Standards of Practice
Internal Audit operates within The Institute of Internal Auditors (IIA) International Standards for the Professional Practice of Internal Auditing (“Standards” or “Red Book”) including the IIA’s Definition of Internal Auditing, Code of Ethics, Rules of Conduct and Quality Assurance Improvement Program. Internal Audit utilizes the Committee of Sponsoring Organizations of the Treadway Commission (COSO) control framework(s), Internal Audit’s procedure manual, and when required and not otherwise in conflict with the Standards, the Generally Accepted Government Auditing Standards (“Yellow Book”). The IIA's Practice Advisories, Practice Guides, and Position Papers will guide operations as applicable. Internal Audit will adhere to Southern Oregon University’s relevant policies and procedures, but in the event of conflicting direction, the Standards shall prevail.
The Association of Independent Certified Public Accountants (AICPA) Professional Standards uses "consider" when the member is required to think about various matters, whereas "evaluate" is used when the member is to asses and weigh the importance of the matter. "Determine" is used when a member is to arrive at a conclusion and make a decision.
The Core Principles of Internal Auditing
Demonstrates competence and due professional care.
Is objective and free from undue influence (independent).
Aligns with the strategies, objectives, and risks of the organization.
Is appropriately positioned and adequately resourced.
Demonstrates quality and continuous improvement.
Provides risk-based assurance.
Is insightful, proactive, and future-focused.
Promotes organizational improvement.
Definition of Internal Auditing
"Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes." - The Institute of Internal Auditors'
Quality Assurance and Improvement Program
IIA Standards require the creation and maintenance of a Quality Assurance and Improvement Program. The Standards currently require an assessment by a qualified independent reviewer or review team from outside the organization at least every five years. Until the first successful assessment it is not appropriate for Internal Audit to state “in conformance with the Standards,” or “in conformity to the Standards” in its reports.
Code of Ethics
Internal Auditors are expected to apply and uphold the following principles as defined in the IIA Code of Ethics:
Integrity - The integrity of Internal Auditors establishes trust and thus provides the basis for reliance on their judgment.
Objectivity - Internal Auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal Auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments.
Confidentiality - Internal Auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.
Competency - Internal Auditors apply the knowledge, skills, and experience needed in the performance of internal auditing services.
Rules of Conduct
1. Integrity - Internal Auditors:
1.1. Shall perform their work with honesty, diligence, and responsibility.
1.2. Shall observe the law and make disclosures expected by the law and the profession.
1.3. Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization.
1.4. Shall respect and contribute to the legitimate and ethical objectives of the organization.
2. Objectivity - Internal Auditors:
2.1. Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization.
2.2 Shall not accept anything that may impair or be presumed to impair their professional judgment.
2.3 Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.
3. Confidentiality - Internal Auditors:
3.1 Shall be prudent in the use and protection of information acquired in the course of their duties.
3.2 Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.
4. Competency - Internal Auditors:
4.1. Shall engage only in those services for which they have the necessary knowledge, skills, and experience.
4.2 Shall perform internal auditing services in accordance with the International Standards for the Professional Practice of Internal Auditing.
4.3 Shall continually improve their proficiency and the effectiveness and quality of their services.