Standards on Internal Audit (SIA) 2

SIA 2: Basic Principles Governing Internal Audit

The Standard on Internal Audit (SIA) 2, states the basic principles governing Internal Audit. It helps an Internal Auditor to perform the audit with ease and as per the laid guidelines.  The principles of Internal Audit can be understood based on the following areas that provide more clarity about the same. These key areas are-

  • Integrity, Objectivity and Independence of Internal Audit
  • Maintaining Confidentiality
  • Due Professional Care, Skills and Competence
  • Work performed by others
  • Documentation
  • Planning
  • Evidence
  • Risk Management and Internal Control System
  • Reporting

Principles of Internal Audit

To understand the basic governing principles of Internal Audit, one needs to acquire knowledge about the above-mentioned points. These key points have been discussed in detail in the section below-

  • Integrity, Objectivity and Independence:

The auditor has to be very sincere and honest in the approaches towards his profession and work. It is their responsibility to maintain an attitude that is impartial and practical. They must be very straightforward and clear while communicating any important issue to the company. It is their duty to bring the attention of the appropriate management level as well as departments at once, on the apparent or actual conflict of interests. The auditors are independent working person and must work without the interference or pressure from the management.

  • Confidentiality:

While his or her course of action, the auditor is required to maintain the secrecy and confidentiality of the acquired and collected information, data and records. This is one of the important principles of Internal Audit that governs the process and also acts as a safeguard for the entities security of information.

  • Due Professional Care, Skills and Competence:

Another important governing principle of Internal Audit for the auditor is take due professional care while performing the audit, possessing the necessary skills and be competent with the latest and advanced tools and techniques. He or she must apply the due professional care-

  • While assessing the risk management in the company or unit or department.
  • While deciding the required extent of work to achieve the set goals and objectives related to engagement.
  • While analyzing the cost benefits.
  • While checking the control measures and governance procedures.

Also, it is the auditor’s responsibility to obtain and enhance their skills through studying formal courses, general education, and any technical knowledge. They must possess the required core competencies of today’s internal auditors.

  • Work Performed by Others:

The governing principles of Internal Audit provide with the points related to the work performed by others in the company. These points are as follows-

  • Directing and supervising the delegated work provided to the assistants.
  • Reviewing the work of the work of the assistants.
  • There must be no reasons for believing that the assistants have not relied on the experts and their work for completing assigned duties.
  • Documentation:

Documentation is very important as they provide and act as evidence that the audit was performed in accordance with the prescribed Standards on Internal Audit.

  • Planning:

The planning point in the principles of Internal Audit involves the following-

  • To obtain the required knowledge about the accounting and internal control system of the organization.
  • To determine the efficiency and effectiveness of the internal control processes.
  • For each activity, a time budget has to be set.
  • To identify all the activities that warrant for special focus.
  • Benchmarking the actual results derived from the activities.
  • To identify the reporting responsibilities.
  • To obtain basic knowledge about the legal and regulatory framework of the company.
  • Evidence:

To draw conclusions from the performed audit that are practical and reasonable, supporting and appropriate evidences are to be collected.

  • Risk Management and Internal Control Systems:

The auditor is required to check and ensure the following activities while auditing the risk management and internal control system of the company-

  • Obtaining basic understanding of the framework of the internal control and risk management procedures.
  • Performing necessary steps and processes to assess the adequacy of the same.
  • Reviewing the adequacy of the framework in the company.
  • On the basis of the process of risk assessment, performing a risk-based internal audit.
  • Reporting:

Reporting is an integral part of the basic governing principles of internal audit. It is an activity in which the auditor, suggest and recommends remedial and immediate actions after thoroughly assessing and reviewing the conclusions drawn from the collected evidences.

Author: Anil Agrawal
EZYBIZ India Consulting LLP, New Delhi. The firm is business and tax consultancy firm providing consultancy in Taxation, Regulatory, Transfer pricing, Valuation, Corporate funding and Business set up matters. He may be reached at 9899217778 or