Rarely are the demands for professionalism, knowledge, integrity and leadership more stringent than those placed on today’s internal auditing professionals.  Effective auditors serve as the organization’s corporate conscience and they champion operational efficiency, internal control and risk management.  They educate and make recommendations to management, the board of directors and the audit committee to support the organization in meeting its goals and objectives.

 To meet these ends, The Institute of Internal Auditors provides comprehensive guidance, resource information, training and support to the practitioners of the internal audit profession to ensure highest quality results and to achieve long-term effectiveness and professionalism.  This section contains various guidelines, standards, codes, and statutory requirements that impact an internal audit professional in fulfilling the demands of the various stakeholders.

Definition of Internal Auditing

Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.  It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

Roles and Opportunities

 The internal auditor is involved with

•  Evaluating Emerging Technologies

•  Analyzing Opportunities

• Examining Global Issues

•  Assessing Risks, Controls, Ethics, Quality, Economy, and Efficiency

•  Assuring that controls in place are adequate to mitigate the risks

•  Communicating information and opinions with clarity and accuracy. 

• Such diversity gives internal auditors a broad perspective on the organization.

 Internal Auditors are well – disciplined in their skills and subscribe to a professional code of ethics.  They are diverse and innovative; committed to growing and enhancing their skills; continually on the lookout for emerging risks and trends in the profession; good thinkers.  To effectively fulfill all their roles, internal auditors must be excellent communicators who listen attentively, speak effectively and write clearly.

 Sitting on the right side of the management, today’s internal auditors are consulted on all aspects of the organization and must be prepared for just about anything.  They are coaches, internal and external stakeholders’ advocates, facilitators of risk management, control experts, efficiency specialists and problem solving partners.  It’s certainly not easy, but for these skilled and competent professionals, it’s all in a day’s work.

Professional Practices Framework

The Institute of Internal Auditors Inc. provides comprehensive guidance and information for the internal audit activity. Much of it is through the  Professional Practices Framework (PPF), a blueprint for the profession that offers a full range of guidance to internal audit practitioners.  The Institute’s Board of Directors approved the Professional Practice Framework (PPF) in June 1999. In general, a framework provides a structural blueprint of how a body of knowledge and guidance fit together. As a coherent system, it facilitates consistent development, interpretation, and application of concepts, methodologies, and techniques useful to a discipline or profession. Specifically, the overall purpose of the PPF is to organize the full range of existing and developing practice guidance in a manner that is readily accessible on a timely basis to internal auditors.  It also brings additional value to management, corporate governance entities, investors, and all other stakeholders by prescribing practices that access and ensures effectiveness throughout the organization.  In addition, it provides guidance for complying with new laws and regulations.  The PPF basically contains:

• Code of Ethics: Ethics are inherent in the internal audit process, from operations to risk management to governance.  The code is established to promote an ethical culture throughout the profession and not only includes relevant principles and rules of conduct for internal auditors but also presents an enviable benchmark for ethics throughout the organization.

• Standards:  The purpose of the standards is to delineate basic principles that represent the practice as it should be, provide a framework for performing and promoting a broad range of value added activities, establish the basis for measuring performance and foster improved organizational processes and operations.  Standards comprise Attribute, Performance, and Implementation Standards. Attribute Standards and Performance Standards apply to all internal audit services. Implementation Standards apply to specific types of engagements, such as, assurance and consulting activities. These are contained within the Attribute and Performance Standards and are identified by either assurance engagements or consulting engagements.

• Practice Advisories:  The advisories provide sound advice on interpreting and applying the standards.  Although they are not mandatory, the practice advisories represent best internal audit practice and are strongly recommended.

• Development and Practice Aids:  It comprises a broad range of practical guidance in the form of professional development conferences and seminars, IIA research foundation research reports, educational products and other select products and services related to the professional practice of internal auditing.

For more details, please visit our parent site

Corporate Governance

Corporate Governance may be defined as “A set of systems, processes and principles which ensure that a company is governed in the best interest of all stakeholders.” It ensures Commitment to values and ethical conduct of business; Transparency in business transactions; Statutory and legal compliance; adequate disclosures and Effective decision-making to achieve corporate objectives.  

In other words, Corporate Governance is about promoting corporate fairness, transparency and accountability.  Good Corporate Governance is simply Good Business.

Clause 49 of the SEBI guidelines on Corporate Governance as amended on 29^th October, 2004 has made major changes in the definition of independent directors, strengthening the responsibilities of audit committees, improving quality of financial disclosures, including those relating to related party transactions and proceeds from public/ rights/ preferential issues, requiring Boards to adopt formal code of conduct, requiring CEO/CFO certification of financial statements and for improving disclosures to shareholders. Certain non-mandatory clauses like whistle blower policy and restriction of the term of independent directors have also been included.

Besides the Listing Agreement of SEBI, certain provisions of the Companies Act 1956 also have an impact in the Corporate Governance process of the organization.  These provisions should be complied with in addition to clause 49 of the Listing Agreement and in no case supersedes the requirements of the said clause. 

Sarbanes Oxley Act, 2002 (SOX)

Section 404 of SOX requires management’s development and monitoring of procedures and controls for making their required assertion regarding the adequacy of internal controls over financial reporting as well as the required attestation by an external auditor, regarding management’s assertion.  Section 302 deals with management’s quarterly certification of not only financial reporting controls, but also disclosure controls and procedures.

The Act in itself places the responsibility for the compliance of the provisions with the management, which in no case be delegated or abdicated.  Although the internal auditors are required to be extensively involved in the SOX project owing to the fact that the project falls within the natural domain of internal auditor’s expertise  they are not directly responsible for its compliance as the Act does not place any responsibility on the internal auditors.  However, for all practical purposes the internal auditor shall support the management in the discharge of these responsibilities.  The internal auditor’s role in the organization for complying with SOX can be significant, but it should be compatible with the overall mission and charter of the internal audit function.  Regardless of the type and level of involvement, it should not impair the objectivity and capabilities of the internal audit function for covering major risk areas of their organizations.  Thus the internal audit function’s role should be one of support through consulting and assurance.