FRAMEWORK GOVERNING
INTERNAL AUDITS
Contents
Paragraph(s)
Introduction and Scope ............................................................................. 1
Objectives ................................................................................................ 2
Definition of Internal Audit ......................... .............................................. 3
The Framework ......................................................................................... 4
Code of Ethics .......................................................................................... 5
Components of the Framework .................................................................. 6
Effective Date ........................................................................................... 7
Framework for Standards on Internal Audit was, originally, issued by
the Board in August 2007, which was recommendatory in nature. The
revised Framework Governing Internal Audits shall become mandatory
from such date as notified by the Council.
Issued in November, 2018.
1. Introduction and Scope
1.1. The Framework Governing Internal Audits lays down the underlying
principles and boundaries for the internal audit function and activity.
It provides clarity on key components governing internal audits to
ensure standardisation and quality in discharge of Internal Auditors '
responsibilities.
1.2. Scope: The framework covers all aspects of internal audits, from the
overall management of the internal audit function to the performance
of specific internal audit assignments.
2. Objectives
2.1. The main objectives of a framework are to:
(i) Provide clarity on key components that govern internal audits;
(ii) Outline the manner in which these components are inter-
related; and
(iii) Specify how these are essential to the conduct of quality
internal audits.
3. Definition of Internal Audit
3.1. Internal Audit is defined as follows:
Internal audit provides independent assurance on the effectiveness
of internal controls and risk management processes to enhance
governance and achieve organisational objectives.
3.2. Brief explanation of the key terms used above is as follows:
(i) Independence: Internal audit shall be an independent
function, achieved through the position, organization structure
and reporting of the internal auditor.
At times, in addition to providing assurance, the internal
auditor may adopt an advisory role to help an organization
achieve its objectives, provided this does not compromise the
independence of the internal auditor.
(ii) Internal controls and risk management are integral parts of
management function and business operations. An internal
auditor is expected to evaluate the design and operating
effectiveness of internal controls and risk management
Framework Governing Internal Audits
processes (including reporting processes) as designed and
implemented by the management.
(iii) Governance is a set of relationships between the company
and its various stakeholders and provides the structure
through which the company's objectives are achieved. It
includes compliance with internal policies and procedures and
laws and regulation.
(iv) Organizational objectives incorporate the interests of all
stakeholders and include the short and medium term goals
that an organisation seeks to accomplish.
3.3. This definition forms the underlying foundation of all the Standards
on Internal Audit (SIAs) issued by the Board. Internal audit activities
shall be conducted in line with the Definition of Internal Audit.
4. The Framework
4.1. The Framework Governing Internal Audits comprises of "Definition of
Internal Audit" (as covered above), four components and the most
important underlying principle "Code of Ethics". Each component is
inherent to the whole process of internal audit and implicitly forms
part of the Standards on Internal Audit, even though they may not be
mentioned explicitly in the Standards. Hence, as explained in the
Preface, they all are mandatory in nature, except the Guidance
which is recommendatory.
4.2. The four components (forming the pillars) of the framework are:
(i) Basic Principles of Internal Audit
(ii) Key Concepts
(iii) Standards on Internal Audit (SIAs)
(iv) Guidance.
2
Framework
A pictorial depiction of the Framework Governing Internal Audit is as
follows:
5. Code of Ethics
5.1. Every Internal Auditor is bound by a written Code of Ethics, issued
by an organisation and/or the professional institution of which he is a
member. This commits the Internal Auditor to ethical Standards
applied with utmost integrity and sincerity.
5.2. A member of the Institute of Chartered Accountants of India,
carrying out an internal audit activity, is, additionally, governed by:
(a) the requirements of the Chartered Accountants Act, 1949
(b) the Code of Ethics issued by the Institute of Chartered
Accountants of India
(c) other relevant pronouncements of the Institute of Chartered
Accountants of India.
3
Framework Governing Internal Audits
6. Components of the Framework
6.1 Basic Principles of Internal Audit1
The Basic Principles of Internal Audit are a set of core principles
fundamental to the function and activity of internal audit. The Basic
Principles are critical to achieve the desired objectives as set out in
the Definition of the Internal Audit, and therefore, apply to all internal
audits.
The principles can be summarised as follows:
1. Independence
2. Integrity and Objectivity
3. Due Professional Care
4. Confidentiality
5. Skills and Competence
6. Risk Based Audit
7. Systems and Process Focus
8. Participation in Decision Making
9. Sensitive to Multiple Stakeholder Interests
10. Quality and Continuous Improvement.
6.2 Key Concepts2
There are certain concepts which form integral part of the internal
audit activity and, therefore, apply to most internal audits. In fact,
some of the concepts are ingrained in the Definition of Internal Audit.
The key concepts are in the nature of:
Internal Controls
Risk Management
Governance Processes
Refer Para. 3 of Basic Principles of Internal Audit issued by the Board.
2 The details of Key Concepts are published as separate Standards (SIA, 100 series).
4
Framework
Compliance with Laws and Regulations
Nature of Assurance.
6.3 Standards on Internal Audit (SIAs)
The Standards on Internal Audit (SIAs) establish uniform evaluation
criteria, methods, processes and practices. The Standards are
pronouncements which form the basis for conducting all internal
audit activity. These pronouncements are designed to help the
internal auditor to discharge his responsibilities.
6.4 Guidance
These are a set of guidelines, which include Guidance Notes,
Implementation Guides and Technical Guides. These guidelines are
important for implementation of the SIAs and provide clarification for
their applicability under particular circumstances.
7. Effective Date
7.1 This Framework Governing Internal Audits is applicable for all
internal audits beginning on or after a date to be notified by the
Council of the Institute.
5
