Home > Audit, Compliance, COSO, GRC, IIA, Risk, Sarbanes, SOX > Updating the IIA Standards

Updating the IIA Standards

The IIA is asking for its members’ opinion on a set of proposed changes to the framework for its Standards (the IPPF). The detailed Standards are not changing, but the proposed changes are significant and merit every audit professional’s attention.

The proposal was crafted by a select group of practitioners called the “Re-Look Task Force”, and I was privileged to be a member.

The proposal explains the recommended changes and asks a number of questions to elicit members’ opinions and suggestions for improvement.

I encourage all IIA members across the world to read the proposal carefully and provide your input.

You should receive a copy of the proposal from your institute. You can also download it from either the IIA Global or IIA North America web site. In addition, Hal Garyn, a Vice President with The IIA, has recorded a video (http://auditchannel.tv/video/1321/The-IPPF-Is-Evolving-How-You-Can-Help).

I want to share my perspective on the changes, hoping that might be useful to you.

The proposal represents the consensus view. While there were, in a few cases, disagreements among the task force members, those disagreements were minor. The questions we included are designed to address those issues.

The task force discussed whether it was time to make a change to the Definition of Internal Auditing. Quite a few changes were suggested, but in my view they were only tinkering with the words and not changing the underlying message: that ours is an assurance activity (in my opinion this is our primary mission) that also helps our organizations succeed through consulting/advisory services that contribute to the improvement of governance, risk management, and related control processes.

We talked about changing “consulting” to “advisory”. We talked about ways to make the wording more succinct.

But in the end, it was tinkering and we recognized a change could lead to issues where the Definition has been incorporated into other standards, corporate governance codes, and so on.

I think the right decision was made, to leave the Definition unchanged.

We also talked about the Standards being “principle-based” rather than “rule-based”. If so, what are the principles?

Again, we spent a lot of time defining and then wordsmithing the principles.

I think the list included in the proposal is a good one. I will write separately about some of the principles and why I like them.

One of the questions is whether the principles are shown in the best order. This is one area where I was in the minority. While I see the logic of the proposed order, I would put the last three first as they represent what we are all about. The other nine are how we get there. You can share your opinion by answering a question on the order of the principles.

Although presented before the principles, the discussion of a mission came after.  I like it! It is short and sweet and captures the essence of the purpose and value of internal auditing.

I like the other suggestions for supplemental guidance, guidance on emerging issues, and local guidance. The last should be useful where local practices are in a different environment than in other countries. For example, I work with IIA chapters and institutes around the world and know that in some nations there are many family-owned corporations; in others there are a lot of government-owned for-profit companies. There will now be a place for local IIA organizations to craft guidance that addresses local issues in ways global guidance cannot.

If you haven’t already seen the proposal, please watch for it and if necessary check the IIA web site.

Feel free to share your thought here for discussion.

  1. August 7, 2014 at 9:12 AM

    Norman – I could tell some common sense was being applied – thanks for making this happen. The changes are not massive, but are important signals to ensure that a principles, proportionate, and sensible approach to internal audit is adopted and applied. I’ve commented on detail in my blog, as I think a number of the principles need a few tweaks. see http://chiefauditexecutive.wordpress.com/2014/08/07/standards-changes/ Overall though – good job!

  1. August 9, 2014 at 7:26 AM
  2. August 15, 2014 at 8:30 AM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: