Home IA Quality Assessment
Quality Assessment Reviews Print E-mail


The outputs of a Quality Assessment Review (QAR) of Internal Auditing provide not only evaluation of compliance with the relevant IIA standards, but even more evidence the maturity of the organizations' governance, risk management and compliance system. So they represent important sources of an Integrated Audit.


The External Quality Assessment of Internal Auditing

An external Quality Assessment (QA) evaluates conformance with the Definition of Internal Auditing, International Standards for the Professional Practice of Internal Auditing (Standards), the Code of Ethics, the internal audit and audit committee charters, the organization's risk and control assessment, and the use of successful practices. An internal audit activity must obtain an external assessment at least every five years by an independent reviewer or review team to be in conformance with the Standards.

The benefit of an organization undergoing a external QA is that it allows the internal auditors to state that their activities "conforms with the International Standards for the Professional practice of Internal Auditing." It also builds stakeholder confidence by documenting management's commitment to quality and successful leading practices, and the internal auditors' mindset for professionalism. Obtaining an external QA provides evidence to the board, management, and staff that the audit committee and the internal audit activity are concerned about the organization's internal controls, ethics, governance, and risk management processes.

Regardless of an organization's industry or the internal audit activity's complexity or size, there are two approved approaches to external QAs. The first approach - an independent review team - involves an outside team under the leadership of an experienced and professional project manager. The team members should be competent professionals who are well versed in best internal audit practices.

The second approach seeks out an objective outside party for independent validation of the internal self assessment and report completed by the internal audit activity. This approach brings in a competent independent evaluator who is well versed in quality assessment methodology to validate the aforementioned self-assessment of the internal audit activity. In addition to reviewing the self-assessment, the validator substantiates some of the work done by the self-assessment team, makes an on-site visit, interviews senior management, and either co-signs the CAE's report regarding conformance to the Standards, or issues a separate report on the disparities.

Integral to both external QA approaches is the element of objectivity. Without this, the Standards have not been met. The CAE should fully explain to the audit committee why the external QA is necessary and valuable, how the approaches to external QAs differ, and which of the two is deemed most appropriate for the organization.

NOTE: It is important that the CAE receive board approval for the chosen approach.


Assessing Governance Capability of Internal Auditing

One potential approach for quality assessment reviews is applying ISO/IEC 15504 based Governance Capability Levels. The sample tool for assessing internal auditing of internal financial control uses ISO/IEC 15504 conformant description of the internal audit process. The descriptions of purpose statement, outcomes and base practices are adapted from the 2130 - Control Standard and related Practice Advisory 2130-1: Assessing the Adequacy of Control Processes of the International Professional Practices Framework © 2009 The Institute of Internal Auditors.

The sample tool can be used to map the requirements of the IIA Standards to Governance Capability indicators allowing stakeholders to set and measure organisation's risk appetite regarding internal audit activities.




Sponsored by





Powered by Joomla!. Designed by: colourful theme (video) cakephp framework Valid XHTML and CSS.