GAO Studies Audit Firm
IIA Standards Revised
Structure Approved ...
IT Security Costs Soar ...
New Guidance for
FOLLOWING AN EXPOSURE During the exposure
draft issued last year, The process, The IIA received
IIA’s Internal Auditing Stan- many comments regarding the
dards Board (IASB) signifi- applicability of the Standards
cantly revised its International to government auditors and to
Standards for the Professional those who may be impacted
Practice of Internal Auditing by legal or regulatory issues.
(Standards). Incorporating The IASB has changed the
numerous comments on issues introduction to clarify this
received through the exposure position: “If internal auditors
process, the board approved are prohibited by laws or reg-the Standards for January 2004 ulations from complying with
implementation. certain parts of the Standards,
The revisions are intended they should comply with all
to recognize that internal other parts of the Standards
audit activities are performed and make appropriate disclo-in diverse legal and cultural sures.” Assurance and consult-environments; within organi- ing services are also further
zations that vary in purpose, defined in the introduction to
size, complexity, and struc- offer an understanding of
ture; and by persons within or these distinctive activities.
outside the organization. Key provisions introduced in
Although many of the the Standards include require-changes are expected to clar- ments that internal auditors:
ify some long-standing issues, ‡Have knowledge of key
the Standards are intended to information technology
be broad enough in scope and risks, controls, and available
definition for global applica- technology-based audit
tion. This includes a basic techniques to perform their
assumption that chief audit assigned work.
executives (CAEs) and inter- ‡Consider the use of
nal auditors will exercise computer-assisted audit
good judgment in applying tools and other data
concepts such as references to analysis techniques.
appropriate parties, acceptable ‡Include periodic internal
level, and as appropriate. and external quality assess-
One of the most promi- ments and ongoing internal
nent revisions is the overall monitoring as part of their
inclusion of the word should quality assurance and
in many of the individual improvement program.
standards. This change signi- ‡Provide final communication
fies a mandatory obligation of engagement results and,
for compliance. (continues on page 18)
FEBRUARY 2004 INTERNAL AUDITOR