Contents

Independence and Objectivity 15%

Note: Lots of repetation from previous chapter as we these covered topics in detailed.
Interpret organizational independence of the internal audit activity (importance of independence, functional reporti
A Basic

B Identify whether the internal audit activity has any impairments to its independence. Basic
Assess and maintain an individual internal auditor’s objectivity, including determining whether an individual interna
C Proficient

D Analyze policies that promote objectivity. Proficient

Source: IIA Standards, Implementation Guide, Supplemental Guide, Glossary and IIA website.
Proficient

Proficient
 Topic
A. Interpret organizational independence of the internal audit activity (importance of independence, functional reporting, e
Level: Basic
Note: Some memorization is required for this Unit. Mastery of this unit will increase your chances of passing the exam.
Strongly recommend you to review the Dual Lines of Reporing (attached in the 'Support for Inde and Obj' tab, item#1).

Source: IIA Standards, Implementation Guide, Supplemental Guide, Glossary and IIA website.

Independence

IA acheives Independece
Through

Independence - IA as a
group (Very Important)

Chief Audit Executive

Roles Beyond Internal
Auditing
 Details
rganizational independence of the internal audit activity (importance of independence, functional reporting, etc.)

memorization is required for this Unit. Mastery of this unit will increase your chances of passing the exam.
mmend you to review the Dual Lines of Reporing (attached in the 'Support for Inde and Obj' tab, item#1).

andards, Implementation Guide, Supplemental Guide, Glossary and IIA website.

Independence is the freedom from conditions that threaten the ability of the internal
audit activity to carry out internal audit responsibilities in an unbiased manner.

- Dual line reporting (Functionally to the Board/Audit Committee and Administratively

to the CEO.
- Direct interaction with the Board/Audit Committee or Board members without the
presence of CEO.

The chief audit executive must report to a level within the organization that allows the
internal audit activity to fulfill its responsibilities. The chief audit executive must confirm
to the board, at least annually, the organizational independence of the internal audit
activity.

Where the chief audit executive has or is expected to have roles and/or responsibilities
that fall outside of internal auditing, safeguards must be in place to limit impairments to
independence or objectivity.
 Tip for Passing
functional reporting, etc.)

ssing the exam.

bj' tab, item#1).

- Remember: Independence means freedom from certain conditions and IA

should carry out their responsibilities in an unbiased manner.
- Focused on IA as group and CAE

- It is very important to remembe that: Chief Audit Executive reports

functionally to the board and administratively to the CEO. Examples of
functional reporting to the board involve the board:
- Approving the internal audit charter.
- Approving the risk-based internal audit plan.
- Approving the internal audit budget and resource plan.
- Receiving communications from the CAE on the internal audit activity’s
performance relative to its plan and other matters.
- Approving decisions regarding the appointment and removal of the CAE.
- Approving the remuneration of CAE.
- Making appropriate inquiries of management and the CAE to determine
whether there are inappropriate scope or resource limitations.
- The chief audit executive must communicate and interact directly with the
board.
- Administrative duties, as examples, include:
- Budgeting and management accounting.
- Human resource administration.
- Internal communications and information flows.
- Administration of the organization's internal policies and procedures
(expense approvals, leave approvals, floor space, etc.).
- The CAE may be asked to take on additional roles and responsibilities outside
of internal auditing, such as responsibility for compliance or risk management
activities. These roles and responsibilities may impair, or appear to impair, the
organizational independence of the IA activity or the individual objectivity of the
internal auditor.
- Safeguards are those oversight activities, often undertaken by the board, to
address these potential impairments, and may include such activities as
periodically evaluating reporting lines and responsibilities and developing
alternative processes to obtain assurance related to the areas of additional
responsibility.
 Potential Questions

- How does IA achieve independence?

- The exam question will probably give you a senario and

ask you which org. structure is independent.
- You may get a question on examples of functional
reporting. You may be required to select few examples
(e.g. I, III, and IV are examples of functional reporting).
Memorize these examples!
- How often should the CAE confirm to the board on
organizational independence? Yes you are right, atleas
annually.
- Resource plan and budget approval are functional in
nature where as human resource administration and
budgeting are administrative in nature.

- If CAE takes compliance or risk management

responsibilities, then how is the independence
managed? (periodically reviewing reporting lines, hiring
a consulting firm to provide assurance, etc.)
- Remember, buget is approved by the Board/Audit
Committee - functional in nature. The budgeting process
discussed with the CEO - administrative in nature. Quite
important for the exam!
 Topic
B. Identify whether the internal audit activity has any impairments to its independence.
Level: Basic
Note: This was covered in Chapter 1.
Source: IIA Standards, Implementation Guide, Supplemental Guide, Glossary and IIA website.
Impairement

Reporting of
Impairement

Examples of objectivity
impairments

Auditor Responsibility in
case of Impairment

CAE Actions in case of

Impairment - Examples
Conflict of Interest

Sope Limitation
 Details
ether the internal audit activity has any impairments to its independence.

s covered in Chapter 1.
andards, Implementation Guide, Supplemental Guide, Glossary and IIA website.
Impairment to organizational independence and individual objectivity may include personal conflict of
interest, scope limitations, restrictions on access to records, personnel, and properties, and resource
limitations (such as funding).

If independence or objectivity is impaired in fact or appearance, the details of the impairment must be
disclosed to appropriate parties. The nature of the disclosure will depend upon the impairment.

Examples of objectivity impairments include:

- An internal auditor audits an area in which he or she recently worked, such as when an employee
transfers into internal audit from a different functional area of the organization and then is assigned to
an audit of that function. (Standard 1130.A1 specifically addresses this situation).
- An internal auditor audits an area where a relative or close friend is employed.
- An internal auditor assumes, without evidence, that an area being audited has effectively mitigated
risks based solely on a prior positive audit or personal experiences (e.g., a lack of professional
skepticism).
- An internal auditor modifies the planned approach or results based on the undue influence of
another person, often someone senior to the internal auditor, without appropriate justification.

Typically, the first step is to discuss the concern with an internal audit manager or the CAE to
determine whether the situation is truly an impairment and how best to proceed. Both the nature of
the impairment and board/senior management expectations will determine the appropriate parties to
be notified of the impairment and the ideal communication approach.

- When the CAE believes the impairment is not real, but recognizes there could be a perception of
impairment, the CAE may choose to discuss the concern in engagement planning meetings with the
operating management, document the discussion (such as in an audit planning memo), and explain
why the concern is without merit. Such a disclosure may also be appropriate for a final engagement
report.
- When the CAE believes the impairment is real and is affecting the ability of internal audit to perform
its duties independently and objectively, the CAE is likely to discuss the impairment with the board
and senior management and seek their support to resolve the situation.
- When an impairment comes to light after an audit has been executed, and it impacts the reliability
(or perceived reliability) of the engagement results, the CAE will discuss it with operating and senior
management, as well as the board. (Standard 2421 – Errors and Omissions states that if a final
communication contains a significant error or omission, the CAE must communicate corrected
information to all parties who received the original communication.)
Conflict of interest is a situation in which an internal auditor, who is in a position of trust, has a
competing professional or personal interest. Such competing interests can make it difficult to fulfill his
or her duties impartially. A conflict of interest exists even if no unethical or improper act results.
A conflict of interest can create an appearance of impropriety that can undermine confidence in the
internal auditor, the internal audit activity, and the profession. A conflict of interest could impair an
individual's ability to perform his or her duties and responsibilities
objectively.

Sope limitatiion is a restriction placed on the IA activity that precludes the activity from accomplishing
its objectives and plans.
 Tip for Passing

- Remember the key elements of impairment

- Conflict of Interest
- Scope limitation
- Restriction on access to records, personnel and properties
- Resource limitation

- Remember that the determination of appropriate parties to which the details of an

impairment to independence or objectivity must be disclosed is dependent upon the
expectations of the internal audit activity’s and the CAE’s responsibilities to senior
management and the board as described in the internal audit charter, as well as the
nature of the impairment.
- Internal auditors must refrain from assessing specific operations for which they were
previously responsible specifically the previous year i.e. last 12 months.
- Assurance engagements for functions over which the CAE has responsibility must be
overseen by a party outside the internal audit activity (for example: hire a outside
consultant).
- The IA activity may provide assurance services where it had previously performed
consulting services, provided the nature of the consulting did not impair objectivity and
provided individual objectivity is managed when assigning resources to the engagement
(for example use auditors who were not part of the assurance activity).
- IA may provide consulting services relating to operations for which they had previous
responsibilities.
- If internal auditors have potential impairments to independence or objectivity relating
to proposed consulting services, disclosure must be made to the engagement client prior
to accepting the engagement.

- During planning, internal auditors typically draft a scope statement that specifically
states what will and will not be included in the engagement (e.g., the boundaries of the
area or processes, in-scope versus out-of-scope locations, subprocesses, components of
the area or process, and time frame). The time frame may be based on a point in time, a
fiscal quarter, a calendar year, or another predetermined
period of time.
- At times, internal auditors may place reliance on work performed by others — such as
external auditors or compliance groups within the organization — and it may be useful to
document such reliance in the scope statement. Standard 2050 – Coordination and
Reliance and its Implementation Guide provide further guidance on the internal audit
activity’s reliance on such work.
 Potential Questions

- Impairment to Objectivity and Indepence is a

hot topic. Read and memorize the tips well.
- Is it okay for an auditor to audit a function if he
was responsible for that function 6 months ago?
No, She/He will have to wait for 12 months
before auditing the function.
- CAE is responsible for the Compliance function.
Can he oversee the audit of Compliance function?
No, hire a 3rd party.
- Audit provided consulting servies for
Compliance function. Can IA audit Compliance
function? Yes, but make sure the objectivity is not
impacted and select auditor for the assurance
that were not part of the consulting engagement.
- Can Audit provide consulting service for which
they previously provided assurance service? Yes,
but any impairement to independence or
objectivity must be disclosed to engagement
client.
 Topic
C. Assess and maintain an individual internal auditor’s objectivity, including determining whether an individual internal aud
Level: Basic
Note: Quite important Unit. Expect questions from this module.
Strongly recommend you to review the model IA Charter provided by IIA (attached in the 'Support for Foundation of IA' tab, it

Source: IIA Standards, Implementation Guide, Supplemental Guide, Glossary and IIA website. Impairement is discussed in secti
Objectivity
(Very Important)

CAE Responsibilities for Objectivity

 Details
an individual internal auditor’s objectivity, including determining whether an individual internal auditor has any impairments to his/her

Unit. Expect questions from this module.

u to review the model IA Charter provided by IIA (attached in the 'Support for Foundation of IA' tab, item#6).

mplementation Guide, Supplemental Guide, Glossary and IIA website. Impairement is discussed in section B.
Objectivity is an unbiased mental attitude that allows internal auditors to perform engagements in such
a manner that they believe in their work product and that no quality compromises are made.

Internal auditors must have an impartial, unbiased attitude and avoid any conflict of interest.

To manage internal audit objectivity effectively, many CAEs have an internal audit policy manual or
handbook that describes the expectation and requirements for an unbiased mindset for every internal
auditor. Such a policy manual may describe:
- The critical importance of objectivity to the internal audit profession.
- Typical situations that could undermine objectivity, such as auditing in an area where an internal
auditor recently worked; auditing a family member or a close friend; or assuming, without evidence,
that an area under audit is acceptable based solely on prior positive experiences.
- Actions the internal auditor should take if he or she becomes aware of a current or potential
objectivity concern, such as discussing the concern with an internal audit manager or the
CAE.
- Reporting requirements, where each internal auditor periodically considers and discloses conflicts of
interest. Often, policies require internal auditors to indicate that they understand the conflict of interest
policy and to disclose potential conflicts. Internal auditors sign annual statements indicating that no
potential threats exist or acknowledging any known potential threats.
 Tip for Passing
has any impairments to his/her objectivity.

#6).

B.
- Focused on Internal Auditors.
- Conflict of interest is a situation in which an internal auditor, who is in a
position of trust, has a competing professional or personal interest. Such
competing interests can make it difficult to fulfill his or her duties
impartially.
- A conflict of interest exists even if no unethical or improper act results.
- A conflict of interest can create an appearance of impropriety that can
undermine confidence in the internal auditor, the internal audit activity, and
the profession.
- A conflict of interest could impair an individual's ability to perform his or
her duties and responsibilities objectively.
 Potential Questions

- Can an auditor assume the responsibility as a

board member of a competing firm? No, the
information gained as a board member could
induce conflict of interest.
- Can an auditor act as a speaker or teach in a
school/university? Yes, but do not share
confidential information.
Can an auditor receive a gift from a client or
potential client (specific cases: before, during or
after the engagement)? No, unless it is of a
nominal vlaue like a pen. If the gift is of medium
or high value, it may create conflic tof interest.
Do not accept tickets for a game/dinner(alone
paid by the client). You may go for dinner with a
client (client should be present - it is called
networking). Use your judgement based on
ethical principles.
 Topic
D. Analyze policies that promote objectivity.
Level: Proficient
Note: None.
Source: IIA Standards, Implementation Guide, Supplemental Guide, Glossary and IIA website.
Internal Audit Policy Manual

Other Documents
 Details
hat promote objectivity.

s, Implementation Guide, Supplemental Guide, Glossary and IIA website.

Documentation that may demonstrate conformance with the standard includes the internal policy
manual, which contains performance evaluation and compensation processes as well as clear
policies on objectivity and avoiding and reporting conflicts of interest. Training records or materials
may demonstrate that internal auditors have been made aware of the importance of objectivity, the
nature of threats to objectivity, and examples of conflicts of interest.

Multiple documents may demonstrate conformance with the standard, including an internal audit
policy manual that includes policies on independence, objectivity, addressing conflicts, and the
nature of impairments, and how to communicate them. Other documentation may include board
meeting minutes, if impairments to independence or objectivity were discussed; memos to file; or
reports that contain such disclosures.
 Tip for Passing

- Focus on Internal Audit Policy/Manual and elements it should contain

specifically related to objectivity and conflict of interest.
- Training record are key in demonstrating awarness around objectivity and
conflict of interest.
Potential Questions
1 Dual Lines of Reporting
Functionl Reporting
- Approving the intern
Board/Audit - Approving the risk-b
Committee (Functional - Approving the intern
Reporting) - Receiving communic
- Approving decisions
Chief Audit Executive - Approving the remu
- Making appropriate
CEO (Administrative - The chief audit exec
Reporting) Administrative Reporting
- Budgeting and man
- Human resource ad
- Internal communic
- Administration of t

2 IPPF Standards
IPPF-Standards-2
017.pdf

3 IPPF Implementation Guide

2019-Implementa
tion-Guides-ALL.pdf
 - Approving the internal audit charter.
- Approving the risk-based internal audit plan.
- Approving the internal audit budget and resource plan.
- Receiving communications from the CAE on the internal audit activity’s performance relative to its plan and other matters.
- Approving decisions regarding the appointment and removal of the CAE.
- Approving the remuneration of CAE.
- Making appropriate inquiries of management and the CAE to determine whether there are inappropriate scope or resource limitations
- The chief audit executive must communicate and interact directly with The board.
ative Reporting
- Budgeting and management accounting.
- Human resource administration.
- Internal communications and information flows.
- Administration of the organization's internal policies and procedures (expense approvals, leave approvals, floor space, etc.).
and other matters.

e scope or resource limitations.

als, floor space, etc.).