Raising Your Internal Audit IQ: Updated IPPF Standards for 2013

GRC-Goals

What are your goals for 2013? If you’re an auditor, be sure that keeping up with changes in the IPPF is on your list.

I hope everyone had a great holiday season and returned to work refreshed and ready to tackle 2013. Every new year brings new goals, challenges and possibilities. Now, I will be the first to admit that I’m not a big believer in New Year’s Resolutions. I can’t say that I’m perfect in all aspects of my life, but I have never viewed the changing of the year as the primary motivator for personal improvement – if you need to change something (or procrastinate instead of changing that something) there’s no time like the present. That said, I do appreciate that our behaviors and routines are largely dictated by the calendar, and I can understand why the uptick to a new year has a powerful effect on people and their motivations.

Making Change Happen in the New Year
The trick to making real change and making it stick is to do more than just say, “this year will be different.” True change comes from a commitment to having a defined and measurable goal, and this begins with the simple step of writing your goal down. We can aspire to grow, but when we write down our goal – and place that text in a spot where we are forced to see it – it’s much more likely that we’ll achieve it. This year, just as in years past, the Institute of Internal Auditors (IIA) committed to enhancing the internal audit profession and wrote down its revised expectations for its professionals. (For more insights into the IIA, see my previous blog post: Raising Your Internal Audit IQ: Reflections on My Life As an Auditor.)

The IIA periodically reviews the International Standards for the Professional Practice of Internal Auditing (the Standards) and solicits feedback from the practitioner community to ensure the Standards are fully up to date and best reflect the current state of the profession as well as broader efforts to promote effective governance, risk and compliance programs. The most recent update in the IIA Standards took effect on January 1, 2013. I have listed a few of the key highlights below (my emphasis added):

  • All internal auditors are accountable for conforming with the Standards, both in terms of the performance of job duties and intangibles (objectivity, proficiency and due professional care)
  • The chief audit executive must continuously review and adjust the audit plan as necessary in response to the organization’s business, risks, operations, programs, systems and controls (2010 – Planning)
  • Internal auditors must address “achievement of the organization’s strategic objectives” as it evaluates the organization’s key risk exposures  and controls (2120 – Risk Management; 2130 – Control)
  • When planning an engagement, internal auditors must consider the effectiveness of a process’s governance activities and opportunities for improving governance, in additional to evaluating risk management and control processes (i.e. the full scope of GRC) (2201 – Planning Considerations)
  • Internal auditors must ascertain to what extent the board (in addition to management) has established criteria to evaluate organizational performance (2210 – Engagement Objectives)
  • The chief audit executive maintains overall responsibility for the communication and dissemination of engagement results, even when those duties are delegated outside of his/her position (2440 – Disseminating Results)
  • While responsible for communicating to the board management’s acceptance of a level of risk that IA deems unacceptable, the Standards now explicitly state that it is not the responsibility of the chief audit executive to resolve these risks (2600 – Communicating the Acceptance of Risks)

Internal Audit – A Strategic Partner
As you can see, the IIA has increased its expectation that internal audit is responsible for understanding and evaluating the strategic direction and governance programs of the organizations they serve. In addition, all internal auditors, from first-year staff to the chief audit executive, are personally responsible for abiding by the International Professional Practices Framework (IPPF). In my humble opinion, these revisions are a welcome addition to the Standards – the internal audit profession must demonstrate that it meets its own high standards before it can truly be taken seriously as a strategic partner within their organizations. Being a strategic partner brings greater responsibility to the internal audit universe and as we take on positions of increasing influence, we need to ensure that we continue to enrich our lives with additional education and awareness of the leading trends in our industry.

So, what goals do you have for the new year? What are you doing to see that your goals are more than just a passing conversation with your coworkers around the water cooler? Make 2013 a banner year for you, your goals and your career – it just starts with writing it down.

–Jason Rohlf, OrangePoint

This entry was posted in Audit Management, GRC Education and tagged . Bookmark the permalink.

1 Response to Raising Your Internal Audit IQ: Updated IPPF Standards for 2013

  1. Jose Abril says:

    Great tips! Great information, thanks!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s