Quality Assurance Services

Quality Standards

Quality Assurance and Improvement Programme
The chief audit executive must develop and maintain a quality assurance and improvement programme that covers all aspects of the internal audit activity.

 

Interpretation:
A quality assurance and improvement programme is designed to enable an evaluation of the internal audit activity’s conformance with the Definition of Internal Auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The programme also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement.

Requirements of the Quality Assurance and Improvement Programme
The quality assurance and improvement programme must include both internal and external assessments. International

 

Standards for the Professional Practice of Internal Auditing (Standards)

Internal Assessments
Internal assessments must include:

  • Ongoing monitoring of the performance of the internal audit activity; and
  • Periodic reviews performed through self-assessment or by other persons within the organisation with sufficient knowledge of internal audit practices.

Interpretation:
Ongoing monitoring is an integral part of the day-to-day supervision, review, and measurement of the internal audit activity. Ongoing monitoring is incorporated into the routine policies and practices used to manage the internal audit activity and uses processes, tools, and information considered necessary to evaluate conformance with the Definition of Internal Auditing, the Code of Ethics, and the Standards.

 

Periodic reviews are assessments conducted to evaluate conformance with the Definition of Internal Auditing, the Code of Ethics, and the Standards.
Sufficient knowledge of internal audit practices requires at least an understanding of all elements of the International Professional Practices Framework.

External Assessments
External assessments must be conducted at least once every five years by a qualified, independent reviewer or review team from outside the organisation. The chief audit executive must discuss with the board:

  • The need for more frequent external assessments; and
  • The qualifications and independence of the external reviewer or review team, including any potential conflict of interest.

Interpretation:
A qualified reviewer or review team demonstrates competence in two areas: the professional practice of internal auditing and the external assessment process. Competence can be demonstrated through a mixture of experience and theoretical learning. Experience gained in organisations of similar size, complexity, sector or industry, and technical issues is more valuable than less relevant experience. In the case of a review team, not all members of the team need to have all the competencies; it is the team as a whole that is qualified. The chief audit executive uses professional judgment when assessing whether a reviewer or review team demonstrates sufficient competence to be qualified. An independent reviewer or review team means not having either a real or an apparent conflict of interest and not being a part of, or under the control of, the organization to which the internal audit activity belongs.

Reporting on the Quality Assurance and Improvement Programme
The chief audit executive must communicate the results of the quality assurance and improvement programme to senior management and the board.

 

Interpretation:
The form, content, and frequency of communicating the results of the quality assurance and improvement programme is established through discussions with senior management and the board and considers the responsibilities of the internal audit activity and chief audit executive as contained in the internal audit charter. To demonstrate conformance with the Definition of Internal Auditing, the Code of Ethics, and the Standards, the results of external and periodic internal assessments are communicated upon completion of such assessments and the results of ongoing monitoring are communicated at least annually. The results include the reviewer’s or review team’s assessment with respect to the degree of conformance.

Use of “Conforms with the International Standards for the Professional Practice of Internal Auditing
The chief audit executive may state that the internal audit activity conforms with the International Standards for the Professional Practice of Internal Auditing only if the results of the quality assurance and improvement programme support this statement.

 

Interpretation:
The internal audit activity conforms with the Standards when it achieves the outcomes described in the Definition of Internal Auditing, Code of Ethics, and Standards. The results of the quality assurance and improvement programme include the results of both internal and external assessments. All internal audit activities will have the results of internal assessments. Internal audit activities in existence for at least five years will also have the results of external assessments.

Disclosure of Nonconformance
When nonconformance with the Definition of Internal Auditing, the Code of Ethics, or the Standards impacts the overall scope or operation of the internal audit activity, the chief audit executive must disclose the nonconformance and the impact to senior management and the board.