Auditing Standards for Internal Audit
The Institute of Internal Auditors (IIA) promulgates the International Professional Practices Framework (IPPF) which includes Mandatory Guidance and Recommended Guidance.
Mandatory Guidance:
- Core Principles for the Professional Practice of Internal Auditing
- Definition of Internal Auditing
- Code of Ethics
- International Standards for the Professional Practice of Internal Auditing
Recommended Guidance:
- Implementation Guidance
- Supplemental Guidance
While the IPPF does not have the rule of law, the practice of internal auditing, like other professions, is based upon elements of due professional care and a ruling body that develops standards of practice through a public exposure process.
Neither the SEC nor PCAOB as regulatory bodies have direct jurisdiction over internal auditors at this time. The PCAOB can influence the nature and extent of internal audit work through the rules it issues about external auditors’ reliance on the work of others. For example, on May 24, 2007, the PCAOB issued Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated With an Audit of Financial Statements (AS5), which described a public accountant’s reliance on the work of others, including internal auditors, during audits of internal control over financial reporting (ICFR).
Currently, these regulatory bodies set requirements and monitor the compliance of publicly listed U.S. companies and the public accounting profession. The internal audit profession, like the legal profession, continues to be self-regulated by a required public comment process.
It’s commonly asked if internal auditors must comply with professional ethics requirements. The answer is: yes. Like most professionals, members must adhere to a code of ethics as part of the IPPF. In addition, other professional certifications that practitioners may hold typically require adherence to standard ethic requirements.
Along with the CIA designation, many internal auditors also hold CPAs, CISAs (IT auditors) or other certifications that require strict adherence to a formal code of ethics, with serious repercussions by an ethics board for violations.
In addition to professional ethics requirements, the organizations where internal auditors are employed may have their own specific code of conducts, rules of behavior and other ethical requirements that internal auditors need to be aware of, must comply with and may at times be responsible for validating compliance with.
You can read more on this topic in Protiviti’s Guide to Internal Audit and explore these tools on KnowledgeLeader:
IIA Standards and the Audit Committee (KLplus CPE Course)