Annex 1.
.Standard 1300 – Quality Assurance and Improvement Program
The chief audit executive must develop and maintain a quality assurance and improvement program
that covers all aspects of the internal audit activity.
Interpretation:
A quality assurance and improvement program is designed to enable an evaluation of the internal
audit activity’s conformance with the Definition of Internal Auditing and the Standards and an
evaluation of whether internal auditors apply the Code of Ethics. The program also assesses the
efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement.
Background
Quality Assurance and Improvement Program (QAIP) of the Internal Audit Function (IA) within the
Internal Oversight Division (IOD) is designed to provide reasonable assurance to the various
stakeholders i of the Internal Audit activity that Internal Audit:
1. Performs its work in accordance with the Internal Oversight Charter (IOC) and The Institute of
Internal Auditors International Standards for the Professional Practice of Internal Auditing (The IIA
Standards), the Definition of Internal Auditing, and the Code of Ethics;
2. Operates in an effective and efficient manner; and
3. Is perceived by stakeholders as adding value and improving Internal Audit’s operations. In this
regard, a list of the features that are included in this QAIP are:
• Monitoring of functioning of the Internal Audit function to ensure it operates in an effective and
efficient manner.
• Compliance with the Internal Oversight Charter and the IIA Standards, the Definition of Internal
Auditing, and the Code of Ethics.
• Contributing to improvements in organizational operations.
• Ongoing internal assessments of audit assignments the results of which are discussed within IOD
to further improve the audit processes.
• Periodic self-assessments, the results of which are communicated to the Director General and
the Independent Advisory Oversight Committee (IAOC).
• An external assessment at least every five years, the results of which are communicated to the
Director General, the IAOC and Member States.
The Director, of Internal Oversight Division (IOD) is ultimately responsible for the QAIP, which covers all
types of Internal Audit activities, including advisory services.
� Annex 1.4
INTERNAL ASSESSMENTS
A. Ongoing Internal Assessments – Ongoing internal assessments are conducted throughout the audit
cycle as part of regular day-to-day activities of internal audit function. The main components of
ongoing internal assessments in a summarized manner:
• Supervision of audit engagements from planning to reporting;
• Feedback from customer surveys on individual engagements; and
• Analyses of performance metrics established to improve Internal Audit activity effectiveness
and efficiency;
These assessments ensure audit policies and procedures are in compliance with applicable planning,
fieldwork, and reporting standards.
B. Periodic Internal Self Assessments – Periodic internal assessments are designed to assess
conformance with Internal Oversight Charter, the IIA Standards, the Definition of Internal Auditing,
the Code of Ethics, and the efficiency and effectiveness of internal audit in meeting the needs of its
various stakeholders. Periodic assessments will be conducted through:
• Annual self-assessment of conformance with the IIA Standards;
• Vertical and horizontal reviews of completed projects to support evaluation of conformance
with the Standards and the Internal Audit methodology as well as efficiency and
effectiveness of the underlying processes. A vertical review provides an evaluation of
conformance with theStandardsand examines a specific project from a top-down approach
(e.g., an assessment of individual audit steps performed for a specific project work plan,
e.g., planning steps, fieldwork steps and reporting steps). A horizontal review allows for an
evaluation across all project engagements (e.g., use of the risk assessment matrix,
supervisory review and approval process, or consistency in applying report ratings) from an
efficiency and effectiveness perspective;
• Client Satisfaction Surveys just after the engagement and one year after;
• Periodic activity reporting to the Director General and the IAOC; and
• Review of the internal audit performance metrics and benchmarking of best practices
EXTERNAL ASSESSMENTS
� Annex 1.4
A. General Considerations – External assessments will appraise and express an opinion about Internal
Audit’s conformance with the IIA Standards, the Definition of Internal Auditing, and the Code of
Ethics and will include recommendations for continuous improvement as appropriate.
B. Timing – An external assessment will be conducted at least every five years.
C. Scope of External Assessment – The external assessment will consist of a broad scope of coverage
that includes the following elements of the Internal Audit activity:
Integration of
Conformance with the Internal
the Standards, the Expectations Audit activity
The mix of
Definition of of Internal into the
knowledge, A
Internal Auditing, Audit as organization’s
experiences, determination
the Code of Ethics, expressed by governance Tools and
and whether
and Internal Member process, techniques
disciplines Internal Audit
Audit’s Charter, States, IAOC, including the used by
within the adds value and
plans, policies, WIPO Senior audit Internal
staff, including improves the
procedures, Management, relationship Audit
staff focus on organization’s
practices, and any and between and
process operations
legislative and operational among the
improvement
regulatory managers key groups
requirements involved in
the process
D. Considerations – The qualifications and considerations of external reviewers as noted in Standard
1312 will be considered when contracting with an outside party to conduct the review. Specifically,
a qualified reviewer or review team demonstrates competence in two areas: the professional
practice of internal auditing and the external assessment process. Competence can be
demonstrated through a mixture of experience and theoretical learning. Experience gained in
organizations of similar size, complexity, sector or industry, and technical issues is more valuable
than less relevant experience. In the case of a review team, not all members of the team need to
have all the competencies; it is the team as a whole that is qualified. The Director, IOD will use
professional judgment when assessing whether a reviewer or review team demonstrates sufficient
competence to be qualified.
E. Type of Review –a full scope review or a self-assessment with independent validation are allowed as
options. The form of the review is discussed with the IAOC beforehand.
REPORTING ON THE QUALITY ASSURANCE AND IMPROVEMENT PROGRAM
• Internal Assessments – Results of Periodic internal assessments will be reported to the IAOC
and to the DG.
� Annex 1.4
• External Assessments – Results of external assessments will be provided to the Director
General, the IAOC and the Member States upon completion of the external assessment. The
external assessment will be accompanied by a written action plan in response to significant
comments and recommendations contained in the report
• Follow-Up – The Director of IOD will implement appropriate follow-up actions to ensure that
recommendations made in the report and action plans developed are implemented in a
reasonable timeframe
USE OF “CONFORMS WITH THE INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF
INTERNAL AUDITING”
The Director, IOD may use the term “Conforms with the International Standards for the Professional
Practice of Internal Auditing” when the results of the QAIP support this statement. The external audit
assessment must have been conducted and the conclusion drawn that Internal Audit is operating
generally in conformance with the Standards.
DISCLOSURE OF NON-CONFORMANCE
When non-conformance with Definition of Internal Auditing, the Code of Ethics, or the Standards
impacts the overall scope or operation of the Internal Audit activity, the Director of IOD shall disclose
Reporting on
the non-conformance and the impact to theQuality
Director General and the IAOC and.
Assurance
ADMINISTRATIVE MATTERS
The Quality Assurance and Improvement Program will be updated, at least every three years or earlier,
for changes in the Internal Oversight Charter, The IIA Standards or Internal Audit’s operating
environment.
iThe main stakeholders include the Director General, WIPO Managers, IAOC, Member States, External Auditor and
public at large.
