What evidence should an internal audit function retain to show conformance with the IIA Standards?
Evidence depends on the requirement. Function-level evidence may include the approved charter, board minutes, annual plan, resource assessment, audit strategy, methodology manual, QAIP results, and performance reporting. Engagement-level evidence may include planning risk assessment, objectives and scope, criteria, approved work program, workpapers, review notes, final communication, and follow-up records.
The key is that evidence should be retained where the work naturally occurs. A quality reviewer should be able to trace a requirement to a policy, template, workpaper, approval, or QAIP test. A standalone statement that the department follows the standards is not enough.
Master Part 1 with our CIA Course
45 lessons · 90+ hours· Expert instruction
Related Questions
What should an auditor do if a supervisor weakens a supported finding?
How should auditors prepare for a technical exit meeting?
When should audit quality concerns be escalated beyond the engagement team?
How does business knowledge affect internal audit quality?
Where should an auditor begin a full-company internal control audit?
Related Articles
Join the Discussion
Ask questions and get expert answers.