Framework for Standards on Internal Audit was, originally, issued by the Board in August 2007, which was recommendatory in nature. The revised Framework Governing Internal Audits shall become mandatory from such date as notified by the Council.
1. Introduction and Scope
1.1. The Framework Governing Internal Audits lays down the underlying principles and boundaries for the internal audit function and activity. It provides clarity on key components governing internal audits to ensure standardisation and quality in discharge of Internal Auditors’ responsibilities.
1.2. Scope: The framework covers all aspects of internal audits, from the overall management of the internal audit function to the performance of specific internal audit assignments.
2.1. The main objectives of a framework are to:
(i) Provide clarity on key components that govern internal audits;
(ii) Outline the manner in which these components are inter-related; and
(iii) Specify how these are essential to the conduct of quality internal audits.
3. Definition of Internal Audit
3.1. Internal Audit is defined as follows:
Internal audit provides independent assurance on the effectiveness of internal controls and risk management processes to enhance governance and achieve organisational objectives.
3.2. Brief explanation of the key terms used above is as follows:
(i) Independence:Internal audit shall be an independent function, achieved through the position, organization structure and reporting of the internal auditor.
At times, in addition to providing assurance, the internal auditor may adopt an advisory role to help an organization achieve its objectives, provided this does not compromise the independence of the internal auditor.
(ii) Internal controls and risk managementare integral parts of management function and business operations. An internal auditor is expected to evaluate the design and operating effectiveness of internal controls and risk management processes (including reporting processes) as designed and implemented by the management.
(iii) Governance is a set of relationships between the company and its various stakeholders and provides the structure through which the company’s objectives are achieved. It includes compliance with internal policies and procedures and laws and regulation.
(iv) Organizational objectives incorporate the interests of all stakeholders and include the short and medium term goals that an organisation seeks to accomplish.
3.3. This definition forms the underlying foundation of all the Standards on Internal Audit (SIAs) issued by the Board. Internal audit activities shall be conducted in line with the Definition of Internal Audit.
4. The Framework
4.1. The Framework Governing Internal Audits comprises of “Definition of Internal Audit” (as covered above), four components and the most important underlying principle “Code of Ethics”. Each component is inherent to the whole process of internal audit and implicitly forms part of the Standards on Internal Audit, even though they may not be mentioned explicitly in the Standards. Hence, as explained in the Preface, they all are mandatory in nature, except the Guidance which is recommendatory.
4.2. The four components (forming the pillars) of the framework are:
(i) Basic Principles of Internal Audit
(ii) Key Concepts
(iii) Standards on Internal Audit (SIAs)
A pictorial depiction of the Framework Governing Internal Audit is as follows:
5. Code of Ethics
5.1. Every Internal Auditor is bound by a written Code of Ethics, issued by an organisation and/or the professional institution of which he is a member. This commits the Internal Auditor to ethical Standards applied with utmost integrity and sincerity.
5.2. A member of the Institute of Chartered Accountants of India, carrying out an internal audit activity, is, additionally, governed by:
(a) the requirements of the Chartered Accountants Act, 1949
(b) the Code of Ethics issued by the Institute of Chartered Accountants of India
(c) other relevant pronouncements of the Institute of Chartered Accountants of India.
6. Components of the Framework
6.1 Basic Principles of Internal Audit1
The Basic Principles of Internal Audit are a set of core principles fundamental to the function and activity of internal audit. The Basic Principles are critical to achieve the desired objectives as set out in the Definition of the Internal Audit, and therefore, apply to all internal audits.
The principles can be summarised as follows:
2. Integrity and Objectivity
3. Due Professional Care
5. Skills and Competence
6. Risk Based Audit
7. Systems and Process Focus
8. Participation in Decision Making
9. Sensitive to Multiple Stakeholder Interests
10. Quality and Continuous Improvement.
6.2 Key Concepts2
There are certain concepts which form integral part of the internal audit activity and, therefore, apply to most internal audits. In fact, some of the concepts are ingrained in the Definition of Internal Audit. The key concepts are in the nature of:
6.3 Standards on Internal Audit (SIAs)
The Standards on Internal Audit (SIAs) establish uniform evaluation criteria, methods, processes and practices. The Standards are pronouncements which form the basis for conducting all internal audit activity. These pronouncements are designed to help the internal auditor to discharge his responsibilities.
These are a set of guidelines, which include Guidance Notes, Implementation Guides and Technical Guides. These guidelines are important for implementation of the SIAs and provide clarification for their applicability under particular circumstances.
7. Effective Date
7.1 This Framework Governing Internal Audits is applicable for all internal audits beginning on or after a date to be notified by the Council of the Institute.
* Issued in November, 2018.
1 Refer Para. 3 of Basic Principles of Internal Audit issued by the Board.
2 The details of Key Concepts are published as separate Standards (SIA, 100 series).