Essentials of

Internal Auditing
Section IV
 Section IV: Quality Assurance and
Improvement Program
• Topic A: Key Elements
of a QAIP
• Topic B: QAIP Reporting
Requirements
• Topic C: Conformance/
Nonconformance

www.LearnCIA.com
v6.0 Part 1, Section IV IV-2
 Quality Assurance and
Improvement Program (QAIP)
• Reasonable assurance to stakeholders that internal audit
activity:
– Performs in accordance with internal audit charter, which is consistent
with Definition of Internal Auditing, Code of Ethics, and Standards.
– Operates in an effective and efficient manner.
– Is perceived as adding value and improving operations.
• Supervision, periodic internal assessments and ongoing
monitoring of quality assurance, periodic external assessments.

www.LearnCIA.com
v6.0 Part 1, Section IV, Section Introduction IV-3
 Standard 2070
Standard 2070,
“External Service Provider and Organizational
Responsibility for Internal Auditing”

“When an external service provider serves as the internal audit

activity, the provider must make the organization aware that the
organization has the responsibility for maintaining an effective
internal audit activity.”

Interpretation: “This responsibility is demonstrated through the

quality assurance and improvement program, which assesses
conformance with the Code of Ethics, and the Standards.”

www.LearnCIA.com
v6.0 Part 1, Section IV, Section Introduction IV-4
 QAIP Assessments
Internal Quality External Quality
Assessments Assessments
• Ongoing internal evaluations of • Internal audit activity conformance
internal audit activity – Definition of Internal Auditing
– Code of Ethics
• Periodic self-assessments
– Standards
and/or reviews
– Use of best practices
• Conducted by persons within – Internal audit activity efficiency
organization’s internal audit and effectiveness
activity
• Qualified independent reviewer or
• Supervised by direction of CAE outside team
www.LearnCIA.com
v6.0 Part 1, Section IV, Topic A IV-5
 Discussion Question
Identify whether the statement
describes internal or external quality
assessment characteristics.

1. Usually incorporated into routine policies and

practices.
2. Provides an opinion about conformance to the
Standards.
3. CAE involvement precludes total objectivity.
4. Conducted at least once every five years.
www.LearnCIA.com
v6.0 Part 1, Section IV, Topic A IV-6
 Discussion Question
Identify whether the statement
describes internal or external quality
assessment characteristics.
Answers:
Internal 1. Usually incorporated into routine policies and
practices.
Internal 2. Provides an opinion about conformance to the
or external Standards.
Internal 3. CAE involvement precludes total objectivity.
External 4. Conducted at least once every five years.
www.LearnCIA.com
v6.0 Part 1, Section IV, Topic A IV-7
 Scope of Internal Assessments
• Routine and continuous supervision • Contribution to organization’s
and testing of audit/consulting work governance, risk management, and
• Ongoing measurements and analyses control processes
of performance metrics • Evaluation of effectiveness of
• Periodic compliance validations continuous improvement activities
– Applicable laws, regulations, and adoption of best practices
standards • Whether auditing activity adds
– Standards, Code of Ethics value, improves organization’s
• Adequacy of internal audit activity’s operations, and helps organization
charter, goals, objectives, policies, achieve objectives
procedures

www.LearnCIA.com
v6.0 Part 1, Section IV, Topic A IV-8
 Scope of External Assessments
• Conformance with • Efficiency and
Standards and Code of effectiveness of internal
Ethics via review of audit activity
internal audit activity’s • Board, senior
charter, plans, policies, management, and
procedures, practices, operational manager
and applicable legislative expectations of the
and regulatory internal audit activity
requirements

www.LearnCIA.com
v6.0 Part 1, Section IV, Topic A IV-9
 Practice Question
Who is acceptable to perform an external quality assessment
of XYZ Corporation’s audit activity?
A. Highly experienced internal auditors from XYZ’s largest
subsidiary
B. An independent, retired U.S. Fortune 500 CAE who validates
XYZ’s self-assessment
C. A qualified peer review team from ABC Corporation (XYZ’s peer
review team performed the external quality assessment for
ABC last year.)

www.LearnCIA.com
v6.0 Part 1, Section IV, Topic A IV-10
 Practice Question
Who is acceptable to perform an external quality assessment
of XYZ Corporation’s audit activity?
A. Highly experienced internal auditors from XYZ’s largest
subsidiary
B. An independent, retired U.S. Fortune 500 CAE who validates
XYZ’s self-assessment
C. A qualified peer review team from ABC Corporation (XYZ’s peer
review team performed the external quality assessment for
ABC last year.)

Answer: B. An independent assessor/team means not having an actual or a perceived

conflict of interest and not being part of, or under control of, the organization to which
the audit activity belongs.

www.LearnCIA.com
v6.0 Part 1, Section IV, Topic A IV-11
 QAIP Internal Performance Measures
Board/Audit Committee

International Professional
Management & Practices Framework
Internal Audit
Audit Clients Corporate and internal Process
audit strategies
Laws and regulations

Innovation and Capabilities

www.LearnCIA.com
v6.0 Part 1, Section IV, Topic A IV-12
 Process for Establishing Effective
Performance Measurement
1. Define internal audit effectiveness.
2. Identify key internal and external
stakeholders.
3. Develop measures, or KPIs, of internal audit
effectiveness and efficiency.
4. Monitor and report results.
www.LearnCIA.com
v6.0 Part 1, Section IV, Topic A IV-13
 KPIs in Balanced Scorecard for Internal Audit

www.LearnCIA.com
v6.0 Part 1, Section IV, Topic A IV-14
 QAIP Reporting Requirements
• Internal assessments: CAE may share results, action plans, and successful
implementation with senior management and board.
• External assessments: Preliminary results should be discussed with the
CAE during and at end, with copies of final report also sent to senior
management and the board.
– CAE’s responsibility: Respond to recommendations and provide action plan.
• Performance Standard 2060, “Reporting to Senior Management and the
Board.”
• Standard 1320: Scope, frequency, qualifications and independence of
assessor(s), conclusions, and corrective action.

www.LearnCIA.com
v6.0 Part 1, Section IV, Topic B IV-15
 Reporting Results of QAIP
Internal External
Assessments Assessments
• Guidelines • Conferences and draft
– Agree on medium and format • Final formal report
before assessment
– Opinion on internal audit
– Response/action plan and activity compliance
timetable
– Best practice evaluation
– Internal audit activity’s
– Recommendations and action
response and implementation
plans for quality, efficiency,
plan included in final reports
effectiveness, and adding
value
www.LearnCIA.com
v6.0 Part 1, Section IV, Topic B IV-16
 Conformance to the Standards
Conformance Nonconformance
Practices of internal audit satisfy
Impact and severity of deficiencies in
requirements of Definition of Internal
internal audit impair activity’s ability to
Auditing, Code of Ethics, and
discharge its responsibilities.
Standards.

Degrees of conformance: • Assessments should

• Generally conforms recommend improvements.
• Partially conforms • Report remedial actions.
• Does not conform
NOTE: A conformance statement may be used only if validated by QAIP.
www.LearnCIA.com
v6.0 Part 1, Section IV, Topic C IV-17
 Disclosure of Nonconformance
Standard 1322,
“Disclosure of Nonconformance”

“When nonconformance with the Code of Ethics or

the Standards impacts the overall scope or operation
of the internal audit activity, the chief audit executive
must disclose the nonconformance and the impact to
senior management and the board.”

www.LearnCIA.com
v6.0 Part 1, Section IV, Topic C IV-18
 End of Section IV

Questions?

www.LearnCIA.com
v6.0 Part 1, Section IV IV-19