The following is the text of the Standard on Internal Audit (SIA) 7, Quality Assurance in Internal Audit, issued by the Council of the Institute of Chartered Accountants of India. These Standards should be read in conjunction with the Preface to the Standards on Internal Audit, issued by the Institute.

In terms of the decision of the Council of the Institute of Chartered Accountants of India taken at its 260th meeting held in June 2006, the following Standard on Internal Audit shall be recommendatory in nature in the initial period. The Standards shall become mandatory from such date as notified by the Council.

Introduction

1. Paragraph 3.1 of the Preface to the Standards on Internal Audit, describes the internal audit as follows:

“Internal audit is an independent management function, which involves a continuous and critical appraisal of the functioning of an entity with a view to suggest improvements thereto and add value to and strengthen the overall governance mechanism of the entity, including the entity’s strategic risk management and internal control system. Internal audit, therefore, provides assurance that there is transparency in reporting, as a part of good governance.”

2. Paragraphs 7 and 8 of the Standard on Internal Audit (SIA) 2, Basic Principles Governing Internal Audit, state as follows:

“7. The internal auditor should either have or obtain such skills and competence, acquired through general education, technical knowledge obtained through study and formal courses, as are necessary for the purpose of discharging his responsibilities.

8. The internal auditor also has a continuing responsibility to maintain professional knowledge and skils at a level required to ensure that the client or the employer receives the advantage of competent professional service based on the latest developments in the profession, the economy, the relevant industry and legislation.”

Scope

3. This Standard on Internal Audit shall apply whenever an internal audit is carried out, whether carried out by an in house internal audit department or by an external firm of professional accountants. For the purpose of this Standard, the term “firm” means a sole practitioner/ proprietor, partnership or any such entity of professional accountants as may be permitted by law¹.

Objective

4. The purpose of this Standard on Internal Audit (SIA) is to establish standards and provide guidance regarding quality assurance in internal audit.

5. A system for assuring quality in internal audit should provide reasonable assurance that the internal auditors comply with professional Standards, regulatory and legal requirements, so that the reports issued by them are appropriate in the circumstances.

6. In order to ensure compliance with the professional Standards, regulatory and legal requirements, and to achieve the desired objective of the internal audit, a person within the organization should be entrusted with the responsibility for the quality in the internal audit, whether done in – house or by an external agency.

7. In the case of the in – house internal audit or a firm carrying out internal audit, the person entrusted with the responsibility for the quality in internal audit should ensure that the system of quality assurance include policies and procedures addressing each of the following elements:

(a) Leadership responsibilities for quality in internal audit – The person entrusted with the responsibility for the quality in internal audit should take responsibility for the overall quality in internal audit.

(b) Ethical requirements – The person entrusted with the responsibility for the quality in internal audit should establish policies and procedures designed to provide it with reasonable assurance that the personnel comply with relevant ethical requirements. If matters come to his attention that indicate that the members of the internal audit engagement team have not complied with relevant ethical requirements, he should, in consultation with the appropriate authority in the entity, determine the appropriate course of action.

(c) Acceptance and continuance of client relationship and specific engagement, as may be applicable– The person entrusted with the responsibility for the quality in internal audit should establish policies and procedures for the acceptances and continuance of client relationships and specific engagements, designed to provide reasonable assurance that it will undertake or continue relationships and engagements.

d) Human resources – The person entrusted with the responsibility for the quality in internal audit should establish policies and procedures regarding assessment of the staff’s capabilities and competence designed to provide it with reasonable assurance that there are sufficient personnel with the capabilities, competence, and commitment to ethical principles necessary to:

  • Perform engagements in accordance with professional standards and regulatory and legal requirements; and
  • Enable the firm or engagement partner to issue reports that are appropriate in the circumstances.

(e) Engagement performance- The person entrusted with the responsibility for the quality in internal audit should establish policies and procedures designed to provide it with reasonable assurance that engagements are performed in accordance with the applicable professional Standards and regulatory and legal requirements and that the reports issued by the internal auditors are appropriate in the circumstances.

(f) Monitoring – The person entrusted with the responsibility for the quality in internal audit should establish policies and procedures designed to provide reasonable assurance that the policies and procedures relating to the system of quality assurance are relevant, adequate, operating effectively and complied with in practice.

(8) In order to improve the functionalities of the organisation, transparency in reporting and good governance, the person entrusted with responsibility for the quality in internal audit, while establishing the quality assurance framework, should consider the following parameters of the internal audit activity:

  • Terms of engagement and their adequacy.
  • Professional standards and compliance therewith.
  • Internal audit goals and the extent to which they are being achieved.
  • Recommendations for improving the quality of internal audit and the extent to which they are being implemented and their effectiveness.
  • Skills and technology used in carrying out internal audit.

9. The person entrusted with the responsibility for the quality in internal audit needs to ensure that the quality assurance framework is embedded in the internal audit. This can, for example, be achieved in the following manner:

  • Developing an internal audit manual clearly defining the specific role and responsibilities, policies and procedures, documentation requirements, reporting lines and protocols, targets and training requirements for the staff, internal audit performance measures and the indicators.
  • Ensuring that the internal audit staff at all levels is appropriately trained and adequately supervised and directed on all assignments.
  • Identifying the customers of the internal audit activity.
  • Establishing a formal process of feedback from the users of the internal audit services, such as the senior management executives, etc. Some of the attributes on which the feedback may be sought include quality, timeliness, value addition, efficiency, innovation, effective communication, audit team, time management. The responses received from the users of the internal audit services should also be shared with the appropriate levels of management and those charged with governance.
  • Establishing appropriate performance criteria for measuring the performance of the internal audit function. In case the internal audit activity is performed by an external agency, the contract of the engagement should contain a clause for establishment of performance measurement criteria and periodic performance review. These performance measurement criteria should be approved by the management.
  • Identify and benchmark with industry/ peer group performance.

10. The quality assurance framework established by the person entrusted with the responsibility for the quality in internal audit should, therefore, cover all the elements of the internal audit activity.

For example,

  • Development and implementation of the internal audit policies and procedures.
  • Maintenance and monitoring of the budget for the internal audit activity.
  • Maintenance and updations of the overall internal audit plan.
  • Identification of the risk areas and the internal audit plan to address these risks.
  • Acquisition and deployment of audit tools and use of technology to enhance the efficiency and effectiveness of the internal audit activity.
  • Co-ordination with the external auditors.
  • Staffing related aspects of internal audit – recruitment, training, etc.
  • Planning and implementation of the training and professional development of the internal audit staff.
  • Implementation of the performance metrics for the internal audit activity and periodic monitoring of the same.
  • Review of the follow up actions taken on the findings of the internal audit activity.

Internal Quality Reviews

11. The internal quality review framework should be designed with a view to provide reasonable assurance to that the internal audit is able to efficiently and effectively achieve its objectives of adding value and strengthening the overall governance mechanism of the entity, including the entity’s strategic risk management and internal control system.

Internal Quality Reviewer

12. The internal quality review should be done by the person entrusted with the responsibility for the quality in internal audit and/ or other experienced member(s) of the internal audit function.

13. The internal quality reviews should be undertaken on an ongoing basis. The person entrusted with the responsibility for the quality in internal audit should ensure that recommendations resulting from the quality reviews for the improvements in the internal audit activity are promptly implemented.

Communicating the Results of the Internal Quality Review

14. The person entrusted with the responsibility for the quality in internal audit should also ensure that the results of the internal quality reviews are also communicated to the appropriate levels of management and those charged with governance on a timely basis along with the proposed plan of action to address issues and concerns raised in the review report.

External Quality Review

15. External quality review is a critical factor in ensuring and enhancing the quality of internal audit. The frequency of the external quality review should be based on a consideration of the factors such as the maturity level of the internal audit activity in the entity, results of the earlier internal audit quality reviews, feedbacks as to the usefulness of the internal audit activity from the customers of the internal audit, costs vis a vis perceived benefits of the frequent external reviews. The frequency should not in any case be less than once in three years.

External Quality Reviewer

16. The external quality review should be done by a professionally qualified person having an in depth knowledge and experience of, inter alia, the professional Standards applicable to the internal auditors, the processes and procedures involved in the internal audit generally and those peculiar to the industry in which the entity is operating, etc. The external quality reviewer should be appointed in consultation with the person entrusted with the responsibility for the quality in internal audit, senior management and those charged with governance.

Communicating Results of the External Quality Review

17. The external quality reviewer should discuss his findings with the person entrusted with the responsibility for the quality in internal audit. His final report should contain his opinion on all the parameters of the internal audit activity, as discussed in paragraph 10, and should be submitted to the person entrusted with the responsibility for the quality in internal audit and copies thereof be also sent to those charged with governance. The person entrusted with the responsibility for the quality in internal audit should, also submit to those charged with governance, a plan of action to address the issues and concerns raised by the external quality reviewers in his report.

Effective Date

18. This SIA is effective for all quality assessments/ reviews of internal audit undertaken on or after …………… Earlier application of the SIA is encouraged.

Note:

* Published in the October 2008 issue of The Chartered Accountant.

1. The Standard on Quality Control (SQC) 1, Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements issued by the Council of the Institute of Chartered Accountants of India applies to the firms carrying out internal audit to the extent such internal audit activities fall under the scope of audits and reviews of the historical financial information and other assurance and other related services.

Source- ICAI

More Under CA, CS, CMA

Leave a Comment

Your email address will not be published. Required fields are marked *

Search Posts by Date

March 2021
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
293031