Applicable Guidance

Question 1

IIA Mission

Answer 1

1. to enhance and protect organizational value by providing risk-based and objective assurance, advice and insight.
2. facilitating the achievement of this mission is the IPPF

Question 2

IPPF Contains 2 guidance; what are they

Answer 2

1. Mandatory guidance

2. recommended guidance

Question 3

Mandatory Guidance; 4 Elements

Answer 3

1. Core principles (10)
2. Definition
3. Standards
4. Code of Ethics

Question 4

Mandatory Guidance; Core Principles

Answer 4

1. demonstrate integrity
2. demonstrate competence and due professional care
3. is objective and free from undue influence (independent)
4. aligns with the strategies, objectives, and risk of the organization
5. is appropriately positioned and adequately resourced
6. demonstrates quality and continuous improvement
7. communicates effectively
8. provides risk-based assurance
9. is insightful, proactive, and future-focused
10. promotes organizational improvement

Question 5

Definition of Internal Auditing

Answer 5

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approached to evaluate and improve the effectiveness of risk management, control, and governance processes.

Question 6

Code of Ethics

Answer 6

1. Integrity, refusal to compromise professional values for personal gain. performance of professional duties in accordance with relevant laws.
2. Objectivity, commitment to providing stakeholders with unbiased information. commitment to independence from conflicts of economic or professional interest.
3. Confidentiality, refusal to use organization information for personal gain.
4. Competency, commitment to acquiring and maintaining an appropriate level of knowledge and skills.

Question 7

Purpose of the Standards (International Standards for the Professional Practice of Internal Auditing)

Answer 7

1. guide adherence with the mandatory elements of the IPPF
2. provide a framework for performing and promoting a broad range of value-added internal auditing services
3. Establish the basis for the evaluation of internal audit performance
4. foster improved organizational processes and operations

Question 8

Standards; 4 types of Standards

Answer 8

1. Attribute Standards, govern the responsibilities, attitudes, and actions of the organization’s internal audit activity and the people who serve as internal auditors.
2. Performance Standards, govern the nature of internal auditing and provide quality criteria for evaluating the internal audit function’s performance.
3. Interpretations are provided by the IIA to clarify terms and concepts referred to in Attribute or Performance standards.
4. Implementation standards, expand upon the individual attribute or performance standards by providing requirements applicable to assurance (.A) or consulting (.C).

Question 9

Core Principles + Definition = Code of Ethics + Standards

Answer 9

Conformance of the Code of Ethics and Standards demonstrates conformance with all mandatory elements of the IPPF

Question 10

Recommended Guidance; 2 elements

Answer 10

1. Implementation Guidance

2. Supplemental Guidance

Question 11

Assurance Services

Answer 11

1. nature and scope determined by the internal auditor
2. 3 parties involved: process owner, internal auditor, the user of the assessment
3. assurance services include financial, performance, compliance, system security, and due diligence engagements

Question 12

Consulting services

Answer 12

1. nature and scope subject to agreement with the engagement client
2. two parties: internal auditor, engagement client
3. services include providing counsel, advice, facilitation, and training

Question 13

Authority of Internal Audit Activity

Answer 13

A formal charter for the internal audit activity that defines the internal audit activity’s purpose, authority, and responsibility must be adopted. Final approval resides with the board.

Question 14

Responsibility of Internal Audit Activity

Answer 14

The internal audit activity’s responsibility is to provide the organization with assurance and consulting services that will add value and improve the organization’s operations. Specifically, must evaluate and improve the effectiveness of the organization’s governance, risk management, and control processes.

Question 15

The primary purpose of the Code of Ethics

Answer 15

promote an ethical culture among professionals who serve others

Question 16

Secondary purpose of the Code of Ethics

Answer 16

1. communicating acceptable values to all members
2. establishing objective standards against which individuals can measure their own performance, and
3. communicating the organization’s values to outsiders

Question 17

Aspects of Codes of Ethical Conduct

Answer 17

1. The mere existence of a code does not ensure that its principles are followed or that outside organization will believe that it is trustworthy
2. can help establish a minimum standard of competence, but impossible to require equality of competence by all members.
3. to enhance its effectiveness, the code should provide for disciplinary action for violators.

Question 18

Integrity

Answer 18

1. establishes trust and thus provides the basis for reliance on their judgment
2. shall perform work with honesty, diligence, and responsibility
   shall observe the law and make disclosures expected by the law and the profession
3. shall not knowingly be a party to any illegal or engage in acts that are discreditable to the profession of internal auditing or to the organization
   4.shall respect and contribute to the legitimate and ethical objectives of the organization

Question 19

objectivity

Answer 19

1. exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined
2. shall not participate in any activity or relationship that may impair or presumed to impair their unbiased assessment, avoid conflict of interest
3. shall not accept anything that may impair or presumed to impair their professional judgment
4. shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review

Question 20

Confidentiality

Answer 20

1. respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there are legal or professional obligation to do so
2. shall be prudent in the use and protection of information acquired in the course of their duties
3. shall not use the information for any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization

Question 21

Competency

Answer 21

1. apply the knowledge, skills, and experience needed in the performance of the internal audit services
2. shall engage in those services for which they have the necessary knowledge, skills, and experience
3. shall perform internal audit services in accordance with the Standards
4. shall continually improve their proficiency and the effectiveness and quality of their services

Question 22

discreditable behaviors

Answer 22

1. behavior that may be considered bullying, harassing, or discriminatory
2. failing to accept responsibility for making mistakes
3. issuing false reports or permitting others to do so
4. lying
5. making claims about one’s competency in a manner that is deceptive, false, or misleading
6. making disparaging comments about the organization, fellow employees, or stakeholders, either in person or via media
7. noncompliance with the Standards or the IPPF mandatory guidance
8. overlooking illegal activities that the organization may tolerate or condone
9. using the CIA designation or other credentials after they have expired or been revoked

Question 23

Conflict of Interest Policy

Answer 23

should prohibit the transfer of benefits between an employee and those with whom the organization deals

Question 24

Information Security Policies

Answer 24

issue Information security policies to protect the data acquired, use, and produce and to ensure compliance with the laws and regulations that pertain to the industry and jurisdiction within which they operate

Question 25

Internal Audit Charter

Answer 25

The purpose, authority, and responsibility of the internal audit activity must be formally defined in the charter, consistent with the mission of internal audit and the mandatory elements of the IPPF, core principles, code of ethics, standards, and definition

Question 26

Internal Audit Charter

Answer 26

Chief audit executive (CAE), senior management, and the board mutually agree upon:

1. internal audit objectives and responsibilities
2. expectations for the internal audit activity
3. CAE’s functional and administrative reporting lines
4. level of authority required of the internal audit activity to perform engagement and fulfill its agreed-upon objectives and responsibilities

Question 27

Engagement Clients

Answer 27

must be informed of the internal audit activity’s purpose, authority, and responsibility to prevent misunderstandings about internal audit’s access to records and personnel.

Question 28

Two essential components beyond the code of ethics and Definition of Internal Auditing

Answer 28

1. principles that are relevant to the profession and practice of internal auditing
2. rules of conduct that described behavior norms expected of internal auditors