To those outside the profession, internal auditors may appear to have their own way in which they work.
However, internal auditors are required to follow the International Professional Practices Framework (IPPF), which is a set of standards promulgated by the Institute of Internal Auditors (IIA).
“This framework is commonly known in our profession as ‘the red book,’ because the hard copy has a red cover,” said Julie Earls with the Internal Audit Department. “The red book covers our responsibilities as internal auditors within our organization as well as standards on how to perform our work, and it is available in 29 languages.”
The IPPF is intended to assist practitioners and stakeholders in being responsive to the demand for high quality internal auditing.
After the definition of internal auditing, the IPPF outlines the internal auditors Code of Ethics, which states that internal auditors should uphold the principles of integrity, objectivity, confidentiality and competency.
The IPPF also outlines attribute and performance standards for the profession. Attribute standards describe how the internal audit function should operate as a whole within an organization; topics include organizational independence and continuing professional development
Performance standards provide guidance on how daily work should be performed. These direct how audits are planned and how the results are communicated, as well as how Internal Audit monitors the progress of corrective actions.
Responsibilities of internal auditors are defined by the Core Principles for the Professional Practice of Internal Auditing; these principles are:
- Demonstrates integrity
- Demonstrates competence and due professional care
- Is objective and free from undue influence (independent)
- Aligns with the strategies, objectives and risks of the organization
- Is appropriately positioned and adequately resourced
- Demonstrates quality and continuous improvement
- Communicates effectively
- Provides risk-based assurance
- Is insightful, proactive and future-focused
- Promotes organizational improvement
Earls noted that Internal Audit is audited, too. “The standards require that we have an external assessment at least once every five years. An external person or team reviews our work to determine if we are conforming to the IPPF and issues a report that is then presented to the Audit, Compliance and Enterprise Risk Management Committee of the Board of Trustees.”
May is International Internal Audit Awareness Month; learn more about UNC Charlotte’s Internal Audit Department on the web.