THE INTERNATIONAL PROFESSIONAL PRACTICES

FRAMEWORK (IPPF)
1. INTRODUCTION

The term Internal Auditor refers to:

IIA members
Recipients of IIA professional certifications
Those performing IA services within the definition of internal auditing

The International Professional Practices Framework (IPPF) is a coherent

framework which facilitates consistent development, interpretation and application
of concepts, methodologies and techniques useful to the internal auditing
profession.
The purpose of the IPPF is to organise the Institute of Internal Auditors (IIA)
authoritative guidance in a readily available manner and to assist practitioners and
stakeholders in being responsive to the market for high quality internal auditing.
Internal Auditing is performed in a diverse environment, in organisations of varying
size, structure and purpose and within different legislative frameworks which may
affect internal auditing in practice.
The implementation of the IPPF will be governed by the environment in which the IA
activity is carried out and the information contained in the IPPF should not be
construed in a manner which conflicts with the applicable laws and regulations.
If such situations arise, IAs are encouraged to contact the IIA for counsel and advice.
The IPPF consists of:

(I)

MANDATORY GUIDANCE:
(1)The definition of Internal Auditing
(2)The Code of Ethics
(3)The International Standards for the Professional Practices of
Internal Auditing

(II)

STRONGLY RECOMMENDED GUIDANCE:

(1)Position Papers assist interested parties in understanding significant
governance, risk or control issues and in delineating related roles and
responsibilities of internal auditing.
(2)Practice Advisories assist IAs in applying the definition of IA, the Code of
Ethics and the Standards and promoting good practices. They include
practices relating to international, country or industry specific issues,
specific types of engagements and legal or regulatory issues.

THE INTERNATIONAL PROFESSIONAL PRACTICES

FRAMEWORK (IPPF)
(3)Practice Guides contain detailed guidance for conducting IA activities
including detailed processes and procedures, tools and techniques, programs
and approaches.

2. MANDATORY GUIDANCE
(1)

THE DEFINITION OF INTERNAL AUDITING

Internal Auditing is an independent, object assurance and consulting activity

designed to add value and improve the operations of an organisation. It helps the
organisation accomplish its objectives by bringing a systematic, disciplined approach
to evaluate and improve the effectiveness of risk management, control and
governance processes.

(2) THE CODE OF ETHICS

The Code of Ethics states the principles and expectations governing the behaviour
of individuals and organisations in the conduct of internal auditing.
The purpose of the Code of Ethics is to promote and ethical culture in the profession
of internal auditing. It is necessary because internal auditing is founded on the trust
of its object assurance about governance, risk management and control.
The Code of Ethics extends beyond the definition of internal auditing to include two
components:
(a) Principles relevant to the profession and practice of internal auditing
(b) Rules of conduct describing behaviour norms which aid in interpreting the
Principles.
The Code of Ethics applies to both entities and individuals that perform internal
audit services.
Breaches of the Code of Ethics for IIA members and recipients of IIA professional
certifications will be evaluated according to the Institutes Bylaws and
Administrative Directives.
Particular conduct which is not specifically mentioned in the Rule of Conduct does
not prevent it from being unacceptable.

PRINCIPLES
Internal Auditors are to apply and uphold the following principles:
(I) INTEGRITY
The integrity of Internal Auditors establishes trust and provides the basis for
reliance on their judgement
Rules of Conduct:
2

THE INTERNATIONAL PROFESSIONAL PRACTICES

FRAMEWORK (IPPF)
(I1) IAs perform their work with honesty, diligence and responsibility
(I2) IAs observe the law and make disclosures expected by the law and the
profession
(I3) IAs shall not knowingly be a part of any illegal activity or engage in acts that
may discredit the profession or the organisation
(I4) IAs shall respect and contribute to the legitimate and ethical objectives of the
organisation

(II)

OBJECTIVITY

IAs exhibit the highest level of professional objectivity in gathering, evaluating and
communicating information about the activity or process being examined and make
a balanced assessment of all relevant circumstances and whilst doing so, are not
unduly influenced by their own interests or by others in forming judgements.
Rules of Conduct:
(II1) IAs shall not participate in any activity or relationship that may impair or be
presumed to impair their unbiased assessment including those activities and
relationships that may be in conflict with the interests of the organisation
(II2) IAs shall not accept anything that may impair or be presumed to impair their
professional judgement
(II3) IAs shall disclose all material facts known to them that, if not disclosed, may
distort the activities under review.
(III)

CONFIDENTIALITY

IAs respect the value and ownership of the information they receive and do not
disclose it without appropriate authority unless there is a legal or professional
obligation to do so.
Rules of Conduct:
(III1) IAs shall be prudent in the use and protection of information acquired in the
course of their duties
(III2) IAs shall not use information for any personal gain, any manner contrary to
the law or to the detriment of the legitimate or ethical objectives of the organisation
(IV)

COMPETENCY

IAs apply the knowledge, skills and experience needed in the performance of
internal audit services.
Rules of Conduct:
(IV1) IAs shall engage only in those services for which they have the necessary
knowledge, skills and experience
3

THE INTERNATIONAL PROFESSIONAL PRACTICES

FRAMEWORK (IPPF)
(IV2) IAs shall perform audit services in line with the Standards
(IV3) IAs shall continually improve their proficiency and the effectiveness and
quality of their services

(3) THE INTERNATIONAL STANDARDS FOR THE PROFESSIONAL

PRACTICES OF INTERNAL AUDITING
The International Standards for the Professional Practices of Internal
Auditing (the Standards) are mandatory and specify unconditional principle
focused requirements for promoting and performing internal auditing and
conformance is expected unless circumstances justify deviation when applying
professional judgement.
The Standards apply to individual internal auditors and internal audit activities. All
internal auditors are accountable for conforming with the Standards related to
individual objectivity, proficiency, and due professional care. In addition, internal
auditors are accountable for conforming with the Standards, which are relevant to
the performance of their job responsibilities. Chief audit executives are accountable
for overall conformance with the Standards.
The review and development of the Standards is an ongoing process. The
International Internal Audit Standards Board engages in extensive consultation and
discussion prior to issuing the Standards. This includes worldwide solicitation for
public comment through the exposure draft process. All exposure drafts are posted
on The IIAs website as well as being distributed to all
IIA institutes.
The Standards consist of:
(a) Statements of basic requirements for the professional practice and for
evaluating the performance of internal auditing and are internationally
applicable to organisations and individuals
(b) Interpretations clarifying terms or concepts within the statements.
The Standards are divided between:
(1) Attribute Standards, which address the attributes of organizations and
individuals performing internal auditing.

THE INTERNATIONAL PROFESSIONAL PRACTICES

FRAMEWORK (IPPF)
(2) Performance Standards, which describe the nature of internal auditing and
provide quality criteria against which the performance of these services can be
measured.
(3) Implementation Standards, which provide the requirements applicable to
assurance (A) or consulting (C) activities.
Assurance services involve the internal auditors objective assessment of
evidence to provide an independent opinion or conclusions regarding an entity,
operation, function, process, system, or other subject matter.
The nature and scope of the assurance engagement are determined by the IA.
There are generally three parties involved in assurance services: (1) the person
or group directly involved with the entity, operation, function, process, system, or
other subject matter the process owner, (2) the person or group making the
assessment the internal auditor, and (3) the person or group using the
assessment the user.
Consulting services are advisory in nature, and are generally performed at the
specific request of an engagement client.
The nature and scope of the consulting engagement are subject to agreement
with the engagement client.
Consulting services generally involve two parties: (1) the person or group offering
the advice the internal auditor, and (2) the person or group seeking and
receiving the advice the engagement client.
When performing consulting services, the internal auditor should maintain
objectivity and not assume management responsibility.

ATTRIBUTE STANDARDS