When Is the Auditor Audited?

Article Posted March 26, 2013

When Is the Auditor Audited?

Measuring and assessing performance is just as important for the Office of Internal Audit and Compliance as it is for any department. The International Standards for the Practice of Internal Auditing (Standards) requires that an external assessment be conducted of internal audit departments at least once every five years by a qualified, independent reviewer or review team from outside the organization. The purpose of the review is to provide reasonable assurance to management and stakeholders that the Office of Internal Audit and Compliance is in compliance with applicable auditing standards.

The Chief Audit Officer leads the process of selecting an external assessor or independent validator with the full involvement and support of senior management and audit committees. The external assessment looks at the organizations’ internal controls, ethics, governance, and risk management processes. An external assessment also builds stakeholder confidence by documenting management’s commitment to quality and successful financial practices.

Following are the Standards that serve as the criteria for evaluating performance.

•Purpose, Authority, and Responsibility – the purpose, authority, and responsibility of the internal audit activity as formally defined in a charter, are consistent with the Standards, and properly approved.

•Independence and Objectivity – the internal audit activity is independent and objective in performing work.

•Due Professional Care – internal audit staff possesses the knowledge, skills, and other competencies needed to perform their responsibilities. Internal auditors enhance their knowledge, skills, and competencies through continuing professional development.

•Quality Assurance and Improvement Program – internal audit has developed and maintains a quality assurance and improvement program that covers all aspects of internal audit activity and one that is continuously monitored for effectiveness.

•Managing the Internal Audit Activity – the internal audit activity is effectively managed to ensure it adds value to the organization. Internal Audit has developed risk-based audit plans.

•Nature of Work – the internal audit activity evaluates and contributes to the improvement of risk management, controls, and governance processes using a systematic and disciplined approach.

•Performing the Engagement – internal auditors identify, analyze, evaluate, and document sufficient information to achieve the engagement’s objectives.

•Communicating Results – communications must include the engagement’s objectives and scope as well as applicable conclusions, recommendations, and action plans.

•Monitoring Progress – there is a system in place to monitor the disposition of results communicated to management.

•Resolution of Management’s Acceptance of Risk – if Internal Audit believes that management has accepted a level of residual risk that may be unacceptable to the organization, the matter must be discussed with senior management. If the matter is still not resolved, then it must be reported to the board for resolution.

The Office of Internal Audit and Compliance completed an External Quality Assessment in May 2010 and was Generally Conformed with the Standards. The next peer review will take place in 2015. We recognize that there are always opportunities to improve performance and look forward to increasing the efficiency and effectiveness of our department.