
oble
m r
esol
utio
n is
incl
uded
in th
e tr
aini
ng p
lan.
Asse
ss
how
in
tern
al
audi
tors
de
al
with
ch
alle
nges
and
obs
tacl
es.
Inte
rnal
aud
itors
kno
w h
ow to
sol
ve p
robl
ems
and
perf
orm
thei
r du
ties.
Inte
rnal
aud
itors
are
not
wel
l pre
pare
d to
solv
e pr
oble
ms o
r do
not
perf
orm
thei
r dut
ies a
dequ
atel
y.
17
.8.7
To
ensu
re t
hat
inte
rnal
au
dit
ors
pos
sess
th
e n
eces
sary
com
mu
nic
atio
n s
kil
ls.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er tr
aini
ng o
n or
al a
nd w
ritt
en c
omm
unic
atio
n sk
ills
are
incl
uded
in
the
trai
ning
pla
n.
Ch
eck
whe
ther
ade
quat
e co
mm
unic
atio
n sk
ills
are
part
of
the
recr
uitm
ent
crite
ria
for i
nter
nal a
udito
rs.
Asse
ss w
heth
er t
he a
udit
findi
ngs
dem
onst
rate
the
pro
fess
iona
lism
of
the
inte
rnal
aud
itors
.
As
sess
whe
ther
the
aud
it re
com
men
datio
ns a
re u
sefu
l an
d pr
actic
al f
or t
he
audi
ted
entit
y.
In
terv
iew
empl
oyee
s of t
he au
dite
d en
titie
s in
orde
r to a
sses
s the
pro
fess
iona
lism
of
the
inte
rnal
aud
itors
.
Good
co
mm
unic
atio
n sk
ills
are
key
crite
ria
for
the
recr
uitm
ent
of i
nter
nal
audi
tors
. Al
l in
tern
al
audi
tors
po
sses
s th
e ne
cess
ary
com
mun
icat
ion
skill
s.
Not
all
inte
rnal
aud
itors
pos
sess
ad
equa
te co
mm
unic
atio
n sk
ills.
CH
AP
TE
R 7
Page 138 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.8.8
To
ensu
re t
hat
th
ere
are
cert
ific
atio
n a
nd
con
tin
uin
g p
rofe
ssio
nal
dev
elop
men
t p
rogr
amm
es in
pla
ce fo
r in
tern
al a
ud
itor
s.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er c
ertif
icat
ion
and
trai
ning
of
inte
rnal
aud
itors
are
re
gula
ted
thro
ugh
inte
rnal
pro
cedu
res.
Chec
k w
heth
er
plan
ned
trai
ning
pr
ogra
mm
es
are
actu
ally
im
plem
ente
d.
As
sess
int
erna
l au
dito
rs’
degr
ee o
f sa
tisfa
ctio
n w
ith t
he t
rain
ing
prog
ram
me.
Chec
k w
heth
er c
ertif
icat
ion
is m
aint
aine
d by
ade
quat
e co
ntin
uing
pr
ofes
sion
al d
evel
opm
ent.
Asse
ss w
heth
er th
e cu
rren
t tra
inin
g an
d ce
rtifi
catio
n pr
actic
es a
re in
lin
e w
ith th
e pr
escr
ibed
requ
irem
ents
.
Cert
ifica
tion
and
cont
inui
ng
prof
essi
onal
de
velo
pmen
t of
in
tern
al
audi
tors
ar
e re
gula
ted
and
requ
irem
ents
are
com
plie
d w
ith ro
utin
ely.
Cert
ifica
tion
and
cont
inui
ng
prof
essi
onal
de
velo
pmen
t of
int
erna
l au
dito
rs a
re n
ot
prop
erly
re
gula
ted.
Or
in
ca
ses
whe
re
regu
latio
ns d
o ex
ist,
the
requ
irem
ents
are
no
t adh
ered
to in
pra
ctic
e.
17
.8.9
To
ensu
re t
hat
ext
ern
al e
xper
ts a
re u
sed
wh
en in
tern
al a
ud
itor
s la
ck t
he
app
rop
riat
e k
now
led
ge a
nd
sk
ills
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er
the
regu
latio
ns
and
proc
edur
es
esta
blis
h th
e rig
ht an
d ap
prop
riat
e pro
cess
es to
invi
te
expe
rts t
o as
sist
with
inte
rnal
aud
it en
gage
men
ts.
Asse
ss i
n w
hich
are
as o
utsi
de e
xper
tise
is n
eede
d.
Mat
ch th
e id
entif
ied
need
s with
act
ual u
se o
f exp
erts
.
Ch
eck w
heth
er th
e bud
get i
ncor
pora
tes c
ontin
genc
ies
for t
he u
se o
f ext
erna
l exp
erts
.
Ch
eck
whe
ther
the
role
and
the
obje
ctiv
es (t
erm
s of
re
fere
nce)
of t
he e
xter
nal e
xper
ts a
re c
lear
ly d
efin
ed
in a
cont
ract
or a
gree
men
t.
As
sess
whe
ther
the
exp
erts
per
form
in a
ccor
danc
e w
ith
the
job
spec
ifica
tions
an
d al
so
tran
sfer
kn
owle
dge
to th
e in
tern
al a
udit
unit.
Regu
latio
ns p
erm
it th
e us
e of
ext
erna
l au
dito
rs.
Exte
rnal
ex
pert
s are
use
d w
here
the
know
ledg
e, ex
pert
ise
and
skill
s of
the
inte
rnal
aud
itors
are
insu
ffici
ent t
o pe
rfor
m a
n in
tern
al
audi
t en
gage
men
t. Th
e ap
prop
riat
e bu
dget
for
the
use
of
expe
rt is
app
rove
d as
nec
essa
ry.
The
inte
rnal
reg
ulat
ions
do
not
fore
see
the
poss
ibili
ty o
f us
ing
exte
rnal
exp
erts
. Or
whe
re t
he r
egul
atio
ns p
erm
it th
e us
e of
ext
erna
l exp
erts
, the
re a
re b
udge
tary
lim
itatio
ns
that
rest
rict
the
use
of e
xter
nal e
xper
ts. O
r in
tern
al a
udito
rs
perf
orm
au
dit
enga
gem
ents
w
ithou
t in
volv
ing
exte
rnal
ex
pert
s on
cas
es in
whi
ch t
hey
do n
ot p
osse
ss a
ppro
pria
te
know
ledg
e, e
xper
tise
or sk
ills.
CH
AP
TE
R 7
Page 139@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.8.1
0 T
o en
sure
th
at t
he
aud
it o
bje
ctiv
es a
re fo
cuse
d o
n t
he
mai
n r
isk
(s).
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Asse
ss w
heth
er i
nter
nal a
udit
has
an a
dequ
ate
met
hodo
logy
in p
lace
to
ide
ntify
, as
sess
and
pri
oriti
ze
risk
s.
As
sess
w
heth
er
inte
rnal
au
dit
has
an i
ndep
ende
nt a
nd u
nbia
sed
appr
oach
to
th
e as
sess
men
t of
ri
sks.
Asse
ss w
heth
er i
nter
nal
audi
tors
di
ffere
ntia
te b
etw
een
criti
cal
and
less
criti
cal r
isks
.
As
sess
w
heth
er
inte
rnal
au
dito
rs t
ake
into
acc
ount
sen
ior
man
agem
ent’s
vie
ws
on r
isk
and
risk
man
agem
ent.
Inte
rnal
aud
it ap
plie
s an
app
ropr
iate
ris
k as
sess
men
t m
etho
dolo
gy.
The
resu
lts o
f the
risk
ass
essm
ent p
erfo
rmed
by
inte
rnal
aud
itors
are
val
idat
ed b
y ri
sk m
anag
emen
t sta
ff an
d se
nior
man
agem
ent’s
vie
ws.
The
audi
t obj
ectiv
es
of in
divi
dual
eng
agem
ents
refle
ct th
e re
sults
of t
he ri
sk a
sses
smen
t exe
rcis
e.
Inte
rnal
aud
it ap
plie
s an
app
ropr
iate
ris
k as
sess
men
t m
etho
dolo
gy.
The
resu
lts o
f the
ris
k as
sess
men
t pe
rfor
med
by
inte
rnal
aud
it ar
e va
lidat
ed b
y ri
sk m
anag
emen
t sta
ff an
d se
nior
man
agem
ent’s
vie
ws.
The
audi
t obj
ectiv
es
of in
divi
dual
eng
agem
ents
do
not
refle
ct t
he r
esul
ts o
f th
e ri
sk a
sses
smen
t ex
erci
se.
Inte
rnal
aud
it ap
plie
s an
app
ropr
iate
ris
k as
sess
men
t met
hodo
logy
but
doe
s no
t so
licit
the
view
s of
ris
k m
anag
emen
t st
aff a
nd s
enio
r m
anag
emen
t w
ith
rega
rd to
risk
s.
Inte
rnal
aud
it do
es n
ot a
pply
an
appr
opri
ate
risk
ass
essm
ent m
etho
dolo
gy.
17
.9.
ISP
PIA
20
00
– M
anag
ing
the
Inte
rnal
Au
dit
Act
ivit
y
In o
rder
to a
sses
s if t
he in
tern
al a
udit
activ
ity is
add
ing
valu
e to
the
orga
niza
tion’
s ope
ratio
n, th
e fo
llow
ing
asse
ssm
ents
are
pro
vide
d un
der
ISPP
IA 2
000.
17
.9.1
To
ensu
re t
hat
a c
omp
lete
, mea
nin
gfu
l, m
anag
eab
le a
nd
su
stai
nab
le a
ud
it u
niv
erse
exi
sts.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er
the
audi
t un
iver
se
has
been
de
term
ined
and
is re
gula
rly u
pdat
ed.
Chec
k w
heth
er t
he a
udit
univ
erse
con
sist
s of
al
l re
leva
nt o
bjec
tives
, pr
oces
ses,
activ
ities
and
de
part
men
ts/u
nits
in th
e ag
ency
.
Inte
rnal
aud
it ha
s de
velo
ped
a co
mpl
ete
audi
t uni
vers
e th
at is
up
date
d in
a ti
mel
y m
anne
r with
new
obj
ectiv
es, p
rogr
amm
es,
proc
esse
s and
ent
ities
.
Inte
rnal
aud
it do
es n
ot p
osse
ss a
com
plet
e au
dit u
nive
rse.
CH
AP
TE
R 7
Page 140 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.9.2
To
ensu
re t
hat
inte
rnal
au
dit
act
ivit
ies
are
dri
ven
by
a ri
sk-b
ased
pla
n.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k whe
ther
ther
e are
adeq
uate
pro
cedu
res
for
the
deve
lopm
ent
of a
ris
k-ba
sed
audi
t pl
an.
Chec
k w
heth
er p
rope
r ri
sk f
acto
rs, c
rite
ria
for
asse
ssm
ent,
risk
wei
ghts
and
sco
res
have
be
en d
efin
ed.
Chec
k w
heth
er th
e ri
sks
asso
ciat
ed w
ith th
e ob
ject
ives
, pr
oces
ses
and
activ
ities
of
the
agen
cy h
ave
been
iden
tifie
d an
d as
sess
ed.
Chec
k w
heth
er
chan
ges
in
obje
ctiv
es,
activ
ities
, re
sour
ces,
and
the
oper
atio
nal
envi
ronm
ent
are
take
n in
to
acco
unt
whe
n co
nduc
ting
the
risk
ass
essm
ent
and
deve
lopi
ng th
e ri
sk-b
ased
aud
it pl
an.
Chec
k w
heth
er t
he r
isk
asse
ssm
ent
proc
ess
has b
een
prop
erly
doc
umen
ted.
Chec
k w
heth
er th
e st
rate
gic a
nd a
nnua
l pla
ns
are
upda
ted
peri
odic
ally
.
Ch
eck
whe
ther
the
risk
-bas
ed a
udit
plan
s are
di
scus
sed
with
sen
ior
man
agem
ent
befo
re
final
rele
ase.
Inte
rnal
aud
it de
velo
ps ri
sk-b
ased
aud
it pl
ans u
sing
app
ropr
iate
risk
fa
ctor
s and
risk
cri
teri
a. S
enio
r man
agem
ent i
s con
sulte
d du
ring
the
proc
ess.
Chan
ges
in t
he o
rgan
izat
ion’
s ac
tiviti
es a
re i
mm
edia
tely
re
asse
ssed
. The
ent
ire
risk
ass
essm
ent p
roce
ss is
doc
umen
ted.
Inte
rnal
aud
it de
velo
ps ri
sk-b
ased
aud
it pl
ans u
sing
app
ropr
iate
risk
fa
ctor
s and
risk
cri
teri
a. S
enio
r man
agem
ent i
s con
sulte
d du
ring
the
proc
ess.
Chan
ges i
n th
e or
gani
zatio
n’s a
ctiv
ities
are
not
imm
edia
tely
re
asse
ssed
. Or
the
entir
e ri
sk a
sses
smen
t pr
oces
s is
not
pro
perly
do
cum
ente
d.
Inte
rnal
aud
it de
velo
ps r
isk-
base
d au
dit
plan
s us
ing
appr
opri
ate
risk
fact
ors
and
risk
cri
teri
a. S
enio
r m
anag
emen
t is
not
con
sulte
d du
ring
the
proc
ess.
Or ch
ange
s in
the
orga
niza
tion’
s act
iviti
es a
re n
ot
imm
edia
tely
reas
sess
ed. O
r the
ent
ire
risk
ass
essm
ent p
roce
ss is
not
do
cum
ente
d.
Inte
rnal
aud
it de
velo
ps r
isk-
base
d au
dit
plan
s bu
t do
es n
ot u
se
appr
opri
ate
risk
fac
tors
and
ris
k cr
iteri
a. S
enio
r m
anag
emen
t is
no
t co
nsul
ted
duri
ng t
he p
roce
ss.
Chan
ges
in t
he o
rgan
izat
ion’
s ac
tiviti
es a
re n
ot r
eass
esse
d. T
he e
ntir
e ri
sk a
sses
smen
t pro
cess
is
not d
ocum
ente
d.
CH
AP
TE
R 7
Page 141@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.9.3
To
ensu
re t
hat
th
e in
tern
al a
ud
it p
lan
tak
es i
nto
con
sid
erat
ion
any
ris
k m
anag
emen
t fr
amew
ork
th
at e
xist
s w
ith
in t
he
inst
itu
tion
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er a
ris
k m
anag
emen
t fr
amew
ork
exis
ts
with
in th
e ag
ency
.
Ch
eck
whe
ther
the
exi
stin
g ri
sk m
anag
emen
t fr
amew
ork
and
its re
sults
hav
e be
en a
sses
sed
by in
tern
al a
udit.
Chec
k w
heth
er th
e re
sults
of t
he e
xist
ing
risk
man
agem
ent
fram
ewor
k ar
e co
nsid
ered
dur
ing
the
deve
lopm
ent o
f the
st
rate
gic a
nd a
nnua
l aud
it pl
ans.
A ri
sk m
anag
emen
t fr
amew
ork
exis
ts a
nd i
s ta
ken
into
acc
ount
by
inte
rnal
aud
it. O
r a
risk
man
agem
ent
fram
ewor
k do
es n
ot e
xist
. Or
the
ris
k m
anag
emen
t fr
amew
ork
that
exi
sts
is n
ot u
sefu
l for
inte
rnal
aud
it pu
rpos
es.
A ri
sk m
anag
emen
t fra
mew
ork
exis
ts a
nd is
use
ful b
ut
is n
ot ta
ken
into
acc
ount
by
inte
rnal
aud
it.
17
.9.4
To
ensu
re t
hat
inp
ut
from
sen
ior
man
agem
ent
has
bee
n s
olic
ited
an
d c
onsi
der
ed fo
r th
e d
evel
opm
ent
of t
he
inte
rnal
au
dit
p
lan
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Asse
ss th
e w
ays i
n w
hich
seni
or m
anag
emen
t’s in
put
is so
licite
d an
d co
nsid
ered
in th
e de
velo
pmen
t of t
he
inte
rnal
aud
it pl
an.
Asse
ss t
he j
ustif
icat
ion
prov
ided
to
incl
ude
area
s pr
opos
ed f
or a
udit
by s
enio
r m
anag
emen
t in
the
au
dit p
lan.
The
inpu
t fro
m se
nior
man
agem
ent i
s dul
y co
nsid
ered
in th
e de
velo
pmen
t of t
he in
tern
al a
udit
plan
.
The
inpu
t fro
m s
enio
r m
anag
emen
t is
not c
onsi
dere
d in
the
deve
lopm
ent o
f the
inte
rnal
aud
it pl
an.
CH
AP
TE
R 7
Page 142 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.9.5
To
ensu
re t
hat
ad
equ
ate
risk
fact
ors
are
use
d fo
r th
e ri
sk a
sses
smen
t p
roce
ss.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er th
e ri
sk fa
ctor
s are
in a
ccor
danc
e w
ith th
e sp
ecifi
cs o
f the
pr
oces
ses o
f the
age
ncy.
Chec
k w
heth
er k
ey ri
sk fa
ctor
s hav
e be
en d
efin
ed.
Chec
k w
heth
er p
rope
r cr
iteri
a fo
r th
e as
sess
men
t of
the
sel
ecte
d ri
sk
fact
ors h
ave
been
iden
tifie
d.
Ch
eck
whe
ther
the
sig
nific
ance
/ w
eigh
t of
eac
h ri
sk f
acto
r ha
s be
en
rate
d.
Inte
rnal
aud
it ha
s de
velo
ped
adeq
uate
ri
sk
fact
ors
for
its
risk
as
sess
men
t pr
oces
s.
Inte
rnal
audi
t has
not
dev
elop
ed ad
equa
te
risk
fa
ctor
s fo
r its
ri
sk
asse
ssm
ent
proc
ess.
17
.9.6
To
ensu
re t
hat
key
con
trol
s ar
e id
enti
fied
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er c
ontr
ols
that
add
ress
a k
ey r
isk
or a
nu
mbe
r of r
isks
are
pro
perly
iden
tifie
d.
Ch
eck
whe
ther
the
ade
quac
y of
key
con
trol
s ar
e an
alyz
ed a
nd a
sses
sed.
Inte
rnal
aud
it id
entif
ies
key
cont
rols
as
part
of
its r
isk
asse
ssm
ent p
roce
ss.
Inte
rnal
aud
it do
es n
ot id
entif
y ke
y co
ntro
ls a
s par
t of i
ts ri
sk
asse
ssm
ent p
roce
ss.
17
.9.7
To
ensu
re t
hat
inte
rnal
au
dit
giv
es a
pp
rop
riat
e au
dit
cov
erag
e to
all
are
as o
f th
e in
stit
uti
on.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er t
otal
cov
erag
e of
the
aud
it un
iver
se
has b
een
outli
ned
in th
e st
rate
gic p
lan.
Chec
k w
heth
er cl
assi
ficat
ion
and
prio
ritiz
atio
n of
the
proc
esse
s, ac
tiviti
es, a
nd a
udite
es h
ave
been
mad
e in
ac
cord
ance
with
the
iden
tifie
d ri
sk le
vels
.
The
tota
l aud
it un
iver
se is
cov
ered
ove
r a
cert
ain
peri
od o
f tim
e.
The
tota
l aud
it un
iver
se is
not
cov
ered
ove
r a
cert
ain
peri
od
of ti
me.
CH
AP
TE
R 7
Page 143@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.9.8
To
ensu
re t
hat
th
e au
dit
pla
n is
rev
iew
ed p
erio
dic
ally
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Asse
ss w
heth
er t
he a
udit
plan
is
revi
ewed
in
the
even
t of
si
gnifi
cant
cha
nges
in
the
audi
t un
iver
se o
r w
hen
new
ris
ks
aris
e.
Ch
eck
whe
ther
seni
or m
anag
emen
t is i
nvol
ved
in th
e re
view
of
the
audi
t pla
n.
Ch
eck
whe
ther
the
head
of t
he a
genc
y ap
prov
es c
hang
es to
the
audi
t pla
n.
The
audi
t pl
an
is
revi
ewed
pe
riod
ical
ly
and
whe
neve
r maj
or ch
ange
s occ
ur in
the
orga
niza
tion.
The
audi
t pl
an i
s no
t re
view
ed p
erio
dica
lly o
r w
hen
maj
or ch
ange
s occ
ur in
the
orga
niza
tion.
17
.9.9
To
ensu
re t
hat
inte
rnal
au
dit
has
ap
pro
pri
ate
and
su
ffic
ien
t re
sou
rces
to c
ond
uct
its
acti
viti
es.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er in
tern
al a
udit
peri
odic
ally
an
alyz
es t
he r
esou
rces
tha
t it
need
s to
pe
rfor
m th
e au
dit a
ctiv
ities
out
lined
in th
e au
dit p
lan.
Chec
k w
heth
er
the
anal
ysis
co
nsid
ers
both
the
skill
s an
d th
e nu
mbe
r of
aud
itors
ne
eded
to
pe
rfor
m
the
inte
rnal
au
dit
activ
ities
acc
ordi
ng to
the
audi
t pla
n.
Ch
eck
whe
ther
kno
wle
dge
of IT
and
frau
d in
dica
tors
are
par
t of
the
ass
essm
ent
of
skill
s nee
ded.
Chec
k w
heth
er
succ
essi
on
plan
ning
is
in
corp
orat
ed in
the
asse
ssm
ent p
roce
ss.
Chec
k w
heth
er th
ere
are
reso
urce
s to
hir
e ex
tern
al e
xper
ts w
hen
nece
ssar
y.
Ch
eck
whe
ther
res
ourc
e lim
itatio
ns a
re
prom
ptly
repo
rted
to m
anag
emen
t.
Inte
rnal
aud
it pe
riod
ical
ly a
naly
zes w
heth
er it
s res
ourc
es a
re su
ffici
ent
in q
ualit
y an
d qu
antit
y to
per
form
its
audi
t act
iviti
es. T
he q
ualit
ativ
e an
alys
is c
onta
ins
an a
sses
smen
t of
IT
skill
s an
d fr
aud
awar
enes
s. Su
cces
sion
pla
nnin
g is
par
t of t
he p
roce
ss.
Inte
rnal
aud
it pe
riod
ical
ly a
naly
zes w
heth
er it
s res
ourc
es a
re su
ffici
ent
in q
ualit
y an
d qu
antit
y to
per
form
its
audi
t act
iviti
es. T
he q
ualit
ativ
e an
alys
is c
onta
ins
an a
sses
smen
t of
IT
skill
s an
d fr
aud
awar
enes
s. Su
cces
sion
pla
nnin
g is
not
par
t of t
his p
roce
ss.
Inte
rnal
aud
it pe
riod
ical
ly a
naly
zes w
heth
er it
s res
ourc
es a
re su
ffici
ent
in q
ualit
y an
d qu
antit
y to
per
form
its
audi
t act
iviti
es. T
he q
ualit
ativ
e an
alys
is d
oes
not
cont
ain
an a
sses
smen
t of
IT
skill
s an
d fr
aud
awar
enes
s. Su
cces
sion
pla
nnin
g is
not
par
t of t
his p
roce
ss.
Inte
rnal
aud
it do
es n
ot p
erio
dica
lly a
naly
ze w
heth
er it
s re
sour
ces
are
suffi
cien
t in
qual
ity a
nd q
uant
ity to
per
form
its a
udit
activ
ities
.
CH
AP
TE
R 7
Page 144 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.9.1
0 T
o en
sure
th
at t
he
imp
act
of r
esou
rce
lim
itat
ion
s is
com
mu
nic
ated
to s
enio
r m
anag
emen
t.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er a
n as
sess
men
t ha
s be
en m
ade
of t
he q
ualit
y an
d qu
antit
y of
reso
urce
s nee
ded
to im
plem
ent t
he a
udit
plan
.
Ch
eck
whe
ther
an
asse
ssm
ent h
as b
een
mad
e of
the
impa
ct o
f res
ourc
e lim
itatio
ns.
Chec
k w
heth
er s
enio
r m
anag
emen
t ha
s be
en i
nfor
med
in
a tim
ely
man
ner a
bout
reso
urce
lim
itatio
ns a
nd th
e im
pact
on
the
inst
itutio
n.
Seni
or
man
agem
ent
is
timel
y in
form
ed
abou
t an
y in
tern
al
audi
t re
sour
ce
limita
tions
.
Seni
or m
anag
emen
t is
not i
nfor
med
abo
ut
any
inte
rnal
aud
it re
sour
ce li
mita
tions
.
17
.9.1
1 T
o en
sure
th
at in
tern
al a
ud
it m
akes
use
of ‘
gues
t’ a
ud
itor
s co
min
g fr
om o
ther
par
ts o
f th
e or
gan
izat
ion
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er t
he p
olic
ies
and
proc
edur
es a
llow
int
erna
l au
dit
to
invi
te e
xper
ts (
non-
audi
tors
) fr
om o
ther
par
ts o
f the
org
aniz
atio
n to
as
sist
the
audi
t tea
m w
ith te
chni
cal m
atte
rs.
Chec
k w
heth
er th
ese
expe
rts
have
any
con
flict
of i
nter
est w
ith re
spec
t to
the
audi
ted
area
.
Inte
rnal
au
dit
uses
‘g
uest
’ au
dito
rs
to
supp
lem
ent i
ts te
chni
cal c
ompe
tenc
e.
Inte
rnal
aud
it do
es n
ot u
se ‘g
uest
’ aud
itors
.
17
.9.1
2 T
o en
sure
th
at i
nte
rnal
au
dit
has
ad
equ
ate
aud
it p
olic
ies
and
pro
ced
ure
s, a
nd
th
at t
hes
e p
roce
du
res
are
up
dat
ed o
n a
re
gula
r b
asis
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er th
e ex
istin
g pr
oced
ures
are
suffi
cien
t to
perf
orm
vari
ous t
ypes
of
inte
rnal
aud
it en
gage
men
ts.
Chec
k w
heth
er t
he c
urre
nt p
roce
dure
s re
quir
e th
e us
e an
d or
gani
zatio
n of
w
orki
ng p
aper
s.
Ch
eck
whe
ther
the
proc
edur
es p
resc
ribe
the
rete
ntio
n of
and
acc
ess
to a
udit
files
.
Ch
eck
whe
ther
the
proc
edur
es a
re u
pdat
ed o
n a
regu
lar b
asis
.
Inte
rnal
au
dit
has
adeq
uate
an
d up
date
d au
dit
polic
ies
and
proc
edur
es.
Inte
rnal
au
dit
does
no
t ha
ve
adeq
uate
au
dit
polic
ies
and
proc
edur
es
CH
AP
TE
R 7
Page 145@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.9.1
3 T
o en
sure
th
at i
nte
rnal
au
dit
act
ivit
ies
are
pro
per
ly c
oord
inat
ed w
ith
oth
er i
nte
rnal
ass
ura
nce
pro
vid
ers
(e.g
. Fin
ance
&
Acc
oun
ts U
nit
/Div
isio
n).
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er t
he m
anda
tes
of o
ther
inte
rnal
ass
uran
ce p
rovi
ders
are
do
cum
ente
d.
Ch
eck
whe
ther
inte
rnal
aud
it ha
s con
duct
ed a
n as
sess
men
t of t
he w
ork
of
thes
e in
tern
al a
ssur
ance
pro
vide
rs.
Chec
k w
heth
er t
he i
nter
nal
audi
t un
it an
d ot
her
inte
rnal
ass
uran
ce
prov
ider
s exc
hang
e in
form
atio
n an
d re
port
s.
Ch
eck
whe
ther
int
erna
l au
dit
activ
ities
are
coo
rdin
ated
with
oth
er
inte
rnal
ass
uran
ce p
rovi
ders
in o
rder
to a
void
dup
licat
ion.
Chec
k w
heth
er in
tern
al a
udit
relie
s on
the
res
ults
of t
he w
ork
of o
ther
in
tern
al a
ssur
ance
pro
vide
rs.
Inte
rnal
aud
it ha
s as
sess
ed t
he w
ork
of o
ther
int
erna
l as
sura
nce
prov
ider
s. In
tern
al a
udit
coor
dina
tes
its a
ctiv
ities
w
ith th
ese
prov
ider
s.
Inte
rnal
aud
it do
es n
ot c
oord
inat
e its
ac
tiviti
es w
ith o
ther
inte
rnal
ass
uran
ce
prov
ider
s.
17
.9.1
4 T
o en
sure
th
at in
tern
al a
ud
it c
oord
inat
es it
s ac
tivi
ties
wit
h t
he
CCA
/IA
Us.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er c
oope
ratio
n be
twee
n in
tern
al a
nd e
xter
nal
audi
tors
is
desc
ribe
d in
any
offi
cial
doc
umen
t.
Ch
eck
whe
ther
con
side
ratio
n is
giv
en to
ext
erna
l aud
it ac
tiviti
es in
the
in
tern
al a
udit
plan
ning
pro
cess
.
Ch
eck
whe
ther
ext
erna
l aud
itors
hav
e ac
cess
to a
ll in
tern
al a
udit
files
.
Ch
eck
whe
ther
int
erna
l an
d ex
tern
al a
udito
rs s
hare
inf
orm
atio
n an
d re
port
s.
Ch
eck
whe
ther
inte
rnal
and
ext
erna
l aud
it ac
tiviti
es a
re c
oord
inat
ed in
or
der t
o av
oid
dupl
icat
ion.
Inte
rnal
aud
it co
ordi
nate
s its
act
iviti
es
with
the
exte
rnal
aud
itor.
Inte
rnal
aud
it do
es n
ot c
oord
inat
e its
ac
tiviti
es w
ith th
e ex
tern
al a
udito
r.
CH
AP
TE
R 7
Page 146 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.9.1
5 T
o fo
ster
res
pec
t fo
r th
e w
ork
of i
nte
rnal
au
dit
ors
by t
he
exte
rnal
au
dit
ors.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Inte
rvie
w th
e ex
tern
al a
udito
rs in
volv
ed in
the
audi
t of
the
agen
cy.
Inte
rvie
w t
he I
AU C
hief
abo
ut t
he S
upre
me
Audi
t In
stitu
tion’
s vie
w o
f the
inte
rnal
aud
it un
it.
Exte
rnal
aud
it re
spec
ts th
e w
ork
of in
tern
al a
udit
and
relie
s on
its w
ork.
Exte
rnal
aud
it do
es n
ot v
alue
the
wor
k of
inte
rnal
aud
it.
17
.9.1
6 T
o en
sure
that
inte
rnal
au
dit
pla
ys a
n a
pp
rop
riat
e ro
le in
the
dev
elop
men
t an
d m
ain
ten
ance
of a
ris
k r
egis
ter
or a
ssu
ran
ce
map
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er a
risk
regi
ster
exi
sts a
nd th
e ex
tent
of
inte
rnal
aud
it’s c
ontr
ibut
ion.
Chec
k w
heth
er a
n as
sura
nce
map
exi
sts
and
the
exte
nt o
f int
erna
l aud
it’s c
ontr
ibut
ion.
Inte
rnal
aud
it pl
ays
a ke
y ro
le in
the
deve
lopm
ent o
f a r
isk
regi
ster
and
ass
uran
ce m
ap w
hen
thes
e ex
ist.
Inte
rnal
aud
it do
es n
ot p
lay
a ro
le in
the
deve
lopm
ent o
f the
ex
istin
g ri
sk re
gist
er o
r ass
uran
ce m
ap fo
r the
org
aniz
atio
n.
17
.9.1
7 T
o en
sure
th
at t
he
seco
nd
lin
es o
f def
ense
wit
hin
th
e ag
ency
rec
eive
pro
per
au
dit
cov
erag
e.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er
the
audi
t un
iver
se
incl
udes
th
e se
cond
line
s of d
efen
se.
Chec
k w
heth
er a
ppro
pria
te c
onsi
dera
tion
has
been
gi
ven
to th
e se
cond
line
s of
def
ense
dur
ing
the
risk
as
sess
men
t pro
cess
.
The
seco
nd l
ines
of
defe
nse
are
incl
uded
in
the
scop
e of
in
tern
al a
udit
activ
ities
and
are
revi
ewed
.
Inte
rnal
aud
it do
es n
ot a
udit
the
seco
nd li
nes o
f def
ense
.
CH
AP
TE
R 7
Page 147@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.9.1
8 T
o en
sure
that
inte
rnal
au
dit
act
ivit
ies
are
pro
per
ly c
oord
inat
ed w
ith
oth
er e
xter
nal
ass
ura
nce
pro
vid
ers,
e.g
. RA
A a
nd
ACC
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er
the
man
date
of
ot
her
exte
rnal
as
sura
nce
prov
ider
s is
do
cum
ente
d.
Ch
eck
whe
ther
inte
rnal
aud
it ha
s con
duct
ed a
n as
sess
men
t of t
he w
ork
of th
ese
exte
rnal
pro
vide
rs.
Chec
k w
heth
er in
tern
al a
udit
and
othe
r ext
erna
l ass
uran
ce p
rovi
ders
exc
hang
e in
form
atio
n an
d re
port
s (E.
g. T
ripa
rtite
mee
tings
of t
he p
ast)
.
Ch
eck
whe
ther
the
act
iviti
es o
f in
tern
al a
udit
and
othe
r ex
tern
al a
ssur
ance
pr
ovid
ers a
re co
ordi
nate
d in
ord
er to
avo
id d
uplic
atio
n.
Ch
eck
whe
ther
inte
rnal
aud
it re
lies o
n th
e re
sults
of t
he w
ork
of o
ther
ext
erna
l as
sura
nce
prov
ider
s
Inte
rnal
aud
it ha
s as
sess
ed t
he
wor
k of
oth
er e
xter
nal a
ssur
ance
pr
ovid
ers.
Inte
rnal
au
dit
coor
dina
tes
its
activ
ities
w
ith
thes
e pr
ovid
ers.
Inte
rnal
aud
it do
es n
ot c
oord
inat
e its
act
iviti
es w
ith o
ther
exi
stin
g ex
tern
al a
ssur
ance
pro
vide
rs.
17
.9.1
9 T
o en
sure
th
at in
tern
al a
ud
it p
erio
dic
ally
rep
orts
to s
enio
r m
anag
emen
t on
its
acti
viti
es.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er t
he c
hart
er a
nd t
he p
roce
dure
s de
fine
the
cont
ent a
nd th
e fr
eque
ncy
of a
udit
activ
ity
repo
rts
that
sho
uld
be c
omm
unic
ated
to th
e he
ad o
f th
e in
stitu
tion
by in
tern
al a
udit.
Asse
ss t
he u
sefu
lnes
s of
the
se r
epor
ts f
rom
sen
ior
man
agem
ent’s
poi
nt o
f vie
w.
Inte
rnal
aud
it pe
riod
ical
ly re
port
s to
sen
ior m
anag
emen
t on
its a
ctiv
ities
. Man
agem
ent v
alue
s the
se re
port
s.
Inte
rnal
aud
it do
es n
ot r
epor
t on
its
act
iviti
es t
o se
nior
m
anag
emen
t.
CH
AP
TE
R 7
Page 148 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.10
. ISP
PIA
21
00
– N
atu
re o
f Wor
k
Chec
klis
t for
ass
essm
ents
nec
essa
ry u
nder
Sta
ndar
d 21
00:
17
.10
.1 T
o en
sure
th
at in
tern
al a
ud
it r
evie
ws
the
des
ign
an
d e
ffec
tive
nes
s of
eth
ical
pro
gram
mes
wit
hin
th
e in
stit
uti
on.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er i
nter
nal
audi
tors
foc
us o
n et
hica
l is
sues
in th
eir
eval
uatio
n of
the
agen
cy’s
obje
ctiv
es,
prog
ram
mes
and
act
iviti
es.
Chec
k w
heth
er th
ere
is s
uffic
ient
em
phas
is o
n et
hics
in
inte
rnal
aud
it en
gage
men
ts a
nd re
port
s.
Inte
rnal
aud
it re
view
s th
e ef
fect
iven
ess
of v
ario
us e
thic
s pr
ogra
mm
es.
Inte
rnal
aud
it do
es n
ot re
view
eth
ics p
rogr
amm
es.
17
.10
.2 T
o en
sure
th
at in
tern
al a
ud
it r
evie
ws
how
ris
k o
wn
ersh
ip a
nd
acc
oun
tab
ilit
y ar
e es
tab
lish
ed w
ith
in t
he
agen
cy.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er i
nter
nal
audi
t pr
ovid
es a
n op
inio
n on
the
alig
nmen
t of v
ario
us p
rogr
amm
es, p
roce
sses
an
d ac
tiviti
es w
ith th
e m
issi
on a
nd o
bjec
tives
of t
he
inst
itutio
n.
As
sess
whe
ther
the
conc
epts
of r
isk
owne
rshi
p an
d ac
coun
tabi
lity
are
exam
ined
thro
ugho
ut th
e in
tern
al
audi
t eng
agem
ents
and
refle
cted
in a
udit
repo
rts.
Inte
rnal
audi
t rev
iew
s how
risk
ow
ners
hip
and
acco
unta
bilit
y ar
e es
tabl
ishe
d w
ithin
the
inst
itutio
n.
Inte
rnal
au
dit
does
no
t co
nsid
er
risk
ow
ners
hip
and
acco
unta
bilit
y in
its a
ctiv
ities
.
17
.10
.3 T
o en
sure
th
at in
tern
al a
ud
it p
rovi
des
ass
ura
nce
on
th
e ri
sk m
anag
emen
t p
roce
ss.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
CH
AP
TE
R 7
Page 149@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Chec
k w
heth
er t
he r
isk
man
agem
ent
proc
ess
is
incl
uded
in th
e au
dit u
nive
rse.
Chec
k w
heth
er t
he r
isk
man
agem
ent
proc
ess
is
give
n du
e co
nsid
erat
ion
duri
ng th
e ri
sk a
sses
smen
t ex
erci
se.
Asse
ss
whe
ther
in
tern
al
audi
t re
view
s th
e ef
fect
iven
ess o
f the
risk
man
agem
ent p
roce
ss.
Asse
ss w
heth
er in
tern
al a
udit
revi
ews t
he a
lignm
ent
of
resi
dual
ri
sk
with
th
e ri
sk
appe
tite
of
the
orga
niza
tion.
Asse
ss w
heth
er in
tern
al a
udit
revi
ews
the
exis
tenc
e an
d co
mpl
eten
ess o
f the
risk
regi
ster
s.
As
sess
the
rol
e th
at in
tern
al a
udit
play
s in
the
ris
k m
anag
emen
t pro
cess
.
Inte
rnal
aud
it pr
ovid
es re
gula
r ass
uran
ce o
n al
l com
pone
nts
of t
he r
isk
man
agem
ent
proc
ess.
Inte
rnal
aud
it pr
ovid
es
advi
sory
serv
ices
with
rega
rd to
risk
man
agem
ent.
Inte
rnal
audi
t pro
vide
s ass
uran
ce o
n so
me c
ompo
nent
s of t
he
risk
man
agem
ent
proc
ess.
Inte
rnal
aud
it pr
ovid
es a
dvis
ory
serv
ices
with
rega
rd to
risk
man
agem
ent.
Inte
rnal
aud
it do
es n
ot p
rovi
de a
ssur
ance
on
the
risk
m
anag
emen
t pr
oces
s bu
t pl
ays
an a
dvis
ory
role
in
the
proc
ess.
Inte
rnal
aud
it do
es n
ot p
rovi
de a
ssur
ance
on
the
risk
m
anag
emen
t pro
cess
and
doe
s no
t pla
y an
y ad
viso
ry ro
le in
th
e pr
oces
s.
17
.10
.4 T
o en
sure
th
at in
tern
al a
ud
it p
ays
suff
icie
nt
atte
nti
on to
th
e ri
sk o
f fra
ud
.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er t
he r
isk
of f
raud
is
cons
ider
ed
duri
ng th
e ri
sk a
sses
smen
t pro
cess
.
Ch
eck
whe
ther
the
ris
k of
fra
ud i
s co
nsid
ered
du
ring
the
pla
nnin
g pr
oces
s of
ind
ivid
ual
audi
t en
gage
men
ts.
Inte
rnal
aud
it co
nsid
ers
the
risk
of
frau
d du
ring
the
ris
k as
sess
men
t and
pla
nnin
g pha
se o
f ind
ivid
ual a
udit
enga
gem
ents
.
Inte
rnal
aud
it do
es n
ot p
ay sp
ecifi
c att
entio
n to
the
risk
of f
raud
.
CH
AP
TE
R 7
Page 150 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.10
.5 T
o en
sure
th
at in
tern
al a
ud
it r
evie
ws
the
effe
ctiv
enes
s an
d a
deq
uac
y of
th
e in
tern
al c
ontr
ol s
yste
m.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er
inte
rnal
au
dit
syst
emat
ical
ly
revi
ews
the
effe
ctiv
enes
s (d
o co
ntro
l ad
dres
s ri
sk?)
and
ade
quac
y (d
o co
ntro
ls w
ork
in p
ract
ice?
) of c
ontr
ols.
Chec
k w
heth
er
inte
rnal
au
dit
proa
ctiv
ely
prov
ides
ad
vice
on
ef
fect
ive
and
adeq
uate
cont
rols
dur
ing
the
deve
lopm
ent
of n
ew p
roce
sses
an
d sy
stem
s.
Inte
rnal
aud
it re
view
s bo
th th
e ef
fect
iven
ess
and
the
adeq
uacy
of c
ontr
ols.
Inte
rnal
aud
it pr
oact
ivel
y ad
vise
s th
e ag
ency
on
effe
ctiv
e an
d ad
equa
te
cont
rols
.
Inte
rnal
aud
it re
view
s bo
th t
he e
ffect
iven
ess
and
adeq
uacy
of
cont
rols
. In
tern
al a
udit
does
not
pro
activ
ely
prov
ide
advi
ce o
n ef
fect
ive
and
adeq
uate
co
ntro
ls.
Inte
rnal
aud
it re
view
s mai
nly
cove
r the
ade
quac
y of
cont
rols
.
Inte
rnal
audi
t doe
s not
syst
emat
ical
ly re
view
the e
ffect
iven
ess a
nd ad
equa
cy
of co
ntro
ls.
17
.10
.6 T
o en
sure
th
at in
tern
al a
ud
it c
ontr
ibu
tes
to t
he
del
iver
y of
an
op
inio
n o
n t
he
adeq
uac
y an
d t
he
effe
ctiv
enes
s of
th
e ov
eral
l in
tern
al c
ontr
ol s
yste
m.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er th
e he
ad o
f the
age
ncy
requ
ires
an
opin
ion
on
the
effe
ctiv
enes
s and
ade
quac
y of
the
over
all i
nter
nal c
ontr
ol
syst
em.
Asse
ss t
he r
ole
of in
tern
al a
udit
in t
he p
roce
ss t
o ar
rive
at
an o
pini
on o
n th
e ef
fect
iven
ess
and
adeq
uacy
of t
he o
vera
ll in
tern
al co
ntro
l sys
tem
.
Ch
eck
whe
ther
inte
rnal
aud
it ca
n ex
pres
s an
opi
nion
bas
ed
on su
ffici
ent a
udit
cove
rage
of t
he o
rgan
izat
ion.
Inte
rnal
aud
it ex
pres
ses
an o
pini
on o
n th
e ov
eral
l sy
stem
of
inte
rnal
con
trol
whe
n re
quir
ed t
o do
so.
Th
is o
pini
on is
supp
orte
d by
suffi
cien
t aud
it co
vera
ge
of th
e or
gani
zatio
n.
Inte
rnal
aud
it pr
ovid
es a
n op
inio
n on
the
ent
ire
syst
em o
f in
tern
al c
ontr
ol w
ithou
t pr
oper
aud
it co
vera
ge.
CH
AP
TE
R 7
Page 151@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.10
.7 T
o en
sure
th
at in
tern
al a
ud
it p
rovi
des
ass
ura
nce
on
th
e re
liab
ilit
y an
d in
tegr
ity
of in
form
atio
n.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er in
form
atio
n in
tegr
ity a
nd re
liabi
lity
are
incl
uded
in th
e au
dit
univ
erse
.
Ch
eck
whe
ther
in
form
atio
n in
tegr
ity
and
relia
bilit
y ar
e gi
ven
due
cons
ider
atio
n du
ring
the
risk
ass
essm
ent e
xerc
ise.
Asse
ss w
heth
er i
nter
nal
audi
t re
view
s th
e ef
fect
iven
ess
of i
nfor
mat
ion
inte
grity
and
relia
bilit
y.
As
sess
the
role
that
inte
rnal
aud
it pl
ays w
ith re
spec
t to
info
rmat
ion
inte
grity
an
d re
liabi
lity.
Inte
rnal
au
dit
prov
ides
re
gula
r as
sura
nce
on i
nfor
mat
ion
inte
grity
an
d re
liabi
lity.
Inte
rnal
au
dit
does
no
t pr
ovid
e as
sura
nce
on i
nfor
mat
ion
inte
grity
an
d re
liabi
lity.
17
.10
.8 T
o en
sure
th
at in
tern
al a
ud
it p
rovi
des
ass
ura
nce
on
th
e p
riva
cy o
f in
form
atio
n.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er p
riva
cy o
f inf
orm
atio
n is
incl
uded
in th
e aud
it un
iver
se.
Chec
k w
heth
er t
he p
riva
cy o
f in
form
atio
n is
giv
en a
ppro
pria
te
cons
ider
atio
n du
ring
the
risk
ass
essm
ent e
xerc
ise.
Asse
ss w
heth
er in
tern
al au
dit r
evie
ws t
he ef
fect
iven
ess o
f inf
orm
atio
n pr
ivac
y.
As
sess
the
role
that
inte
rnal
aud
it pl
ays
with
res
pect
to in
form
atio
n pr
ivac
y.
Inte
rnal
aud
it pr
ovid
es re
gula
r ass
uran
ce o
n pr
ivac
y of
info
rmat
ion.
Inte
rnal
audi
t doe
s not
pro
vide
assu
ranc
e on
priv
acy
of in
form
atio
n.
CH
AP
TE
R 7
Page 152 @CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
17
.11
. ISP
PIA
26
00
– C
omm
un
icat
ing
the
acce
pta
nce
of R
isk
s
The
follo
win
g as
sess
men
t gui
delin
es a
re p
rovi
ded
to e
nsur
e th
at le
vel o
f ris
k ac
cept
ed b
y th
e m
anag
emen
t is
with
in th
e ri
sk a
ppet
ite o
f the
ag
ency
.
17
.11
.1 T
o en
sure
th
at t
her
e is
an
esc
alat
ion
pro
cess
in
pla
ce i
n c
ase
man
agem
ent
choo
ses
to a
ccep
t a
risk
leve
l th
at i
s ab
ove
the
risk
ap
pet
ite
of t
he
agen
cy.
Rev
iew
ste
ps
Ass
essm
ent
outc
ome
Gen
eral
ly
Con
form
–
GC
Par
tial
ly
Con
form
- P
C
Doe
s N
ot
Con
form
- D
NC
Chec
k w
heth
er th
e m
etho
dolo
gy d
efin
es th
e st
eps
to b
e ta
ken
by in
tern
al a
udit
in s
uch
a si
tuat
ion.
Asse
ss w
heth
er i
nter
nal
audi
t im
plem
ents
th
e pr
escr
ibed
step
s whe
n ne
eded
.
Ther
e is
an
esca
latio
n pr
oces
s th
at i
nter
nal
audi
t fo
llow
s w
hen
man
agem
ent a
ssum
es r
isk
leve
ls th
at a
re b
eyon
d th
e ri
sk a
ppet
ite
of th
e or
gani
zatio
n.
Inte
rnal
aud
it do
es n
ot ta
ke a
ny s
teps
whe
n m
anag
emen
t ass
umes
ri
sk le
vels
that
are
bey
ond
the
risk
app
etite
of t
he o
rgan
izat
ion.
CH
AP
TE
R 7
Page 153@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Reference Material1. Internal Audit Manual, Ministry of Finance, Royal Government of Bhutan, 20142. Bhutan Government Internal Audit Standards, Ministry of Finance, Royal Government
of Bhutan, 20173. Internal Audit Annual Report 2016-17, Central Coordinating Agency Ministry of Finance,
Royal Government of Bhutan, June 20184. Quality Assessment Manual for the Internal Audit Activity issued by IIA 20185. IPPF – Practice Guide Quality Assurance and Improvement Programme – 2012, The IIA
Global6. International Standards for the Professional Practice of Internal Auditing (standards),
issued by IIA in January 20177. Implementation Guide on International Professional Practice Framework issued by IIA
in January 20178. Draft Quality Assessment Guide for Public Sector Internal Audit (A toolkit for quality
improvement {PEMPAL} 2016)9. Sample Quality Assurance Improvement Programme, IIA, 200910. USDA, 2008 Quality Assurance11. IIA 2012 – Quality Assurance and Improvement Programme, USA12. IIA 2006 External Quality Assessment, US13. IPPF – Practice Guide on Measuring Internal Audit Effectiveness and Efficiency, issued
IIA, December 201014. Ministry of Finance 2013: National Internal Control Framework, Bhutan15. Ministry of Finance, 2016: Performing an Effective Quality Assessment, Bhutan.16. Ministry of Finance, 2013: Performing an Effective Quality Assessment – Case Study,
Bhutan17. Internal Audit Handbook for Central Civil Ministries / Departments, Internal Audit
Division, Controller General of India, Department of Expenditure, Ministry of Finance, Government of India
18. Philippines Government Internal Audit Manual (PGIAM), Issued by Department of Budget and Management, in conjunction with the Office of the President – Internal Audit Office, the Commission on Audit, and the Reference Panel.
19. Discussion Paper No.3, Quality Assurance for Internal Audit, Public Internal Control Systems in the European Union, Public Internal Control an EU Approach. Reference 2014-3.
Central Coordinating Agency for Internal Audit ServiceMinistry of FinanceTashi Chhodzong, Thimphu, Bhutan
P.O.Box: 117Tel: +975-02-339729/ 330173Website: www.mof.gov.bt
Published by:Central Coordinating Agency for Internal Audit ServicesMinistry of FinancePost box # 117Contact: +975-02-330173
Designed and Printed at United Printing Press, [email protected]