3. Management, Internal Audit And External Audit Flashcards by Matthew Wright

The management framework is in many ways analogous to the — framework

COSO

How well did you know this?

Not at all

Perfectly

— is supervised, run and controlled for the board by more junior, individual managers

Assurance

How well did you know this?

Not at all

Perfectly

When explaining how management contributes to corporate governance, what is a good framework to use?

The COSO framework

How well did you know this?

Not at all

Perfectly

Who operates the management framework on behalf of the board?

Management

How well did you know this?

Not at all

Perfectly

What is the chief disadvantage of management’s assurances to the board?

It is not independent or objective

How well did you know this?

Not at all

Perfectly

What two governance functions mitigate the subjectivity of management assurance?

Internal and external audit

How well did you know this?

Not at all

Perfectly

Name some assurance functions other than management, internal audit and external audit

Audit committee
Quality or planning team
Consultants and hired specialists
Non-executive directors
Specialist units (health and safety)
External reviewers

How well did you know this?

Not at all

Perfectly

As well as providing assurance, management also contributes to corporate governance by developing — and —

Policies and procedures

How well did you know this?

Not at all

Perfectly

— are management’s written guidance on the principles governing operations

Policies

How well did you know this?

Not at all

Perfectly

List some formal communication methods through which policies may be communicated to the organisation

Documented policy statements
Employee newsletters
Education workshops
Management or team meetings
Intranet

How well did you know this?

Not at all

Perfectly

A key role of management is seeking to achieve the organisation’s — through their activity and that of their staff

Objectives

How well did you know this?

Not at all

Perfectly

A key role of management is ensuring the e–, e– and e– management of risk

Economic, efficient and effective

How well did you know this?

Not at all

Perfectly

A key role of management is encouraging an appropriate — culture in the organisation

Ethical

How well did you know this?

Not at all

Perfectly

A key role of management is proactive — and — over their activities and functions

Monitoring and control

How well did you know this?

Not at all

Perfectly

A key role of management is the provision of accurate, complete, timely and objective — and — when required

Reporting and assurance

How well did you know this?

Not at all

Perfectly

A key role of management is ensuring they and their staff comply with p— and external — and —

Policies

Laws and regulations

How well did you know this?

Not at all

Perfectly

Which is the most obvious occasion at which the board of a private sector organisation reports to its shareholders?

Annual General Meeting

How well did you know this?

Not at all

Perfectly

Through what medium does the board primarily report to shareholders?

The Annual Report

How well did you know this?

Not at all

Perfectly

What are the main sections of an Annual Report?

Chairman’s report
Chief Executive Officer’s Report
Financial Statements
External Auditor’s Report

How well did you know this?

Not at all

Perfectly

External auditors report on financial operations to the —

Shareholders

How well did you know this?

Not at all

Perfectly

Internal auditors report internally to the audit committee on g–, r– m– and c– issues

Governance, risk management and control

How well did you know this?

Not at all

Perfectly

External — authorities may also require specific reporting from the organisation at predetermined intervals

Reporting

How well did you know this?

Not at all

Perfectly

Define internal audit (again!)

An independent, objective
Assurance and consulting activity
Designed to add value and improve an organisation’s operations.
It helps an organisation achieve its objectives
By bringing a systematic, disciplined approach
To evaluate and improve
The effectiveness of risk management, control and governance processes

How well did you know this?

Not at all

Perfectly

Internal audit in most countries is not a statutorily — function

Regulated

How well did you know this?

Not at all

Perfectly

Internal auditors who are members of the IIA are required to comply with what two key documents?

1. International Standards for the Professional Practice of Internal Auditing 2. Code of Ethics

The role of internal audit includes providing an i-- and o-- analysis of the organisation's activities

Independent and objective

The role of internal audit includes providing the board, audit committee and senior management with objective --- on corporate governance, risk management and control activity

Assurance

The role of internal audit includes producing r-- and r-- for improvement for management

Reports | Recommendations

The role of internal audit includes promoting awareness of r--- and c--- to help embed corporate governance

Risk and control

The role of internal audit includes providing c--- and advice to managers on risk identification and assessment, mitigation, specific controls and related areas of expertise

Consultancy

In providing oversight for an internal audit function, audit committees should ensure the function is structured in such a way that achieves organisational ---

Independence

The head of internal audit should report to the --- --- --- and have a direct reporting line into the chair of the --- ---

Chief executive officer | Audit committee

The audit committee should review the internal audit function's --- and ensure unrestricted access to ---, --- and --- ---

Charter | Records, personnel and physical properties

The audit committee should review and approve the annual internal audit b---

Budget

Decisions requiring the hiring or termination of appointment of the head of internal audit should require endorsement by...

The chair of the audit committee

The chair of the audit committee should be appropriately involved in --- --- and compensation decisions related to the head of internal audit

Performance evaluation

The audit committee should regularly provide the head of internal audit and the external audit with the opportunity to --- --- with the committee without the presence of management

Confer privately

What is the core purpose of external audit?

To undertake an independent review of the financial statements To ensure they are objective and can be relied upon

In the private sector, external auditors will give their opinion on whether the company is a g--- c---

Going concern

External audit is a --- --- for large and public companies

Statutory requirement

In the public sector, external audit of Central government is undertaken by...

The National Audit Office

The primary external auditor of local public services is...

The Audit Commission

External audit involves consideration and assessment of the c---, r---, a--- and p--- of the financial records.

Completeness Relevance Accuracy Presentation (CRAP)

What are the five key principles that underpin the work of external audit?

``` Evidence Due audit care Fair presentation Independence Ethical conduct ```

Fundamental to the work of external auditors is v---, which implies that another body of examiners, using the same data, would make very similar conclusions and recommendations

Verifiability

Good practice in corporate governance now considers limits on --- --- --- that external auditors should undertake as appropriate

Non-audit work

Name the foremost non-audit services that external audit firms should not now provide to their clients (unless not providing external audit services to same client)

``` Accountancy Financial IT Systems development Internal audit ```

Why might external auditors be seen as MORE independent than internal auditors

External firm

Why might external auditors be seen as LESS independent than internal audit?

Receive audit fees

What are the fundamental similarities between internal and external audit?

They both provide assurance They are both independent They both have close working relationships with the audit committee They both work to professional and ethical standards They are both mandatory in the UK public sector They both work in a systematic and disciplined way

What is the fundamental difference between internal and external audit in terms of their reporting lines?

External audit reports to shareholders | Internal audit reports to senior management, usually to the audit committee and/or CEO

What is the fundamental difference between internal and external audit in terms of statutory requirements?

In the UK private sector, external audit is a statutory requirement for a plc. This is not the case for internal audit

According to the UK Corporate Governance Code, what should a listed company do if it does not have an internal audit function?

Review the need for one annually | Explain reasons for not having one in the annual report

What is the difference between internal and external auditors with respect to professional qualification?

External auditors must be professionally qualified with a recognised professional body Internal auditors have no such requirement

What is the difference between internal and external audit with respect to the focus of audit work?

External audit focuses on financial systems and controls | Internal audit covers a wide range of systems and processes

What is the difference between internal and external audit with respect to knowledge of the company?

Internal audit will tend to develop a better understanding of the organisation than external audit

What are the three main approaches to locating internal audit functions?

In-house Outsourced Shared service

In-house internal audit functions are resourced by --- --- of the organisation

Permanent employees

What are the chief benefits of in-house internal audit arrangements?

``` Cost effective Experience of the organisation Development opportunity for future senior managers Confidentiality Conflicts of interest less likely Consistency over time ```

What are the three generally accepted styles of outsourcing internal audit?

Supplementation Co-sourcing or partnering Total outsourcing

Methods of outsourcing internal audit include "supplementation". How does this work?

Outside help is brought in to assist internal audit with specific tasks, e.g. IT audit specialists

Methods of outsourcing internal audit include "co-sourcing" or "partnering". How does this work?

Consultants brought in on day-to-day basis, but usually report to an in-house chief audit executive. Regular and formalised as opposed to supplementation.

Methods of outsourcing internal audit include "total outsourcing". How does this work?

Entire internal audit operation is undertaken by external consultants.