2: Assurance Engagements Flashcards
Define assurance services.
Assurance services are an objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization.
What are the types of assurance services?
Financial
Compliance
Operational
IT
Define compliance assurance.
Compliance assurance is the review of financial and operating controls to assess conformance with established laws, standards, regulations, policies, plans, procedures, contracts, and other requirements.
Define operational assurance.
Operational assurance is the review of a function or process to appraise the efficiency and economy of operations and their effectiveness.
According to COSO, what process is designed to provide reasonable assurance regarding the achievement of objectives?
Internal control.
List the three parties involved in an assurance engagement.
Responsible party or auditee
Users
Practitioner
What is the basic philosophy of Control Self-Assessment?
Control is the responsibility of everyone in the organization.
________ should oversee the processes of risk management and control.
Senior management.
List some benefits of a control self-assessment (CSA) program.
A CSA program
Augments the traditional role of the internal audit activity (IAA),
Assists management in risk management and control processes,
Allows the IAA and business units to collaborate to produce better information,
May reduce efforts in gathering information and testing of control processes, and
Increases coverage of assessments of control processes across the organization.
What are the three primary approaches of control self-assessment programs?
Workshop facilitation
Survey/questionnaire
Self-certification
What are the different formats and focuses of the facilitation approach?
Format
Objective-based: The best way to accomplish a business objective
Risk-based: Listing risks to achieve objective(s)
Control-based: How well the controls in place are working
Process-based: Selected activities that are elements of a chain of processes
Who provides varying degrees of assurance about the state of effectiveness of the risk management and control processes of the organization?
Internal and external auditors.
List examples of external business relationships.
Service providers
Supply-side partners
Demand-side partners
Strategic alliances
Joint ventures
Intellectual property partners
List examples of significant risks of external business relationships (EBRs).
Risks may not be identified, managed, assessed, or monitored.
EBRs may adversely affect the organization’s reputation.
EBRs may have inadequate insurance coverage.
Service levels or products may be unsatisfactory.
Conflicts of interest may arise.
Licensing of intellectual property may result in misuse, theft, or loss of revenue.
The organization may be overcharged for services.
The EBR partner may become insolvent.
The organization’s confidential information may be lost.
What is contract auditing?
An engagement to monitor and evaluate significant
Construction contracts and
Operating contracts that involve the provision of goods or services.
Typical contracts subject to audit include
Lump-sum contracts,
Cost-plus contracts, and
Unit-price contracts.
The internal audit activity helps management and the board ___[1]___, ___[2]___, and ___[3]___ risks, including reputation and economic risks.
1.Identify
2.Assess
3.Manage
Explain the traditional vs. the modern views of quality.
The traditional view emphasizes detection of products that do not meet standards. The modern view is that quality is a value-added activity performed throughout all business processes.
Total Quality Management is the continuous pursuit of quality in every aspect of organizational activities through
A philosophy of doing it right the first time,
Employee training and empowerment,
Promotion of teamwork,
Improvement of processes, and
Attention to satisfaction of internal and external customers.
What is the internal audit activity’s role as it relates to quality auditing?
To provide assurance that the approved quality structures are in place and quality processes are functioning as intended.
Quality is best viewed from what perspectives?
Attributes of the product (performance, serviceability, durability, etc.)
Customer satisfaction
Conformity with manufacturing specifications
Value (relation of quality and price)
The internal audit activity performs procedures to provide assurance that what basic quality management objectives are reached?
Customer satisfaction
Continuous improvement
Promotion of teamwork
What do privacy engagements address?
Security of personal information, especially information stored in computer systems.
Information reliability and integrity includes
Accuracy
Completeness
Security
List the elements of privacy.
Personal privacy (physical and psychological)
Privacy of space (freedom from surveillance)
Privacy of communication (freedom from monitoring)
Privacy of information (collection, use, and disclosure of personal information by others)
Assurance about the organization’s key performance indicators is assessed through what type of audit?
Performance auditing.
What is a balanced scorecard?
A report that connects critical success factors with financial and nonfinancial measures.
What four categories or measures are found on a typical balanced scorecard?
1.Financial
2.Customer
3.Internal
4.Learning, growth, and innovation
Identifying critical success factors by analyzing internal and external factors is called
SWOT analysis.
Performance audit engagements involve review of
The business,
Control environment, and
Key performance indicators against established criteria.
An operational audit assesses the
Efficiency and effectiveness of an organization’s operations.
What are process (functional) engagements?
Operational audit engagements that follow process-crossing organizational lines, service units, and geographical locations.
_____________ programs assist organizations in preventing unintended employee violations, detecting illegal acts, and discouraging intentional employee violations.
Compliance.
The chief compliance officer should report directly to
The chief executive officer.
What should an ombudsperson do to be more effective?
Report directly to the chief compliance officer or the board.
Keep names of informants secret.
Provide guidance to informants.
Follow up to ensure retaliation has not occurred.
Organizational compliance standards and procedures to reduce misconduct include
Business code of conduct,
Organizational chart identifying personnel responsible for compliance programs, and
Financial incentives that do not reward misconduct.
Applicant screening serves the purpose of
Detecting evidence of past wrongdoing, especially that within the organization’s industry.
