2: Audit Charter Flashcards
What Audit Charter outlines?
The overall authority, scope and responsibilities of the Audit Function
Who should approved the audit charter
Top Management. Preferably, highest level of management and audit committee should approve this charter
What influence auditor’s action
Auditor ‘s actions is influenced by audit charter; which defines roles and responsibilities of audit functions.
Is the audit charter a dynamic document in nature?
No, audit charter is rather a static ( does not change often) . It should be changed only if change can be thoroughly justified
What are the information that should not be included in the audit charter?
yearly audit calendar, audit planning, yearly
resource allocation and other routine audit activities,
Aspects like the Professional fees payable, travel expenses budget for auditors, etc. are not
included in Audit Charter
Role of Chief Auditor
To carry out audit process as per approved audit charter.
Independence of audit charter
Audit charter should be independent from IS department and IT steering committee.
(1) An audit charter should state management’s objectives for and delegation of authority to IS
audit and MUST be:
A. approved by the top management.
B. approved by Chief Audit Officer.
C. approved by IS department.
D. approved by IT steering committee.
Answer: A. approved by the top management.
Explanation: The audit charter should be approved by the highest level of management. Role of
Chief Audit Officer is to carry out audit process as per approved audit charter. Audit charter should
be independent from IS department and IT steering committee.
(2) The audit charter should be approved by the highest level of management and should:
A. is updated often to upgrade with the changing nature of technology and the audit profession.
B. include audit calendar along with resource allocation.
C. include plan of action in case of disruption of business services.
D. outlines the overall authority, scope and responsibilities of the audit function.
Answer: D. outline the overall authority, scope and responsibilities of the audit function.
Explanation:
(1) An audit charter should state management’s objectives for and delegation of authority to IS
audit.
(2) Charter should not be significantly changed over time. An audit charter outlines the overall
authority, scope and responsibilities of the audit function. An audit charter would not be at a
detailed level and therefore frequent updating is not required.
(3) Audit charter would not include detailed audit calendar and resource allocation.
(4) Action plan in case of disruption of services is included in BCP policy and not in Audit Charter.
(3) Primary purpose of an audit charter is to:
A. describe audit procedure.
B. define resource requirement for audit department.
C. prescribe the code of ethics used by the auditor
D.to prescribe authority and responsibilities of audit department.
Answer: D.to prescribe authority and responsibilities of audit department.
. The charter’s main purpose is to define the auditor’s roles and responsibilities. It should evidence a clear mandate and authority for the auditors to perform their
work. Audit procedure, resource requirements and code of ethics will not be a part of audit charter.
(4) The document used by the top management of organizations to delegate authority to the IS
audit function is the:
A. audit calendar.
B. audit charter.
C. risks register.
D.audit compendium.
Answer: B. audit charter.
The audit charter outlines the overall authority, scope and responsibilities of the audit function to
achieve the audit objectives stated in it. Audit Calendar will include planning of audit department.
Risk register will include details of identified risk and its mitigating controls. Audit compendium
includes summary of critical of audit observations for higher management.
An IS auditor reviews an organization chart PRIMARILY for:
A. getting information about data-flow.
B. to assess number of employees in each department.
C. understanding the responsibilities and authority of individuals.
D. to assess number of laptops/desktops in each department.
Answer:
C. understanding the responsibilities and authority of individuals.
Explanation:
An organization chart provides information about the responsibilities and authority of individuals
in the organization. This helps the IS auditor to know if there is a proper segregation of functions.
(6) In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced PRIMARILY
by:
A. the audit charter.
B. management’s representation.
C. organizational structure
D. no. of outsourcing contracts.
Answer: A. the audit charter.
Explanation:
Auditor’s role and responsibility is documented in Audit Charter. The audit charter outlines the
overall authority of Audit function. Hence primarily his actions will be influenced by Audit Charter.
(7) The result of risk management process is used for making:
A. business strategy plans.
B. audit charters.
C. security policy decisions.
D. decisions related to outsourcing.
Answer.C. security policy decisions.
Explanation:
The risk management process is about making specific, security-related decisions, such as the level
of acceptable risk. Choices A, B and D are not ultimate goals of the risk management process
(8) Audit Charter should include:
A. Yearly audit resource planning.
B. audit function’s reporting structure.
C. audit report drafting guidelines.
D. Yearly audit calendar.
Answer: B. audit function’s reporting structure.
Explanation:
Audit Charter outlines the overall authority, scope and responsibilities of the Audit Function. Audit
Charter should include audit function’s reporting structure. Ideally, Head of audit function reports
to audit committee.
