The Institute of Internal Auditors (IIA) is an organization which advocates, provides educational conferences, and develops standards, guidance, and certifications for the

internal audit Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to ...

profession.

History

Established in 1941, the IIA today serves more than 200,000 members from more than 170 countries and territories. IIA's global headquarters are in Lake Mary, FL, United States.

Anthony Pugliese Anthony V. Pugliese III is an American real estate developer and pop culture collector. He is the chairman and founder of The Pugliese Company, a real estate and business development company. The Pugliese Company is known best for its proposed d ...

is the President and CEO. Pugliese succeeded Richard Chambers, in 2021. Previously, Pugliese was President and CEO of CalCPA.

Professional certification

The Certified Internal Auditor (CIA) is the primary professional designation offered by The IIA. The CIA designation is a globally recognized certification for internal auditors and is a standard by which individuals may demonstrate their competency and professionalism in the internal audit field. In order to become a certified internal auditor, candidates must possess a four-year degree from an accredited institution as well as pass all three parts of the CIA exam. Earning the CIA certification is intended to demonstrate a professional knowledge of the internal audit profession. CIAs are required to take continuing education courses. Internal Auditors who take and pass the CIA Part One exam can earn the designation of Internal Audit Practitioner. In 2019, the IIA announced it would be changing the Internal Audit Practitioner program. The program changes include a new exam and waiving of the educational requirement for active Internal Audit Practitioner designation holders applying for the CIA program. The changes go into effect in 2020.

Other certifications

In 2019, the IIA announced plans to change its Certification in Risk Management Assurance (CRMA) program. The CRMA changes go into effect in October 2020, and will include a new exam and updated prerequisites and experience requirements. * Certification in Risk Management Assurance (CRMA) * Qualification in Internal Audit Leadership (QIAL) * Internal Audit Practitioner (IAP) * Certification in Control Self Assessment (CCSA) * Certified Government Auditing Professional (CGAP), for

Government performance auditing Government performance auditing focuses on improving how governments provide programs and services. While there is no one universally agreed upon definition, there are key definitions which capture the scope of government performance auditing. A ...

and Government Auditors * Certified Financial Services Auditor (CFSA) As of December 31, 2018, the CCSA, CFSA, and CGAP are no longer accepting new applications, and the three designations will be re-positioned into assessment-based certifications in the future. Below demonstrates the Number of CIA Holders by Region as of December 31, 2021.

Professional standards

The IIA has two levels of professional guidance: (1) Mandatory Guidance (including the Standards) and (2) Strongly Recommended Guidance. The two levels of guidance constitute the IIA's International Professional Practices Framework (IPPF).

Mandatory guidance

The definition of internal auditing and the code of ethics and the Standards are mandatory for IIA members and

organizations claiming to complete audits to IIA

technical standard A technical standard is an established norm or requirement for a repeatable technical task which is applied to a common and repeated use of rules, conditions, guidelines or characteristics for products or related processes and production methods, ...

s around the world. The guidelines and recommendations are recorded in what is referred to as the "Red Book." * The definition: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. * The four principles of the IIA's Code of Ethics are

integrity Integrity is the practice of being honest and showing a consistent and uncompromising adherence to strong moral and ethical principles and values. In ethics, integrity is regarded as the honesty and truthfulness or accuracy of one's actions. In ...

, objectivity,

confidentiality Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access or places restrictions on certain types of information. Legal confidentiality By law, lawyers are often required ...

and competency. * The international standards for the professional practice of internal auditing:

Strongly Recommended Guidance

Position papers, practice advisories, and practice guides are Strongly Recommended Guidance that help define and explain the IIA standards. Additional sources of guidance include a variety of materials that are developed and/or endorsed by the IIA, including research studies, books,

seminar A seminar is a form of academic instruction, either at an academic institution or offered by a commercial or professional organization. It has the function of bringing together small groups for recurring meetings, focusing each time on some parti ...

s, conferences, and other products and services related to the professional practice of internal auditing.

Practice guides

As practice guides, 8 PGs, 15 GTAG (Global Technology Audit Guide), and 3 GAITs (Guide to the Assessment of IT Risk) have been issued in 2009 and 2010. GTAGs are written in straightforward business language to address a timely issue related to

information technology Information technology (IT) is the use of computers to create, process, store, retrieve, and exchange all kinds of Data (computing), data . and information. IT forms part of information and communications technology (ICT). An information te ...

(IT)

management Management (or managing) is the administration of an organization, whether it is a business, a nonprofit organization, or a Government agency, government body. It is the art and science of managing resources of the business. Management includ ...

control Control may refer to: Basic meanings Economics and business * Control (management), an element of management * Control, an element of management accounting * Comptroller (or controller), a senior financial officer in an organization * Controllin ...

, and

security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...

. To date, the IIA has released GTAGs on the following topics: :*GTAG 1:

Information Technology Information technology (IT) is the use of computers to create, process, store, retrieve, and exchange all kinds of Data (computing), data . and information. IT forms part of information and communications technology (ICT). An information te ...

Controls :*GTAG 2: Change and Patch Management Controls: Critical for Organizational Success :*GTAG 3:

Continuous Auditing Continuous auditing is an automatic method used to perform auditing activities, such as control and risk assessments, on a more frequent basis. Technology plays a key role in continuous audit activities by helping to automate the identification of ...

: Implications for Assurance,

Monitoring Monitoring may refer to: Science and technology Biology and healthcare * Monitoring (medicine), the observation of a disease, condition or one or several medical parameters over time * Baby monitoring * Biomonitoring, of toxic chemical compounds, ...

, and

Risk Assessment Broadly speaking, a risk assessment is the combined effort of: # identifying and analyzing potential (future) events that may negatively impact individuals, assets, and/or the environment (i.e. hazard analysis); and # making judgments "on the ...

:*GTAG 4: Management of

IT Audit An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure and business applications. The evaluation of evidence obtained determines if the inform ...

ing :*GTAG 5: Managing and Auditing Privacy

Risk In simple terms, risk is the possibility of something bad happening. Risk involves uncertainty about the effects/implications of an activity with respect to something that humans value (such as health, well-being, wealth, property or the environm ...

s :*GTAG 6: Managing and Auditing IT Vulnerabilities :*GTAG 7: Information Technology Outsourcing :*GTAG 8: Auditing Application Controls :*GTAG 9: Identity and Access Management :*GTAG 10:

Business Continuity Business continuity may be defined as "the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident", and business continuity planning (or business continuity a ...

Management (BCM) :*GTAG-11: Developing the IT Audit Plan :*GTAG-12: Auditing IT Projects (Mar. 2009) :*GTAG-13: Fraud Prevention and Detection in an Automated World (December 2009) :*GTAG-14: Auditing User-developed Applications (June 2010) :*GTAG-15: Information Security Governance (June 2010) :*GTAG-16: Data Analysis Technology (August 2011) :*GTAG-17: Auditing IT Governance (July 2012) :*Auditing Smart Devices: An Internal Auditor’s Guide to Understanding and Auditing Smart Devices (August 2016) :*Assessing Cybersecurity Risk: Roles of the Three Lines of Defense (September 2016) :*Understanding and Auditing Big Data (May 2017) :*Auditing Insider Threat Programs (August 2018) The IIA offers 31 General practice guides, 4 Financial Services guides, 4 Public Sector guides, 18 Global Technology Audit Guides (GTAG), 3 Guides to the Assessment of IT Risk (GAIT), and 2 guides for supplemental guidance.

Other initiatives

Internal Audit Foundation

The Internal Audit Foundation is a not-for profit organization that promotes and advances the value of the internal audit profession globally. It supports research, grants and awards, and promotes internal auditing study at post-secondary institutions worldwide. The 2020 Annual Report of the Foundation included white papers on auditing during the

COVID Coronavirus disease 2019 (COVID-19) is a contagious disease caused by a virus, the severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2). The first known case was identified in Wuhan, China, in December 2019. The disease quickly ...

pandemic.

American corporate governance index

In December 2019, the IIA announced the results from its inaugural American Corporate Governance Index (ACGI). The ACGI is a joint project of the IIA and the Neel Corporate Governance Center at the University of Tennessee, and grades companies on eight Guiding Principles of Corporate Governance. The principles were compiled from guidance and principles from organizations like the

Business Roundtable The Business Roundtable (BRT) is a nonprofit lobbyist association based in Washington, D.C. whose members are chief executive officers of major United States companies. Unlike the U.S. Chamber of Commerce, whose members are entire businesses, BR ...

, National Association of Corporate Directors, and New York Stock Exchange. Scores were based on the survey responses of 128 chief audit executives. The criteria included: board performance, external disclosures, companywide communication, corporate culture, and long-term strategies. The first report graded U.S. publicly listed companies overall with a C+.

References

External links

The Institute of Internal Auditors (IIA)
- and The IIA'
Code of EthicsInternal Audit FoundationNew York State Internal Control AssociationEssays on Common Sense Management regarding Internal ControlInternal Audit Training Courses across EMEAThe Chartered Institute of Internal Auditors
{{Authority control Internal audit Professional accounting bodies Auditing in the United States Organizations established in 1941 1941 establishments in the United States