Internal Audit - TEST 1
Monitoring Activities
ongoing evaluations built into business processes at different levels of the entity that provide timely information findings are evaluated against some criteria established performed concurrently with operations on an ongoing basis exist in all components of COSO
history of guidance setting for the Internal Audit Profession
the distancing of senior management from the operations for which they were responsible created a need for other people in the organization to assist them by examining the operations and providing reports based on those examinations
Operations Objectives
the effectiveness and efficiency of entity's operations
International Professional Practices Framework (IPPF)
the only globally recognized guidance for internal audit profession and contains what are considered the essential elements for the delivery of internal audit services provides the foundation for the internal audit function to fulfill their role and meet their responsibilities
Independence
the organizational status of the internal audit function
Residual Risk
the portion of inherent risk that remains after management executes its risk responses
Risk
the possibility that an event will occur and negatively affect the achievement of objectives
Opportunity
the possibility that an event will occur and positively affect the achievement of objectives
Control
the process conducted by management to mitigate risks to acceptable levels
Risk Management
the process conducted by management to understand and deal with uncertainties that could affect the organization's ability to achieve its objectives
Governance
the process conducted by the board of directors to authorize, direct, and oversee management toward the achievement of the organization's objectives
Competence
the skills and knowledge required to provide assurance and advisory services that add value
Outsource Internal Audit Function
to external service providers such as public accounting firms and other third party vendors
Objective of Internal Audit
to help the organization achieve its business objectives through - operational effectiveness and efficiency of processes - reliability of information -safeguarding assets - compliance with organization policies, laws, regs
The Code of Ethics
to promote an ethical culture in the internal audit profession Principles of the Code and Rules of the Code
Co-sourcing
an organization is supplementing its in-house internal audit function to some extent via the services of third party vendors circumstances where the third party vendor has specialized knowledge regarding the issue
Internal Assurance and Consulting services are
analytical and investigative, based on logic, reasoning and drawing inferences
Competency
apply knowledge, skills and experience needed n the performance of internal audit services
Performing the Engagement
apply specific audit procedures gather evidence document procedures performed and results
The Standards
apply to individual internal auditors and internal audit activities
to survive and thrive, internal audit, like any other function within the organization.......
must justify their existence to key stakeholders stakeholders must value their services
Nature and Scope of Consulting Services
mutually agreed on by the customer and internal audit function involves the customer and internal auditor
To Plan the Engagement:
obtain an understanding of the audit and customer set engagement objectives determine required evidence decide nature, timing, extent of audit tests
Internal Control Frameworks
- COSO - CICA - COCO frameworks
Factors contributing to the demand for internal audit services
- business world has changed dramatically - business world has experienced quite a few corporate scandals
Layered Approach to Monitoring Activities
- everyday activities performed by management - separate evaluation of area's controls by management - independent assessment by an outside area to validate the separate evaluation
Key components of Internal Auditing Definition
- help organization accomplish objectives - evaluate and improve effectiveness of risk management, control and governance processes - assurance and consulting designed to add value and improve operations - independence and objectivity - systematic and disciplined approach
Examples of Control Activities
- separation of duties - performance reviews - authorizations - documentation - physical access controls - IT access controls - IT application controls - Independent Verification and Reconciliations
Internal Auditors must embody the five character traits
1. Competence 2. Credibility 3. Connectivity 4. Communication 5. Courage
5 Components of COSO
1. Control Environment 2. Risk Assessment 3. Control Activities 4. Information and Communication 5. Monitoring
Three categories of COSO objectives
1. Operations 2. Reporting 3. Compliance
Three Ways Assurance and Consulting Differ
1. Primary Purpose 2. Who determines the nature and scope of the engagement 3. Parties Involved
Rules of Code of Conduct
12 behavioral norms that internal auditors should follow to put the principles into action
Internal Auditing
An independent, objective assurance and consulting activity designed to add value and improve an organization's operations
IIA Value Proposition - why Internal Auditing is important
Assurance Insight Objectivity
Two Categories of Standards
Attribute and Performance
2 Types of Professional Guidance
Mandatory Guidance Recommended Guidance
Compliance Objectives
adherence to laws and regulations to which the entity is subject
Three fundamental phases in the Internal Audit Engagement
Planning the Engagement Performing the Engagement Communicating Engagement Outcomes
Framework
a body of guiding principles that form a template against which organizations can evaluate a multitude of business practices provide structure within a body of knowledge and guidance fit together
Insight
a catalyst to improve an organization's effectiveness and efficiency
Financial Statement Audit
a form of assurance service in which the firm issues a written attestation report that expresses an opinion about whether the financial statements are fairly in accordance with GAAP
Global Internal Auditor Competency Framework
a framework that can help individual auditors and internal audit functions assess their current competency levels and identify areas for improvement
what IPPF guidance requires public exposure
a new standard and a new definition in the standards glossary
COSO framework of Internal Control
a process effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance process effected by people to achieve objectives
Deficiency
a shortcoming in a component and relevant principle that reduces the likelihood that the entity can achieve its objectives
Control Activities
actions taken by management, the board, and other parties to mitigate risk and increase the likelihood that objectives and goals are achieved present at all levels in the organization can be separated into operations, reporting compliance categories
Attribute Standards
address the attributes of organizations and individuals performing internal auditing 1. Purpose, Authority & Responsibility 2. Independence & Objectivity 3. Proficiency and Due Professional Care 4. Quality Assurance and Improvement Program
Supplemental Guidance
addresses topic areas, specific issues, processes and procedures, tools and techniques and examples of deliverables
The Core Principles
articulate the key elements describing the internal audit effectiveness - demonstrate integrity -demonstrates competence and due professional care - objective and free from undue influence - aligns with strategies, objectives and risks of org - appropriately positioned and adequately resourced - demonstrates quality and continuous improvement - communicate effectively - provide risk-based assurance - insightful, proactive, future-focused - promote organizational improvement
Primary Purpose of Internal Assurance Services
assess evidence relevant to subject matter of interest to someone and provide conclusions regarding the subject matter
Implementation Guidance
assist internal auditors in applying the standards collectively address the approach, methodologies, and considerations for internal auditing
CEO's responsibility for Internal Control
assumes primary responsibility for the system of internal controls
The CAE reports administratively to the CEO, the IIA recommends that the CAE report functionally to the ____
board of directors
Objectivity
commitment to integrity and accountability
Communicating Outcomes of Engagement
communications must be accurate, objective, clear, concise, constructive, complete and timely
Auditing
consider business events, conditions, analytical, critical, investigative emphasizes proof and support for financial statements and data
Performance Standards
describe the nature of internal audit services and criteria against which the performance of these services can be assessed 1. Managing the Internal Audit Activity 2. nature of Work 3. engagement planning 4. Communicating Results 5. Monitoring Progress 6. Communicating the Acceptance of Risks
Recommended Guidance
describes practices supporting effective implementation of the principles in the mandatory guidance
Nature and Scope of Assurance Engagement
determined by the internal audit function involves three parties: audit, internal auditor, user
Confidentiality
do not disclose information without appropriate authority unless there is a legal or professional obligation to do so
Risk Assessment
dynamic and iterative process identifying and assessing risks to the achievement of objectives forms the basis for how risks will be managed
Recommended Guidance
endorsed by the IISA through a formal approval process ways to help auditors implement mandatory guidance
Mandatory elements of Mandatory Guidance
essential org structure, relationships attributes, competencies and behavioral norms essential features of the services themselves and their processes
primary purpose of standards is to
establish a basis for evaluating internal audit performance
Integrity
establishes trust, provides the basis for reliance on their judgement
Objectivity
exhibit the highest level of objectivity in gathering, evaluating, and communicating information and not unduly influenced by their own interests or by others in forming judgements unbiased mental attitude avoid conflicts of interest
Principles of the Code of Ethics
express four ideals internal auditors should aspire to maintain when conducting their work - integrity - objectivity - confidentiality - competence
Internal Auditing
for the benefit of management and the board of directors SOX requires managers to certify their financial statements
Pathways into Internal Auditing
from public accounting, hiring directly out of school, from management training programs
Strategic Objectives
goals that management sets specifically related to stakeholder interests
Purpose of the Standards
guide adherence with mandatory elements of the IPPF provide a framework to perform/promote value-added internal auditing establish basis for evaluating performance foster improved organizational processes and operations
Mandatory Guidance
have to follow, essential, developed through a rigorous due process to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight
Objectivity means the auditor is able to make...
impartial, unbiased judgements not involve themselves in day to day operations
Inherent personal qualities of internal auditors
integrity, passion, work ethic, curiosity, creativity, initiative, flexibility
Reporting Objectives
internal and external financial and non-financial reporting activities to encompass reliability, timeliness, transparency
Assurance
internal audit provides assurance on the organization's governance, risk management, and control processes to achieve objectives
Communication
methods of relaying information and listening to individuals served
Certified Internal Auditor (CIA)
only globally accepted certification for internal auditors and is the standard to demonstrate their competency and professionalism in the internal auditing field must pass CIA exam (Internal Audit Basics, Internal Audit Knowledge Elements and Internal Audit Practice) minimum of 2 years of experience
Integrity is not an ___ for internal auditors, they must have it.
option
Board of Directors responsibility for Internal Control
oversee management, provide direction regarding internal control and have responsibility for overseeing the system of internal controls effective board members are important to internal control because of management override
Customer
people seeking the services in a consulting engagement
Auditee
people subject to assessment in an assurance engagement
Control Environment
permeates all areas of the organization and influences the way individuals approach internal control set of standards, processes, and structures that provide the basis for carrying out internal control across the organization "tone at the top", integrity and ethical values in the organization assignment of responsibilities, rigor around performance measures, parameters enabling board of directors to carryout governance
Compliance Objectives of COSO
pertain to adherence to laws and regulations to which the entity is subject
Operations Objectives of COSO
pertain to effectiveness and efficiency of the entity's operations
Reporting Objectives of COSO
pertain to internal and external financial and non-financial reporting and may encompass reliability, timeliness, transparency
Primary Purpose of Internal Consulting Services
provide advice and other assistance, generally at the specific request of engagement customers
Professional Guidance
provided by the IIA to support the mission of internal audit
External Auditing
publicly traded companies are required to have their financial statements audited by an independent outside auditor also have their auditors' attest to the effectiveness of their internal controls primarily for the benefit of third parties
Objectivity
refers to the mental attitude of individual internal auditors
Information and Communication
relevant, accurate and timely information available to individuals at all levels of an organization information should remain aligned with current business needs communicate using electronic means or face to face
Courage
remain independent and objective and to stand by results of engagements conducted
Mandatory Guidance
required and essential to conform with principles due diligence process - core principles for practice of internal auditing - code of ethics - the standards - definition of internal auditing
The Institute of Internal Auditors
standard setters for internal audits
Pathways Out of Internal Auditing
stepping stone in financial management position position with professional services firm that offers internal audit services
Threats to Independence and Objectivity
task-related threats, incentives, personal relationships
Credibility
the ability to inspire trust based on consistent competence and integrity
Connectivity
the ability to understand the needs of the stakeholders individually within the greater whole of the organization
Accounting
the collection, classification, summarization, and communication of financial data reduce tremendous amount of detail to manageable and understandable proportions