Internal audit Exam 1
What are the circumstances that precipitated the need for internal audit-type activities
As organizations grew in size and complexity and developed geographically dispersed operations, senior management could no longer personally observe operations for which they were responsible nor have sufficient direct contact with people reporting to them. This distancing of senior management from the operations for which they were responsible created a need for other people in the organization to assist them by examining the operations and providing reports based on those examinations. These people began performing internal audit-type activities to provide this assistance. Over time these activities became more formalized and, with the founding of The IIA, the practice of internal auditing began evolving into a profession.
which of the following are required o the internal auditor audit function per the standards a. evaluate the effectiveness b. issue and overall c. obtain an annual c. asses whether
Assess whether the IT governance of the organization sustains and supports the organization's strategies and objectives
which of the following is the premier certification sponsored by the IIA a. certification in control self-assessment b. certified internal auditor c. certification in risk management assessment d. certified information systems auditor
Certified internal auditor
What are the character traits, known as the 5 Cs that are required for success in the internal audit profession
Competence, credibility, connectivity, communication and courage
What IPPF components constitute mandatory guidance
Core Principles for the Professional Practice of Internal Auditing. The Code of Ethics. The International Standards for the Professional Practice of Internal Auditing The Definition of Internal Auditing.
What are the six components of the IPPF?
Core Principles for the Professional Practice of Internal Auditing. The Code of Ethics. The International Standards for the Professional Practice of Internal Auditing The Definition of Internal Auditing. Implementation Guidance Supplemental Guidance
What is the OECD's definition of corporate governance
Corporate governance involves a set of relationships between a company's management, its board, its shareholders, and other stakeholders. Corporate governance also provides the structure through which the objectives of the company are set, and the means of obtaining those objectives and monitoring performance are determined
What are the three common ways individuals enter the internal audit profession
Directly out of school, switch to internal auditing after beginning careers in another area of the organization or public accounting. Some organizations require prospective managers to spend time working in internal auditing as part of their management trainee program.
what does due professional care mean
Due professional care means that individual internal auditors and the internal audit function apply the care and skill expected of reasonably prudent and competent internal auditors.
a primary purpose of the standards is to
Establish a basis for evaluating internal audit performance
what does "proficiency" mean
Internal audit proficiency means that individual internal auditors and the internal audit function have the knowledge, skills, and other competencies needed to fulfill their responsibilities.
what are some key U.S. regulations that have been written in response to adverse business events
Key U.S. regulations that have been written in response to adverse business events include, for example, the legislation and guidance presented in exhibit 3-6: Securities Act of 1933, Securities Exchange Act of 1934, Foreign Corrupt Practices Act of 1977, Report of the National Commission on Fraudulent Financial Reporting (1987), Federal Deposit Insurance Corporation Improvement Act of 1991, U.S. Sarbanes-Oxley Act of 2002, U.S. Stock Exchange Listing Standards, and the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010.
Do most people who work in internal auditing spend their entire careers there?
Most people who work in internal auditing do not spend their entire careers there. They instead use internal auditing as a stepping stone into financial or nonfinancial management positions, either in the organizations they have been working for or in other organizations.
What options does an individual have if they choose to be a career internal auditor
Options that an individual has if he or she chooses to be a career internal auditor include progressing upward through the ranks of a single organization's internal audit function into internal audit management, advancing up the ladder by moving from one organization to another, or moving upward through the various levels in a firm that provides internal assurance and consulting services to other organizations.
in addition to the internal audit function, what other internal functions may provide independent assurance to the board or senior management
Other examples mentioned in the chapter include an environmental and safety function, quality assurance groups, and trading control activities.
the internal audit function should not
Oversee the organization's governance and risk management process. The board and senior management are responsible for overseeing the organization's governance and risk management processes. The internal auditor is responsible for providing independent and objective assurance and consulting services pertaining to these processes. The internal audit function should coordinate its governance and risk management related services with the services provided by the independent outside auditor.
What is the role of supplemental guidance in the IPPF
Supplemental Guidance gives detailed guidance for conducting internal audit activities. This guidance includes topical areas, sector-specific issues, as well as processes and procedures, tools and techniques, programs, step-by-step approaches, and examples of deliverables.
How many core competencies are included in the IIA's Global Internal Auditor Competency Framework and for what general job levels are they recommended
The Global Internal Auditor Competency Framework outlines 10 core competencies recommended for each broad job level, namely internal audit staff, internal audit management, and the CAE.
How is the IIA's leadership organization structured
The IIA headquarters' executive leadership team is headed by the president and CEO. Hundreds of volunteers, including The IIA's Global Board of Directors, also provide IIA leadership. The 38-member Global Board of Directors oversees the affairs of The IIA. The board's Executive Committee comprises the chairman of the board, the senior vice chairman, five vice chairmen, a secretary, and the two most recent former chairmen of the board. The board also includes the North American Board, which holds specific authority and oversight of North American activities, directors-at-large, ex-officio directors, institute directors, and The IIA president as an ex-officio member.
What is the role of the IPPF oversight council
The IPPF Oversight Council represents the interests of stakeholders outside of the internal audit profession and provides assurance that The IIA follows its stated protocol in developing, issuing, and maintaining the IPPF.
What is the major objective of the Internal Audit Foundation
The Internal Audit Foundation exists to help audit leaders, practitioners, students, and academics experience continuous growth in their careers to propel them to become respected as trusted advisers as well as thought leaders within the industry.
contrast the mission statement with the Definition of Internal Auditing. What if anything does the mission statement add
The Mission Statement combines the Definition and the Internal Audit Value Proposition. It references advice and insight versus consulting services. The Mission Statement puts emphasis on maintaining(protecting) organizational value as well as adding value. The Mission Statement focus is on a risk-based approach.
What are the responsibilities of the IIA's professional practices and professional guidance advisory councils
The Professional Practices Advisory Council (PPAC) is responsible for coordinating the initiation, development, issuance, and maintenance of the mandatory authoritative guidance that makes up the IPPF. This Council is comprised of The IIA's vice president of Professional Guidance and the chairs of the Professional Responsibilities and Ethics Committee and the International Internal Audit Standards Board.
What is the relationship between standards and the implementation guidance
The Standards apply to all internal audit functions in many types of organizations and environments. They represent the broad attributes and practices that must be followed for internal audit services to be effective. Implementation Guidance, on the other hand, are not mandatory and are much more specific. They represent specific best practices or practices applicable to only certain industries. Implementation Guides can be modified more quickly and tend to change more frequently than the Standards.
Why should internal auditors strive to comply with the code of ethics principles
The principles of the code express the four ideals internal audit professionals should aspire to maintain in conducting their work and represent the core values that internal auditors must uphold to earn the trust of those who rely on their services.
What is the purpose of the IAA's Code of Ethics
The purpose of the Code of Ethics is to promote an ethical culture in the practice of internal auditing. The Code sets appropriate aspirations for which internal auditors should strive to achieve and the behavioral expectations auditors should meet in providing internal audit services.
according to a research in personally psychology, the three dark trial personalities do not mention a. sociopaths b. psychopaths. c. narcissists d. machiavellians
a
which of the following would not be considered a first line of defense in the three lines of defense model a. a division controllers conducts a peer review of compiance with financial control standards b. an accounts payable clerk reviews supporting documents before processing an invoice for payment c. an accountng supervisor conducts a monthly review to ensure all reconciliations were completed properly d. a production line worker inspects finished goods to ensure the compnay's quality standards
a
which of the following types of companies would most likely need the strongest anti fraud controls
a bank
which of the following would be considered a second line of defense
a divisional compliance and ethics officer conducting a review of employee training records to ensure that all marketing and sales staff have completedd the required FCPA training
which of the following is an example of misappropriation of assets
a small amount of petty cash is stolen
What are the definitions of governance, risk management, and control provided in chapter 1
1. governance: the process conducted by the board of directors to authorize, direct, and oversee management toward the achievement of the organization's objectives. 2. risk management: the process conducted by management to understand and deal with uncertainties (risks and opportunities) that could affect the organization's ability to achieve its objectives. 3. control: he process conducted by management to mitigate risks to acceptable levels. Please see the textbook glossary for separate definitions of controls, internal control, and system of internal controls.
what are the three lines of defense in the three lines of defense model
1. represents the internal control activities conducted by individuals and management. These activities are comprised of both the specific internal control activities, referred to as internal control measures in the model, and management controls, which are those that oversee and monitor the individual activities. 2. represents other assurance activities such as those listed in exhibit 3-5. These activities are conducted by individuals reporting through different lines of management than those directly responsible for the internal control activities. 3. represents the assurance internal audit functions provide. Since internal audit functions typically report functionally to the board and have no other management responsibilities, they are in the best position to provide independent and objective assurance.
what are the four categories of business objectives discussed in chapter 1
1. strategic: which pertain to the value creation choices management makes on behalf oft he organization's stakeholders. 2. Operations: which pertain to the effectiveness and efficiency of the organization's operations, including performance and profitability goals and safeguarding resources against loss. 3. Reporting: which pertain to the reliability of internal and external reporting of financial and nonfinancial information. 4. Compliance: which pertain to adherence to applicable laws and regulations
What is the purpose of the IIA's standards? Explain the difference between attribute and performance standards
1.Delineate basic principles that represent the practice of internal auditing. 2.Provide a framework for performing and promoting a broad range of value-added internal auditing. 3.Establish the basis for the evaluation of internal audit performance. 4.Foster improved organizational processes and operations." (Introduction to the Standards) The Attribute Standards address the characteristics of organizations and individuals performing inter-nal audit activities. The Performance Standards describe the nature of internal audit activities and provide quality criteria against which the performance of these services can be measured.
What are the seven main sections of the performance standards
2000 - Managing the Internal Audit Activity 2100 - Nature of Work 2200 - Engagement Planning 2300 - Performing the Engagement 2400 - Communicating Results 2500 - Monitoring Progress 2600 - Communicating the Acceptance of Risks
performance standards that pertain to engagement planning
2201: Planning Considerations 2210: Engagement Objectives 2220: Engagement Scope 2230: Engagement Resource Allocation 2240: Engagement Work Program
performance standards that pertain to performing the engagement
2310: Identifying Information 2320: Analysis and Evaluation 2330: Documenting Information 2340: Engagement Supervision
performance standards that pertain to communicating results
2410: Criteria for Communicating 2420: Quality of Communications (2421: Errors and Omissions) 2430:Useof"ConductedinConformancewiththe[Standards]" (2431: Engagement Disclosure of Nonconformance) 2440: Disseminating Results 2450: Overall Opinions
what is the relationship between auditing and accounting
Accounting includes the collection, classification, summarization, and communication of financial data; it involves the measurement and communication of business events and conditions as they affect and represent a given enterprise or other entity. The task of accounting is to reduce a tremendous mass of detailed information to manageable and understandable proportions. Auditing does none of these things. Auditing must consider business events and conditions too, but it does not have the task of measuring or communicating them. Its task is to review the measurements and communications of accounting for propriety. Auditing is analytical, not constructive; it is critical, investigative, concerned with the basis for accounting measurements and assertions. Auditing emphasizes proof, the support for financial statements and data. Thus auditing has its principal roots, not in accounting which it reviews, but in logic on which it leans heavily for ideas and methods.
what is the purpose of the internal audit function's quality assurance and improvement program?
An internal audit function's quality assurance and improvement program "is designed to enable an evaluation of the internal audit [function's] conformance with the Standards and an evaluation of whether internal auditors comply with the Code of Ethics. The program also assesses the efficiency and effectiveness of the internal audit [function] and identifies opportunities for improvement"(Interpretation to Standard 1300: Quality Assurance and Improvement Program).
what is the definition of objectivity as it pertains to individual internal auditors
An unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they believe in their work product and that no quality compromises are made. Objectivity requires that internal auditors do not subordinate their judgment on audit matters to others.
which of the following is not a role of the internal audit function in best practice governance activities a. support the board in enterprisewide risk assessment b. ensure the timely implementation of audit recommendation c. monitor compliance with the corporate code of conduct d. discuss areas of significant risks
b
which of the following is not an example of a fraud prevention program element a. background investigations of new employeed b. exit interviews of departing employees c. establishing authority limits related to purchasing commitments d. analyzing cash disbursements to determine whether any duplicate payments have been made
b
which of the following would be a violation of the IIA's code of ethics a. an internal auditor was subpoenaed in a court case in which a join venture partner claimed to have been defrauded b during an audit an internal auditor learned that the company was about to introduce c. an internal auditor's husband inherited 25,000 shares d. an internal auditor who works weekends
b
the internal audit function's responsibility with respect to fraud are limited to
being aware of fraud indicators including those relating to financial reporting fraud, but not necessarily possessing the expertise of a fraud investigation specialist
independent outside auditors provide financial reporting assurance services primarily for
benefit of third parties
internal auditors must have competent interpersonal skills. which of the following does not represent an attribute of an interpersonal skill a. communication b. leadership c. project management d. team capabilities
c
which of the following is recommended guidance within the IPPF a. the definition of internal auditing b. the standards c. supplemental guideance d. none of the above
c
an internal auditor is auditing a division in which the division's chief financial officer is a closer, personal friend. the auditor learns that the friend is to be replaced after a series of critical contract negotiations with the department of defense. the auditor relays this information to the friend. which principle of the IIA's code of ethics has been violated
confidentiality
What is co-sourcing? Why might an organization choose to co-source its internal audit function?
cosourcing means that an organization is supplementing its in-house internal audit function to some extent via the services of third-party vendors. Common situations in which an organization will cosource its internal audit function include circumstances in which the third-party vendor has specialized audit knowledge and skills that the organization does not have in-house and circumstances in which the organization has insufficient in-house internal audit resources to fully complete its planned engagements.
which of the following is one of the 5 C's essential to the success as an internal auditor
courage
in which of the following situation does the internal auditor potentially lack objectivity a. a payroll accounting employee assists an internal auditor b. an internal auditor discusses a significant issue c. an internal auditor recommends standards of control and performance d. a former purchasing assistant performs a review of internal controls over purchasing four months after being transferred to the internal audit department
d
the Cressey Fraud Triangle does not include a. pressure b. opportunity c. rationalization d. fraudster personality
d
which of the following is a mandatory guidance within the IPPF a. implementation guidance b. supplemental guidance c. the value proposition d. the core principles
d
which of the following is not a typical rationalization of a fraud perpetrator a. its in the organizations best interest b. the compnay owes me because i am underpaid c. i want to get back at my boss d. im smarter than the rest of them
d
which of the following is not something all levels of employees should do a. understand their role within the internal control framework b. have a basic understanding of fraud and be aware of the red flags c. report suspicions of incidences of fraud d. investigate suspicious activities that they believe may be fraudulent
d
which of the following is the ultimate position of internal control a. CEO b. CFO c. CRO d. CAE
d
which of the following statements is not true about business objectives a. business objectives represent targets of performance b. establishing meaningful business objectives is a prerequisite to effective internal control c. establishing meaningful business objectives is a key component of the management process d. business objectives are management's means of employing resources and assigning responsibilities
d
which of the following statements regarding corporate governance is not correct a. corporate control mechanisms include internal and external mechanisms b. the compensation scheme for management is part of the corporate control mechanisms c. the dilution of shareholder's wealth resulting from employee stock optios or employee stock bonuses is an accounting issue rather tahn a corporate governance issue d. the internal audit function of a compnay has more responsibility than the board for the company's corporate governance
d
while planning an internal audit, the internal auditor obtains knowledge about the auditee to, among other things
develop an understanding of the auditee's objectives and risks
What types of outcomes might a board need to consider to understand stakeholders' expectations?
financial, compliance, operations, or strategic outcomes
in addition to the standards, some internal audit departments follow other standards in conducting their work, wither because of regulatory requirements or by choice, when these other standards are inconsistent with IIA standards, what should the audit department do
follow the standard that is most restrictive
what types of business events tend to drive new legislation and guideance
fraud or other corporate wrongdoing
what are some of the factors that have fueled the dramatic increase in demand for internal audit services over the past 30 years
globalization, increasingly complex corporate structures, e-commerce and other techno-logical advances, and a global economic downturn.
Which of the following are components of the definition of internal auditing?
independence and objectify, a systematic and disciplined approach, helping the organization accomplish its objectives
what is the difference between independence and objectivity as they pertain to induvial auditors
independence refers to the organizational status of the internal audit function and reflects the freedom from conditions that threaten objectivity or the appearance of objectivity while objectivity is an impartial, unbiased mental attitude and involves avoiding conflicts of interest, which allows internal auditors to perform engagements in such a manner that they have an honest belief in their work product and that no significant quality compromises are made
ABC utility company sells electricity to residential customers and is a member of an industry association that provides guidance to electric utilities, lobbies on behalf of the industry, and facilitates sharing among its members. From ABC's perspective, what type of stakeholder is this industry association?
influences the company
Identify the four principles of the code of ethics
integrity objectivity confidentiality competency
What are the seven inherent personal qualitied listed in the chapter that are common among successful internal auditors
integrity, passion, work ethic, curiosity, creativity, initiative, and flexibility.
What is the difference between intnernal assurance services and internal consulting services
internal assurance services involve an objective examination of evidence for the purpose of providing an independent assessment on the effectiveness of governance, risk management, and control processes for the organization internal consulting services re advisory and related services, the nature and scope of which are agreed to with the customer and that are intended to improve an organization's governance, risk management, and control processes without the internal auditor assuming management responsibility.
What are the three parts of the CIA exam
internal audit basics, internal audit practice, internal audit knowledge elements
Why is is imperative that internal auditors have integrity
internal auditors must have integrity because the users of their work products rely on the internal auditors' professional judgments to make important business decisions. These stakeholders must have confidence that internal auditors are trustworthy.
how does the IIA define internal auditing
is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. it helps an organization accomplish its objectives by bringing a systematic disciplined approach to evaluate and improve the effectiveness of risk management
which of the following is a core principle for the professional practice of internal auditing a. maintain b. promote an c. develop consistency d. is appropriately
is appropriately positioned and adequately resourced
A payroll clerk increased the hourly pay rate of a friend and shared the resulting overpayment with the friend. Which of the following controls would have best served to prevent this fraud?
limiting the ability to make changes in payroll system personnel information to authorized HR department supervisors
What are the two categories of guidance included in the IPPF
mandatory guidance, which includes the Definition of Internal Auditing, the Code of Ethics, and the International Standards for the Professional Practice of Internal Auditing, and recommended guidance, which includes implementation guidance and supplemental guidance.
What fraud schemes were reported to be most common in the ACFEs 2016 report to the nation?
misappropriation of assets by employees
within the context of internal auditing, assurance services are best defined as
objective examinations of evidence for the purpose of providing independent assessments
according to the standards, how is the independence of the internal audit function achieved
organizational status and objectivity
companies in industries that are heavily regulated may be subject to audits by the regulators auditors. while not specifically covered in the three lines of defense model, such auditors would most likely be considered
part of the third line of defense
what are the three fundamental phases in the internal audit engagement process
planning the engagement, performing the engagement and communicating engagement outcomes
an internal auditor provides income tax services during the tax season. for which of the following activities would the auditor most likely be considered in violation of the IIA's code of ethics?
preparing, for a fee, a division manager's personal tax returns
which of the following is not an appropriate governance role for an organization's board of directors a. evaluating and approving b. influence the organ c. providing assurance directly d. establishing board boundaries of conduct
providing assurance directly to third parties that the organization's governance processes are effective
who is responsible for establishing the strategic objectives of an organization
senior management
who is ultimately responsible for identifying new or emerging key risk areas that should be covered by the organization's governance process
senior management
AVF Company's new CFO has asked the company's CAE to meet with him to discuss the role of the internal audit function. The CAE should inform the CFO that the overall responsibility of internal auditing is to:
serve as an independent assurance and consulting activity designed to add value and improve the company's operations
From an organization's standpoint, because internal auditors are seen to be "internal control experts," they also are:
the best resource for audit committees management, and others to consult in-house when setting up anti-fraud programs and controls, even if they may not have any fraud investigation experience
according to the standards which of the following must the internal audit manager think about when considering appropriate care while planning an assurance engagement a. the opportunity b. the cost c. job openings d. the potential
the cost of assurance in relationship to potential benefits
the IIA's standards require internal auditors to exercise due professional care while conducting assurance engagements. which of the following is not something an internal auditor is required to consider in determining what constitutes the exercise of due care in an assurance engagement of treasury operations
the independent outside auditors have requested to see the engagement report and working papers
To determine what needs to be done regarding follow up on an assurance engagement the internal audit staff just completed one would consult:
the performance standards, assurance services implementation standards
Assurance, insight and objectivity compirse:
the value proposition
the 17 principles in the updated COSO 2013 internal control - integrated framework include one devoted specifically to addressing fraud risk
true
the internal audit foundation exists to help audit leaders, practitioners, students and academics experience contiguous growth in their careers to propel them to become:
trusted advisors
What are the three components of the internal audit value proposition set forth by the IIA
assurance, insight and objectivity
in governance what are the key responsibilities of senior management
1. Ensuring that the full scope of direction and authority delegated by the board is properly understood. Senior management must understand the board's governance expectations, the amount of authority the board has delegated to management, its tolerance levels relative to unacceptable outcomes, and requirements for reporting to the board. 2. Identifying the processes and activities within the organization that are an integral part of executing the governance direction provided by the board. That is, senior management must determine: -Where in the organization to manage the specific risks that could result in unacceptable outcomes. -Who will be responsible for managing those risks (risk owners). -How those risks will be managed. 3. Evaluating what other business considerations or factors might create a justification for delegating a lower tolerance level to risk owners than that delegated from the board. For example, the board may specify that management must maintain controls to ensure there are no control weaknesses beyond a certain level of severity. However, senior management, desiring to avoid the situation where multiple significant control deficiencies aggregate to an unacceptable level, may specify to risk owners that controls be maintained to ensure there are no control deficiencies exceeding a lower level of severity. 4. Ensuring that sufficient information is gathered from the risk owners to support its reporting requirements to the board.
in governance what are the key responsibilities of risk owners
1. Evaluating whether the risk management activities are designed adequately to manage the related risks within the tolerance levels specified by senior management. Although senior management may provide direction relative to the risk management activities, the risk owners typically will determine the specific tasks that are necessary to carry out those activities. 2. Assessing the ongoing capabilities of the organization to execute those risk management activities. This assessment should evaluate the maturity of the procedures in place, the competence and experience of the people performing those procedures, the sufficiency of any enabling technologies (for example, computer systems), and the availability of external and internal information to support decision-making. 3. Determining whether the risk management activities are currently operating as designed— that is, whether the people and systems are executing the processes consistently with the desired objectives. 4. Conducting day-to-day monitoring activities to identify, in a timely manner, whether anomalies or divergences from expected outcomes have occurred. 5. Ensuring that the information needed by senior management and the board is accurate and readily available, and is provided to senior management on a timely basis.
what are the three types of stakeholders a board needs to understand
1. Stakeholders Directly Involved in the Operation of the Organization's Business — Examples include employees, customers, and vendors. 2. Stakeholders Interested in the Organization's Business — Examples include shareholders, investors, certain regulators, and financial institutions. 3. Stakeholders Influencing the Organization's Business — Examples include certain regulators, financial institutions, rating agencies, industry associations, and competitors.
what is a combined assurance model and why do some organizations use such models
A combined assurance model focuses on understanding the different types of assurance being provided so that, based on the level of risk being assessed and how strong the assurance is, a coordinated plan or calendar can be developed. This facilitates awareness of each assurance activity's assessments, when the assessments will occur, and how other assurance activities can rely on that work. Organizations use such models to combat "assurance fatigue." Assurance fatigue occurs as a result of different assurance activities failing to collaborate effectively. Failure to sufficiently coordinate activities results in redundant and unnecessary assurance work.
Explain what is meant by the term "conflicts of interest". How do they arrive?
A conflict of interest is "a situation in which an internal auditor, who is in a position of trust, has a competing professional or personal interest" (Interpretation of Standard 1120: Individual Objectivity). Circumstances that cause conflicts of interest for an internal auditor include, for example: 1. Auditing the area of the organization for which he or she was recently responsible. 2. Auditing an area of the organization in which a relative or close friend works. 3. Having an economic stake in the outcomes of his or her work.
in governance what are the key responsibilities of the board of directors
Establishing a governance committee - This committee could be a new committee or an expansion of responsibilities for an existing committee (for example, many public companies have expanded the responsibilities of the nominating committee to become a nominating and governance committee). -It should be made up of independent directors. -The committee should have the responsibilities outlined above. Articulation requirements for reporting to the board -The board should delegate to management the authority to operate the business within the board's tolerable limits relative to unacceptable outcomes. Management must have the authority to make day-to-day business decisions, but also must have a clear understanding of the board's tolerance limits within which to manage the business. -As part of its oversight role, the board also must establish reporting thresholds for management—that is, which outcomes must be approved by the board, reported directly to the board, or summarized for the board as part of quarterly meetings. Reevaluating governance expectation periodically (annually) -Key stakeholder expectations may evolve and change. Therefore, the board must identify those changes and reevaluate its governance direction. -As a result of those changes, the board's tolerance levels also should be reevaluated.
what role does the internal audit function play in governance
Evaluating whether the various risk management activities are designed adequately to manage the risks associated with unacceptable outcomes. -Testing and evaluating whether the various risk management activities are operating as designed. -Determining whether the assertions made by the risk owners to senior management regarding the effectiveness of the risk management activities accurately reflect the current state of risk management effectiveness. -Determining whether the assertions made by senior management to the board regarding the effectiveness of the risk management activities provide the board with the information it desires about the current state of risk management effectiveness. -Evaluating whether risk tolerance information is communicated timely and effectively from both the board to senior management and from senior management to the risk owners. -Assessing whether there are any other risk areas that are currently not included in the governance process, but should be (for example, a risk for which risk tolerance and reporting expectations have not been delegated to a specific risk owner).
which of the following are typically governance responsibilities of senior management I. delegating its tolerance levels to risk managers II. monitoring dat to day performance of specific risk management activited III. establishing a governance committee of the board IV. ensuring that sufficient information is gathered to support reporting to the board
I and IV
which of the following is/are components of the standards I. statements II. interpretations III. glossary
I, II, and III
which of the following types of IPPF guidance requires public exposure? I. a new implementation guide II. a new standard III. new supplemental guidance for auditing cybersecurity IV. a new definition in the standards glossary
II and IV
which of the following are "mandatory guidance" in the IIA's and IPPF I. implementation guides II. the code of ethics III. the definition of internal auditing IV. the standards
II, III, and IV
What IPPF components constitute recommended guidance
Implementation Guidance Supplemental Guidance
explain the difference between assurance and consulting services. Why does each type of service have its own implementation standards
In consulting services, the service relationship is generally between users (customers) who have direct involvement in the process, system, or subject matter and the provider (auditor/consultant). In assurance services, there are typically three (or more) parties involved: 1) the auditor, 2) the person or group directly involved with the process, system, or subject matter, and 3) the person or group relying on the auditor's assessment. As the "contracting" process is more direct in consulting, with the user/customer and provider able to work together to make sure the user's needs are met by the engagement, less detailed standards are necessary. In assurance services, the user is typically distant from the engagement process and may, in some cases, not even be known. Having established standards allows the needs of all three groups to be balanced. The nature of this three-party relationship also requires the internal auditor to have control over the engagement as the internal auditor is responsible for balancing the needs of the other two parties.
what type of procedures might an internal auditor use to test the design adequacy and operating effectiveness of governance, risk management and control processes
Inquiring of managers and employees. Observing activities. Inspecting resources and documents. Reperforming control activities. Performing trend and ratio analysis. Performing data analysis using computer-assisted audit techniques. Gathering corroborating information from independent third parties. Performing direct tests of events and transactions.
what organizations other than the IIA, promulgate guidance that is pertinent to internal auditors
The U.S. Government Accountability Office (GAO) issues standards for governmental audits in the United States. Like the United States, most countries have established standards for audit of governmental entities and contracts. ISACA (previously known as the Information Systems Audit and Control Association) provides detailed and specialized guidance about auditing computerized information systems. The Board of Environmental, Health, and Safety Auditor Certifications (BEAC) develops Standards for the Professional Practice of Environmental, Health, and Safety Auditing to address the needs of environmental, health, and safety audit professionals. The U.S. Public Company Accounting Oversight Board (PCAOB) and the American Institute of Certified Public Accountants (AICPA) set the standards for audits of companies' financial statements in the United States. The International Auditing and Assurance Standards Board (IAASB), which is a part of the International Federation of Accountants (IFAC), issues international audit standards adopted by a number of countries. The International Standards Organization (ISO) sets standards for risk management and for quality and environmental audits. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has issued The Society of Corporate Compliance and Ethics (SCCE) provides guidance for ethics and compliance practitioners. The Health Care Compliance Association (HCCA) provides guidance for compliance professionals specifically operating in the healthcare industry. The Basel Committee on Banking Supervision has specific requirements (referred to as Basel1 and Basel 2) for internal audits of banking and financial institutions' risk management and rating systems.
Prediction is a technical term that refer to
The ability of the fraud examiner to commence an investigation given the establishment of the predicate that fraud exists and may still be occurring
what is the primary difference between internal and external financial reporting assurance services
The audience, internal auditors provide financial reporting assurance to management and BOD. external auditors provide assurance for the benefit of third parties
What is the IIA's definition of Governance?
The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives.
What is the difference between the strategic direction and oversight
The first broad area of governance is strategic direction. The board is responsible for providing strategic direction and oversight relative to the establishment of key business objectives, consistent with the organization's business model. Directors bring varied and diverse business experience to the board and, thus, are in a position to provide the strategic direction and oversight of that direction that will help the organization be successful. The board can also influence the organization's risk-taking philosophy and establish broad boundaries of conduct based on the organization's overall risk appetite and cultural values. Providing strategic direction, overseeing the objective-setting process, and monitoring progress toward meeting the goals and objectives of the organization are key reasons for the board's existence. The second broad area of governance is governance oversight. This area involves the board understanding the needs of stakeholders, providing direction and authority to senior managers, who in turn empower risk owners to carry out that direction, reporting of risk management effectiveness up from risk owners to senior management to the board, and internal and external activities, most notably the internal and external auditors, providing assurances to senior management and the board as to the effectiveness of governance activities.
What is the definition of independence as it pertains to an internal audit function
The freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner.
Which of the following is a framework that can help individual internal auditors and internal audit function assess their current competency levels and identify areas for improvement a. internal control - integrated framework b. international professional practices framework c. the global internal auditor competency framework d. enterprise risk management framework
The global internal auditor competency framework
which of the following would be considered a first line of defense
an accounts payable supervisor conducting a weekly review to ensure all payments were issued by the required payment date
how should an organization handle an anonymous accusation from an employee that a supervisor in the organization has manipulated time reports
assess the facts provided by the anonymous party against pre-established criteria to determine whether a formal investigation is warranted
