Changes to IIA Standards 2013 - 2014

IIA Bermuda Chapter Meeting July 16, 2014

IPPF – Overview & Summary of Changes

Eighteen revisions to The IIA's International Standards for the Professional Practice of Internal Auditing became effective Jan. 1, 2013.

[previously reviewed in an IIA(B) Lunch & Learn]

No new changes to the mandatory guidance since.

• • In 2013 and 2014 there have been: 3 new Practice Advisories 2 new Practice Guides

New Practice Advisories

 • • • 2320-4 Continuous Assurance Evaluation of control effectiveness continuously rather than using more traditional periodic historic testing Need for is driven by the rate of organizational change and risk Continuous monitoring (owned by management) + continuous auditing

New Practice Advisories (cont’d)

 • • • 2120-3 Internal Audit Coverage of Risks to Achieving Strategic Objectives Internal Audit should have an understanding of the organization’s strategy, how it is executed, the associated risks, and how these risks are being managed The organization’s strategy should be a foundational element when developing a risk-based audit plan Plan should consider providing assurance services related to strategic initiatives

New Practice Advisories (cont’d)

 • 2320-3 Audit Sampling Definitions of sampling, various methods, tolerable error, drawing conclusions based on sampling, work paper documentation, etc.

New Practice Guides

 • • • • • • Auditing Anti-bribery and Anti-corruption Programs The global legislative landscape Bribery and corruption risks and controls Internal audit’s role in anti-corruption Coordination with other compliance functions Challenges that result when bribery and corruption reach high levels Comparisons of legislation in selected countries, examples of risks and controls, and a sample audit program

In addition the practice guide identifies high-risk areas and red flags for bribery and corruption, while providing audit steps to address each high-risk area. Components of an effective anti-corruption program are also discussed.

New Practice Guides (cont’d)

 Selecting, Using, and Creating Maturity Models: A Tool for Assurance and Consulting Engagements • • • • Through providing insight into the purpose and power of maturity models, the Practice Guide demonstrates that when appropriately selected or designed and then subsequently applied, maturity models can provide: A framework for envisioning the future, the desired state and the development of improvement plans.

Benchmarks for the organization to compare its processes internally or externally.

A mechanism to provide insight into the improvement path from an immature to a mature process. A disciplined method that is easy for management to understand and implement.