Professional Documents
Culture Documents
Internal auditing is an independent, objective assurance and consulting activity designed to add
value and improve an organizations operations. It helps an organization accomplish its objectives by
bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk
management, control, and governance processes.
Independence is the freedom from conditions that threaten objectivity or the appearance of
objectivity. Such threats to objectivity must be managed at the individual auditor,
engagement functional and organizational levels.
As an objective activity, an unbiased mental attitude that allows internal auditors to perform
engagements in such a manner that they have an honest belief in their work product and that
no significant quality compromises are made. It requires internal auditors not to subordinate
their judgment on audit matters to that of the others.
By emphasizing that the scope of internal auditing encompasses assurance and consulting
activities, it projects internal auditing as proactive and customer-focused, and concerned with
key issues in control, risk management, and governance.
By explicitly stating that internal auditing is designed to add value and improve an
organizations operations, it underscores the significant contribution that internal auditing
makes for any organization. Value is provided by improving opportunities to achieve
organizational objectives, identifying operational improvement, and/or reducing risk exposure
through both assurance and consulting services.
By considering the whole organization, it perceives internal auditings mandate much more
broadly, charging it with helping the organization accomplish overall objectives.
It assumes that controls only exist to help the organization manage its risk and promote
effective governance. Such a perspective considerably broadens the horizons of internal
auditing and expands its working domain to include risk management, control, and
governance processes.
It accepts that the internal auditing professions legacy, consisting of its unique franchise in
being a standards-based profession, may well be its most enduring and valuable asset.
Rigorous standards provide the basis for crafting a documented, disciplined, and systematic
process that assures quality performance on internal audit engagements.
Similar developments occurred with respect to the Zhao dynasty in China (1122-256 B.C.). The
need for and indications of audits can be traced back to public finance systems in Babylonia,
Greece, the Roman Empire, the City States of Italy, etc., all of which developed a detailed
system of checks and counterchecks. Specifically, these governments were worried about
incompetent officials prone to making bookkeeping errors and inaccuracies as well as corrupt
officials who were motivated to perpetrate fraud whenever the opportunity arose.
Even the Bible (referring to the period between 1800 B.C. and A.D. 95) explains the basic
rationale for instituting controls rather straightforwardly: if employees have an opportunity
to steal they may take advantage of it. The Bible also contains examples of internal controls
such as the dangers of dual custody of assets, the need for competent and honest employees,
restricted access, and segregation of duties.
Circa 1484 AD the emergence of double-entry bookkeeping, which can be directly traced to
the critical need for exercising stewardship and control. Throughout European history, for
instance, fraud cases such as the South Sea bubble of the 18th century, and the tulip
scandal provided the justification for exercising more control over managers.
Within a span of a couple of centuries, the European systems of bookkeeping and auditing
were introduced into the United States. As business activities grew in size, scope, and
complexity, a critical need for a separate internal assurance function that would verify the
(accounting) information used for decision-making by management emerged. Management
needed some means of evaluating not only the efficiency of work performed for the business
but also the honesty of its employees.
Around the turn of the 20th century, the internal audit function became responsible for the
careful collection and interpretative reporting of the selected business developments,
activities, and results from diverse and voluminous transactions.
1941 Victor Z. Brink, authored the first major book on internal auditing. And at the same
time, John B. Thurston, internal auditor for the North American Company in New York, had
been contemplating establishing an organization for internal auditors. He and Robert B. Milne
had served together on an internal auditing subcommittee formed jointly by the Edison
Electric Institute and the American Gas Association, and they agreed that further progress in
bringing internal auditing to its proper level of recognition would be best made possible by
forming an independent organization for internal auditors.
1947 to 1990 Issuance of the Statement of Responsibilities of the Internal Auditor which
clarified that while internal auditing primarily dealt with accounting and financial matters,
matters of an operating nature also lay within its scope of activities. By 1957, the statement
has been broadened to include:
1. Reviewing and appraising the soundness, adequacy, and application of accounting,
financial, and operating controls.
2. Ascertaining the extent of compliance with established policies, plans, and
procedures.
3. Ascertaining the extent to which company assets are accounted for, and safeguarded
from, losses of all kinds.
4. Ascertaining the reliability of accounting and other data developed within the
organization.
5. Appraising the quality of performance in carrying out assigned responsibilities.
1948 IIA expand globally with the opening of its branches in London and Manila. It was
founded on August 14, 1948 by Mr. Santiago F. Dela Cruz Sr. along with a small group of
accountants actively engaged in the profession. Mr. Dela Cruz, who is considered to be the
moving spirit of the association, is the same man who, two years earlier than IIAP, co-
established the Philippine College of Commerce and Business Administration (PCCBA) which
we now know as the University of the East.
In 1978, The IIA formally approved the Standards for the Professional Practice of Internal
Auditing (Standards), which had the following purposes:
1. Assist in communicating to others the role, scope, performance, and objectives
of internal auditing.
2. Unify internal auditing throughout the world.
3. Encourage improved internal auditing.
4. Establish basis for consistent measurement of internal auditing operations.
5. Provide a vehicle by which internal auditing can be fully recognized as a
profession.
1982 The Institute of Internal Auditors Philippines Inc., (IIAP) was registered in SEC. This was
formerly known as The Institute of Internal Auditors, Inc. Manila Chapter.
2002 The implementation of Sarbanes-Oxley Act of 2002 in the USA, in which the
professions exposure value was enhanced as many internal auditors possessed the skills
required to help companies meet the requirements of the law.
3. Statistical sampling
Statistical sampling was applied to reduce the level of testing along with a move away
from examining all available documents or book entries. A scientific approach was used,
whereby the results from a sample could be extrapolated to the entire population in a
defendable manner.
4. Probity-based work
This features the transaction approach where anything untoward was investigated. The
probity approach is based on audit being the unseen force that sees and hears all that
goes on in the organization. Instead of double-checking accounting records and
indicating those that should be corrected, the probity approach allowed the chief
accountant to check on financial propriety across the organization.
5. Spot checks
It was then possible to reduce the level of probity visits by making unannounced
spot checks so that the audit deterrent (the possibility of being audited) would reduce the
risk of irregularity.
6. Risk analysis
The transaction/probity approach could be restricted by applying a form of
risk analysis to the defined audit areas so that only high-risk ones would be visited. There
are many well-known risk formulae that are designed to target audit resources to specific
areas based around relevant factors. Each unit might then be ranked so that the high-risk
ones would be visited first and/or using greater resources.
7. Systems-based approach
Systems-based audits (SBAs) are used to advise management on the types of controls
they should be using. Testing is directed more at the controls than to highlight errors for
their own sake. The problems found during audit visits will ultimately be linked to the way
management controls its activities.
8. Operational audit
Attention to operational areas outside the financial arena provided an opportunity to
perform work not done by the external auditor. The concepts of economy, efficiency and
effectiveness were built into models that evaluated the value-for-money (VFM)
implications of an area under review. Looking for savings based on greater efficiencies
became a clear part of the audit role.
9. Management audit
Management audit moves up a level to address control issues arising from managing an
activity. It involves an appreciation of the finer points relating to the various managerial
processes that move the organization towards its objectives. This comes closer to the
final goal of IA where it is deemed capable of reviewing all-important areas within the
organization by adopting a wide interpretation of systems of control.