acc 590 exam 1

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

value proposition

objectivity, assurance, insight

entity-level controls

•Controls that operate pervasively across and throughout the organization to mitigate risks threatening the organization as a whole and to provide assurance that organizational objectives are achieved. •Examples:▫Code of Ethics▫Risk management policies and procedures▫Fraud prevention and detection program▫Human resources policies and procedures▫Management's control deficiency escalation process▫IT general controls

parties in governance process

•Oversight group - board and committees of the board •Stewardship group - executive management, Dual role of stewardship of resources allocated by board and accountability of results of operations •Performance group - operating and support management and staff •Assurance group - internal and external auditing functions.

7 standards of quality assurance

•Quality Assurance and Improvement Program •Quality Program Assessments •Internal Assessments •External Assessments•Reporting on the Quality Program •Use of "Conducted in Accordance with the Standards" •Disclosure of Noncompliance

structure of IPPF standards

•Standard •Interpretation •Implementation Standard •Glossary

IIA competency framework

professionalism, performance, environment, leadership & communication

insight =

Catalyst, Analyses, and Assessments

assurance =

Governance, risk, control

3rd line of defence

internal audit

5 components of internal control

1. Control Environment 2. Risk Assessment 3. Control Activities 4. Information and Communication 5. Monitoring

What are four specific points that should be addressed in the internal audit charter? (There are more than four.)

1. The internal audit activity's position within the organization 2. Authoriation for access to records, personnel, and physical properties relevant to the performance of the engagements 3. The scope of the internal auditing activities 4. Type of assurance and consulting activities 5. That the activity will conform to the Standards, Definition, Core Principles, and Code of Ethics of IA 6. Selection and removal process for CAE

5 components of ERM

1. risk, governance, culture 2. risk, strategy, and objective-setting 3. risk in execution 4. risk information, communicating, and reporting 5. monitoring enterprise risk management performance

core principles of IPPF

1.integrity. 2.competence and due professional care. 3.objective and free from undue influence (independent). 4.Aligns with the strategies, objectives, and risks of the organization. 5.appropriately positioned and adequately resourced. 6.quality and continuous improvement. 7.Communicates effectively. 8.Provides risk-based assurance. 9.Is insightful, proactive, and future-focused. 10.Promotes organizational improvement.

code of ethics of IPPF

4 principles and 12 rules of conduct

audit universe approach

A risk-based audit approach starts with a risk universe as the basis for the audit plan. In a risk-based audit approach, the goal for the department is to address management's highest priority risks. ... All of the audits on the plan are designed to address those risks and provide insights back to senior management.

definition of consulting

Advisory and related client service activities, the nature and scope of which are agreed with the client and which are intended to add value and improve an organization's governance, risk management, and control processes without the internal auditor assuming management responsibility. Examples include counsel, advice, facilitation and training

definition of assurance

An objective examination of evidence for the purpose of providing an independent assessment on risk management, control, or governance processes for the organization. Examples may include financial, performance, compliance, system security, and due diligence audits.

attribute standards

Attributes of organizations and individuals performing internal audit services •For Assurance,for Consulting and for Other activities Purpose, authority, responsibility Independence and objectivity Proficiency and due professional care quality assurance and improvement program

fundamental problem of corporate governance

Balancing the interests of owners and managers (Principals and Agents)

business process approach

requires auditors to identify the key day-to-day risks faced by a business, to consider the impact these risks could have on the financial statements, and then to plan their audit procedures accordingly.

performance standards

Describe nature of IA service and provide quality criteria against which the performance of these services can be measured •Managing Internal Auditing Activity •Nature of Work •Engagement Planning•Performing the Engagement •Communicating Results •Monitoring Progress •Communicating the Acceptance of Risks

management oversight controls

Entity-level controls established by management to mitigate risks threatening the business unit and to provide assurance that business unit objectives are achieved. These controls are generally consistent in nature among business units but may vary in their execution from one business unit to another.

governance controls

Established by the board and executive management to institute the organization's control culture and provide guidance that supports strategic objectives

standard-setting bodies

Internal audit standards board, IPPF oversight counsil

definition of internal audit

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

4 principles in code of ethics

Integrity Objectivity Confidentiality Competency

objectivity =

Integrity, Accountability, and Independence

persuasive evidence is

Relevant Reliable Sufficient

strategic approach

Strategic risk audits focus on risks that are the result of pursuing certain strategically important organizational goals.

COSO definition of ERM

The culture, capabilities, and practices, integrated with strategy-setting and its execution, that organizations rely on to manage risk in creating, preserving, and realizing value.

process of corporate (organizational) governance

The process through which (1) values and goals are established and communicated, (2) the accomplishment of goals is monitored, (3) accountability is ensured, and (4) values are preserved.

mission of internal audit

To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.

Which of the following most likely constitutes a violation of the IIA's Code of Ethic? a. Auditor A is content as an internal auditor and has come to look at it as a regular 9-to-5 job. Auditor A has not engaged in continuing professional education or other activities to improve effectiveness during the last 3 years. However, Auditor A feels performance of quality work is the same as before. b Auditor B discovered an internal financial fraud during the year. The books were adjusted to reflect properly the loss associated with the fraud. Auditor B discussed the fraud with the external auditor when the external auditor reviewed working papers detailing the incident. c. Auditor C has accepted an assignment to perform an engagement at the electronics manufacturing division. However, Auditor C has recently joined the internal audit function coming from public accounting. Auditor C was senior auditor for the external audit of the division and has audited many electronics organizations during the past 2 years. d. Auditor D has been promoted to associate auditor director and assigned to oversee auditing of the organization's Asian operations. In the past 3 years, Auditor D completed several large consulting engagements for the operations in China and Korea - including serving on the SAP implementation team as a representative of internal audit to do pre-implementation reviews of controls. e. Auditor E has been assigned to perform an engagement at the warehousing function 6 months from now. Auditor E has no expertise in that area but accepted the assignment anyway. Auditor E has signed up for continuing professional education courses in warehousing that will be completed ore the engagement begins.

a.

residual (net) risk

after risk reponse

macro risk assessment

areas of the organization to audit

micro risk assessment

areas within engagement

two types of internal audit activities

assurance and consulting

internal audit customers

auditee, audit committee, external auditors, vendors, financial management, suppliers, regulators, senior management

risk response choices

avoid, exploit, retain, reduce, transfer

10. In the IIA's International Professional Practice Framework (IPPF), which of the following are mandatory guidance? I. Practice Advisories II. The Code of Ethics III. Practice Guides IV. The Definition of Internal Auditing V. The International Standards for the Professional Practice of Internal Auditing. VI. Core Principles for the Professional Practice of Internal Auditing a. I, II, III, IV, V and VI. b. II, IV, V, and VI only. c. V and IV only. d. II and V only. e. I and III only.

b.

According to the COSO control framework, a precondition to risk assessment is: a. Establishing control procedures or activities. b. Establishing objectives or goals. c. Establishing an internal audit function. d. Establishing a monitoring mechanism. e. Establishing performance measures.

b.

inherent (gross) risk

before risk response

6. Which of the following is a requirement of The International Standards for the Professional Practice of Internal Auditing? a. To evaluate annually the effectiveness of the audit committee. b. To obtain an annual representation from management acknowledging management's responsibility for the design and implementation of internal controls to prevent illegal acts. c. To evaluate the effectiveness of the organization's ethics-related objectives, programs, and activities. d. To certify that all error or irregularities in the accounting records discovered within the fiscal year have been reported to the external auditors. e. To issue annually an overall opinion on the adequacy of internal controls in the organization.

c.

9. The critical characteristics that individuals, teams, and organizations must have to provide effective internal audit services are described in: a. The Definition of Internal Auditing b. The Code of Ethics c. The Attribute Standards d. The Implementation Standards e. The Performance Standards

c.

mandatory IPPF components

core principles, definitions, standards, code of ethics

8. Which of the following would typically be part of the agenda for an opening meeting? I. Discussion of business objectives, risks and key processes II. Review of the audit process and timeline III. Review of audit objectives and scope IV. Presentation by auditee of how they have addressed findings from the last audit. a. I and III only. b. II and IV only. c. II and III only d. I, II, and III only e. I, II, III, and IV.

d.

As part of a company-sponsored award program, an internal auditor was offered an award of significant monetary value by a division in recognition of the cost savings that resulted from the auditor's recommendations. According to the International Professional Practices Framework, what is the most appropriate action for the auditor to take? a. Accept the gift since the engagement is already concluded and the report issued. b. Accept the award under the condition that any proceeds go to charity. c. Accept the gift on condition it is spread across all the members of the audit team. d. Inform audit management and ask for direction on whether to accept the gift. e. Decline the gift and advise the division manager's superior.

d.

The policies and procedures helping to ensure that management directives are executed and actions are taken to address risks to achievement of objectives are part of which component of the COSO model? a. The third line of defense. b. Control environments. c. Risk assessments d. Control activities. e. Monitoring activities.

d.

5. Which of the following is the correct order of steps in the risk management process? 1. Identify risks. 2. Monitor risk responses. 3. Formulate risk responses. 4. Assess and prioritize risks. 5. Identify context. a. 1,4,3,2,5. b. 1,5,4,3,2. c. 2,5,1,4,3. d. 5,4,1,3,2. e. 5,1,4,3,2.

e.

3 processes of assessing risk

strategic approach, business process approach, audit universe approach

two aspects of governance

strategic direction and governance oversight

7. To be sufficient, audit evidence should be: a. Directly related to the engagement observation and include all of the elements of an engagement observation. b. Obtained from a random sample. c. Obtained from a credible source. d. Well-documented and cross-referenced in the workpapers. e. Convincing enough for a prudent person to reach the same conclusion as the auditor.

e.

what does operating management want from IA

effectiveness and efficiency of operations, achievement of organizational objectives (change agent)

types of risk

existing, new, emerging

2nd line of defence

financial control, security, risk management, quality, inspection, compliance

risk assessment: look at...

impact and likelihood

recommended IPPF components

implementation guidance, supplemental guidance

4 types of interview approaches

informal, conversational interview guide approach standardized open-ended approach closed-quantitative

1st line of defence

management controls, internal control measures

internal audit process

plan, perform, report

categories of controls

preventative & detective mandatory & discretionary

what does the audit committee/ board want from IA

safeguard assets, compliance w laws and regs, reliable data (quality of info)

The IIA Standards require an internal audit function to have an internal audit charter. What is the purpose of the internal audit charter?

· Formal document · Defines internal audit's purpose, authority, responsibility, position within organization · Should set out the nature of services that the internal audit will provide and how internal audit will help the organization to achieve its objectives · Blueprint for how internal audit will operate

Who is responsible for developing the internal audit charter? Besides that responsible person, who else should be involved in determining the charter's content?

· The CAE Senior management and audit committee (board)


Set pelajaran terkait

Chapter 11: Assessment and Care of Patients with Fluid and Electrolyte Imbalances

View Set

CH 23 OB newborn w/ special needs

View Set

Chapter 8: Nutrition and Global Health

View Set

Fundamentals of Networking Chapter 14

View Set