Institute of Internal Auditors
Encyclopedia
Established in 1941, The Institute of Internal Auditors (IIA) is a guidance-setting body. Serving members in 165 countries, The IIA is the internal audit
profession's global voice, chief advocate, recognized authority, and principal educator, with global headquarters in Altamonte Springs, Fla., United States.
ing. This includes:
Earning the CIA qualification is intended to demonstrate a professional knowledge of the internal audit profession. CIAs are required to take continuing education courses.
Many CIAs today are senior internal audit managers
, Vice President
s, Director
s and Chief Audit Executive
s in top global MNC companies driving internal audit functions in their respective companies.
organizations claiming to complete audit
s to IIA technical standards around the world. The guidelines and recommendations are recorded in what is referred to as the "Red Book."
GTAGs are written in straightforward business language to address a timely issue related to information technology
(IT) management
, control
, and security
. To date, the IIA has released GTAGs on the following topics:
s, conferences, and other products and services related to the professional practice of internal auditing.
Audit
The general definition of an audit is an evaluation of a person, organization, system, process, enterprise, project or product. The term most commonly refers to audits in accounting, but similar concepts also exist in project management, quality management, and energy conservation.- Accounting...
profession's global voice, chief advocate, recognized authority, and principal educator, with global headquarters in Altamonte Springs, Fla., United States.
IIA Mission
The stated mission of The Institute of Internal Auditors is to provide "dynamic leadership" for the global profession of internal auditInternal audit
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk...
ing. This includes:
- Advocating and promoting the value that internal audit professionals add to their organizations;
- Providing comprehensive professional education and development opportunities; standards and other professional practice guidance; and certification programs;
- Researching, disseminating, and promoting to practitioners and stakeholders knowledge concerning internal auditing and its appropriate role in controlControl (management)Controlling is one of the managerial functions like planning, organizing, staffing and directing. It is an important function because it helps to check the errors and to take the corrective action so that deviation from standards are minimized and stated goals of the organization are achieved in...
, risk managementRisk managementRisk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities...
, and governanceGovernanceGovernance is the act of governing. It relates to decisions that define expectations, grant power, or verify performance. It consists of either a separate process or part of management or leadership processes...
;
- Educating practitioners and other relevant audiences on best practiceBest practiceA best practice is a method or technique that has consistently shown results superior to those achieved with other means, and that is used as a benchmark...
s in internal auditing;
- Bringing together internal auditors from all countries to share information and experiences.
Certified Internal Auditor (CIA)
The CIA (Certified Internal Auditor) is the primary professional designation offered by The IIA. The CIA designation is a globally recognized certification for internal auditors and is a standard by which individuals may demonstrate their competency and professionalism in the internal audit field.Earning the CIA qualification is intended to demonstrate a professional knowledge of the internal audit profession. CIAs are required to take continuing education courses.
Many CIAs today are senior internal audit managers
Management
Management in all business and organizational activities is the act of getting people together to accomplish desired goals and objectives using available resources efficiently and effectively...
, Vice President
Vice president
A vice president is an officer in government or business who is below a president in rank. The name comes from the Latin vice meaning 'in place of'. In some countries, the vice president is called the deputy president...
s, Director
Executive director
Executive director is a term sometimes applied to the chief executive officer or managing director of an organization, company, or corporation. It is widely used in North American non-profit organizations, though in recent decades many U.S. nonprofits have adopted the title "President/CEO"...
s and Chief Audit Executive
Chief Audit Executive
The Chief Audit Executive , Director of Audit, Director of Internal Audit, Auditor General, or Controller General is a high level independent corporate executive with overall responsibility for the Internal audit....
s in top global MNC companies driving internal audit functions in their respective companies.
Other certificates offered by the IIA
- Certification in Control Self-Assessment (CCSA)
- Certified Government Auditing Professional (CGAP), for Government performance auditingGovernment performance auditingGovernment performance auditing was developed in the late 1960s and shepherded by the United States Government Accountability Office, . Government performance auditing has since spread to most state governments and many closely managed local governments...
and Government Auditors
- Certified Financial Services Auditor (CFSA)
Professional Standards: the International Professional Practices Framework
The IIA has two levels of professional guidances: (1) Mandatory Guidance (including the Standards) and (2) Strongly Recommended Guidance. The two levels of guidance constitute the IIA's International Professional Practices Framework (IPPF).1) Mandatory Guidance: the Definition of Internal Auditing, the Code of ethics and the Standards
These guidelines are mandatory for IIA members and internal auditInternal audit
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk...
organizations claiming to complete audit
Audit
The general definition of an audit is an evaluation of a person, organization, system, process, enterprise, project or product. The term most commonly refers to audits in accounting, but similar concepts also exist in project management, quality management, and energy conservation.- Accounting...
s to IIA technical standards around the world. The guidelines and recommendations are recorded in what is referred to as the "Red Book."
- The Definition: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
- The four principles of the IIA's Code of Ethics are IntegrityIntegrityIntegrity is a concept of consistency of actions, values, methods, measures, principles, expectations, and outcomes. In ethics, integrity is regarded as the honesty and truthfulness or accuracy of one's actions...
, ObjectivityObjectivity (science)Objectivity in science is a value that informs how science is practiced and how scientific truths are created. It is the idea that scientists, in attempting to uncover truths about the natural world, must aspire to eliminate personal biases, a priori commitments, emotional involvement, etc...
, ConfidentialityConfidentialityConfidentiality is an ethical principle associated with several professions . In ethics, and in law and alternative forms of legal resolution such as mediation, some types of communication between a person and one of these professionals are "privileged" and may not be discussed or divulged to...
and Competency. - The International Standards for the Professionsl Practice of Internal Auditing:
Attribute Standards Performance Standards 1000 – Purpose, Authority, and Responsibility 2000 – Managing the Internal Audit Activity 1010 – Recognition of the Definition of Internal Auditing, the Code of Ethics, and the Standards in the Internal Audit Charter 2010 – Planning 1100 – Independence and Objectivity 2020 – Communication and Approval 1110 – Organizational Independence 2030 – Resource Management 1111 – Direct Interaction with the Board 2040 – Policies and Procedures 1120 – Individual Objectivity 2050 – Coordination 1130 – Impairments to Independence or Objectivity 2060 – Reporting to Senior Management and the Board 1200 – Proficiency and Due Professional Care 2070 - External Service Provider and Organizational Responsibility for Internal Auditing 1210 – Proficiency 2100 – Nature of Work 1220 – Due Professional Care 2110 – Governance 1230 – Continuing Professional Development 2120 – Risk Management 1300 – Quality Assurance and Improvement Program 2130 – Control 1310 – Requirements of the Quality Assurance and Improvement Program 2200 – Engagement Planning 1311 – Internal Assessments 2201 – Planning Considerations 1312 – External Assessments 2210 – Engagement Objectives 1320 – Reporting on the Quality Assurance and Improvement Program 2220 – Engagement Scope 1321 – Use of “Conforms with the International Standards for the Professional Practice of Internal Auditing” 2230 – Engagement Resource Allocation 1322 – Disclosure of Nonconformance 2240 – Engagement Work Program 2300 – Performing the Engagement IIA Glossary 2310 – Identifying Information 2320 – Analysis and Evaluation 2330 – Documenting Information 2340 – Engagement Supervision 2400 – Communicating Results 2410 – Criteria for Communicating 2420 – Quality of Communications 2421 – Errors and Omissions 2430 – Use of "Conducted in Conformance with the International Standards for the Professional Practice of Internal Auditing" 2431 - Engagement Disclosure of Nonconformance 2440 – Disseminating Results 2450 – Overall Opinions 2500 – Monitoring Progress 2600 – Resolution of Senior Management’s Acceptance of Risks
2) Strongly Recommended Guidance: Position Papers, Practice Advisories, and Practice Guides
These Strongly Recommended Guidance help define and explain the IIA standards.Practice guides
As practice guides, 8 PGs, 15 GTAG (Global Technology Audit Guide), and 3 GAITs (Guide to the Assessment of IT Risk) have been issued in 2009 and 2010.GTAGs are written in straightforward business language to address a timely issue related to information technology
Information technology
Information technology is the acquisition, processing, storage and dissemination of vocal, pictorial, textual and numerical information by a microelectronics-based combination of computing and telecommunications...
(IT) management
Management
Management in all business and organizational activities is the act of getting people together to accomplish desired goals and objectives using available resources efficiently and effectively...
, control
Control (management)
Controlling is one of the managerial functions like planning, organizing, staffing and directing. It is an important function because it helps to check the errors and to take the corrective action so that deviation from standards are minimized and stated goals of the organization are achieved in...
, and security
Security
Security is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...
. To date, the IIA has released GTAGs on the following topics:
- GTAG 1: Information TechnologyInformation technologyInformation technology is the acquisition, processing, storage and dissemination of vocal, pictorial, textual and numerical information by a microelectronics-based combination of computing and telecommunications...
Controls - GTAG 2: Change and Patch Management Controls: Critical for Organizational Success
- GTAG 3: Continuous AuditingContinuous auditingContinuous auditing is the independent application of automated tools to provide assurance on financial, compliance, strategic and operational data within a company. Continuous auditing uses a set of tools to assure the internal control system is functioning to prevent fraud, errors and waste...
: Implications for AssuranceAssuranceAssurance may refer to:* Assurance services, offered by accountancy firms to improve the quality of information* Assurance , a Protestant Christian doctrine...
, MonitoringMonitoringTo monitor or monitoring generally means to be aware of the state of a system. Below are specific examples:* to observe a situation for any changes which may occur over time, using a monitor or measuring device of some sort:...
, and Risk AssessmentRisk assessmentRisk assessment is a step in a risk management procedure. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat... - GTAG 4: Management of IT Auditing
- GTAG 5: Managing and Auditing Privacy RiskRiskRisk is the potential that a chosen action or activity will lead to a loss . The notion implies that a choice having an influence on the outcome exists . Potential losses themselves may also be called "risks"...
s - GTAG 6: Managing and Auditing IT Vulnerabilities
- GTAG 7: Information Technology OutsourcingOutsourcingOutsourcing is the process of contracting a business function to someone else.-Overview:The term outsourcing is used inconsistently but usually involves the contracting out of a business function - commonly one previously performed in-house - to an external provider...
- GTAG 8: Auditing Application Controls
- GTAG 9: IdentityIdentity managementIdentity management is a broad administrative area that deals with identifying individuals in a system and controlling access to the resources in that system by placing restrictions on the established identities of the individuals.Identity management is multidisciplinary and covers many...
and AccessAccess (economics)Access is a catalytic process that enables interactions, contacts and exchanges among people, businesses and nations. An analytical framework to define the drivers and benefits of Access and to quantify the impact of Access on economic growth and personal well-being was created in 2006 by the...
Management - GTAG 10: Business ContinuityBusiness continuityBusiness continuity is the activity performed by an organization to ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions. These activities include many daily chores such as project management,...
Management (BCM) - GTAG-11: Developing the IT Audit Plan
- GTAG-12: Auditing IT Projects (Mar. 2009)
- GTAG-13: Fraud Prevention and Detection in an Automated World (Dec. 2009)
- GTAG-14: Auditing User-developed Applications (June 2010)
- GTAG-15: Information Security Governance (June 2010)
- GTAG-16: Data Analysis Technology (August 2011)
Additional sources of guidance: Development and practice aids
This Includes a variety of materials that are developed and/or endorsed by the IIA, including research studies, books, seminarSeminar
Seminar is, generally, a form of academic instruction, either at an academic institution or offered by a commercial or professional organization. It has the function of bringing together small groups for recurring meetings, focusing each time on some particular subject, in which everyone present is...
s, conferences, and other products and services related to the professional practice of internal auditing.
See also
- Internal AuditInternal auditInternal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk...
, Director of auditDirector of AuditDirector of Audit may refer to:*Chief audit executive - a corporate executive position*Director of Audit - head of the Audit Commission of Hong Kong...
, Comptroller GeneralComptroller GeneralComptroller General or Comptroller-General or Controller General may refer to:* the Comptroller General of the United States, director of the Government Accountability Office* Comptroller General of Convicts...
, Inspector GeneralInspector GeneralAn Inspector General is an investigative official in a civil or military organization. The plural of the term is Inspectors General.-Bangladesh:... - External audit, External auditor, Certified Public AccountantCertified Public AccountantCertified Public Accountant is the statutory title of qualified accountants in the United States who have passed the Uniform Certified Public Accountant Examination and have met additional state education and experience requirements for certification as a CPA...
, and AICPA - Internal ControlInternal controlIn accounting and auditing, internal control is defined as a process effected by an organization's structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives. It is a means by which an organization's...
, ControllerComptrollerA comptroller is a management level position responsible for supervising the quality of accounting and financial reporting of an organization.In British government, the Comptroller General or Comptroller and Auditor General is in most countries the external auditor of the budget execution of the...
- Committee of Sponsoring Organizations of the Treadway CommissionCommittee of Sponsoring Organizations of the Treadway CommissionThe Committee of Sponsoring Organizations of the Treadway Commission is a voluntary private-sector organization, established in the United States, dedicated to providing guidance to executive management and governance entities on critical aspects of organizational governance, business ethics,...