• Research & Data
• Education
• Consumer Credit & Payments
• Bank Resources
• Community Development

• Newsroom
• Careers
• Publications

Saturday, May 18, 2013

[ – ] Text Size [ + ]  |  Print Page

Home > Bank Resources > Bank Resources Publications > SRC Insights > 2002 > Fourth Quarter

SRC Insights: Fourth Quarter 2002

Professional Practices Framework - What In the World...

by John B. Shaffer, Senior Vice President and General Auditor

Enron, WorldCom, K-Mart, governance, enterprise-wide risk assessments, external auditor independence, Arthur Andersen, 2002 Corruption Perception Index, ImClone, restated earnings, managed earnings, 2002 Bribe Payers Index, Tyco International…

An accident waiting to happen. Accidents that did happen! Why are we surprised? Just a few years ago the only term listed above that would have caught the attention of anyone was "managed earnings," followed by a yawn. After all, doesn't every company want to improve earnings quarter after quarter, year after year? Allow me to suggest that that was the warning sign that largely went unheeded. It was just "part of the game" until multiple events went awry.

The cause? It was not just greedy executives and stockholders. It was not just incompetent auditors and accountants. It wasn't just the sense of power among the "movers and shakers." It wasn't just apathy. It wasn't just the "governing bodies" (e.g., SEC, FASB, and others) that were two steps behind the industry. It wasn't any of it, but rather all of it, and then some.

Welcome to a practical and appropriate solution to at least begin to address the problem. Welcome to the internal auditors' world of the Professional Practices Framework. In June 1999, The Institute of Internal Auditors (The IIA) approved a new Professional Practices Framework (PPF). To quote The IIA, "a framework provides a structural blueprint of how a body of knowledge fits together… it facilitates consistent development, interpretation, and application of concepts, methodologies and techniques useful to a discipline or a profession."

The framework within which internal auditors are challenged to conduct such activities is comprised of four elements:

• Definition of Internal Auditing
• Standards and Ethics (better said, "Ethics and Standards")
• Practice Advisories
• Development and Practice Aids

The foundational piece of the PPF is the definition of internal auditing:

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

The definition of internal auditing makes a fairly sweeping statement. Internal auditors want to help an organization accomplish its objectives by providing an independent look at virtually anything and everything. The organization's objectives should become Internal Audit's objectives.

Internal Audit: What We Do

• Assurance Services
• Consulting Activities

via disciplined evaluation of

• Risk Management
• Control
• Governance Processes

The Ethics and Standards are mandatory, core directives. The first element—the Institute's Code of Ethics—is designed to promote an ethical culture. Such a code is necessary for several reasons. First, The IIA is a worldwide organization. Therefore, it is necessary to establish an ethical climate within which all are expected to practice the profession of internal auditing. Second, it is necessary to maintain credibility in all that we do. Third and finally, it is essential to provide behavioral norms upon which both the practitioner and the client can rely. To most, such a code is common sense; to all, it is essential. More than any other governing document, adherence to the Code of Ethics will determine an individual's success or failure as an internal auditor and the success or failure of the internal audit organization. Although obvious, many have fallen—whether in business or politics—because of inappropriate ethical behavior.

Internal Auditing...Code of Ethics

• Integrity
• Objectivity
• Confidentiality
• Competency

The second element of the mandatory direction is the Standards for the Professional Practice of Internal Auditing (Internal Auditing Standards). Like the Yellow Book, which directs governmental auditors, and Generally Accepted Auditing Standards (GAAS), which govern the public accounting community, the Internal Auditing Standards are the generic "how to" of the Internal Auditing framework.

The Internal Auditing Standards are divided into Attribute Standards (AS), Performance Standards (PS), and Implementation Standards (IS). There is one set of Attribute Standards and Performance Standards governing all audit activities, and separate Implementation Standards for Assurance Services and Consulting Services. The Attribute, Performance, and Implementation Standards are supported by a comprehensive glossary.

Thus far we have briefly discussed the definition of internal auditing, the Code of Ethics, and the Internal Auditing Standards. There remains two additional pieces of the PPF—Practice Advisories and Development and Practice Aids.

Adherence to the Practice Advisories, while not mandatory, is strongly recommended. These advisories add specificity to the somewhat generic Internal Audit Standards, are directly linked to specific Standards, and often help to interpret and apply the Standards. In addition, the Practice Advisories represent "best practices" as endorsed by The IIA. Some Practice Advisories are applicable to all internal audit environments while others are applicable to specific industries or geographic areas. All are subject to a formal review process before they are issued.

The fourth element of the PPF is Development and Practice Aids. Fundamentally, this category includes research studies, seminars, conferences, books, and other products that relate to internal auditing. All can help to implement the guidance offered in the Code of Ethics, Internal Audit Standards, and Practice Advisories.

Where to Find Help!
The volume of guidance available to assist internal auditors and their organizations might appear overwhelming. However, The IIA has organized its guidance in an easy-to-use format on its website. ¹ On The IIA website, you can find pages that clearly describe each standard and provide links to clarifying Practice Advisories and Development and Practice Aids.

In this format, it becomes clear that the PPF offers a comprehensive approach to guide the profession and provides all internal auditing practitioners with the tools necessary to do their job efficiently and, more importantly, effectively! Perhaps if all professions in the business world had such a comprehensive framework and followed it rigorously, many of the accidents waiting to happen…wouldn't.

If an individual wants to be considered a professional, he or she must conduct themselves accordingly, whether as an internal auditor, external auditor, examiner, Treasurer, Chief Financial Officer, Chief Information Officer, Chief Executive Officer, or Board member. The Professional Practices Framework, if followed, will enhance the professionalism of the internal audit community in general and internal audit practitioners as individuals, allowing them to rise above the recent scandals and contribute to the restoration of the investing public's confidence in businesses nationwide.

• ¹ See IIA's website and the Professional Practices Framework .

The views expressed in this article are those of the author and are not necessarily those of this Reserve Bank or the Federal Reserve System.