Escolar Documentos
Profissional Documentos
Cultura Documentos
Mike Noto Director of Internal Audit Fidelity Investments 200 Seaport Blvd. Boston, MA 02210 Dear Mike, I am writing to request your review and distribution of a reference document I created which helps clearly present the 2013 revisions to the Standards developed by the Institute of Internal Auditors. Each year, the IIA releases a revised version of the International Standards for the Professional Practice of Internal Auditing. These updates aim to incorporate feedback from shareholders and board members of the IIA, in an effort to keep the framework specific, relevant, and up to date. The reference document I have included in this email was developed in an attempt to alleviate the need for employees to study the revised document themselves. Instead, this brochure highlights the revisions in a way that is easy to follow and understand. I worked at Fidelity Investments as a co-op student for six months from January to June 2012, and learned a great deal about the importance of the audit standards and what they mean for the audit team. While it was a daunting task to ensure each of our reviews followed the IIA framework, I know it is necessary to comply with the regulations. I have taken it upon myself to read through the revisions in depth and put together this brochure for the benefit of your employees. It is my hope that you will take the time to review this document yourself and then pass it along to the other team members in a team meeting, encouraging them to reference it on future reviews this year. The document is attached to this email, giving you the option to print out copies or simply forward the email to the rest of the team, at your discretion. Please do not hesitate to reach out to me via email or phone should you have any questions or concerns. I appreciate your time and this opportunity, and look forward to hearing your feedback. Sincerely yours, Michael Evanoff Northeastern University 813-777-0856 evanoff.m@husky.neu.edu
INTERNAL ASSESSMENTS
Whats New? The IIA has modified one of the bullets of Standard 1311: Periodic self-assessments or assessments by other persons within the organization with sufficient knowledge of internal audit practices
EXTERNAL ASSESSMENTS
Whats New? The IIA has modified phrasing in Standard 1312: The words reviewer and review have been replaced with assessor and assessment respectively.
RISK MANAGEMENT
Whats New? The IIA has modified Standard 2120.A1 to include an additional bullet: Achievement of the organizations strategic objectives 2013 REVISIONS TO THE IIA STANDARDS PAGE 1
CONTROL
Whats New? The IIA has modified Standard 2130.A1 to include an additional bullet: Achievement of the organizations strategic objectives
PLANNING CONSIDERATIONS
Whats New? The IIA has modified one of the bullets of Standard 2201: The adequacy and effectiveness of the activitys governance, risk management, and control processes compared to a relevant framework or model; and The opportunities for making significant improvements to the activitys governance, risk management, and control processes
ENGAGEMENT OBJECTIVES
Whats New? The IIA has modified the phrasing of Standard 2210.A3: Adequate criteria are needed to evaluate governance, risk management, and controls. Internal auditors must ascertain the extent to which management and/or the board has established adequate criteria to determine whether objectives and goals have been accomplished. If adequate, internal auditors must use such criteria in their evaluation. If inadequate, internal auditors must work with management and/or the board to develop appropriate evaluation criteria.
DISSEMINATING RESULTS
Whats New? The IIA has modified the interpretation of Standard 2440 to include the following: The chief audit executive is responsible for reviewing and approving the final engagement communication before issuance and for deciding to whom and how it will be disseminated. When the chief audit executive delegates these duties, he or she retains overall responsibility.
Whats New? The IIA has modified the phrasing of Standard 2600 to include the following: When the chief audit executive concludes that management has accepted a level of risk that may be unacceptable to the organization, the chief audit executive must discuss the matter with senior management. If the chief audit executive determines that the matter has not been resolved, the chief audit executive must communicate the matter to the board for resolution. The IIA has added an interpretation portion of Standard 2600: The identification of risk accepted by management may be observed through an assurance or consulting engagement, monitoring progress on actions taken by management as a result of prior engagements, or other means. It is not the responsibility of the chief audit executive to resolve the risk.
Prepared by: Michael Evanoff Information Technology Audit Intern Fidelity Investments - Internal Audit Department October 7, 2013 michael.evanoff@fmr.com
PAGE 2