Quality Assurance Review (QAR)

James B. Yard CPA, CIA (Pittsburgh)
Tony P. Ielase CISA (Columbus)

Whether electing a full external assessment or a self-assessment with independent external validation, a Quality Assurance Review (QAR) allows audit committees and chief audit executives to evaluate the activities of their internal audit (IA) function and determine whether policies, procedures and practices of the function adhere to The Institute of Internal Auditors’ (The IIA) Core Principles, International Standards for the Professional Practice of Internal Auditing (Standards) and the Code of Ethics.

Our experienced professionals leverage our Internal Audit Strategic Framework to assess your internal audit function’s activities against leading practices of other internal audit functions we have observed, and provide insights and recommendations to elevate the performance and value of the function to stakeholders.

Schneider Downs’s Internal Audit Strategic Framework

Internal Audit Strategic Framework

Our QAR professionals are required to meet the qualification requirements as defined in Standard 1312 - qualified, independent reviewer or review team from outside the organization. The Standard defines qualified individuals as persons with the technical proficiency, business experience and educational background appropriate for the audit activities to be reviewed. For this reason, QARs are conducted by the management of our practice. In addition, many of our QAR professionals also have experience in industry within internal audit functions and have also served as a Chief Audit Executive (CAE) so they know the challenges of leading an IA function and thus will provide practical, non-theoretical recommendations where appropriate.

Quality Assurance Review Process

What does our QAR process look like?

Data Collection
  • Conduct interviews of key stakeholders (i.e., audit committee, executive management, IA team members)
  • Develop questionnaire for other stakeholders 
  • Collect key documents that will support the QAR (i.e., risk assessment, IA charter, working papers, IA reports, Quality Assurance results, IA resumes, etc.)
  • Assess documentation against the IIA Standards
  • Review sample of executed audits to ensure compliance with existing IA policies and IIA Standards
  • Leverage our SD Internal Audit Strategic Framework to assess areas for improvement
  • Summarize and analyze interview/questionnaire results and develop positive themes and potential areas for improvement
  • Report on conformance with the IIA Standards (Generally Conforms, Partially Conforms, Does Not Conform)
  • Identify IA’s areas of strength
  • Identify areas for improvement based on stakeholder feedback and our experience with leading practice recommendations

Results include an overall assessment with conformance  against the IIA Standards, as well as a high level roadmap for the most impactful opportunities for improvement, and detailed assessment against our SD Internal Audit Strategic Framework – highlighting both strengths and value add recommendations.

Ready to get started?

Contact us to learn more about Schneider Downs Quality Assurance Review (QAR) services. QAR is just one of the many risk-based advisory services offered by Schneider Downs, explore our additional services on our Risk Advisory Services homepage.




case studies
                                    Company impacted by ransomware.
big problem:
Company impacted by ransomware.
big thinking:
Restore system on-site and avoid six-figure ransom.
                                    Inefficient tax credit realization.
big problem:
Inefficient tax credit realization.
big thinking:
Identified a $900,000 tax credit, nearly twice as much as prior years.
our thoughts on

Enhancing Focus on Risk Management and Consumer Protection

Learn about effective risk management practices Financial Services institutions can take for consumer protection.

read more >

Controlling Wire Fraud in the Financial Industry

Learn best practices to mitigate wire fraud risk in the financial services industry.

read more >

The Top Risks Internal Audit Leaders Need to Know for 2024

What are the top risks internal audit leaders need to know about in 2024?

read more >

SOC 2 Terminology: Vendor vs Subservice Organization vs Subcontractor vs Third Party vs Nth Party

Learn the difference between vendors, subservice organizations, subcontractors, third parties and nth parties in SOC reports.

read more >

Did Poor Change Management Contribute to the AT&T Wireless and McDonald’s Outages?

Learn how poor change management may have played a role in the recent AT&T Wireless and McDonald outages.

read more >
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.