Knowledge Session Series by CA, CIA, CRMA, CISA Arpit Garg

Certified Internal Auditor (CIA): Part 1 – Batch 6

Session 2
CIA COURSE

Part 1 Part 2 Part 3

Essentials of Practice of Internal Business
Internal Auditing Auditing knowledge for
Internal Auditing

8 Units 10 Units 16 Units

Section I: Foundations of
Internal Auditing
Section II: Independence, Section I : Managing the
Objectivity Internal Audit Activity Section I: Business
Acumen
Section III: Proficiency Section II: Planning the
and Due Professional Engagement Section II: Information
Care Security
Section III: Performing the
Section IV: Quality Engagement Section III: Information
Assurance and Technology
Improvement Program Section IV:
Communicating Section IV: Financial
Section V: Governance, Engagement Results and Management
Risk Management, and Monitoring Progress
Control
Section VI: Fraud Risks
CIA EXAMINATION

# of Questions Time Available

Break not
available
Part 1 – 2.5 hours
/ 150 Minutes
Part 1 – 125
Part 2 & 3 – 2
Part 2 & 3 – 100
hours/120
Minutes
CIA PART 1: COVERAGE

Topics to be covered Weightage

Foundations of Internal
Unit 1 15%
Auditing
Unit 2 Independence, Objectivity, and
Proficiency
40%
Unit 3 Due Professional Care and
QAIP
Unit 4 Governance

Unit 5 Risk Management

35%
Controls: Type and
Unit 6 Frameworks

Unit 7 Controls: Application

Unit 8 Fraud Risks and Controls 10%

CIA PART 1: UNIT 1 - COVERAGE

FOUNDATIONS OF INTERNAL AUDITING

1 Applicable Guidance (IPPF)

2 Internal Audit Ethics – Introduction and

Principles

3 Internal Audit Ethics – Integrity

Proficient
4 Internal Audit Ethics – Objectivity

5 Internal Audit Ethics – Confidentiality

6 Internal Audit Ethics – Competency

7 Internal Audit Charter Basic

CIA PART 1: UNIT 1 – KEY LEARNINGS

1.1 Applicable Guidance IPPF

What are the 4

Mission of internal What does IPPF things included in Definition of
auditing contains? Mandatory Internal Auditing
Guidance?

Core Principles of Standards of Internal

Code of ethics
Internal Auditing Auditing

1.2 Code of Ethical Conduct for Professionals

Aspects of codes of Components of code of ethical conduct

Reasons for codes ethical conduct includes:
of ethical conduct • Integrity
To enhance code of • Objectivity
What Is the primary ethics it should • Confidentiality
purpose? provide? • Competency
CIA PART 1: UNIT 1 – KEY LEARNINGS

1.3 to 1.7 Internal Audit Ethics

Understanding principles of
Applicability of • Integrity Examples of
provisions of code • Objectivity violations of code of
of ethics? • Confidentiality conduct - Integrity
• Competency

Examples of Examples of
Examples of
violations of code of violations of code of
violations of code of
conduct - conduct - competency
conduct - objectivity
confidentiality

1.8 Internal Audit Charter

Recognizing
What is purpose mandatory
authority and guidance in the
responsibility Internal Audit
Charter
UNIT 1: UNDERSTANDING ORGANIZATION STRUCTURE

Board of Directors

CEO

CFO

Ops head/ COO

Audit

Functional reporting
Purchase Sales Finance IT
Administrative reporting

Marketing Production Logistics Stores

Customer
Admin HR Projects
support
UNIT 1: UNDERSTANDING IPPF

IPPF contains
Mandatory Guidance
and Recommended
Guidance
UNIT 1 : MISSION, DEFINITION & CORE PRINCIPLES

Mission of Internal Auditing Core Principles

• To enhance and protect organizational

value by providing risk-based and objective 1. Demonstrates integrity
assurance, advice, and insight. 2. Demonstrates competence and due
• Facilitating the achievement of this mission is professional care.
the IPPF 3. Is objective and free from undue influence
(independent).
4. Aligns with the strategies, objectives, and
Definition of Internal Auditing risks of the organization.
5. Is appropriately positioned and adequately
Internal auditing is an independent, objective resourced.
assurance and consulting activity designed to 6. Demonstrates quality and continuous
add value and improve an organization’s improvement.
operations. It helps an organization accomplish its 7. Communicates effectively.
objectives by bringing a systematic, disciplined 8. Provides risk-based assurance.
approach to evaluate and improve the 9. Is insightful, proactive, and future-focused.
effectiveness of risk management, control, and 10. Promotes organizational improvement.
governance processes.

Important Note
The Core Principles and the Definition of Internal Auditing are encompassed in the Code of Ethics
and the Standards. Thus, conformance with the Code and the Standards demonstrates
conformance with all mandatory elements of the IPPF
UNIT 1 : CODE OF ETHICAL CONDUCT

Reasons for codes of ethical conduct

• Primary purpose is to promote an ethical culture among professionals who serve others.
Additional functions of a code of ethical conduct for a professional organization include
• Communicating acceptable values to all members,
• Establishing objective standards against which individuals can measure their own performance, and
• Communicating the organization’s values to outsiders.

Aspects Applicability

• The provisions of the Code are

• Existence of a code does not ensure that its principles
applied broadly to all organizations
are followed or trustworthy
and persons who perform internal
• It is impossible to require equality of competence by all
audit services, not just CIAs and
members of a profession
members of The IIA
• The code should provide for disciplinary action for
• Violations of rules of ethics should be
violators
reported to The IIA’s board of
directors

Components
Code of Ethics extends beyond the Definition of Internal Auditing to include two essential components
• Principles that are relevant to the profession and practice of internal auditing
• Rules of Conduct that describe behavior norms expected of internal auditors
UNIT 1 : CODE OF ETHICS - PRINCIPLES

Integrity Objectivity
Refusal to compromise Professional values
+ Providing stakeholders with Unbiased
information
Performance of professional duties in accordance
+
with relevant laws. Independence from Conflict of Interest
• Performing work with honesty, diligence and
responsibility • Not participate in any activity or relationship
• Making disclosure expected by the law, that may impair or be presumed to impair
• Not Knowingly becoming a party to an illegal act their unbiased assessment.
or engage in an act discreditable to the
profession. • Shall not accept anything that may impair
or be presumed to impair their professional
Confidentiality judgment.
• Be prudent in the use and protection of • Shall disclose all material facts known to
information acquired in the course of duties them that, if not disclosed, may distort the
• Not use information for any personal gain or in reporting of activities under review.
any manner that would be contrary to the law

Competency

• Engage only in those services for which we have the necessary knowledge, skills, and experience
• Perform internal audit services in accordance with Standards
• Continually improve the proficiency and the effectiveness and quality of services
UNIT 1 : EXAMPLES OF VIOLATION OF CODE OF ETHICS

Integrity Objectivity
• Making claims about one’s competency in a manner that • Auditing an area where a close friend or relative
is deceptive, false, or misleading. is employed
• Lying • Auditing an area where the auditor worked
• Overlooking illegal activities within the previous year
• Making disparaging comments about the organization, • Accept fees, gifts, or entertainment from an
fellow employees, or its stakeholders. employee, client, customer, supplier, or business
associate.
Confidentiality • Distorting facts reported in final engagement
communications
• Using insider financial, strategic, or operational • Sale of service or products by the internal
knowledge of an organization to bring about personal auditor to the organization
financial gain by purchasing or selling shares in the • Working in a non-audit position and accepting
organization. gifts not permitted by IIA code of conduct
• Releasing insider knowledge to journalists or via other • Not communicating pertinent information to the
media without proper authorization. CAE.
• Using insider information to develop a competitive • Accepting a bonus based on work accomplished
product or selling proprietary information to a competitor. during an audit.
Note: Disclosing confidential information in response to • Intentional omission of disclosures of illegal
a court order is not a violation. activity from final engagement communications.

Competency

• Accepting an engagement where Internal Audit function collectively lacks Knowledge, skills, experience or
proficiency is a violation.
UNIT 1 : CODE OF ETHICS - PRINCIPLES

MCQ 1: What is the primary purpose of The IIA's Code of Ethics?

A. Communicate specific activities appropriate to the performance of internal auditing

B. Promote ethical culture within corporations and other business organizations
C. Establish mandatory standards of competence for the practice of internal auditing
D. Establish principles and expectations governing behavior of individuals and organizations in the conduct
of internal auditing

Correct Answer: D

MCQ 2: A review of an organization's code of conduct revealed that it contained comprehensive guidelines
designed to inspire high levels of ethical behavior. The review also revealed that employees were
knowledgeable of its provisions. However, some employees still did not comply with the code. What
element should a code of conduct contain to enhance its effectiveness?

A. Periodic review and acknowledgment by all employees.

B. Employee involvement in its development.
C. Public knowledge of its contents and purpose.
D. Provisions for disciplinary action in the event of violations.

Correct Answer: D
UNIT 1 : CODE OF ETHICS - PRINCIPLES

MCQ 3: Which of the following would be permissible under the IIA Code of Ethics?

A. Disclosing confidential, audit-related, information that is potentially damaging to the

organization in a court of law in response to a subpoena
B. Using audit-related information in a decision to buy stock issued by the employer's corporation.
C. Accepting an unexpected gift from an employee whom you have praised in a recent audit
report.
D. Not reporting significant findings about illegal activity to the audit committee because
management has indicated it will handle the issue.

Correct Answer: A

MCQ 4: According to The IIA’s Code of Ethics, which of the following best describes the principle of
integrity?

A. Auditors shall observe the law and make disclosures expected by the law and the profession
B. Auditors shall disclose all material facts known to them that if not disclosed may distort the reporting of
activities under review
C. Auditors shall engage only in those services for which they have the necessary knowledge skills and
experience
D. Auditors shall be prudent in the use and protection of information acquired in the course of their duties

Correct Answer: A
UNIT 1 : TYPES OF STANDARDS

Standards

Attribute Performance Interpretation Implementation

Clarifications for Expand upon

terms and conditions other Standards
19 33 in Attribute and (i.e., Attribute
Performance and
standards Performance)
Govern the Govern the nature of
responsibilities , Internal Auditing and Provides
attitudes and actions provide quality criteria requirements
of the organization’s for evaluating the applicable to
Internal Audit Activity internal audit Assurance and
and the people who performance Consulting Services
serve as Internal
Auditors

Part 1 –Focus on Attribute Standards

CIA PART 1: LIST OF ATTRIBUTE STANDARDS

Attribute Standards
1000 Purpose, Authority, and Responsibility
1010 Recognizing Mandatory Guidance in the Internal Audit Charter
1100 Independence and Objectivity
1110 Organizational Independence
1111 Direct Interaction with the Board
1112 Chief Audit Executive Roles Beyond Internal Auditing
1120 Individual Objectivity
1130 Impairment to Independence or Objectivity

1200 Proficiency and Due Professional Care

1210 Proficiency
1220 Due Professional Care
1230 Continuing Professional Development

1300 Quality Assurance and Improvement Program

1310 Requirements of the Quality Assurance and Improvement Program
1311 Internal Assessments
1312 External Assessments
1320 Reporting on the Quality Assurance and Improvement Program
1321 Use of “Conforms with the International Standards for the Professional Practice of Internal Auditing”
1322 Disclosure of Nonconformance

5
UNIT 1 : LIST OF PERFORMANCE STANDARDS

Performance Standards
2000 Managing the Internal Audit Activity
2010 Planning
2020 Communication and Approval
2030 Resource Engagement
2040 Policies and Procedures
2050 Coordination and Reliance
2060 Reporting to Senior Management and the Board
2070 External service provider and organizational responsibility for internal auditing

2100 Nature of work

2110 Governance
2120 Risk Management
2130 Control

2200 Engagement Planning

2201 Planning Considerations
2210 Engagement Objectives
2220 Engagement Scope
2230 Engagement Resource Allocation
2240 Engagement work program
UNIT 1 : LIST OF PERFORMANCE STANDARDS

Performance Standards
2300 Performing the Engagement
2310 Identifying the Information
2320 Analysis and Evaluation
2330 Documenting Information
2340 Engagement Supervision

2400 Communicating Results

2410 Criteria for Communicating
2420 Quality of Communications
2421 Errors and Omissions
Use of “Conducted in Conformance with the International Standards for the Professional Practice of
2430 Internal Auditing”
2431 Engagement Disclosure of Nonconformance
2440 Disseminating Results
2450 Overall Opinions

2500 Monitoring Progress

2600 Communicating the Acceptance of Risks
 UNIT 1 : INTERNAL AUDIT CHARTER

Purpose
The purpose of the internal audit activity is to provide “independent, objective assurance and consulting
services…”
Assurance Services:
Definition: Objective assessment of evidence to provide opinion or conclusions regarding an entity,
operation, function, process, system, or other subject matters.
Nature and Scope: Determined by the internal auditor.
Participants: 3 parties (User, Process owner and the Auditor)
Examples: Financial, Performance, Compliance, System security and Due Diligence engagements
Consulting Services:
Definition: Activities intended to add value and improve an organization’s governance, risk management
and control processes. (Advisory in nature)
Nature and Scope: Subject to agreement with the engagement client.
Participants: 2 parties (Auditor and Engagement client)
Examples: Advice, facilitation and training

Authority Responsibility
Internal audit activity should be empowered to To provide the organization with assurance and
require auditees to grant access to all records, consulting services that will add value and improve the
personnel, and physical properties relevant to the organization’s operations
performance of every engagement
Final Approval of the charter resides with the Board
UNIT 1 : CODE OF ETHICS - PRINCIPLES

MCQ 5: It has been established that an internal auditing charter is one of the more important factors
positively affecting the internal auditing department's independence. The IIA Standards help clarify
the nature of the charter by providing guidelines as to the contents of the charter. Which of the
following is not suggested in the Standards as part of the charter?

A. The department's access to records within the organization.

B. The scope of internal auditing activities.
C. The length of tenure for the internal auditing director.
D. The department's access to personnel within the organization.

Correct Answer: C

MCQ 6: An organization’s board of directors has decided that the internal audit activity must have greater
access to different parts of the organization in order to perform their assurance work effectively.
Which of !he following areas is the board seeking to improve by making this change?

A. Internal audit authority.

B. Internal audit reporting structure.
C. Internal audit independence and objectivity.
D. Internal audit interaction with the board

Correct Answer: A
 UNIT 1 : BLENDED ENGAGEMENTS

Assurance and consulting services are not mutually exclusive, so an audit activity can have both assurance
and consulting components. A blended engagement may consolidate elements of assurance and consulting
activities. A blended engagement may take the form of a due diligence engagement to provide assurance
and consulting services in support of management's evaluation of an acquisition candidate, for example. In
other instances, individual components of an engagement may be specified as assurance or consulting. This
blending of the two types of services can add value and create efficiencies.

However, if assurance and consulting services are blended, it must be ensured that there are no conflicts of
independence, objectivity, or otherwise with regard to roles and responsibilities.
CIA PART 1: UNIT 1

Let's Start Go through

UNIT 1 Content

6
THANK YOU ARPIT GARG