When the IPPF exposure draft was released during 2014, I wrote a post “IPPF Proposed Changes: A Real Change or A Cosmetic One?” wondering if the changes will add real value. Now, that we have seen the changes, it is time to voice your opinion!
For those of you who have not had the chance to read the changes, here are the newly introduced topics:
“To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.”
· Demonstrates integrity.
· Demonstrates competence and due professional care.
· Is objective and free from undue influence (independent).
· Aligns with the strategies, objectives, and risks of the organization.
· Is appropriately positioned and adequately resourced.
· Demonstrates quality and continuous improvement.
· Communicates effectively.
· Provides risk-based assurance.
· Is insightful, proactive, and future-focused.
· Promotes organizational improvement.
I really have no problem with any of the above; I think it added more clarity to the standards! I am only concerned that there was no explicit mention of courage anywhere in the changes, unless I have missed it somehow! It is my opinion that courage is the cornerstone of any effective and efficient internal audit activity. Without courage, the spirit of the mission statement and the core principles will not be achieved. I would have imagined that may be the outcome of recent and old corporate failures and scandals would be different, had there been courageous internal auditors reporting things as they are!
It is unproductive to ask internal auditors to be courageous without providing them with some sort of protection. I have wrote about this last April “CAE: Does Courage Lead to A Career Suicide?” I just wish that the IIA offers guidance on how to protect courageous internal auditors!