Institute of Internal Auditors
This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)(Learn how and when to remove this template message)
|Headquarters||Lake Mary, Florida, United States|
|Over 170 countries|
The Institute of Internal Auditors (IIA) is the internal audit profession's most widely recognized advocate, educator, and provider of standards, guidance, and certifications. Established in 1941, the IIA today serves more than 190,000 members from more than 170 countries and territories. IIA's global headquarters are in Lake Mary, Fla., United States.
- 1 IIA Mission
- 2 Certified Internal Auditor (CIA)
- 3 Other certificates offered by the IIA
- 4 Professional Standards: the International Professional Practices Framework
- 5 See also
- 6 References
- 7 External links
The stated mission of The Institute of Internal Auditors is to provide "dynamic leadership" for the global profession of internal auditing. This includes:
- Advocating and promoting the value that internal audit professionals add to their organizations;
- Providing comprehensive professional education and development opportunities; standards and other professional practice guidance; and certification programs;
- Educating practitioners and other relevant audiences on best practices in internal auditing;
- Bringing together internal auditors from all countries to share information and experiences.
Certified Internal Auditor (CIA)
The CIA (Certified Internal Auditor) is the primary professional designation offered by The IIA. The CIA designation is a globally recognized certification for internal auditors and is a standard by which individuals may demonstrate their competency and professionalism in the internal audit field. In order to become a certified internal auditor, candidates must possess a four degree from an accredited institution as well as pass all three parts of the CIA exam.
Earning the CIA qualification is intended to demonstrate a professional knowledge of the internal audit profession. CIAs are required to take continuing education courses.
Other certificates offered by the IIA
- Certification in Control Self Assessment (CCSA)
- Certified Government Auditing Professional (CGAP), for Government performance auditing and Government Auditors
- Certified Financial Services Auditor (CFSA)
- Certification in Risk Management Assurance (CRMA)
- Qualification in Internal Audit Leadership (QIAL)
Professional Standards: the International Professional Practices Framework
The IIA has two levels of professional guidances: (1) Mandatory Guidance (including the Standards) and (2) Strongly Recommended Guidance. The two levels of guidance constitute the IIA's International Professional Practices Framework (IPPF).
Mandatory Guidance: the Definition of Internal Auditing, the Code of ethics and the Standards
These guidelines are mandatory for IIA members and internal audit organizations claiming to complete audits to IIA technical standards around the world. The guidelines and recommendations are recorded in what is referred to as the "Red Book."
- The Definition: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
- The four principles of the IIA's Code of Ethics are Integrity, Objectivity, Confidentiality and Competency.
- The International Standards for the Professional Practice of Internal Auditing:
|Attribute Standards||Performance Standards|
|1000 – Purpose, Authority, and Responsibility||2000 – Managing the Internal Audit Activity|
|1010 – Recognition of the Definition of Internal Auditing, the Code of Ethics, and the Standards in the Internal Audit Charter||2010 – Planning|
|1100 – Independence and Objectivity||2020 – Communication and Approval|
|1110 – Organizational Independence||2030 – Resource Management|
|1111 – Direct Interaction with the Board||2040 – Policies and Procedures|
|1120 – Individual Objectivity||2050 – Coordination|
|1130 – Impairments to Independence or Objectivity||2060 – Reporting to Senior Management and the Board|
|1200 – Proficiency and Due Professional Care||2070 - External Service Provider and Organizational Responsibility for Internal Auditing|
|1210 – Proficiency||2100 – Nature of Work|
|1220 – Due Professional Care||2110 – Governance|
|1230 – Continuing Professional Development||2120 – Risk Management|
|1300 – Quality Assurance and Improvement Program||2130 – Control|
|1310 – Requirements of the Quality Assurance and Improvement Program||2200 – Engagement Planning|
|1311 – Internal Assessments||2201 – Planning Considerations|
|1312 – External Assessments||2210 – Engagement Objectives|
|1320 – Reporting on the Quality Assurance and Improvement Program||2220 – Engagement Scope|
|1321 – Use of "Conforms with the International Standards for the Professional Practice of Internal Auditing"||2230 – Engagement Resource Allocation|
|1322 – Disclosure of Nonconformance||2240 – Engagement Work Program|
|2300 – Performing the Engagement|
|IIA Glossary||2310 – Identifying Information|
|2320 – Analysis and Evaluation|
|2330 – Documenting Information|
|2340 – Engagement Supervision|
|2400 – Communicating Results|
|2410 – Criteria for Communicating|
|2420 – Quality of Communications|
|2421 – Errors and Omissions|
|2430 – Use of "Conducted in Conformance with the International Standards for the Professional Practice of Internal Auditing"|
|2431 - Engagement Disclosure of Nonconformance|
|2440 – Disseminating Results|
|2450 – Overall Opinions|
|2500 – Monitoring Progress|
|2600 – Resolution of Senior Management's Acceptance of Risks|
Strongly Recommended Guidance: Position Papers, Practice Advisories, and Practice Guides
These Strongly Recommended Guidance help define and explain the IIA standards.
As practice guides, 8 PGs, 15 GTAG (Global Technology Audit Guide), and 3 GAITs (Guide to the Assessment of IT Risk) have been issued in 2009 and 2010. GTAGs are written in straightforward business language to address a timely issue related to information technology (IT) management, control, and security. To date, the IIA has released GTAGs on the following topics:
- GTAG 1: Information Technology Controls
- GTAG 2: Change and Patch Management Controls: Critical for Organizational Success
- GTAG 3: Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment
- GTAG 4: Management of IT Auditing
- GTAG 5: Managing and Auditing Privacy Risks
- GTAG 6: Managing and Auditing IT Vulnerabilities
- GTAG 7: Information Technology Outsourcing
- GTAG 8: Auditing Application Controls
- GTAG 9: Identity and Access Management
- GTAG 10: Business Continuity Management (BCM)
- GTAG-11: Developing the IT Audit Plan
- GTAG-12: Auditing IT Projects (Mar. 2009)
- GTAG-13: Fraud Prevention and Detection in an Automated World (December 2009)
- GTAG-14: Auditing User-developed Applications (June 2010)
- GTAG-15: Information Security Governance (June 2010)
- GTAG-16: Data Analysis Technology (August 2011)
- GTAG-17: Auditing IT Governance (July 2012)
Additional sources of guidance: Development and practice aids
This includes a variety of materials that are developed and/or endorsed by the IIA, including research studies, books, seminars, conferences, and other products and services related to the professional practice of internal auditing.
- Committee of Sponsoring Organizations of the Treadway Commission
- External audit, External auditor, Certified Public Accountant, and AICPA
- Internal Audit, Director of audit, Comptroller General, Inspector General
- Internal Control, Controller
- "Membership". na.theiia.org.
- "IIA Code of Ethics". IIA Code of Ethics. IIA. Retrieved 30 March 2011.
- "IIA standards". IIA standards. IIA. Retrieved 30 March 2011.