Chapter 2 Flashcards
3 MANDATORY PROFESSIONAL PRACTICES FRAMEWORK GUIDANCE
- DEFINITION
- INTERNATIONAL STANDARDS
- CODE OF ETHICS
3 STRONGLY RECOMMENDED INTERNATIONAL PROFESSIONAL PRACTICES FRAMEWORK GUIDANCE
- POSITION PAPERS
- PRACTICE ADVISORIES
- PRACTICE GUIDANCE
WHAT IS THE ULTIMATE GOAL OF INTERNAL AUDIT PROFESSION AS A WHOLE
ADD VALUE TO THE ORG BY PROVIDING ASSURANCE AND CONSULTING SERVICES
HOW DO IA SERVICES PROVIDE VALUE
EVALUATION AND IMPROVEMENT OF THE EFFECTIVENESS OF THE ORGANIZATIONS RISK MANAGEMENT, CONTROL, AND GOVERNANCE PROCESSES
WHAT ARE THE TWO ASPECTS OF THE IIA CODE OF ETHICS
- PRINCIPLES
2. RULES OF CONDUCT
WHAT ARE THE FOUR IDEALS (PRINCIPLES) IN THE CODE OF ETHICS
- INTEGRITY
- OBJECTIVITY
- CONFIDENTIALITY
- COMPETENCY
4 RULES OF CONDUCT ASSOCIATED WITH THE IDEAL OF INTEGRITY
- PERFORM WORK WITH HONESTY, DILIGENCE, AND RESPONSIBILITY
- OBSERVE THE LAW AND MAKE DISCLOSURES EXPECTED BY THE LAW
- NOT KNOWINGLY BE A PART OF ILLEGAL ACTIVITY
- RESPECT AND CONTRIBUTE TO ETHICAL OBJECTIVES OF THE ORG
ESTABLISHES TRUST AND PROVIDES THE BASIS FOR RELIANCE ON INTERNAL AUDITOR’S JUDGEMENT
INTEGRITY
INTERNAL AUDITORS ARE NOT UNDULY INFLUENCED BY THIER OWN INTERESTS OR BY OTHERS IN FORMING JUDGEMENTS
FREEDOM FROM BIAS
OBJECTIVITY
4 RULES OF CONDUCT ASSOCIATED WITH THE IDEAL OF OBJECTIVITY
- SHALL NOT PARTICIPATE IN ACTIVITY THAT MAY CREATY BIAS
- SHALL NOT ACCEPT GIVE THAT MAY CAUSE COI
- DISCLOSE ALL MATERIAL FACTS KNOWN
DO NOT RELEASE INFORMATION RECEIVED WITHOUT PROPER AUTHORITY
CONFIDENTIALITY
2 RULES OF CONDUCT ASSOCIATED WITH THE IDEAL OF CONFIDENTIALITY
- PRUDENT IN THE USE AND PROTECTION OF INFORMATION RECEIVED
2. SHALL NOT USE INFORMATION FOR PERSONAL GAIN
INTERNAL AUDITORS APPLY KNOWLEDGE SILLS AND EXPERIENCE NEEDED TO PERFORM AUDIT ACTIVITIES
COMPETENCY
THE 3 RULS OF CONDUCT ASSOCIATED WITH THE IDEAL OF COMPETENCY
- ONLY ENGAGE INSERVICE IN WHICH THEY HAVE NECESSARY EXPERIENCE
- PERFORM AUDITS IN ACCORDANCE WITH INTERNATIONAL STANDARDS FODR THE PROFESSIONAL PRACTICE OF INTERNAL AUDIT
- CONTINUALLY IMPROVE PROFICIENCY AND EFFECTIVENESS
4 PURPOSES OF THE STANDARDS
- DELINEATE BASIC PRINCIPLES THAT REPRESENT THE PRACTICE OF INTERNAL AUDIT
- PROVIDE A FRAMEWORK FOR PROMOTING A BRAOD RANGE OF VALUE ADDED INTERNAL AUDITING
- ESTABLISH BASIS FOR THE EVALUATION OF INTERNAL AUDIT PERFORMANCE
- FOSTER IMPROVED ORGANIZATIONAL PROCESSES AND OPERATIONS
3 TYPES OF STANDARDS
- ATTRIBUTE STANDARDS
- PERFORMANCE STANDARDS
- IMPLEMENTATION STANDARDS
WHAT ARE INCLUDED IN THE ATTRIBUTE STANDARDS
1000 SEQUENCE
ADDRESS THE ATTRIBUTES OF ORGANIZATIONS AND INDIVIDUALS PERFORMING INTERNAL AUDITING
WHAT ARE INCLUDED IN THE PERFORMANCE STANDARDS
2000 SEQUENCE
DESCRIBES THE NATURE OF INTERNAL AUDIT AND PROVIDES CRITERIA FOR PERFORMANCE OF IA SERVICES
WHAT ARE THE IMPLEMENTATION STANDARDS
(3000 SEQUENCE)
“A” FOR ASSURANCE
“C” FOR CONSULTING
EXPAND UPON OTHER STANDARDS BY PROVIDING CRITERIA FOR PERFORMING AUDIT SERVICES (CONSULTING OR ASSURANCE)
OBJECTIVE EXAMINATION OF EVIDENCE FOR THE PURPOSE OF PROVIDING AN INDEPENDENT ASSESSMENT ON GOVERNANCE, RISK MANAGEMENT, AND CONTROL PROCESSES FOR THE ORGANIZATION
ASSURANCE SERVICES
ENGAGEMENT EXAMPLES: FINANCIAL, PERFORMANCE, COMPLIANCE, SYSTEM SECURITY, AND DUE DILIGENCE
WHO AGREES ON THE SCOPE OF A CONSULTING ENGAGEMENT?
THE CUSTOMER AND THE AUDITOR
INTENDED TO ADD VALUE AND IMPROVE AN ORGANIZATION’S GOVERNANCE, RISK MANAGEMENT, AND CONTROL PROCESSES WITHOUT THE INTERNAL AUDITOR ASSUMING MANAGEMENT RESPONSIBILITY
CONSULTING SERVICES
ENGAGEMENT EXAMPLES: COUNSEL, ADVICE, FACILITATION, AND TRAINING
3 STAKEHOLDERS OF ASSURANCE SERVICES
USER (CLIENT, MGMT)
INTERNAL AUDITOR
AUDITEE
2 STAKEHOLDERS OF CONSULTING SERVICES
INTERNAL AUDITOR
CUSTOMER (CLIENT)
WHICH IMPLEMENTATION STANDARDS ARE MORE STRINGENT AND NUMEROUS
ASSURANCE
4 MAIN SECTIONS OF ATTRIBUTE STANDARDS
1000 - PURPOSE, AUTHORITY AND RESPONSIBILITY
1100 - INDEPENDENCE AND OBJECTIVITY
1200 - PROFICIENCY AND DUE PROFESSIONAL CARE
1300 - QUALITY ASSURANCE AND IMPROVEMENT PROGRAM
WHAT IS THE GOAL OF ATTRIBUTE STANDARD 1000 (PURPOSE, AUTHORITY AND RESPONSIBILITY)
THE IA FUNCTION MUST HAVE A CHARTER THAT STATE’S THE PURPOSE, AUTHORITY AND RESPONSIBILITY
THE CHARTER MUST ACKNOWLEDGE ADHERENCE TO DEFINITION OF INTERNAL AUDITING, THE CODE OF ETHICS, AND THE STANDARDS
FINAL APPROVAL OF THE CHARTER IS THE RESPONSIBILITY OF THE BOARD
WHAT IS THE GOAL OF ATTRIBUTE STANDARD 1100 (INDEPENDENCE AND OBJECTIVITY)
DEFINES IA OBJECTIVITY AND INDEPENDENCE
THE CAE MUST REPORT TO A LEVEL THAT ALLOWS INDEPENDENCE
REQUIRES THE CAE HAVE DIRECT INTERACTION WITH THE BOARD
WHAT ARE THE THREE PILLARS OF EFFECTIVE INTERNAL AUDIT SERVICES
- INDEPENDENCE AND OBJECTIVITY
- PROFICIENCY
- DUE PROFESSIONAL CARE
THREATS TO INDEPENDENCE AND OBJECTIVITY
- CONFLICTS OF INTEREST
- TASK-RELATED THREATS
- INCENTIVE
- PERSONAL RELATIONSHIPS
ANY RELATIONSHIPS THAT APPEARS TO BE, NOT IN THE BEST INTEREST OF THE ORGANIZATION
A SITUATION IN WHICH AN INTERNAL AUDITOR, WHO IS IN A POSITION OF TRUST, HAS A COMPETING PROFESSIONAL OR PERSONAL INTEREST
CONFLICT OF INTEREST THREATS
THE THREAT OF AN AUDITOR HAVING TO AUDIT HIS OWN WORK
TASK RELATED THREATS
CONDITIONS IN WHICH THE INTERNAL AUDITOR HAS ECONOMIC STAKES IN THE OUTCOMES OF THEIR WORK THAT COULD IMPAIR THEIR JUDGEMENT
INCENTIVE THREATS
WHEN INTERNAL AUDITORS PERFORM ENGAGEMENTS IN AREAS OF THE ORG IN WHICH CLOSE PERSONAL FRIENDS OR RELATIVE WORK
PERSONAL RELATIONSHIP THREATS
WHAT IS THE PRACTICE TO BE FOLLOWED IF INDEPENDENCE IS THREATENED OR LACK OF INDEPENDENCE IS UNAVOIDABLE
BRING IN OUTSIDE AUDITORS
DISCLOSE ANY LACK OF INDEPENDENCE
WHAT IS ONE SPECIFIC COMPETENCY REQUIRED BYT THE STANDARDS
FRAUD RISK
KEY INFORMATION TECH RISK
WHAT SHOULD A CAE DO IF ASKED TO PERFORM A CONSULTING OR ASSURANCE ENGAGEMENT FOR WHICH THE IA FUNCTION DOESNT POSSES THE NECESSARY COMPETENCIES
DECLINE THE ENGAGEMENT OR OBTAIN COMPETENT ADVICE AND ASSISTANCE
WHAT SHOULD THE IA FUNCTION CONSIDER IN DETERMINING THE APPROPRIATE LEVEL OF CARE FOR AN ASSURANCE ENGAGEMENT (5 ITEMS)
- EXTENT OF WORK NEEDED TO ACHIEVE OBJECTIVES
- RELATIVE COMPLEXITY, MATERIALITY OR SIGNIFICANE OF MATTERS TO WHICH ASSURANCE PROCEDURES ARE APPLIED
- ADEQUACY AND EFFECTIVENESS OF GOVERNANCE, RISK MGMT, AND CONTROL PROCESSES
- PROBABILITY OF SIGNIFICANT ERRORS, FRAUD, OR NONCOMPLIANCE
- COST OF ASSURANCE IN RELATION TO BENEFITS
IA FUNCTION MUST CONSIDER THESE 3 ITEMS FOR CONSULTING ENGAGEMENTS
- NEEDS AND EXPECTATIONS OF CUSTOMERS, INCLUDING NATURE, TIMING AND EXTENT OF WORK NEEDED TO ACHIEVE THE ENGAGEMENT’S OBJECTIVES
- RELATIVE COMPLEXITY AND EXTENT OF WORK NEEDED TO ACHIEVE THE ENGAGEMENT’S OBJECTIVES
- COST IN RELATION TO BENEFITS
WHAT ARE THE IIA CERTIFICATIONS AVAILABLE
CIA (CERT INTERNAL AUDITOR) CGAP (CERT GOV AUDIT PROF) CFSA (CERT FIN SERV AUDITOR) CCSA (CERT IN CONTROL SELF ASS) CRMA (CERT IN RISK MGMT ASS)
WHAT ARE THE CPE REQUIREMENTS FOR THE CIA
40 PRACTICING
20 NON PRACTICING
WHAT IS THE PURPOSE OF THE IIA CODE OF ETHICS?
TO PROMOTE AN ETHICAL CULTURE IN THE INTERNAL AUDIT PROFESSION
THE FREEDOM FROM CONDITIONS THAT THREATEN THE ABILITY OF THE INTERNAL AUDIT ACTIVITY TO CARRY OUT INTERNAL AUDIT RESPONSIBILITIES IN AN UNBIASED MANNER
INDEPENDENCE
THE KNOWLEDGE, SKILLS AND OTHER COMPETENCIES NEEDED TO FULFILL INTERNAL AUDIT RESPONSIBILITES
PROFICIENCY
THE CARE AND SKILL EXPECTED OF A REASONABLY PRUDENT AND COMPETENT INTERNAL AUDTIOR
DUE PROFESSIONAL CARE
WHAT IS THE PURPOSE OF THE INTERNAL AUDIT FUNCTION’S QUALITY ASSURANCE STANDARDS AND IMPROVEMENT PROGRAM
DESIGNED TO ENABLE AN EVALUATION OF THE IA FUNCTION’S CONFORMANCE WITH THE DEFINITION, STANDARDS, AND CODE OF ETHICS
ALSO ASSESSES THE EFFECTIVENESS AND EFFICIENCY OF THE IA FUNCTION AND IDENTIFIES OPPORTUNITIES FOR IMPROVEMENT
INSTILLS CONFIDENCE THAT THE PRODUCT OR SERVICE POSSESS THE ESSENTIAL FEATURES AND CHARACTERISTICS IT IS INTENDED TO HAVE
QUALITY ASSURANCE
WHAT ARE THE 7 MAIN AREAS OF PERFORMANCE STANDARDS
2000 - MANAGING THE IA ACTIVITY 2100 - NATURE OF WORK 2200 - ENGAGEMENT PLANNING 2300 - PERFORMING THE ENGAGEMENT 2400 - COMMUNICATING RESULTS 2500 - MONITORING PROGRESS 2600 - COMMUNICATING ACCEPTANCE OF RISK
ENGAGEMENT PLANNING STANDARDS (5)
2201 - PLANNING CONSIDERATIONS 2210 - ENGAGEMENT OBJECTIVES 2220 - ENGAGEMENT SCOPE 2230 - ENGAGEMENT RESOURCE ALLOCATION 2240 - ENGAGEMENT WORK PROGRAM
ENGAGEMENT PERFORMANCE STANDARDS (4)
2310 - IDENTIFYING INFORMATION
2320 - ANALYSIS AND EVALUATION
2330 - DOCUMENTING INFORMATION
2340 - ENGAGEMENT SUPERVISION
ENGAGEMENT COMMUNICATION STANDARDS (7)
2410 - CRITERIA FOR COMMUNICATING
2420 - QUALITY OF COMMUNICATIONS
2421 - ERROR AND OMISSIONS
2430 - USE OF “CONDUCTED IN CONFORMANCE WITH THE STANDARDS
2431 - ENGAGEMENT DISCLOSURE OF NONCOMFORMANCE
2440 - DISSEMINATING RESULTS
2450 - OVERALL OPINIONS
THE PORTION OF INHERENT RISK THAT REMAINS AFTER MANAGEMENT EXECUTES ITS RISK RESPONSES
RESIDUAL RISK
WHAT IS THE RELATIONSHIP BETWEEN STANDARDS AND PRACTICE ADVIDORIES
PRACTICE ADVISORIES PROVIDE CONCISE AND TIMELY GUIDANCE AS TO HOW THE STANDARDS MIGHT BE IMPLMENTED
AS OF 2012 HOW MANY PRACTICE ADVISORIES HAVE BEEN ISSUED?
59
PROVIDE GUIDANCE ON ISSUES THAT EXTEND BEYOND THE SPECIFICS OF HOW THE CAE, IA FUNCTION, AND INDIVIDUAL AUDITORS SHOULD CONDUCT WORK
POSITION PAPERS
PROVIDE DETAILED GUIDANCE ON INTERNAL AUDIT TOOLS AND TECHNIQUES
PRACTICE GUIDES
WHAT IS THE PURPOSE OF THE PROFESSIONAL GUIDANCE ADVISORY
APPROVE PROPOSALS TO DEVELOP POSITION PAPERS
APPROVES CONCEPTS FOR PRACTICE GUIDES
WHO USUALLY INITIATES POSITION PAPERS
PROFESSIONAL ISSUES COMMITTEE
INT’L COMMITTEE OR LOCAL CHAPTER CAN ALSO INITIATE
MISSION IS TO SERVE THE GLOBAL PROFESSION OF INTERNAL AUDITING BY MAINTAINING AND UPDATING THE CODE OF ETHICS
GLOBAL ETHICS COMMITTEE
MISSION IS TO PROMULGATE, MONITOR AND PROMOTE THE STANDARDS ON A WORLDWIDE BASIS
INTERNATIONAL INTERNAL AUDIT STANDARDS BOARD
PROVIDES THOUGHT LEADERSHIP AND TIMELY PROFESSIONAL GUIDANCE TO THE MEMBERS AND STAKEHOLDERS OF THE INTERNAL AUDIT PROFESSION ON METHODOLOGIES, TECHNIQUES, AND AUTHORITATIVE POSITIONS INCULCATED IN THE IPPF AND TO COMMENT ON OR SUPPORT OTHER MATTERS THAT IMPACT THE IA PORFESSION
PROFESSIONAL ISSUES COMMITTEE
ISSUES STANDARDS FOR GIVERNMENTAL AUDITS
US GOVERNMENT ACCOUNTABILITY OFFICE (GAO)
ISSUES STANDARDS, GUIDANCE, AND PROCEDURES FOR CONDUCTING INFOMRATION SYSTEMS AUDITS
INFORMATION SYSTEMS AUDIT AND CONTROL ASSOCIATION (ISACA)
ISSUES STANDARDS FOR AUDITS OF COMPANIES FINANCIAL STATEMENTS IN THE UNITED STATES
PCAOB AND AICPA
ISSUES INTERNATIONAL AUDIT STANDARDS
IFAC
ISSUES STANDARDS TO ADDRESS THE NEEDS OF ENVIRONMENTAL, HEALTH AND SAFETY AUDIT PROCEDURES
BOARD OF ENV, HEALTH, AND SAFETY AUDIT CERTS (BEAC)
