These documents are ancillary to the Internal Controls certificate program and are to be used as guides for internal controls and internal audit.

This section provides a few templates and information sheets that can be utilized and refined. It is important to note that these tools should NOT be used as a simple check-list. They must be appropriately tailored to your organization. They are being provided to assist participants in brainstorming and developing the proper documentation needed to comply with the legislation. They include:

Introduction

Individuals who have performed the chief audit executive (CAE) role can most likely compile a never-ending list of lessons learned from the experience. It can be beneficial to reevaluate those lessons at various crossroads in an individual career and share the experiences with others who may be considering a similar role. Through the act of sharing and identifying lessons learned, individuals who continue to pursue internal audit as a profession can assist in the advancement of the role of the internal auditor in today’s business.

SECTION-1: Lessons Learned

The poem by Robert Fulghum titled “All I Really Need to Know I Learned in Kindergarten” provides an analogy of how the simplistic concepts learned in kindergarten can be applied within everyday life. These concepts extend past personal lives into business and government. The poem recites simple learnings such as “share every- thing,” “play fair,” “clean up your own mess,” and many other factors of leading a balanced life. The poem even speaks to the need to “hold hands when you go out in the world, watch out for traffic, and stick together.”

Lesson 1: Clarify/Define Management Expectations for Internal Audit

Not everyone sees things in the same light or recognizes concepts that may seem clearly outlined. It is important to make sure management and the internal audit team work together and are on the same page of the handbook when working through depart- mental responsibilities and expectations.

Lesson 2: Balance Management Expectations with the International Institute of Auditors Standards

Internal auditors understand the purpose and intent of the Standards. However, it is not unusual for management to have varying views that may conflict with the internal auditor’s professional obligation to the Standards. The concept of playing fair correlates to ensuring that the Standards are not used as a bat or whipping stick when working to get management on the same page as the auditors. Keep in mind that the Standards are not laws; they are professional guidelines. The entire organization must understand the importance of playing fair and according to the guidelines of the profession.

Lesson 3: Validate the Internal Audit Charter as Fact and Not Fiction

Internal auditors are accustomed to clarifying and documenting. We look to leading practice to guide us on the procedures most relevant to apply. We often utilize leading practice documents when developing departmental protocols and documents like charters. However, it is important to look at departmental charters periodically to ensure that the elements listed are executable and true in fact. Elements that appear in a charter that are not relevant to the organization or that could never be executed given the current structure may actually put the organization at greater risk.

Lesson 4: Clarify the Purpose and Execution of Risk-Based Auditing

Make sure that management and internal audit are on the same page concerning concepts and the need for a true risk- based audit approach.

Lesson 5: Define “Independent Risk Assessment” in Relation to the Audit Plan

Everyone sees things in a distinct and separate manner. Similarly, the concept of independent risk assessment may be viewed differently by each company, management, and internal audit function. It is important to clarify the concept of independent risk assessment to ensure a consistent organizational understanding and application.

Lesson 6: Add Value While Maintaining Independence

The concepts of independence are complicated, and it is important to remember to play fair when executing responsibilities.

Lesson 7: Serve the Audit Committee

In this instance, the responsibility of serving the audit committee can be correlated to almost every lesson outlined in Robert Fulghum’s poem. When serving the audit committee, auditors should employ all aspects of playing fair, sticking together, taking responsibility for their own actions, and learning when and how to appropriately communicate the aspect of cleaning up messes. As a challenge, internal auditors should revisit the poem and link individual responsibilities and challenge areas to components outlined in the kindergarten rules. Think simplistically. Everything can be translated into everyday life.

Lesson 8: Communication of Issues When Management Objects

Communication is an art. Be cognizant of how communication is perceived especially when others are not in full agreement. Gaining agreement and acceptance or sticking together will take you much further than fighting over irrelevant issues.

Lesson 9: Understand How the CAE Role and Audit Department Are Viewed

Internal auditors understand the role of the CAE as defined by professional Standards. However, it is important to “balance” our perceptions and how we execute the role with the manner in which management and the audit committee view the role. In essence, ensure that you are “living a balanced role.”

Lesson 10: Gaining a “Seat at the Table”

To gain the perennial seat at the table, the CAE must build strong relationships with management that include developing trust and respect. It is important that internal auditors stick together and understand the professional Standards to enable proper communication of requirements and expectations to management. Through holistic application of the Standards by all CAEs, internal auditors will be able to more readily gain the coveted seat at the table. However, absent CAEs sticking together and abiding by the Standards, management will continue to view the profession as one in which they can dictate the acceptance of guidelines.

SECTION-2: Is It Legal or Is It Ethical? The CAE’s Dilemma

Introduction

The phrase “Is it legal or is it ethical?” can be a mini mantra of the internal audit function. Auditors will sometimes describe the dilemma when identifying a control gap that legally may be accept- able but morally may not. Many professions have their own code of conduct. The code is established to ensure that professionals follow proper morals and behavior as expected in their roles. Lawyers, doctors, certified public accountants, as well as other professional roles have detailed codes of conduct. The IIA has defined a code of ethics for the profession. The code states the principles and expectations governing the behavior of individuals in the conduct of internal auditing. It also describes the minimum requirements for conduct and behavioral expectations. But the ethical line is not always a black-and- white demarcation. In addition, legal implications can impact how gray the line may appear.

Lessons of an Auditor can be download here:
https://www.crcpress.com/go/internal_audit_and_it_audit?utm_medium=email&utm_source=EmailStudio&utm_campaign=B190507996+-+20190926_140042_3573645