Chapter 1 Foundations of Internal Auditing Flashcards
Learn Basic Proficiency of Guidance
Define and list the Core Principles and principle
Is the basis for internal audit effectiveness. The internal audit function is most effective if all principles re present and operating effectively.
a) Demonstrates integrity
b) Demonstrates Competence
c) Is Objective and free from undue influence (Independence)
d) Aligns with the strategies, objectives, and risk of th organization
e) Is appropriately positioned and adequately resourced
f) Demonstrates quality and continuous improvement
g) Communicates effectively
h) provides risk based assurance
i) Is insightful, proactive, and future focused
j) Promotes Organizational improvement.
Which are the two types of guidance included in The International Professionals Practice Framework (IPPF) and what are their components :
Mandatory and Recommended Guidance
What is Mandatory Guidance
Adherence to mandatory guidance is essential for the professional practice
Definition of Internal Auditing
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organizations operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
What is the purpose of Attribute Standards?
govern the responsibilities, attitudes and actions of the organization’s internal audit activity and the people who serve as internal auditors.
What is the purpose of Performance Standards?
govern the nature of internal auditing and provide quality criteria for evaluating the internal audit function’s performance.
What is the purpose of Interpretation Standards?
provided by the IIA to clarify terms and concepts referred to in Attribute and Performance Standards.
What is the purpose of Implementation Standards?
expand upon the individual Attribute or Performance Standards by providing the requirements applicable to assurance (.A) or consulting (.C)
The Internal Audit charter establishes
- Internal audit activity’s position within the organization
- Nature of the chief audit executive’s functional relationship with the board
- Authorizes access to records, personnel and physical properties to perform engagements
- Defines the scope of internal audit activities.
The Standards (Internation Standards for the Professional Practices of Internal Auditing) serve which of the following functions:
a) Guide Adhearnce with the mandatory Elements of the International Professional Practices Framework
b) Provide a framework for performing and promoting a broad range of value added internal auditing services
c) Establish the basis for the evaluation of internal audit
d) Foster improved organizational processes and operations
What is the mission of internal audit?
Enhance and protect organizational value by providing risk based and objective assurance, advice and insight.
What are the elements of the Mandatory Guidance?
Mandatory Guidance
- Core Principles
- Definition of Internal Auditing
- Code of Ethics
- The Standards (International Standards of Professional Practice of Internal Auditing)
What are the elements of the Recommended Guidance.
Recommended Guidance
- Implementation Guidance
- Supplemental Guidance
What two elements are encompassed in the Code of Ethics and the Standards?
The Core Principles
Definition of Internal Auditing
What is the purpose of the Recommended Guidance and what are the elements?
The pronouncements describe practices for effective implementation of the mandatory guidance.
These elements include:
- Implementation Guidance
- Supplementary Guidance
The purpose of the Internal Audit Activity is to
Provide independent and objective assurance and consulting service designed to add value and improve an organization’s operations.
Assurance services are defined as
an objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes of the organization.
The nature and scope of an engagement are determined by
The internal auditor
How many parties are participants in assurance services and who are they?
Three
1) Process owner (person or group directly involved with the entity operation or other subject matter)
2) The internal auditor (person making the assessment)
3) The user (person using the assessment)
Consulting services are defined as
activities intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility.
Nature and scope are subject to agreement with engagement client.
How many parties are participants with the consulting engagement and who are they?
Two
1) The internal auditor (person or group offering the advice)
2) Engagement client (person seeking or receiving advice)
The internal audit activities responsibility is to
Provide the organization with assurance and consulting services that will add value and improve the organization’s operations. Specifically the effectiveness of governance, risk management and control processes.
The primary purpose of a Code of Ethical Conduct for a professional organization is to
Promote a culture among professional who serve others. In addition, to:
a) communicate acceptable values to all members, (doesn’t mean they’ll follow)
b) establish objective standards to measure own performance, and
c) to communicate organization’s to outsiders (doesn’t meant outsiders will believe)
Voluntary compliance to the code is measured by
the cohesion and professionalism of an organization.
To be effective a Code of Conduct should provide
Disciplinary actions for violators
Typical components of the Code of Ethical Conduct include
Integrity
Objectivity
Confidentiality
Competence
- The principle of integrity is?
2. The rules of conduct related to integrity include:
1) Integrity establishes trust and thus provides the basis for reliance and judgement
2) 1.1 Shall perform their work with honesty, diligence, and responsibility
1. 2 shall observe the law and make disclosures expected by the law and the profession
1. 3 Shall not knowingly be party to illegal activity or engage in acts that are discreditable to the profession or to the organization
1. 4 Shall respect and contribute to the legitimate and ethical objectives or the organization
Objectivity rule of conduct include
- 1 shall not participate in any activity or relationship that may impair or be presumed to impare their unbiased assessment. Includes relationships that may be in conflict with the interest of the organization.
- 2 Shall not accept anything that may impair or be presumed to impair their professional judgment
- 3 Shall disclose all material facts known to them that, if not disclosed, may distort the reporting activities under review.
The principles of objectivity state that
Internal auditors exhibit the highest level of professional objectivity. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interest or by others in forming judgment.
The principles of confidentiality state that
Internal auditors respect the value and ownership of information received and do not disclose without appropriate authority, unless is a legal or professional obligation.
The rules of conduct for confidentiality are:
- 1 Shall be prudent in the use and protection of information acquired in the course of their duties
- 2 Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the organization or ethical objectives of the organization.
The principles of competency state that
Internal auditors apply the knowledge, skills and experience needed in the performance of internal audit services
The rules of conduct for competency include
- 1 Shall engage only in those services for which they have the necessary knowledge, skills and experience.
- 2 Shall perform internal audit services in accordance with the Standards
- 3 Shall continually improve their proficiency and the effectiveness and quality of their services.
Which Code of Ethics principle is the foundation of the other three principles and underpins which of the 4 elements of the IPPF?
Integrity is the foundation of objectivity, confidentiality, and competency. Integrity also underpins the Standards
How does the CAE implement integrity within an organization?
a) by acting with integrity and adhering to the Code of Ethics
b) Establishing policies and procedures to guide the internal audit activity to show diligence and responsibility
c) Emphasize the importance of integrity by providing training that demonstrates integrity and other ethical principals.
How does the CAE demonstrate objectivity?
by providing evidence of relevant policies and procedures for the internal audit activity or documentation of research into potential conflict of interest related to outsource and co-sourced activity for which the CAE has responsibility.
Internal auditors may demonstrate confidentiality
by documenting distribution restriction in engagement workpapers and reports and by retaining authorization of all disclosures and approved distribution lists.
The Internal Audit Charter must formally define
1) purpose, authority, and responsibility of the internal audit activity,
2) must be consistent with the mission of internal audit 3) refer to the 4 mandatory elements of the International Professional Practices Framework
What is the responsibility of the CAE with respect to the Internal Audit Charter and who must review and is responsible for final approval?
1) Periodically review the IA Charter
2) Present to senior management and the board for approval.
3) Final approval resides with the board.
What is the Internal Audit Charter and its purpose?
1) A formal document defining the internal audit activity’s purpose, authority and responsibility.
2) Established the internal audit activity’s position within the organization.
3) Nature of the CAE functional reporting relationship with the BOD
4) Authorized access to records, personnel and physical properties relevant to the performance of engagements
5) Defines the scope of internal audit activities
6) Define the nature of assurance and consulting services provided by internal audit activity
If internal audit does not report to the Board or does not exist, the internal audit function reports to
the CAE will report to another committee or another body to which the governing body has delegated certain function, such as the audit committee.
