IPPF Framework 2017

The International Professional Practices Framework (IPPF)® is the conceptual framework that organizes
authoritative guidance promulgated by The Institute of Internal Auditors. A trustworthy, global, guidance-
setting body, The IIA provides internal audit professionals worldwide with authoritative guidance. The
IPPF includes Mandatory Guidance and Recommended Guidance.

Mandatory Guidance:

• Core Principles for the Professional Practice of Internal Auditing.

• Definition of Internal Auditing.
• Code of Ethics.
• International Standards for the Professional Practice of Internal Auditing (Standards).

Recommended Guidance:

• Implementation Guidance.
• Supplemental Guidance.

Note: New Framework is tested on all exams given after

July 1, 2017.

1
 IPPF Framework 2017
Mission of Internal Audit
The Mission of Internal Audit articulates what internal audit aspires to accomplish within an
organization. Its place in the New IPPF is deliberate, demonstrating how practitioners should leverage
the entire framework to facilitate their ability to achieve the Mission.

Mission: To enhance and protect organizational value by providing risk-based and objective assurance,
advice, and insight.

MANDATORY (CPDCS)
I. Core Principles for the Professional Practice of Internal Auditing

The Core Principles, taken as a whole, articulate internal audit effectiveness. For an internal audit
function to be considered effective, all Principles should be present and operating effectively. How an
internal auditor, as well as an internal audit activity, demonstrates achievement of the Core Principles
may be quite different from organization to organization, but failure to achieve any of the Principles
would imply that an internal audit activity was not as effective as it could be in achieving internal audit’s
mission (see Mission of Internal Audit).

• Demonstrates integrity.
• Demonstrates competence and due professional care.
• Is objective and free from undue influence (independent).
• Aligns with the strategies, objectives, and risks of the organization.
• Is appropriately positioned and adequately resourced.
• Demonstrates quality and continuous improvement.
• Communicates effectively.
• Provides risk-based assurance.
• Is insightful, proactive, and future-focused.
• Promotes organizational improvement.

II. The Definition of Internal Auditing states the fundamental purpose, nature, and scope of internal
auditing.

Internal auditing is an independent, objective assurance and consulting activity designed to add value
and improve an organization's operations. It helps an organization accomplish its objectives by bringing
a systematic, disciplined approach to evaluate and improve the effectiveness of risk management,
control, and governance processes.

III. Code of Ethics

The Code of Ethics states the principles and expectations governing the behavior of individuals and
organizations in the conduct of internal auditing. It describes the minimum requirements for conduct,
and behavioral expectations rather than specific activities.

Introduction to the Code of Ethics

2
 IPPF Framework 2017
The purpose of The Institute's Code of Ethics is to promote an ethical culture in the profession of
internal auditing.

Internal auditing is an independent, objective assurance and consulting activity designed to add value
and improve an organization's operations. It helps an organization accomplish its objectives by bringing
a systematic, disciplined approach to evaluate and improve the effectiveness of risk management,
control, and governance processes.

A code of ethics is necessary and appropriate for the profession of internal auditing, founded as it is on
the trust placed in its objective assurance about governance, risk management, and control.

The Institute's Code of Ethics extends beyond the Definition of Internal Auditing to include two essential
components:

1.Principles that are relevant to the profession and practice of internal auditing.

2.Rules of Conduct that describe behavior norms expected of internal auditors. These rules are an aid to
interpreting the Principles into practical applications and are intended to guide the ethical conduct of
internal auditors.

"Internal auditors" refers to Institute members, recipients of or candidates for IIA professional
certifications, and those who perform internal audit services within the Definition of Internal Auditing.

Applicability and Enforcement of the Code of Ethics

This Code of Ethics applies to both entities and individuals that perform internal audit services.

For IIA members and recipients of or candidates for IIA professional certifications, breaches of the Code
of Ethics will be evaluated and administered according to The Institute's Bylaws and Administrative
Directives. The fact that a particular conduct is not mentioned in the Rules of Conduct does not prevent
it from being unacceptable or discreditable, and therefore, the member, certification holder, or
candidate can be liable for disciplinary action.

Code of Ethics — Principles (IOCC)

Internal auditors are expected to apply and uphold the following principles:

1.Integrity - The integrity of internal auditors establishes trust and thus provides the basis for reliance
on their judgment.

2.Objectivity - Internal auditors exhibit the highest level of professional objectivity in gathering,
evaluating, and communicating information about the activity or process being examined. Internal
auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by
their own interests or by others in forming judgments.

3.Confidentiality - Internal auditors respect the value and ownership of information they receive and do
not disclose information without appropriate authority unless there is a legal or professional obligation
to do so.

4.Competency - Internal auditors apply the knowledge, skills, and experience needed in the
performance of internal audit services.

3
 IPPF Framework 2017
Rules of Conduct

1. Integrity

Internal auditors:

1.1. Shall perform their work with honesty, diligence, and responsibility.

1.2. Shall observe the law and make disclosures expected by the law and the profession.

1.3. Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the
profession of internal auditing or to the organization.

1.4. Shall respect and contribute to the legitimate and ethical objectives of the organization.

2. Objectivity

Internal auditors:

2.1. Shall not participate in any activity or relationship that may impair or be presumed to impair their
unbiased assessment. This participation includes those activities or relationships that may be in conflict
with the interests of the organization.

2.2. Shall not accept anything that may impair or be presumed to impair their professional judgment.

2.3. Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of
activities under review.

3. Confidentiality

Internal auditors:

3.1. Shall be prudent in the use and protection of information acquired in the course of their duties.

3.2. Shall not use information for any personal gain or in any manner that would be contrary to the law
or detrimental to the legitimate and ethical objectives of the organization.

4. Competency

Internal auditors:

4.1. Shall engage only in those services for which they have the necessary knowledge, skills, and
experience.

4.2. Shall perform internal audit services in accordance with the International Standards for the
Professional Practice of Internal Auditing (Standards).

4.3. Shall continually improve their proficiency and the effectiveness and quality of their services.

4
 IPPF Framework 2017
IV. International Standards for the Professional Practice of Internal Auditing (Standards)

• Standards are principle-focused and provide a framework for performing and promoting internal
auditing. The Standards are mandatory requirements consisting of:
• Statements of basic requirements for the professional practice of internal auditing and for
evaluating the effectiveness of its performance. The requirements are internationally applicable
at organizational and individual levels.
• Note: See the separate PDF File of the IPPF 2017 Standards.

5
 IPPF Framework 2017

RECOMMENDED GUIDANCE

Mandatory Guidance

Recommended Guidance

Recommended guidance is endorsed by The IIA through a formal approval process. It describes practices
for effective implementation of The IIA's Core Principles, Definition of Internal Auditing, Code of Ethics,
and Standards. The recommended elements of the IPPF are:

1. Implementation Guidance: Implementation Guides and Practice Advisories assist internal

auditors in applying the Standards. They collectively address internal auditing’s approach,
methodologies, and considerations, but do not detail processes or procedures

2. Supplemental Guidance:
• Includes Practice Guides provide detailed processes and procedures for internal audit
practitioners.
• Global Technology Audit Guide (GTAG)
• Guide to the Assessment of IT Risk

Note: While Position Papers are no longer an official part of the New IPPF, these documents are still
relevant and valid for practitioners and other interested parties.