Internal auditing - Chapter 1 & 2
Which of the following is mandatory guidance within the IPPF? a. Implementation guidance. b. Supplemental guidance. c. The value proposition. d. The core principles.
. The core principles.
five Cs, character traits that are required for success in the internal audit profession:
Competence—the skills and knowledge required to provide assurance and advisory services that add value. Credibility—the ability to inspire trust based on consistent competence and integrity. Connectivity—the ability to understand the needs of each of the stakeholders individually within the greater whole of the organization. Communication—instituting methods of relaying information (orally and in multiple written forms) and listening to the individuals served. Courage—the personal fortitude to remain independent and objective and to stand by the results of the engagements conducted.23
Standard 1230
Continuing Professional Development states that "Internal auditors must enhance their knowledge, skills, and other competencies through continuing professional development
standard 1220
Due Professional Care requires internal auditors to "apply the care and skill expected of a reasonably prudent and competent internal auditor." This does not mean that internal auditors can never make mistakes or imperfect judgments, but rather that they will demonstrate the level of concern and competence expected of a professional. Due care also does not mean that internal auditors will examine every transaction, visit every location, or speak with every employee of the engagement auditee or customer. It does, however, mean that they will put forth the same level of effort as other internal audit professionals would in similar situations.
In GRC what is the broadest
Governance
GRC
Governance, Risk Management, Control processes
Assurance =
Governance, Risk, and Control.
the globally recognized guidance for internal audit profession supplied by
IPPF International Professional Practices Framework
Personal qualities that are common among successful internal auditors at all levels include:
Integrity Passion Work Ethic Curiosity Creativity Initiative Flexibility
Objectivity =
Integrity, Accountability, and Independence
Competency
Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services.
standard 1130.C1
Internal auditors may provide consulting services relating to operations for which they had previous responsibilities.
IPPF
International Professional Practices Framework
How internal auditing provides an organization achieve its objectives?
It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Evaluating and improving the effectiveness of risk management, control, and governance processes.
Within the context of internal auditing, assurance services are best defined as: a. Objective examinations of evidence for the purpose of providing independent assessments. b. Advisory services intended to add value and improve an organization's operations. c. Professional activities that measure and communicate financial and business data. d. Objective evaluations of compliance with policies, plans, procedures, laws, and regulations.
Objective examinations of evidence for the purpose of providing independent assessments.
when planning the internal audit engagement:
Objectives must be established for each engagement" (Standard 2210 - Engagement Objectives). "The established scope must be sufficient to achieve the objectives of the engagement" (Standard 2220 - Engagement Scope). "Internal auditors must determine appropriate and sufficient resources to achieve engagement objectives based on an evaluation of the nature and complexity of each engagement, time constraints, and available resources" (Standard 2230 - Engagement Resource Allocation). "Internal auditors must develop and document work programs that achieve the engagement objectives" (Standard 2240 - Engagement Work Program).
Many people have long held the view that auditing in general is merely a boring branch of
accounting
Consulting engagements are performed to provide
advisory, training, and facilitation services.
The primary purpose of internal assurance services is to
assess evidence relevant to subject matter of interest to someone and provide conclusions regarding the subject matter.
3 General types of activities that comprise the services internal audit provides
assurance advice insight
The two types of internal audit services
assurance consulting
Internal auditing provides
assurance on the organization's governance, risk management, and control processes to help the organization achieve its strategic, operational, financial, and compliance objectives. Internal auditing is a catalyst for improving an organization's effectiveness and efficiency by providing insight and recommendations based on analyses and assessments of data and business process. With commitment to integrity and accountability, internal auditing provides value to governing bodies and senior management as an objective source of independent advice.1
three components of the value propositions in internal auditing =
assurance/insight/objectivity
2 categories of standards
attribute standards performance standards
The primary difference between internal and external financial reporting assurance services is the
audience
2010. A1
based on a risk assessment undertaken at least annually input of the Sr. management and the board
Who is responsible of conducting the governance process?
board of directors
To whom the details of the impairment should be reported depends on the nature of the impairment and the CAE's responsibilities to senior management and the board as covered in the internal audit_____________
charter
Standard 1130.C1 states that "Internal auditors may provide____________services relating to operations for which they had previous responsibilities."
consulting
the components of the IPPF include
core principles code of ethics the standards definition of IA recommended guidance (Implementation & Supplemental)
The most common form of outsourcing is referred to as
cosourcing
Which of the following is one of the 5 Cs essential to success as an internal auditor? a. Courage. b. Consistency. c. Collaboration. d. Candidness.
courage
Which of the following are components of the definition of internal auditing? a. Independence and objectivity. b. A systematic and disciplined approach. c. Helping the organization accomplish its objectives. d. All of the above.
d. All of the above
Assurance, Insight, and Objectivity comprise: a. The mission of internal auditing. b. The three lines model. c. The objectives of internal auditing. d. The value proposition.
d. The value proposition
1220
due professional care
nterpretation is
he form and content of policies and procedures are dependent upon the size and structure of the internal audit activity and the complexity of its work.
2110.A1
iNTERNAL AUDIT ACTIVITY MUST EVALUATE THE DESIGN, IMPLEMENTATION AND EFFECTIVENESS OF THE ORGANIZATION;S ETHICS RELATED OBJECTIVES, PROGRAMS, AND ACTIVITIES
effective interal audit service
independence and objectivity proficiency due professional care
Assurance engagements are performed to provide
independent assessments
The quality assurance and improvement program must include
internal and external assessments
Governance
is the combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives.
the purpose of the code of ethics
is to promote an ethical culture in the internal audit profession
Who is responsible of conducting risk management and control process?
management
Internal auditors provide their financial reporting assurance services primarily for the benefit of
management and board of directors
Cosourcing
means that an organization is supplementing its in-house internal audit function to some extent via the services of third-party vendors.
Objectivity refers to the
mental attitude of individual internal auditors internal auditor is able to make impartial, unbiased judgments
implementation standards
more specific guidance relative to specific audit types
In performing their work, internal auditors must be aware of potential threats to their___________In performing their work, internal auditors must be aware of potential threats to their
objectivity
To ensure ____________ internal auditors should not involve themselves in day-to-day operations, make management decisions, or otherwise put themselves in situations that result in actual or potential conflicts of interest.
objectivity
independence refers to
organizational status of the internal audit function
The three fundamental phases in the internal audit engagement process are
planning the engagement performing the engagement communicating engagement outcomes
2010.C1
potential to improve management of risks, add value, and improve operations
code of ethics consists of
principles of the code rules of conduct
Control
process conducted by management to mitigate risks to acceptable levels.
Risk management
process conducted by management to understand and deal with uncertainties (risks and opportunities) that could affect the organization's ability to achieve its objectives.
The purpose of the Code of Ethics is to promote an ethical culture in the internal audit
profession
The primary purpose of internal consulting services
provide advice and other assistance, generally at the specific request of engagement customers.
Many of the attributes and practices required by the Standards and Code of Ethics are particularly concerned with keeping the interests of assurance service_____________and the users aligned.
providers
External providers of internal audit services include
public accounting firms and other third-party vendors.
Standard 1310
requires two types of assessments 1) internal review 2)External review
The ________ must value the services the internal audit function has to offer.
stakeholders
To survive and thrive, internal audit, like any other function within an organization, must justify its existence to its key
stakeholders
Internal auditing provides assurance on the organization's governance, risk management, and control processes to help the organization achieve its_________, operational, financial, and compliance objectives.
strategic
________ objectives are those goals that management sets specifically related to stakeholder interests.
strategic
Standard 1210
the CAE should review core competencies needed for internal audit professionals in various roles such as staff, management, and CAE
The Code of Ethics consists of two components:
the Principles of the Code (not to be confused with the 10 Core Principles, although there is overlap) and the Rules of Conduct.
Difference of assurance and consulting
the primary purpose of the engagement who determines the nature and scope of the engagement the parties involved.
fundamental purpose of IA
to enhance and protect organizational value by providing risk based and objective assurance advice and insight
In providing internal audit services, the internal auditor needs unrestricted access to all relevant data
true
the internal audit function must be independent and individual internal auditors must be objective.
true
3 parties involve in internal auditing
user internal auditor auditee
Vision statement
what the organization aspires to achieve in the future
mission statement
what the organization wants to achieve today.
Global internal audit competency framework structure
Professionalism Performance environment Leadership & communication
Internal auditors must have competent interpersonal skills. Which of the following does not represent an attribute of interpersonal skills? a. Communication. b. Leadership. c. Project management. d. Team capabilities.
Project Management
Standard 1300
Quality Assurance and Improvement Program
AVF Company's new CFO has asked the company's CAE to meet with him to discuss the role of the internal audit function. The CAE should inform the CFO that the overall responsibility of internal audit is to: a. Serve as an independent assurance and consulting activity designed to add value and improve the company's operations. b. Assess the company's methods for safeguarding its assets and, as appropriate, verify the existence of the assets. c. Review the integrity of financial and operating information and the methods used to accumulate and report information. d. Determine whether the company's system of internal controls provides reasonable assurance that information is effectively and efficiently communicated to management.
Serve as an independent assurance and consulting activity designed to add value and improve the company's operations.
Which of the following is recommended guidance within the IPPF? a. The Definition of Internal Auditing. b. The Standards. c. Supplemental guidance. d. None of the above.
Supplemental guidance.
COSO
The Committee of Sponsoring Organizations of the Treadway Commission.
3. Independent outside auditors provide financial reporting assurance services primarily for: a. The benefit of third parties. b. Management. c. Board of directors. d. The CEO.
The benefit of third parties.
the standard is:
The chief audit executive must establish policies and procedures to guide the internal audit activity.
Independence.
The freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner.
1220.A3
The portion of inherent risk that remains after management executes its risk responses.
Residual Risk
The portion of inherent risk that remains after management executes its risk responses.
The Internal Audit Foundation exists to help audit leaders, practitioners, students, and academics experience continuous growth in their careers to propel them to become: a. Strong assurance providers. b. Trusted advisors. c. Independent outside auditors. d. CAEs.
Trusted advisors.
Criteria for Communicating
Communications must include the engagement's objectives, scope, and results.
The Attribute Standards
1000 - Purpose, Authority, and Responsibility 1100 - Independence and Objectivity 1200 - Proficiency and Due Professional Care 1300 - Quality Assurance and Improvement Program
consulting engages
2 parties Customer Internal auditor
The Performance Standards
2000 - Managing the Internal Audit Activity 2100 - Nature of Work 2200 - Engagement Planning 2300 - Performing the Engagement 2400 - Communicating Results 2500 - Monitoring Progress 2600 - Communicating the Acceptance of Risks
Assurance engages
3 parties auditee internal audit function user
2110.A2
ASSESS IT GOVERNANCE
Consulting Services.
Advisory and related [customer] service activities, the nature and scope of which are agreed with the [customer], are intended to add value and improve an organization's governance, risk management, and control processes without the internal auditor assuming management responsibility. Examples include counsel, advice, facilitation, and training.
Assurance Services
An objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization. Examples may include financial, performance, compliance, system security, and due diligence engagements.
There are two categories of Standards:
Attribute Standards -characteristicss necessary to provide effective internal audit service Performance Standards - description of internal audit services and expected quality
Which of the following statements is not true about business objectives? a. Business objectives represent targets of performance. b. Establishing meaningful business objectives is a prerequisite to effective internal control. c. Establishing meaningful business objectives is a key component of the management process. d. Business objectives are management's means of employing resources and assigning responsibilities.
Business objectives are management's means of employing resources and assigning responsibilities.
2000 - Managing the Internal Audit Activity
CAE is responsible
3 parts of the CIA exam
CIA - certified internal auditor IAP - Internal Audit Practitioner QIAL - Qualification in INternal Audit leadership
Insight =
Catalyst, Analyses, and Assessments
