QAIP External
QAIP External
QAIP External
ATTRIBUTE STANDARDS
1000 Purpose, Authority, and Responsibility
1010 Recognizing Mandatory Guidance in the Internal Audit Charter
1100 Independence and Objectivity
1110 Organizational Independence
1111 Direct Interaction with the Board
1112 Chief Audit Executive Roles Beyond Internal Auditing
1120 Individual Objectivity
1130 Impairments to Independence or Objectivity
1200 Proficiency and Due Professional Care
1210 Proficiency
1220 Due Professional Care
1230 Continuing Professional Development
1300 Quality Assurance and Improvement Program
1310 Requirements of the Quality Assurance and Improvement Program
1311 Internal Assessments
1312 External Assessments
1320 Reporting on the Quality Assurance and Improvement Program
1321 Use of “Conforms with the International Standards for the Professional Practice of Internal Auditing
1322 Disclosure of Nonconformance
GC PC DNC
PERFORMANCE STANDARDS
2000 Managing the Internal Audit Activity
2010 Planning
2020 Communication and Approval
2030 Resource Management
2040 Policies and Procedures
2050 Coordination and Reliance
2060 Reporting to Senior Management and the Board
2070 External Service Provider and Organizational Responsibility for Internal Auditing
2100 Nature of Work
2110 Governance
2120 Risk Management
2130 Control
2200 Engagement Planning
2201 Planning Considerations
2210 Engagement Objectives
2220 Engagement Scope
2230 Engagement Resource Allocations
2240 Engagement Work Program
2300 Performing the Engagement
2310 Identifying Information
2320 Analysis and Evaluation
2330 Documenting Information
2340 Engagement Supervision
GC PC DNC
2400 Communicating Results
2310 Criteria for Communicating
2420 Quality of Communications
2421 Errors and Omissions
Use of “Conducted in Conformance with the International Standards for the Professional Practice of Internal
2430 Auditing”
2431 Engagement Disclosure of Nonconformance
2440 Disseminating Results
2450 Overall Opinions
2500 Monitoring Progress
2600 Communicating the Acceptance of Risks
IIA CODE OF ETHICS
Conformance Rating Criteria
DNC – “Does Not Conform” means the assessor has concluded the following:
• For individual standards, the internal audit activity is not aware of, is not making good faith efforts to conform to, or is failing to achieve many/all of the objectives of the
standard (e.g., 1000, 1010, 2000, 2010, etc.) and/or elements of the IIA Code of Ethics (both Principles and Rules of Conduct).
• For the sections (Attribute and Performance) and major categories (e.g., 1000, 1100, 2000, 2100, etc.), the internal audit activity does not achieve conformance with a majority
of the individual standards within the section/category and/or elements of the IIA Code of Ethics.
• For the internal audit activity overall, there will be deficiencies that will usually have a significant negative impact on the internal audit activity’s effectiveness and its potential
to add value to the organization. These may also represent significant opportunities for improvement, including actions by senior management or the board.