The third edition of the Internal Auditing Handbook reflects the significant changes in the field of internal auditing over the last few years. Since the last edition, there have been many developments that impact the very heart of the audit role. There really are ‘new look’ internal auditors who carry the weight of a heightened expectation from society on their shoulders. Auditors no longer spend their time looking down at detailed working schedules in cramped offices before preparing a comprehensive report on low-level problems that they have found for junior operational managers. They now spend much more time presenting ‘big picture’ assurances to top executives after having considered high-level risks that need to be managed properly. Moreover, the internal auditor also works with and alongside busy managers to help them understand the task of identifying and managing risks to their operations. At the same time, the internal auditor has to retain a degree of independence so as to ensure the all-important professional scepticism that is essential to the audit role. The auditor’s report to the board via the Audit Committee must have a resilience and dependability that is unquestionable. These new themes have put the internal auditor at the forefront of business and public services as one cornerstone of corporate governance - and the new Internal Auditing Handbook has been updated to take this on board. The third edition of the Internal Auditing Handbook contains all the detailed material that formed the basis of the second edition and has been expanded in the following manner:

The original Internal Auditing Handbook focused on the practical aspects of performing the audit task. It contained basic material on managing, planning, performing and reporting the audit, recognizing the underlying need to get the job done well. The new edition has a different focus. Now, we first and foremost need to understand the audit context and how we fit into the wider corporate agenda. It is only after having done this that we can go on to address the response to changing expectations. In fact, we could argue that we need to provide an appropriate response rather than think of the audit position as being fixed and straightforward. It is no longer possible to simply write about an audit programme and how this is the best way to perform the audit task. To do justice to the wealth of material on internal auditing, we must acknowledge the work of writers, thought leaders, academics, journalists and noted speakers at internal audit (IA) conferences. The first and second editions of the Internal Auditing Handbook set out the author’s views and understanding of the audit role. The new Handbook contains a whole range of different views and extracts of writings from a variety of representatives from the audit community. There are also special contributions from Richard Todd and Andy Wynne who have provided several examples, written specially for the Handbook, taken from their many years of professional internal auditing work. Gerald Vinten, Paul Moxey, Mohammed Khan, John Watts and Neil Cowan have likewise shared their experiences with the reader. Dan Swanson has provided many important contributions to the new handbook. Dan is an IA veteran who is also a former director of professional practices at the IIA. He has completed audit projects for more than 30 different organizations and has almost 25 years of auditing experience in government at federal, provincial and municipal levels, as well as in the private sector. Dan Swanson has also been a long-time columnist for Compliance Week, a leading US governance, risk and compliance publication.

The Internal Auditing Handbook has early chapters on Corporate Governance Perspectives, Managing Risk and Internal Controls. It is only after having addressed these three inter-related topics that we can really appreciate the IA role. There are chapters on quality, professional standards, audit approaches, managing IA, planning, performance and reporting audit work and specialist areas such as fraud and IS auditing. The final chapter attempts to look at our future and changes that may well be on the way. The new Handbook includes several new references and quotes from a wide variety of sources; since all views are important, even where they conflict. This variety can only help move the profession onwards and upwards. The Handbook rests firmly on the platform provided by the International Standards for the Professional Practice of Internal Auditing as part of the International Professional Practices Framework (IPPF). Internal auditing is a specialist career and it is important that we note the efforts of a professional body that is dedicated to our chosen field. Note that despite the recent changes in the field of internal auditing, there is much of the first book that is retained in the new edition. Change means we build on what we, as internal auditors, have developed over the years rather than throw away anything that is more than a few years old. That is why the original material from the second edition has not been discarded, as the saying goes - it is important not to throw away the baby with the bath water. Note that all references to IIA definitions, code of ethics, IIA attribute and performance standards, practice advisories and practice guides relate to the IPPF prepared by the IIA in 2009.

The Handbook addresses most aspects of internal auditing that are documented in the IIA International Standards for the Professional Practice of Internal Auditing. In late 2005, the IIA’s Executive Committee commissioned an international Steering Committee and Task Force to review the Professional Practices Framework (PPF), the IIA’s guidance structure and related processes. The Task Force’s efforts were focused on reviewing the scope of the framework and increasing the transparency and flexibility of the guidance’s development, review and issuance processes. The results culminated in a new IPPF and a reengineered Professional Practices Council, the body that supports the IPPF. The Attribute Standards outline what a good IA setup should look like, while the Performance Standards set a benchmark for the audit task. Together with the Practice Advisories, Position Statements and Practice Guides and other reference material (as at October 2009), they constitute a professional framework for internal auditing. The IIA’s main Attribute and Performance Standards are listed below:

A brief synopsis of the Handbook should help the reader work through the material. It is clear that the Handbook is not really designed to be read from front to back but used more as a reference resource. Having said that, there should be some logic in the ordering of the material so that it fits together if the reader wishes to work through each chapter in order. One important point to make is that although most chapters contain 10 main sections, they are each of variable length. Some readers find different chapter lengths inconvenient, but there is little point trying to fit set material into standard boxes when some chapters naturally consume more material than others. In fact, some sections are quite long because they need to cover so much ground. Apologies in advance if this policy proves bothersome at all.

This first chapter deals with the content of the handbook and lists the International Standards for the Professional Practice of Internal Auditing. It also covers the way the handbook can be used as a development tool for the IA staff, linked to website material that can be used to form the basis of learning workshops and resources. The way internal auditing has developed over the years is an important aspect of the chapter, whereby the progress of the profession is tracked in summary form from its roots to date. It is important to establish the role of IA at the start of the book to retain this focus throughout the next few chapters that cover corporate perspectives. Note that the IA process appears in some detail from Chapter 5 onwards. Likewise our first encounter with the IPPF appears in this chapter based on the ‘Platform’ theory to underpin the entire Handbook.

Chapter 2 covers corporate governance in general, in that it summarizes the topic from a business standpoint rather than focusing just on the IA provisions. A main driver for ‘getting things right’ is the constant series of scandals that have appeared in every developed (as well as developing) economy. The governance equation is quickly established, and then profiles of some of the well-known scandals are used to demonstrate how fragile the accountability frameworks are. New look models of corporate governance are detailed using extracts from various codes and guidance to form a challenge to business, government and not-for-profit sectors. Note that the chapter may be used by anyone interested in corporate governance as an introduction to the subject. The section on internal auditing is very brief and simply sets out the formal role and responsi...