Risk Management

Professional Practices Framework for Internal Auditors

Internal auditors are crucial to all organisations in the assessment and evaluation of their risk-management strategies, controls and policies, and in ensuring that organisations comply with relevant laws and standards. Once they have performed the necessary analysis and review, internal auditors will advise the executive leadership and Board on the extent and effectiveness of organisational governance, including the ability to meet its objectives and address actual and potential risks. They may also provide opinions on how these enterprise risks may be addressed to ensure the long-term viability and sustainability of an organisation.
As the international governing body, the Institute of Internal Auditors (‘IIA’) is recognised as ‘the voice’ of internal auditors and ensures their continued education through professional advice and training, through the publication of a framework of standards and guidelines, namely the International Professional Practices Framework (‘IPPF’). Following an extensive internal auditors’ global survey in 2014, a decision was made to update and enhance the IPPF, in order for it to remain relevant in light of the changing international business environment.
The amendments to the IPPF include the addition of a Mission Statement and Core Principles, as well as revisions to the International Standards for the Professional Practice of Internal Auditing (‘Standards’). One of the main focuses of the revised IPPF is the importance of the objectivity and independence of internal auditors. Of interest in this regard are the findings of the South African IIA’s Corporate Governance Index (‘CGI’) 2017, which reflects the views of 281 Chief Audit Executives (‘CAEs’), who provided an impartial view of the state of corporate governance in South Africa, across various industries and economic sectors. Findings from the CGI 2017 showed that there were significant decreases, in a number of sectors, in the percentages of CAEs who strongly agreed that internal audit had a sufficient degree of independence to enable it to execute its duties without undue influence or interference.
In addition to the aforesaid — and related to the matters of internal auditors operating without undue influence or interference — the recent ethics requirements and guidance for responding to Non-Compliance with Laws and Regulations (‘NOCLAR’) by members of the audit and accounting professions has far-reaching impact on internal and external auditors alike. These ethical requirements establish a comprehensive response framework that guides professional auditors and accountants in terms of the factors to consider and the steps to be taken when they become aware of NOCLAR or suspected NOCLAR. Section 45 of the Auditing Profession Act, 2005, sets out similar irregularity reporting requirements for external auditors, as does the Companies Act, 2008 and its Regulations.
The IPPF elevates the ethical obligations of internal auditors, infsofar as they have a double duty of compliance and due professional care. They are firstly bound by a duty to the organisations which they serve, either as an employee or an insourced contractor, via the law and company rules, policies and practices. Secondly, the IPPF also places professional and ethical obligations on internal auditors to abide by and enforce certain professional standards and ethics in respect of the organisations they serve, and also the public at large.
There is more reason than ever for all organisations — as well as the internal and external auditors serving them — to take careful cognisance of all relevant company policies, local and international legislation and guidance, as well as the IPPF, and to apply their guidance and recommendations diligently.
CGF’s report, International Professional Practices Framework for Internal Auditors — which can be found in CGF’s web-based Corporate Governance Body of Knowledge® — enjoys the peer review of Dr Claudelle von Eck (CEO: Institute of Internal Auditors, South Africa) and Bernard Agulhas (CEO: Independent Regulatory Board for Auditors).

Related posts
Risk Management

Managing business risks: easy steps any SME can take today

Research and SurveysRisk Management

Lloyd’s and Aon report reveals the highly interrelated risks of Ukraine conflict reshaping business models and global economy

Risk ManagementShort-term

iTOO stays the course amid continued increase of commercial crime risks

Risk ManagementShort-term

Fire, faulty workmanship, and natural catastrophes top causes of insurance claims for business in South Africa