5: Engagement Planning, Risk Assessment, and Objectives Flashcards
An internal auditing engagement consists of
Planning
Performing procedures
Communicating results
Monitoring progress
Describe Performance Standard 2200, Engagement Planning.
Internal auditors must develop and document a plan for each engagement, including the engagement’s objectives, scope, timing, and resource allocations. The plan must consider the organization’s strategies, objectives, and risks relevant to the engagement.
Describe Performance Standard 2201, Planning Considerations.
In planning the engagement, internal auditors must consider:
*The strategies and objectives of the activity being reviewed and the means by which the activity controls its performance.
*The significant risks to the activity’s objectives, resources, and operations and the means by which the potential impact of risk is kept to an acceptable level.
*The adequacy and effectiveness of the activity’s governance, risk management, and control processes compared to a relevant framework or model.
*The opportunities for making significant improvements to the activity’s governance, risk management, and control processes.
List components of a survey.
Input from stakeholders
Analytical procedures
Questionnaires
Interviews
Observations
Prior audit reports
Other relevant documentation
Process mapping
Checklists
Why is input from stakeholders a survey component?
Stakeholders may be sources of information for the formulation of engagement objectives.
Define engagement.
A specific internal audit assignment, task, or review activity, such as an internal audit, control self-assessment review, fraud examination, or consultancy.
Summaries of survey results include
Significant issues
Engagement objectives and procedures
Critical control points, deficiencies, or excess controls
Methods, such as those that are technology-based
Reasons for modifying objectives or not continuing the engagement
Checklists increase the _____ of data acquisition.
Uniformity.
Define risk in the context of an engagement.
Risk is an event that may impact the business objectives of the area or process under review.
What are the two factors of significance commonly used to assess risks?
Impact
Likelihood
Explain why risk assessment procedures are performed.
To obtain an understanding of the entity and its environment, including internal control.
Inherent risk is
The risk in the absence of controls.
Why do internal auditors conduct brainstorming sessions?
To identify key risks and controls.
Define control activities.
The policies and procedures applied to ensure that management directives are executed and actions are taken to address risks affecting achievement of objectives.
What is the purpose of monitoring?
Monitoring assesses the quality of a system’s performance over time.
