1:Internal Audit Operations

Question 1

Define the role of governance as it relates to the internal audit activity.

Answer 1

To inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives.

Question 2

Define risk management as it relates to the internal audit activity.

Answer 2

A process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization’s objectives.

Question 3

Define control as it relates to the internal audit activity.

Answer 3

Any action taken to manage risk and increase the likelihood that established objectives and goals will be achieved.

Question 4

Reasonable assurance that objectives and goals will be achieved is the responsibility of

Answer 4

Management.

Question 5

Who is responsible for guiding governance processes?

Answer 5

Who is responsible for guiding governance processes?

Question 6

Define compliance.

Answer 6

Adherence to policies, plans, procedures, laws, regulations, contracts, or other requirements.

Question 7

Who evaluates the controls regarding compliance?

Answer 7

The internal audit activity.

Question 8

What is the difference between efficient performance and economical performance?

Answer 8

Efficient performance
Accomplishes objectives in an accurate, timely, and economical fashion
Economical performance
Accomplishes objectives with minimal use of resources proportionate to the risk exposure

Question 9

Reasonable assurance is achieved when

Answer 9

The most cost-effective measures are taken in the design and implementation of controls to reduce risks and restrict expected deviations to a tolerable level.

Question 10

What are the two basic types of internal audit engagements?

Answer 10

Assurance services
Consulting services

Question 11

Define the purpose of assurance services.

Answer 11

To provide an independent assessment on governance, risk management, and control processes for the organization.

Question 12

Define consulting services.

Answer 12

Advisory and related client service activities intended to add value and improve an organization’s governance, risk management, and control processes.

Question 13

Performance Standard 2100, Nature of Work, states, “The internal audit activity must . . .”

Answer 13

“evaluate and contribute to the improvement of the organization’s governance, risk management, and control processes using a systematic, disciplined, and risk-based approach.”

Question 14

Define control processes.

Answer 14

The policies, procedures (both manual and automated), and activities that are part of a control framework, designed and operated to ensure that risks are contained within the level that an organization is willing to accept.

Question 15

Internal auditors may use their knowledge, experience, and best practices to provide

Answer 15

Observations of weaknesses
Recommendations

Question 16

Who is responsible for the management of internal audit activity to ensure it adds value to the organization?

Answer 16

Chief Audit Executive.

Question 17

The internal audit activity is effectively managed when it

Answer 17

Achieves the purpose and responsibility included in the internal audit charter,
Conforms with the Standards,
Conforms by individual members with the Code of Ethics and the Standards, and
Considers trends and emerging issues that could impact the organization.

Question 18

How does the internal audit activity add value to an organization and its stakeholders?

Answer 18

Considers strategies, objectives, and risks.
Strives to offer ways to enhance governance, risk management, and control processes.
Objectively provides relevant assurance.

Question 19

Why must the chief audit executive establish policies and procedures?

Answer 19

To guide the internal audit activity.

Question 20

The form and content of policies and procedures are dependent upon the _____[1]_____ and _____[2]_____ of the internal audit activity and the _____[3]_____ of its work.

Answer 20

1-Size
2-Structure
3-Complexity

Question 21

Key stakeholders in an organization include

Answer 21

Board of Directors,
Audit committees,
Management,
External auditors, and
Regulators.

Question 22

To achieve organizational independence, the Chief Audit Executive, in managing the internal audit committee, must have

Answer 22

Direct and unrestricted access to senior management and the Board.

Question 23

The highest level governing body of an organization is

Answer 23

The Board.

Question 24

The audit committee is composed of

Answer 24

A sub-unit of the Board of Directors.

Question 25

Approving the internal audit charter and ensuring engagement results are given due consideration are functions of the

Answer 25

Audit committee.

Question 26

What should the CAE do to avoid conflict between the CEO and the audit committee?

Answer 26

The CAE should request board establishment of policies covering the internal audit activity’s relationships with the audit committee.

Question 27

Define participative auditing.

Answer 27

Participative auditing is a collaboration between the internal auditor and management during the auditing process. The objective is to minimize conflict and build a shared interest in the engagement.

Question 28

Ensuring that internal audit resources are appropriate, sufficient, and effectively deployed is the responsibility of the

Answer 28

Chief Audit Executive.

Question 29

Relevant factors considered by the Chief Audit Executive when planning allocation of resources include

Answer 29

Communications received from management and the Board,
Information about ongoing and new engagements,
Consequences of not completing an engagement on time, and
Knowledge, skills, and competencies of the internal audit staff.

Question 30

The effective deployment of internal audit resources occurs when

Answer 30

They are used in a way that optimizes the achievement of the approved plan.

Question 31

List the five items that are considered during internal audit resource planning.

Answer 31

1-The audit universe
2-Relevant risk levels
3-The internal audit plan
4-Coverage expectations
5-An estimate of unanticipated activities

Question 32

What are the advantages of having field offices for internal auditing?

Answer 32

Reduced travel time and expense
Improved services in field office locations
Better morale from increased authority
Employing persons who do not wish to travel

Question 33

List factors the Chief Audit Executive considers when selecting audit staff.

Answer 33

Complexity of the engagement
Experience levels of the auditors
Training needs of the auditors
Available resources

Question 34

A(n) __________ may serve as the internal audit activity but cannot assume responsibility for maintaining an effective internal audit activity.

Answer 34

External service provider.

Question 35

Who is primarily responsible for the sufficiency and management of resources, including communication of needs and status to senior management and the board?

Answer 35

The CAE.

Question 36

List various functions of a job description.

Answer 36

Summarize the duties and qualifications required for a job.
Provide a basis for identifying job qualifications, such as training and experience.
Facilitate recruiting the appropriate internal audit staff with the necessary attributes for the planned activities.

Question 37

What are the six principles of The IIA’s Three Lines Model?

Answer 37

1-Governance
2-Governing body roles
3-Management – First and second line roles
4-Third line roles
5-Third line independence
6-Creating and protecting value

Question 38

According to the Three Lines Model, internal audit independence is achieved through

Answer 38

Accountability to the governing body;
Unaffected access to people, resources, and data; and
Freedom from bias and interference.

Question 39

The internal audit activity’s coordination with, and reliance upon, the work of other assurance and consulting service providers ensures _____[1]_____ and minimizes _____[2]_____.

Answer 39

1-Proper coverage
2-Duplication of efforts

Question 40

Coordinating activities include

Answer 40

Simultaneity (performed at the same time) of the nature, extent, and timing of scheduled work
Mutual understanding of methods and vocabulary
The parties’ access to each other’s programs, working papers, and communication of results
Reliance on others’ work to avoid overlap
Meeting to adjust the timing of scheduled work given results to date

Question 41

Does reliance on another service provider excuse the CAE from final responsibility for conclusions and opinions?

Answer 41

No.