Internal Audit - TEST 1

Monitoring Activities

ongoing evaluations built into business processes at different levels of the entity that provide timely information findings are evaluated against some criteria established performed concurrently with operations on an ongoing basis exist in all components of COSO

history of guidance setting for the Internal Audit Profession

the distancing of senior management from the operations for which they were responsible created a need for other people in the organization to assist them by examining the operations and providing reports based on those examinations

Operations Objectives

the effectiveness and efficiency of entity's operations

International Professional Practices Framework (IPPF)

the only globally recognized guidance for internal audit profession and contains what are considered the essential elements for the delivery of internal audit services provides the foundation for the internal audit function to fulfill their role and meet their responsibilities

Independence

the organizational status of the internal audit function

Residual Risk

the portion of inherent risk that remains after management executes its risk responses

Risk

the possibility that an event will occur and negatively affect the achievement of objectives

Opportunity

the possibility that an event will occur and positively affect the achievement of objectives

Control

the process conducted by management to mitigate risks to acceptable levels

Risk Management

the process conducted by management to understand and deal with uncertainties that could affect the organization's ability to achieve its objectives

Governance

the process conducted by the board of directors to authorize, direct, and oversee management toward the achievement of the organization's objectives

Competence

the skills and knowledge required to provide assurance and advisory services that add value

Outsource Internal Audit Function

to external service providers such as public accounting firms and other third party vendors

Objective of Internal Audit

to help the organization achieve its business objectives through - operational effectiveness and efficiency of processes - reliability of information -safeguarding assets - compliance with organization policies, laws, regs

The Code of Ethics

to promote an ethical culture in the internal audit profession Principles of the Code and Rules of the Code

Co-sourcing

an organization is supplementing its in-house internal audit function to some extent via the services of third party vendors circumstances where the third party vendor has specialized knowledge regarding the issue

Internal Assurance and Consulting services are

analytical and investigative, based on logic, reasoning and drawing inferences

Competency

apply knowledge, skills and experience needed n the performance of internal audit services

Performing the Engagement

apply specific audit procedures gather evidence document procedures performed and results

The Standards

apply to individual internal auditors and internal audit activities

to survive and thrive, internal audit, like any other function within the organization.......

must justify their existence to key stakeholders stakeholders must value their services

Nature and Scope of Consulting Services

mutually agreed on by the customer and internal audit function involves the customer and internal auditor

To Plan the Engagement:

obtain an understanding of the audit and customer set engagement objectives determine required evidence decide nature, timing, extent of audit tests

Internal Control Frameworks

- COSO - CICA - COCO frameworks

Factors contributing to the demand for internal audit services

- business world has changed dramatically - business world has experienced quite a few corporate scandals

Layered Approach to Monitoring Activities

- everyday activities performed by management - separate evaluation of area's controls by management - independent assessment by an outside area to validate the separate evaluation

Key components of Internal Auditing Definition

- help organization accomplish objectives - evaluate and improve effectiveness of risk management, control and governance processes - assurance and consulting designed to add value and improve operations - independence and objectivity - systematic and disciplined approach

Examples of Control Activities

- separation of duties - performance reviews - authorizations - documentation - physical access controls - IT access controls - IT application controls - Independent Verification and Reconciliations

Internal Auditors must embody the five character traits

1. Competence 2. Credibility 3. Connectivity 4. Communication 5. Courage

5 Components of COSO

1. Control Environment 2. Risk Assessment 3. Control Activities 4. Information and Communication 5. Monitoring

Three categories of COSO objectives

1. Operations 2. Reporting 3. Compliance

Three Ways Assurance and Consulting Differ

1. Primary Purpose 2. Who determines the nature and scope of the engagement 3. Parties Involved

Rules of Code of Conduct

12 behavioral norms that internal auditors should follow to put the principles into action

Internal Auditing

An independent, objective assurance and consulting activity designed to add value and improve an organization's operations

IIA Value Proposition - why Internal Auditing is important

Assurance Insight Objectivity

Two Categories of Standards

Attribute and Performance

2 Types of Professional Guidance

Mandatory Guidance Recommended Guidance

Compliance Objectives

adherence to laws and regulations to which the entity is subject

Three fundamental phases in the Internal Audit Engagement

Planning the Engagement Performing the Engagement Communicating Engagement Outcomes

Framework

a body of guiding principles that form a template against which organizations can evaluate a multitude of business practices provide structure within a body of knowledge and guidance fit together

Insight

a catalyst to improve an organization's effectiveness and efficiency

Financial Statement Audit

a form of assurance service in which the firm issues a written attestation report that expresses an opinion about whether the financial statements are fairly in accordance with GAAP

Global Internal Auditor Competency Framework

a framework that can help individual auditors and internal audit functions assess their current competency levels and identify areas for improvement

what IPPF guidance requires public exposure

a new standard and a new definition in the standards glossary

COSO framework of Internal Control

a process effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance process effected by people to achieve objectives

Deficiency

a shortcoming in a component and relevant principle that reduces the likelihood that the entity can achieve its objectives

Control Activities

actions taken by management, the board, and other parties to mitigate risk and increase the likelihood that objectives and goals are achieved present at all levels in the organization can be separated into operations, reporting compliance categories

Attribute Standards

address the attributes of organizations and individuals performing internal auditing 1. Purpose, Authority & Responsibility 2. Independence & Objectivity 3. Proficiency and Due Professional Care 4. Quality Assurance and Improvement Program

Supplemental Guidance

addresses topic areas, specific issues, processes and procedures, tools and techniques and examples of deliverables

The Core Principles

articulate the key elements describing the internal audit effectiveness - demonstrate integrity -demonstrates competence and due professional care - objective and free from undue influence - aligns with strategies, objectives and risks of org - appropriately positioned and adequately resourced - demonstrates quality and continuous improvement - communicate effectively - provide risk-based assurance - insightful, proactive, future-focused - promote organizational improvement

Primary Purpose of Internal Assurance Services

assess evidence relevant to subject matter of interest to someone and provide conclusions regarding the subject matter

Implementation Guidance

assist internal auditors in applying the standards collectively address the approach, methodologies, and considerations for internal auditing

CEO's responsibility for Internal Control

assumes primary responsibility for the system of internal controls

The CAE reports administratively to the CEO, the IIA recommends that the CAE report functionally to the ____

board of directors

Objectivity

commitment to integrity and accountability

Communicating Outcomes of Engagement

communications must be accurate, objective, clear, concise, constructive, complete and timely

Auditing

consider business events, conditions, analytical, critical, investigative emphasizes proof and support for financial statements and data

Performance Standards

describe the nature of internal audit services and criteria against which the performance of these services can be assessed 1. Managing the Internal Audit Activity 2. nature of Work 3. engagement planning 4. Communicating Results 5. Monitoring Progress 6. Communicating the Acceptance of Risks

Recommended Guidance

describes practices supporting effective implementation of the principles in the mandatory guidance

Nature and Scope of Assurance Engagement

determined by the internal audit function involves three parties: audit, internal auditor, user

Confidentiality

do not disclose information without appropriate authority unless there is a legal or professional obligation to do so

Risk Assessment

dynamic and iterative process identifying and assessing risks to the achievement of objectives forms the basis for how risks will be managed

Recommended Guidance

endorsed by the IISA through a formal approval process ways to help auditors implement mandatory guidance

Mandatory elements of Mandatory Guidance

essential org structure, relationships attributes, competencies and behavioral norms essential features of the services themselves and their processes

primary purpose of standards is to

establish a basis for evaluating internal audit performance

Integrity

establishes trust, provides the basis for reliance on their judgement

Objectivity

exhibit the highest level of objectivity in gathering, evaluating, and communicating information and not unduly influenced by their own interests or by others in forming judgements unbiased mental attitude avoid conflicts of interest

Principles of the Code of Ethics

express four ideals internal auditors should aspire to maintain when conducting their work - integrity - objectivity - confidentiality - competence

Internal Auditing

for the benefit of management and the board of directors SOX requires managers to certify their financial statements

Pathways into Internal Auditing

from public accounting, hiring directly out of school, from management training programs

Strategic Objectives

goals that management sets specifically related to stakeholder interests

Purpose of the Standards

guide adherence with mandatory elements of the IPPF provide a framework to perform/promote value-added internal auditing establish basis for evaluating performance foster improved organizational processes and operations

Mandatory Guidance

have to follow, essential, developed through a rigorous due process to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight

Objectivity means the auditor is able to make...

impartial, unbiased judgements not involve themselves in day to day operations

Inherent personal qualities of internal auditors

integrity, passion, work ethic, curiosity, creativity, initiative, flexibility

Reporting Objectives

internal and external financial and non-financial reporting activities to encompass reliability, timeliness, transparency

Assurance

internal audit provides assurance on the organization's governance, risk management, and control processes to achieve objectives

Communication

methods of relaying information and listening to individuals served

Certified Internal Auditor (CIA)

only globally accepted certification for internal auditors and is the standard to demonstrate their competency and professionalism in the internal auditing field must pass CIA exam (Internal Audit Basics, Internal Audit Knowledge Elements and Internal Audit Practice) minimum of 2 years of experience

Integrity is not an ___ for internal auditors, they must have it.

option

Board of Directors responsibility for Internal Control

oversee management, provide direction regarding internal control and have responsibility for overseeing the system of internal controls effective board members are important to internal control because of management override

Customer

people seeking the services in a consulting engagement

Auditee

people subject to assessment in an assurance engagement

Control Environment

permeates all areas of the organization and influences the way individuals approach internal control set of standards, processes, and structures that provide the basis for carrying out internal control across the organization "tone at the top", integrity and ethical values in the organization assignment of responsibilities, rigor around performance measures, parameters enabling board of directors to carryout governance

Compliance Objectives of COSO

pertain to adherence to laws and regulations to which the entity is subject

Operations Objectives of COSO

pertain to effectiveness and efficiency of the entity's operations

Reporting Objectives of COSO

pertain to internal and external financial and non-financial reporting and may encompass reliability, timeliness, transparency

Primary Purpose of Internal Consulting Services

provide advice and other assistance, generally at the specific request of engagement customers

Professional Guidance

provided by the IIA to support the mission of internal audit

External Auditing

publicly traded companies are required to have their financial statements audited by an independent outside auditor also have their auditors' attest to the effectiveness of their internal controls primarily for the benefit of third parties

Objectivity

refers to the mental attitude of individual internal auditors

Information and Communication

relevant, accurate and timely information available to individuals at all levels of an organization information should remain aligned with current business needs communicate using electronic means or face to face

Courage

remain independent and objective and to stand by results of engagements conducted

Mandatory Guidance

required and essential to conform with principles due diligence process - core principles for practice of internal auditing - code of ethics - the standards - definition of internal auditing

The Institute of Internal Auditors

standard setters for internal audits

Pathways Out of Internal Auditing

stepping stone in financial management position position with professional services firm that offers internal audit services

Threats to Independence and Objectivity

task-related threats, incentives, personal relationships

Credibility

the ability to inspire trust based on consistent competence and integrity

Connectivity

the ability to understand the needs of the stakeholders individually within the greater whole of the organization

Accounting

the collection, classification, summarization, and communication of financial data reduce tremendous amount of detail to manageable and understandable proportions